UNPKG

@defra/wls-eps-web-service

Version:

The web service for wildlife licencing of European Protected Species

github.com/DEFRA/wildlife-licencing

DEFRA/wildlife-licencing

87 lines (78 loc) 2.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
import Joi from 'joi' import pageRoute from '../../../routes/page-route.js' import { APIRequests } from '../../../services/api-requests.js' import { LOGIN, APPLICATIONS, TASKLIST } from '../../../uris.js' import db from 'debug' import { Backlink } from '../../../handlers/backlink.js' const debug = db('web-service:login') // If we have request a which needs authorization then redirect to that page export const completion = async request => { const journeyData = await request.cache().getData() if (!request.auth.isAuthenticated) { return TASKLIST.uri } else { if (journeyData.applicationId) { return TASKLIST.uri } else { return APPLICATIONS.uri } } } export const validator = async payload => { const { username, password } = payload Joi.assert(payload, Joi.object({ username: Joi.string().email().required().lowercase(), password: Joi.string().required().min(8) }).options({ abortEarly: false, allowUnknown: true })) if (!await APIRequests.USER.authenticate(username, password)) { throw new Joi.ValidationError('ValidationError', [{ message: 'Unauthorized: email address or password not found', path: ['password'], type: 'unauthorized', context: { label: 'password', value: password, key: 'password' } }], null) } } // If we have validated then we have an authenticated user and we can save the authorization object export const setData = async request => { const username = request.payload.username.toLowerCase() const result = await APIRequests.USER.findByName(username) debug(`Logging in user: ${username}`) await request.cache().setAuthData(result) const journeyData = await request.cache().getData() || {} Object.assign(journeyData, { userId: result.id }) await request.cache().setData(journeyData) // if the cookies preferences are set in the session then write it into the user if (journeyData.cookies) { const user = await APIRequests.USER.getById(journeyData.userId) Object.assign(user, { cookiePrefs: journeyData.cookies }) await APIRequests.USER.update(journeyData.userId, user) } } // Do not allow the login page if the user is logged in export const checkData = async (request, h) => { const journeyData = await request.cache().getData() || {} if (journeyData.userId) { if (journeyData.applicationId) { return h.redirect(TASKLIST.uri) } else { return h.redirect(APPLICATIONS.uri) } } else { return null } } export default pageRoute({ page: LOGIN.page, uri: LOGIN.uri, options: { auth: false }, backlink: Backlink.NO_BACKLINK, checkData, validator, completion, setData })