Adds auth check to linked path. Removes unused routes.
This commit is contained in:
@@ -7,8 +7,8 @@ var TwitterStrategy = require('passport-twitter').Strategy;
|
||||
var GitHubStrategy = require('passport-github').Strategy;
|
||||
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
|
||||
var LinkedInStrategy = require('passport-linkedin-oauth2').Strategy;
|
||||
var OAuthStrategy = require('passport-oauth').OAuthStrategy; // Tumblr
|
||||
var OAuth2Strategy = require('passport-oauth').OAuth2Strategy; // Venmo, Foursquare
|
||||
var OAuthStrategy = require('passport-oauth').OAuthStrategy;
|
||||
var OAuth2Strategy = require('passport-oauth').OAuth2Strategy;
|
||||
var User = require('../models/User');
|
||||
var secrets = require('./secrets');
|
||||
|
||||
@@ -22,8 +22,136 @@ passport.deserializeUser(function(id, done) {
|
||||
});
|
||||
});
|
||||
|
||||
// Sign in with Instagram.
|
||||
/**
|
||||
* OAuth Strategy Overview
|
||||
*
|
||||
* - User is already logged in.
|
||||
* - Check if there is an existing account with a <provider> id.
|
||||
* - If there is, return an error message. (Account merging not supported)
|
||||
* - Else link new OAuth account with currently logged-in user.
|
||||
* - User is not logged in.
|
||||
* - Check if it's a returning user.
|
||||
* - If returning user, sign in and we are done.
|
||||
* - Else check if there is an existing account with user's email.
|
||||
* - If there is, return an error message.
|
||||
* - Else create a new account.
|
||||
*/
|
||||
|
||||
// Sign in with Twitter.
|
||||
passport.use(new TwitterStrategy(secrets.twitter, function(req, accessToken, tokenSecret, profile, done) {
|
||||
if (req.user) {
|
||||
User.findOne({ twitter: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) {
|
||||
req.flash('errors', { msg: 'There is already a Twitter account that belongs to you. Sign in with that account or delete it, then link it with your current account.' });
|
||||
done(err);
|
||||
} else {
|
||||
User.findById(req.user.id, function(err, user) {
|
||||
user.twitter = profile.id;
|
||||
user.tokens.push({ kind: 'twitter', accessToken: accessToken, tokenSecret: tokenSecret });
|
||||
user.profile.name = user.profile.name || profile.displayName;
|
||||
user.profile.location = user.profile.location || profile._json.location;
|
||||
user.profile.picture = user.profile.picture || profile._json.profile_image_url_https;
|
||||
user.profile.username = profile.username;
|
||||
user.save(function(err) {
|
||||
req.flash('info', { msg: 'Twitter account has been linked.' });
|
||||
done(err, user);
|
||||
});
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
} else {
|
||||
User.findOne({ twitter: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) return done(null, existingUser);
|
||||
var user = new User();
|
||||
// Twitter will not provide an email address. Period.
|
||||
// But a person’s twitter username is guaranteed to be unique
|
||||
// so we can "fake" a twitter email address as follows:
|
||||
user.email = profile.username + "@twitter.com";
|
||||
user.twitter = profile.id;
|
||||
user.tokens.push({ kind: 'twitter', accessToken: accessToken, tokenSecret: tokenSecret });
|
||||
user.profile.name = profile.displayName;
|
||||
user.profile.location = profile._json.location;
|
||||
user.profile.picture = profile._json.profile_image_url_https;
|
||||
user.save(function(err) {
|
||||
done(err, user);
|
||||
});
|
||||
});
|
||||
}
|
||||
}));
|
||||
|
||||
// Sign in with LinkedIn.
|
||||
passport.use(new LinkedInStrategy(secrets.linkedin, function(req, accessToken, refreshToken, profile, done) {
|
||||
if (req.user) {
|
||||
User.findOne({ linkedin: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) {
|
||||
req.flash('errors', { msg: 'There is already a LinkedIn account that belongs to you. Sign in with that account or delete it, then link it with your current account.' });
|
||||
done(err);
|
||||
} else {
|
||||
User.findById(req.user.id, function(err, user) {
|
||||
user.linkedin = profile.id;
|
||||
user.tokens.push({ kind: 'linkedin', accessToken: accessToken });
|
||||
user.profile.name = user.profile.name || profile.displayName;
|
||||
user.profile.location = user.profile.location || profile._json.location.name;
|
||||
user.profile.picture = user.profile.picture || profile._json.pictureUrl;
|
||||
user.profile.website = user.profile.website || profile._json.publicProfileUrl;
|
||||
user.save(function(err) {
|
||||
req.flash('info', { msg: 'LinkedIn account has been linked.' });
|
||||
done(err, user);
|
||||
});
|
||||
});
|
||||
}
|
||||
});
|
||||
} else {
|
||||
User.findOne({ linkedin: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) return done(null, existingUser);
|
||||
User.findOne({ email: profile._json.emailAddress }, function(err, existingEmailUser) {
|
||||
if (existingEmailUser) {
|
||||
req.flash('errors', { msg: 'There is already an account using this email address. Sign in to that account and link it with LinkedIn manually from Account Settings.' });
|
||||
done(err);
|
||||
} else {
|
||||
var user = new User();
|
||||
user.linkedin = profile.id;
|
||||
user.tokens.push({ kind: 'linkedin', accessToken: accessToken });
|
||||
user.email = profile._json.emailAddress;
|
||||
user.profile.name = profile.displayName;
|
||||
user.profile.location = profile._json.location.name;
|
||||
user.profile.picture = profile._json.pictureUrl;
|
||||
user.profile.website = profile._json.publicProfileUrl;
|
||||
user.save(function(err) {
|
||||
done(err, user);
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
}));
|
||||
|
||||
|
||||
// Login Required middleware.
|
||||
|
||||
module.exports = {
|
||||
isAuthenticated: isAuthenticated,
|
||||
isAuthorized: isAuthorized
|
||||
};
|
||||
|
||||
function isAuthenticated(req, res, next) {
|
||||
if (req.isAuthenticated()) return next();
|
||||
res.redirect('/login');
|
||||
}
|
||||
|
||||
// Authorization Required middleware.
|
||||
function isAuthorized(req, res, next) {
|
||||
var provider = req.path.split('/').slice(-1)[0];
|
||||
|
||||
if (_.find(req.user.tokens, { kind: provider })) {
|
||||
next();
|
||||
} else {
|
||||
res.redirect('/auth/' + provider);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
passport.use(new InstagramStrategy(secrets.instagram,function(req, accessToken, refreshToken, profile, done) {
|
||||
if (req.user) {
|
||||
User.findOne({ instagram: profile.id }, function(err, existingUser) {
|
||||
@@ -66,7 +194,6 @@ passport.use(new InstagramStrategy(secrets.instagram,function(req, accessToken,
|
||||
}));
|
||||
|
||||
// Sign in using Email and Password.
|
||||
|
||||
passport.use(new LocalStrategy({ usernameField: 'email' }, function(email, password, done) {
|
||||
User.findOne({ email: email }, function(err, user) {
|
||||
if (!user) return done(null, false, { message: 'Email ' + email + ' not found'});
|
||||
@@ -80,20 +207,6 @@ passport.use(new LocalStrategy({ usernameField: 'email' }, function(email, passw
|
||||
});
|
||||
}));
|
||||
|
||||
/**
|
||||
* OAuth Strategy Overview
|
||||
*
|
||||
* - User is already logged in.
|
||||
* - Check if there is an existing account with a <provider> id.
|
||||
* - If there is, return an error message. (Account merging not supported)
|
||||
* - Else link new OAuth account with currently logged-in user.
|
||||
* - User is not logged in.
|
||||
* - Check if it's a returning user.
|
||||
* - If returning user, sign in and we are done.
|
||||
* - Else check if there is an existing account with user's email.
|
||||
* - If there is, return an error message.
|
||||
* - Else create a new account.
|
||||
*/
|
||||
|
||||
// Sign in with Facebook.
|
||||
|
||||
@@ -190,49 +303,6 @@ passport.use(new GitHubStrategy(secrets.github, function(req, accessToken, refre
|
||||
}
|
||||
}));
|
||||
|
||||
// Sign in with Twitter.
|
||||
|
||||
passport.use(new TwitterStrategy(secrets.twitter, function(req, accessToken, tokenSecret, profile, done) {
|
||||
if (req.user) {
|
||||
User.findOne({ twitter: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) {
|
||||
req.flash('errors', { msg: 'There is already a Twitter account that belongs to you. Sign in with that account or delete it, then link it with your current account.' });
|
||||
done(err);
|
||||
} else {
|
||||
User.findById(req.user.id, function(err, user) {
|
||||
user.twitter = profile.id;
|
||||
user.tokens.push({ kind: 'twitter', accessToken: accessToken, tokenSecret: tokenSecret });
|
||||
user.profile.name = user.profile.name || profile.displayName;
|
||||
user.profile.location = user.profile.location || profile._json.location;
|
||||
user.profile.picture = user.profile.picture || profile._json.profile_image_url_https;
|
||||
user.profile.username = profile.username;
|
||||
user.save(function(err) {
|
||||
req.flash('info', { msg: 'Twitter account has been linked.' });
|
||||
done(err, user);
|
||||
});
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
} else {
|
||||
User.findOne({ twitter: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) return done(null, existingUser);
|
||||
var user = new User();
|
||||
// Twitter will not provide an email address. Period.
|
||||
// But a person’s twitter username is guaranteed to be unique
|
||||
// so we can "fake" a twitter email address as follows:
|
||||
user.email = profile.username + "@twitter.com";
|
||||
user.twitter = profile.id;
|
||||
user.tokens.push({ kind: 'twitter', accessToken: accessToken, tokenSecret: tokenSecret });
|
||||
user.profile.name = profile.displayName;
|
||||
user.profile.location = profile._json.location;
|
||||
user.profile.picture = profile._json.profile_image_url_https;
|
||||
user.save(function(err) {
|
||||
done(err, user);
|
||||
});
|
||||
});
|
||||
}
|
||||
}));
|
||||
|
||||
// Sign in with Google.
|
||||
|
||||
@@ -280,53 +350,6 @@ passport.use(new GoogleStrategy(secrets.google, function(req, accessToken, refre
|
||||
}
|
||||
}));
|
||||
|
||||
// Sign in with LinkedIn.
|
||||
|
||||
passport.use(new LinkedInStrategy(secrets.linkedin, function(req, accessToken, refreshToken, profile, done) {
|
||||
if (req.user) {
|
||||
User.findOne({ linkedin: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) {
|
||||
req.flash('errors', { msg: 'There is already a LinkedIn account that belongs to you. Sign in with that account or delete it, then link it with your current account.' });
|
||||
done(err);
|
||||
} else {
|
||||
User.findById(req.user.id, function(err, user) {
|
||||
user.linkedin = profile.id;
|
||||
user.tokens.push({ kind: 'linkedin', accessToken: accessToken });
|
||||
user.profile.name = user.profile.name || profile.displayName;
|
||||
user.profile.location = user.profile.location || profile._json.location.name;
|
||||
user.profile.picture = user.profile.picture || profile._json.pictureUrl;
|
||||
user.profile.website = user.profile.website || profile._json.publicProfileUrl;
|
||||
user.save(function(err) {
|
||||
req.flash('info', { msg: 'LinkedIn account has been linked.' });
|
||||
done(err, user);
|
||||
});
|
||||
});
|
||||
}
|
||||
});
|
||||
} else {
|
||||
User.findOne({ linkedin: profile.id }, function(err, existingUser) {
|
||||
if (existingUser) return done(null, existingUser);
|
||||
User.findOne({ email: profile._json.emailAddress }, function(err, existingEmailUser) {
|
||||
if (existingEmailUser) {
|
||||
req.flash('errors', { msg: 'There is already an account using this email address. Sign in to that account and link it with LinkedIn manually from Account Settings.' });
|
||||
done(err);
|
||||
} else {
|
||||
var user = new User();
|
||||
user.linkedin = profile.id;
|
||||
user.tokens.push({ kind: 'linkedin', accessToken: accessToken });
|
||||
user.email = profile._json.emailAddress;
|
||||
user.profile.name = profile.displayName;
|
||||
user.profile.location = profile._json.location.name;
|
||||
user.profile.picture = profile._json.pictureUrl;
|
||||
user.profile.website = profile._json.publicProfileUrl;
|
||||
user.save(function(err) {
|
||||
done(err, user);
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
}));
|
||||
|
||||
// Tumblr API setup.
|
||||
|
||||
@@ -388,22 +411,4 @@ passport.use('venmo', new OAuth2Strategy({
|
||||
});
|
||||
}
|
||||
));
|
||||
|
||||
// Login Required middleware.
|
||||
|
||||
exports.isAuthenticated = function(req, res, next) {
|
||||
if (req.isAuthenticated()) return next();
|
||||
res.redirect('/login');
|
||||
};
|
||||
|
||||
// Authorization Required middleware.
|
||||
|
||||
exports.isAuthorized = function(req, res, next) {
|
||||
var provider = req.path.split('/').slice(-1)[0];
|
||||
|
||||
if (_.find(req.user.tokens, { kind: provider })) {
|
||||
next();
|
||||
} else {
|
||||
res.redirect('/auth/' + provider);
|
||||
}
|
||||
};
|
||||
*/
|
||||
|
Reference in New Issue
Block a user