@inspire-platform/sails-hook-auth/api/controllers/AuthController.js

Passport-based User Authentication system for sails.js applications.

/**
 * Authentication Controller
 */
module.exports = {

  /**
   * Log out a user and return them to the homepage
   *
   * Passport exposes a logout() function on req (also aliased as logOut()) that
   * can be called from any route handler which needs to terminate a login
   * session. Invoking logout() will remove the req.user property and clear the
   * login session (if any).
   *
   * For more information on logging out users in Passport.js, check out:
   * http://passportjs.org/guide/logout/
   *
   * @param {Object} req
   * @param {Object} res
   */
  logout: function (req, res) {
    req.logout();
    delete req.user;
    delete req.session.passport;
    req.session.authenticated = false;

    // revoke second factor on logout?
    if (
      true === 'twoFactor' in sails.config.auth &&
      true === 'revokeOnLogout' in sails.config.auth.twoFactor &&
      true === sails.config.auth.twoFactor.revokeOnLogout
    ) {
      req.session.secondFactor = null;
    }

    if (!req.isSocket && req.query.next) {
      res.redirect(req.query.next);
    } else {
      res.ok();
    }
  },

  /**
   * Create a third-party authentication endpoint
   *
   * @param {Object} req
   * @param {Object} res
   */
  provider: function (req, res) {
    sails.services.passport.endpoint(req, res);
  },

  /**
   * Create a authentication callback endpoint
   *
   * This endpoint handles everything related to creating and verifying Pass-
   * ports and users, both locally and from third-aprty providers.
   *
   * Passport exposes a login() function on req (also aliased as logIn()) that
   * can be used to establish a login session. When the login operation
   * completes, user will be assigned to req.user.
   *
   * For more information on logging in users in Passport.js, check out:
   * http://passportjs.org/guide/login/
   *
   * @param {Object} req
   * @param {Object} res
   */
  callback: function (req, res) {
    var action = req.param('action');

    function negotiateError (err) {
      if (action === 'register') {
        res.redirect('/register');
      }
      else if (action === 'login') {
        res.redirect('/login');
      }
      else if (action === 'disconnect') {
        res.redirect('back');
      }
      else {
        // make sure the server always returns a response to the client
        // i.e passport-local bad username/email or password
        res.send(403, err);
      }
    }

    sails.services.passport.callback(req, res, function (err, user, info, status) {
      if (err || !user) {
        sails.log.warn(user, err, info, status);
		  if(!err && info) {
			  return negotiateError(info);
		  }
        return negotiateError(err);
      }

      req.login(user, function (err) {
        if (err) {
          sails.log.warn(err);
          return negotiateError(err);
        }

        req.session.authenticated = true;

        // maybe update last login
        return sails.models.user.updateLastLogin(user).then(() => {

          // Upon successful login, optionally redirect the user if there is a
          // `next` query param
          if (req.query.next) {
            var url = sails.services.authservice.buildCallbackNextUrl(req);
            res.status(302).set('Location', url);
          }

          sails.log.info('user', user, 'authenticated successfully');
          return res.json(user);

        });

      });
    });
  },

  /**
   * Disconnect a passport from a user
   *
   * @param {Object} req
   * @param {Object} res
   */
  disconnect: function (req, res) {
    sails.services.passport.disconnect(req, res);
  }
};