UNPKG

@quarks/quarks-iam

Version:

A modern authorization server built to authenticate your users and protect your APIs

github.com/anvilresearch/connect

anvilresearch/connect

101 lines (91 loc) 2.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
/** * Module dependencies */ var oidc = require('../oidc') var settings = require('../boot/settings') var mailer = require('../boot/mailer').getMailer() var authenticator = require('../lib/authenticator') var qs = require('qs') var InvalidRequestError = require('../errors/InvalidRequestError') var providers = require('../providers') var providerInfo = {} var providerNames = Object.keys(providers) for (var i = 0; i < providerNames.length; i++) { providerInfo[providerNames[i]] = providers[providerNames[i]] } var visibleProviders = {} // Only render providers that are not marked as hidden Object.keys(settings.providers).forEach(function (providerID) { if (!settings.providers[providerID].hidden) { visibleProviders[providerID] = settings.providers[providerID] } }) /** * Signin Endpoint */ module.exports = function (server) { /** * Signin page */ server.get('/signin', oidc.selectConnectParams, oidc.verifyClient, oidc.validateAuthorizationParams, function (req, res, next) { res.render('signin', { params: qs.stringify(req.query), request: req.query, providers: visibleProviders, providerInfo: providerInfo, mailSupport: !!(mailer.transport) }) }) /** * Password signin handler */ var handler = [ oidc.selectConnectParams, oidc.verifyClient, oidc.validateAuthorizationParams, oidc.determineProvider, oidc.enforceReferrer('/signin'), function (req, res, next) { if (!req.provider) { next(new InvalidRequestError('Invalid provider')) } else { authenticator.dispatch(req.body.provider, req, res, next, function (err, user, info) { if (err) { res.render('signin', { params: qs.stringify(req.body), request: req.body, providers: visibleProviders, providerInfo: providerInfo, mailSupport: !!(mailer.transport), error: err.message }) } else if (!user) { res.render('signin', { params: qs.stringify(req.body), request: req.body, providers: visibleProviders, providerInfo: providerInfo, mailSupport: !!(mailer.transport), formError: info.message }) } else { authenticator.login(req, user) next() } }) } }, oidc.requireVerifiedEmail(), oidc.determineUserScope, oidc.promptToAuthorize, oidc.authorize ] if (oidc.beforeAuthorize) { handler.splice(handler.length - 1, 0, oidc.beforeAuthorize) } server.post('/signin', handler) }