moleculer-iam/dist/op/app/login.js

Centralized IAM module for moleculer. Including a certified OIDC provider and an Identity provider for user profile, credentials, and custom claims management. Custom claims could be defined/updated by declarative schema which contains claims validation a

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.buildLoginRoutes = void 0;
const idp_1 = require("../../idp");
function buildLoginRoutes(builder, opts) {
    builder.app.router // redirect to initial render page
        // initial render page
        .get("/login", async (ctx, next) => {
        const { user, userClaims, interaction } = ctx.op;
        ctx.op.assertPrompt(["login", "consent"]);
        // already signed in and consent app
        if (user) {
            const changeAccount = ctx.query.change_account === "true" || interaction.params.change_account === "true";
            const resume = !changeAccount && interaction.prompt.name !== "login";
            if (resume) {
                return ctx.op.redirectWithUpdate({
                    login: {
                        account: user.id,
                        remember: true,
                    },
                });
            }
            // redirect to same page with signed in user's email hint
            if (!changeAccount && userClaims && userClaims.email && !ctx.query.email) {
                return ctx.op.redirect(`/login?email=${encodeURIComponent(userClaims.email)}`);
            }
        }
        // automatic federation
        const federate = ctx.query.federate || interaction.params.federate;
        if (federate) {
            return builder.app.federation.handleRequest(ctx, next, federate);
        }
        return ctx.op.render("login");
    })
        // check login email exists
        .post("/login/check_email", async (ctx) => {
        const user = await ctx.idp.findOrFail({ claims: { email: ctx.request.body.email || "" } });
        // set login data to session state and response
        const userClaims = await ctx.op.getPublicUserProps(user);
        ctx.op.setSessionPublicState(prevState => ({
            ...prevState,
            login: { user: userClaims },
        }));
        return ctx.op.end();
    })
        // handle password login
        .get("/login/check_password", async (ctx) => {
        if (!ctx.op.sessionPublicState.login) {
            return ctx.op.redirect("/login" + (ctx.search || ""));
        }
        return ctx.op.render("login");
    })
        .post("/login/check_password", async (ctx) => {
        ctx.op.assertPrompt();
        const { email, password } = ctx.request.body;
        // check account and password
        const user = await ctx.idp.findOrFail({ claims: { email: email || "" } });
        const verified = await user.assertCredentials({ password: password || "" });
        if (verified === null) {
            throw new idp_1.IAMErrors.UnsupportedCredentials();
        }
        else if (!verified) {
            throw new idp_1.IAMErrors.InvalidCredentials();
        }
        // clear login session state
        ctx.op.setSessionPublicState(prevState => ({
            ...prevState,
            login: undefined,
        }));
        // finish app and give redirection uri
        return ctx.op.redirectWithUpdate({
            login: {
                account: user.id,
                remember: true,
            },
        });
    });
}
exports.buildLoginRoutes = buildLoginRoutes;
//# sourceMappingURL=login.js.map