@tiledesk/tiledesk-server 2.14.29 → 2.14.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -1
- package/package.json +1 -1
- package/routes/auth.js +109 -102
package/CHANGELOG.md
CHANGED
|
@@ -5,8 +5,9 @@
|
|
|
5
5
|
🚀 IN PRODUCTION 🚀
|
|
6
6
|
(https://www.npmjs.com/package/@tiledesk/tiledesk-server/v/2.3.77)
|
|
7
7
|
|
|
8
|
-
# 2.15.
|
|
8
|
+
# 2.15.1
|
|
9
9
|
- Updated whatsapp-connector to 1.0.23
|
|
10
|
+
- Fix logout with Google Signin method
|
|
10
11
|
|
|
11
12
|
# 2.14.28
|
|
12
13
|
- Add audio MIME type equivalences for MPEG, MP3, and Opus formats
|
package/package.json
CHANGED
package/routes/auth.js
CHANGED
|
@@ -50,8 +50,8 @@ const errorCodes = require('../errorCodes');
|
|
|
50
50
|
|
|
51
51
|
router.post('/signup',
|
|
52
52
|
[
|
|
53
|
-
check('email').isEmail(),
|
|
54
|
-
check('firstname').notEmpty(),
|
|
53
|
+
check('email').isEmail(),
|
|
54
|
+
check('firstname').notEmpty(),
|
|
55
55
|
check('lastname').notEmpty(),
|
|
56
56
|
recaptcha
|
|
57
57
|
|
|
@@ -72,11 +72,11 @@ router.post('/signup',
|
|
|
72
72
|
winston.error("Signup validation error", errors);
|
|
73
73
|
return res.status(422).json({ errors: errors.array() });
|
|
74
74
|
}
|
|
75
|
-
|
|
75
|
+
|
|
76
76
|
if (!req.body.email || !req.body.password) {
|
|
77
77
|
winston.error("Signup validation error. Email or password is missing", {email: req.body.email, password: req.body.password});
|
|
78
78
|
return res.json({ success: false, msg: 'Please pass email and password.' });
|
|
79
|
-
} else {
|
|
79
|
+
} else {
|
|
80
80
|
|
|
81
81
|
// TODO: move the regex control inside signup method of UserService.
|
|
82
82
|
// Warning: the pwd used in every test must be changed!
|
|
@@ -87,7 +87,7 @@ router.post('/signup',
|
|
|
87
87
|
|
|
88
88
|
return userService.signup(req.body.email, req.body.password, req.body.firstname, req.body.lastname, false, req.body.phone)
|
|
89
89
|
.then( async function (savedUser) {
|
|
90
|
-
|
|
90
|
+
|
|
91
91
|
winston.debug('-- >> -- >> savedUser ', savedUser.toObject());
|
|
92
92
|
|
|
93
93
|
let skipVerificationEmail = false;
|
|
@@ -113,11 +113,11 @@ router.post('/signup',
|
|
|
113
113
|
let key = "emailverify:verify-" + verify_email_code;
|
|
114
114
|
let obj = { _id: savedUser._id, email: savedUser.email}
|
|
115
115
|
let value = JSON.stringify(obj);
|
|
116
|
-
redis_client.set(key, value, { EX: 900} )
|
|
116
|
+
redis_client.set(key, value, { EX: 900} )
|
|
117
117
|
emailService.sendVerifyEmailAddress(savedUser.email, savedUser, verify_email_code);
|
|
118
118
|
}
|
|
119
119
|
}
|
|
120
|
-
|
|
120
|
+
|
|
121
121
|
// if (!req.body.disableEmail){
|
|
122
122
|
// emailService.sendVerifyEmailAddress(savedUser.email, savedUser);
|
|
123
123
|
// }
|
|
@@ -126,8 +126,8 @@ router.post('/signup',
|
|
|
126
126
|
/*
|
|
127
127
|
* *** CHECK THE EMAIL OF THE NEW USER IN THE PENDING INVITATIONS TABLE ***
|
|
128
128
|
* IF EXIST MEANS THAT THE NEW USER HAS BEEN INVITED TO A PROJECT WHEN IT HAS NOT YET REGISTERED
|
|
129
|
-
* SO IF ITS EMAIL EXIST IN THE PENDING INVITATIONS TABLE ARE CREATED THE PROJECT USER FOR THE PROJECTS
|
|
130
|
-
* TO WHICH WAS INVITED, AT THE SAME TIME THE USER ARE DELETED FROM THE PENDING INVITATION TABLE
|
|
129
|
+
* SO IF ITS EMAIL EXIST IN THE PENDING INVITATIONS TABLE ARE CREATED THE PROJECT USER FOR THE PROJECTS
|
|
130
|
+
* TO WHICH WAS INVITED, AT THE SAME TIME THE USER ARE DELETED FROM THE PENDING INVITATION TABLE
|
|
131
131
|
*/
|
|
132
132
|
pendinginvitation.checkNewUserInPendingInvitationAndSavePrcjUser(savedUser.email, savedUser._id);
|
|
133
133
|
// .then(function (projectUserSaved) {
|
|
@@ -137,19 +137,19 @@ router.post('/signup',
|
|
|
137
137
|
// });
|
|
138
138
|
|
|
139
139
|
|
|
140
|
-
authEvent.emit("user.signup", {savedUser: savedUser, req: req});
|
|
140
|
+
authEvent.emit("user.signup", {savedUser: savedUser, req: req});
|
|
141
141
|
|
|
142
142
|
|
|
143
|
-
//remove password
|
|
143
|
+
//remove password
|
|
144
144
|
let userJson = savedUser.toObject();
|
|
145
145
|
delete userJson.password;
|
|
146
|
-
|
|
146
|
+
|
|
147
147
|
|
|
148
148
|
res.json({ success: true, msg: 'Successfully created new user.', user: userJson });
|
|
149
149
|
}).catch(function (err) {
|
|
150
|
-
|
|
150
|
+
|
|
151
151
|
winston.error('Error registering new user', err);
|
|
152
|
-
authEvent.emit("user.signup.error", {req: req, err:err});
|
|
152
|
+
authEvent.emit("user.signup.error", {req: req, err:err});
|
|
153
153
|
|
|
154
154
|
if (err.code === 11000) {
|
|
155
155
|
res.status(403).send({ success: false, message: "Email already registered" });
|
|
@@ -167,12 +167,12 @@ router.post('/signup',
|
|
|
167
167
|
|
|
168
168
|
// curl -v -X POST -H 'Content-Type:application/json' -u 6b4d2080-3583-444d-9901-e3564a22a79b@tiledesk.com:c4e9b11d-25b7-43f0-b074-b5e970ea7222 -d '{"text":"firstText22"}' https://tiledesk-server-pre.herokuapp.com/5df2240cecd41b00173a06bb/requests/support-group-554477/messages
|
|
169
169
|
|
|
170
|
-
router.post('/signinAnonymously',
|
|
170
|
+
router.post('/signinAnonymously',
|
|
171
171
|
[
|
|
172
|
-
check('id_project').notEmpty(),
|
|
172
|
+
check('id_project').notEmpty(),
|
|
173
173
|
],
|
|
174
174
|
function (req, res) {
|
|
175
|
-
|
|
175
|
+
|
|
176
176
|
const errors = validationResult(req);
|
|
177
177
|
if (!errors.isEmpty()) {
|
|
178
178
|
winston.error("SigninAnonymously validation error", {errors: errors, reqBody: req.body, reqUrl: req.url });
|
|
@@ -180,14 +180,14 @@ function (req, res) {
|
|
|
180
180
|
}
|
|
181
181
|
|
|
182
182
|
let uid = uuidv4();
|
|
183
|
-
let shortuid = uid.substring(0,4);
|
|
183
|
+
let shortuid = uid.substring(0,4);
|
|
184
184
|
var firstname = req.body.firstname || "guest#"+shortuid; // guest_here
|
|
185
185
|
// var firstname = req.body.firstname || "Guest"; // guest_here
|
|
186
|
-
|
|
187
|
-
|
|
186
|
+
|
|
187
|
+
|
|
188
188
|
|
|
189
189
|
//TODO togli trattini da uuidv4()
|
|
190
|
-
|
|
190
|
+
|
|
191
191
|
// TODO remove email.sec?
|
|
192
192
|
let userAnonym = {_id: uid, firstname:firstname, lastname: req.body.lastname, email: req.body.email, attributes: req.body.attributes};
|
|
193
193
|
|
|
@@ -207,13 +207,13 @@ function (req, res) {
|
|
|
207
207
|
winston.error('Error saving object.', err)
|
|
208
208
|
return res.status(500).send({ success: false, msg: 'Error saving object.' });
|
|
209
209
|
}
|
|
210
|
-
|
|
210
|
+
|
|
211
211
|
|
|
212
212
|
var signOptions = {
|
|
213
213
|
issuer: 'https://tiledesk.com',
|
|
214
214
|
subject: 'guest',
|
|
215
215
|
audience: 'https://tiledesk.com',
|
|
216
|
-
jwtid: uuidv4()
|
|
216
|
+
jwtid: uuidv4()
|
|
217
217
|
};
|
|
218
218
|
|
|
219
219
|
var alg = process.env.GLOBAL_SECRET_ALGORITHM;
|
|
@@ -224,16 +224,16 @@ function (req, res) {
|
|
|
224
224
|
var token = jwt.sign(userAnonym, configSecret, signOptions); //priv_jwt pp_jwt
|
|
225
225
|
|
|
226
226
|
|
|
227
|
-
authEvent.emit("user.signin", {user:userAnonym, req:req, jti:signOptions.jwtid, token: 'JWT ' + token});
|
|
228
|
-
|
|
229
|
-
authEvent.emit("projectuser.create", savedProject_user);
|
|
227
|
+
authEvent.emit("user.signin", {user:userAnonym, req:req, jti:signOptions.jwtid, token: 'JWT ' + token});
|
|
228
|
+
|
|
229
|
+
authEvent.emit("projectuser.create", savedProject_user);
|
|
230
230
|
|
|
231
231
|
winston.debug('project user created ', savedProject_user.toObject());
|
|
232
232
|
|
|
233
233
|
res.json({ success: true, token: 'JWT ' + token, user: userAnonym });
|
|
234
234
|
});
|
|
235
|
-
|
|
236
|
-
|
|
235
|
+
|
|
236
|
+
|
|
237
237
|
});
|
|
238
238
|
|
|
239
239
|
|
|
@@ -242,7 +242,7 @@ function (req, res) {
|
|
|
242
242
|
router.post('/signinWithCustomToken', [
|
|
243
243
|
// function(req,res,next) {req.disablePassportEntityCheck = true;winston.debug("disablePassportEntityCheck=true"); next();},
|
|
244
244
|
noentitycheck,
|
|
245
|
-
passport.authenticate(['jwt'], { session: false }),
|
|
245
|
+
passport.authenticate(['jwt'], { session: false }),
|
|
246
246
|
validtoken], async (req, res) => {
|
|
247
247
|
|
|
248
248
|
winston.debug("signinWithCustomToken req: ", req );
|
|
@@ -255,17 +255,17 @@ router.post('/signinWithCustomToken', [
|
|
|
255
255
|
// if (!req.user.jti) {
|
|
256
256
|
// return res.status(400).send({ success: false, msg: 'JWT JTI field is required' });
|
|
257
257
|
// }
|
|
258
|
-
|
|
258
|
+
|
|
259
259
|
const audUrl = new URL(req.user.aud);
|
|
260
260
|
winston.debug("audUrl: "+ audUrl );
|
|
261
261
|
const path = audUrl.pathname;
|
|
262
262
|
winston.debug("audUrl path: " + path );
|
|
263
|
-
|
|
263
|
+
|
|
264
264
|
const AudienceType = path.split("/")[1];
|
|
265
265
|
winston.debug("audUrl AudienceType: " + AudienceType );
|
|
266
266
|
|
|
267
267
|
var id_project;
|
|
268
|
-
|
|
268
|
+
|
|
269
269
|
let userToReturn = req.user;
|
|
270
270
|
|
|
271
271
|
var role = RoleConstants.USER;
|
|
@@ -297,7 +297,7 @@ router.post('/signinWithCustomToken', [
|
|
|
297
297
|
return res.status(400).send({ success: false, msg: 'JWT Aud.AudienceId field is required for AudienceType projects' });
|
|
298
298
|
}
|
|
299
299
|
|
|
300
|
-
id_project = AudienceId;
|
|
300
|
+
id_project = AudienceId;
|
|
301
301
|
|
|
302
302
|
|
|
303
303
|
} else {
|
|
@@ -309,9 +309,9 @@ router.post('/signinWithCustomToken', [
|
|
|
309
309
|
// When happen? when an agent (or admin) from ionic find a tiledesk token in the localstorage (from dashboard) and use signinWithCustomToken to obtain user object
|
|
310
310
|
return res.json({ success: true, token: req.headers["authorization"], user: req.user });
|
|
311
311
|
}
|
|
312
|
-
|
|
313
|
-
}
|
|
314
|
-
|
|
312
|
+
|
|
313
|
+
}
|
|
314
|
+
|
|
315
315
|
|
|
316
316
|
|
|
317
317
|
if (req.user.role) {
|
|
@@ -321,8 +321,8 @@ router.post('/signinWithCustomToken', [
|
|
|
321
321
|
winston.debug("id_project: " + id_project + " uuid_user " + req.user._id + " role " + role);
|
|
322
322
|
|
|
323
323
|
|
|
324
|
-
Project_user.findOne({ id_project: id_project, uuid_user: req.user._id}).
|
|
325
|
-
// Project_user.findOne({ id_project: id_project, uuid_user: req.user._id, role: role}).
|
|
324
|
+
Project_user.findOne({ id_project: id_project, uuid_user: req.user._id}).
|
|
325
|
+
// Project_user.findOne({ id_project: id_project, uuid_user: req.user._id, role: role}).
|
|
326
326
|
exec(async (err, project_user) => {
|
|
327
327
|
if (err) {
|
|
328
328
|
winston.error(err);
|
|
@@ -336,8 +336,8 @@ router.post('/signinWithCustomToken', [
|
|
|
336
336
|
let createNewUser = false;
|
|
337
337
|
winston.debug('role2: '+ role)
|
|
338
338
|
|
|
339
|
-
|
|
340
|
-
if (role === RoleConstants.OWNER || role === RoleConstants.ADMIN || role === RoleConstants.AGENT) {
|
|
339
|
+
|
|
340
|
+
if (role === RoleConstants.OWNER || role === RoleConstants.ADMIN || role === RoleConstants.AGENT) {
|
|
341
341
|
createNewUser = true;
|
|
342
342
|
winston.debug('role owner or admin or agent');
|
|
343
343
|
var newUser;
|
|
@@ -351,31 +351,31 @@ router.post('/signinWithCustomToken', [
|
|
|
351
351
|
if (e.code = "E11000") {
|
|
352
352
|
newUser = await User.findOne({email: req.user.email.toLowerCase(), status: 100}).exec();
|
|
353
353
|
winston.debug('signup found')
|
|
354
|
-
// qui dovresti cercare pu sul progetto con id di newUser se c'è
|
|
354
|
+
// qui dovresti cercare pu sul progetto con id di newUser se c'è
|
|
355
355
|
var project_userUser = await Project_user.findOne({ id_project: id_project, id_user: newUser._id}).exec();
|
|
356
356
|
if (project_userUser) {
|
|
357
357
|
winston.debug('project user found')
|
|
358
358
|
if (project_userUser.status==="active") {
|
|
359
|
-
var signOptions = {
|
|
360
|
-
issuer: 'https://tiledesk.com',
|
|
359
|
+
var signOptions = {
|
|
360
|
+
issuer: 'https://tiledesk.com',
|
|
361
361
|
subject: 'user',
|
|
362
362
|
audience: 'https://tiledesk.com',
|
|
363
363
|
jwtid: uuidv4()
|
|
364
364
|
};
|
|
365
|
-
|
|
365
|
+
|
|
366
366
|
var alg = process.env.GLOBAL_SECRET_ALGORITHM;
|
|
367
367
|
if (alg) {
|
|
368
368
|
signOptions.algorithm = alg;
|
|
369
369
|
}
|
|
370
370
|
winston.debug('project user found2')
|
|
371
371
|
|
|
372
|
-
//remove password //test it
|
|
372
|
+
//remove password //test it
|
|
373
373
|
let userJson = newUser.toObject();
|
|
374
374
|
delete userJson.password;
|
|
375
375
|
winston.debug('project user found3')
|
|
376
376
|
|
|
377
377
|
let returnToken = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
378
|
-
|
|
378
|
+
|
|
379
379
|
winston.debug('project user found4')
|
|
380
380
|
|
|
381
381
|
if (returnToken.indexOf("JWT")<0) {
|
|
@@ -387,10 +387,10 @@ router.post('/signinWithCustomToken', [
|
|
|
387
387
|
|
|
388
388
|
}
|
|
389
389
|
}
|
|
390
|
-
|
|
391
|
-
}
|
|
390
|
+
|
|
391
|
+
}
|
|
392
392
|
}
|
|
393
|
-
|
|
393
|
+
|
|
394
394
|
if (!newUser) {
|
|
395
395
|
return res.status(401).send({ success: false, msg: 'User not found.' });
|
|
396
396
|
}
|
|
@@ -398,7 +398,7 @@ router.post('/signinWithCustomToken', [
|
|
|
398
398
|
winston.debug('userToReturn forced to newUser.', newUser)
|
|
399
399
|
userToReturn=newUser;
|
|
400
400
|
|
|
401
|
-
|
|
401
|
+
|
|
402
402
|
|
|
403
403
|
}
|
|
404
404
|
|
|
@@ -429,21 +429,21 @@ router.post('/signinWithCustomToken', [
|
|
|
429
429
|
return res.json({ success: true, token: req.headers["authorization"], user: userToReturn});
|
|
430
430
|
}
|
|
431
431
|
|
|
432
|
-
|
|
433
|
-
authEvent.emit("projectuser.create", savedProject_user);
|
|
434
432
|
|
|
435
|
-
authEvent.emit("
|
|
433
|
+
authEvent.emit("projectuser.create", savedProject_user);
|
|
434
|
+
|
|
435
|
+
authEvent.emit("user.signin", {user:userToReturn, req:req, token: req.headers["authorization"]});
|
|
436
436
|
|
|
437
437
|
winston.debug('project user created ', savedProject_user.toObject());
|
|
438
438
|
|
|
439
439
|
|
|
440
440
|
let returnToken = req.headers["authorization"];
|
|
441
|
-
if (createNewUser===true) {
|
|
441
|
+
if (createNewUser===true) {
|
|
442
442
|
|
|
443
443
|
|
|
444
444
|
|
|
445
|
-
var signOptions = {
|
|
446
|
-
issuer: 'https://tiledesk.com',
|
|
445
|
+
var signOptions = {
|
|
446
|
+
issuer: 'https://tiledesk.com',
|
|
447
447
|
subject: 'user',
|
|
448
448
|
audience: 'https://tiledesk.com',
|
|
449
449
|
jwtid: uuidv4()
|
|
@@ -454,12 +454,12 @@ router.post('/signinWithCustomToken', [
|
|
|
454
454
|
signOptions.algorithm = alg;
|
|
455
455
|
}
|
|
456
456
|
|
|
457
|
-
//remove password //test it
|
|
457
|
+
//remove password //test it
|
|
458
458
|
let userJson = userToReturn.toObject();
|
|
459
459
|
delete userJson.password;
|
|
460
|
-
|
|
460
|
+
|
|
461
461
|
returnToken = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
462
|
-
|
|
462
|
+
|
|
463
463
|
}
|
|
464
464
|
|
|
465
465
|
winston.debug('returnToken '+returnToken);
|
|
@@ -479,8 +479,8 @@ router.post('/signinWithCustomToken', [
|
|
|
479
479
|
|
|
480
480
|
winston.debug('role.'+role)
|
|
481
481
|
winston.debug(' project_user.role', project_user)
|
|
482
|
-
|
|
483
|
-
|
|
482
|
+
|
|
483
|
+
|
|
484
484
|
if (role == project_user.role) {
|
|
485
485
|
winston.debug('equals role : '+role + " " + project_user.role);
|
|
486
486
|
} else {
|
|
@@ -490,8 +490,8 @@ router.post('/signinWithCustomToken', [
|
|
|
490
490
|
if (req.user.role && (req.user.role === RoleConstants.OWNER || req.user.role === RoleConstants.ADMIN || req.user.role === RoleConstants.AGENT)) {
|
|
491
491
|
let userFromDB = await User.findOne({email: req.user.email.toLowerCase(), status: 100}).exec();
|
|
492
492
|
|
|
493
|
-
var signOptions = {
|
|
494
|
-
issuer: 'https://tiledesk.com',
|
|
493
|
+
var signOptions = {
|
|
494
|
+
issuer: 'https://tiledesk.com',
|
|
495
495
|
subject: 'user',
|
|
496
496
|
audience: 'https://tiledesk.com',
|
|
497
497
|
jwtid: uuidv4()
|
|
@@ -502,10 +502,10 @@ router.post('/signinWithCustomToken', [
|
|
|
502
502
|
signOptions.algorithm = alg;
|
|
503
503
|
}
|
|
504
504
|
|
|
505
|
-
//remove password //test it
|
|
505
|
+
//remove password //test it
|
|
506
506
|
let userJson = userFromDB.toObject();
|
|
507
507
|
delete userJson.password;
|
|
508
|
-
|
|
508
|
+
|
|
509
509
|
let returnToken = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
510
510
|
|
|
511
511
|
|
|
@@ -514,11 +514,11 @@ router.post('/signinWithCustomToken', [
|
|
|
514
514
|
}
|
|
515
515
|
return res.json({ success: true, token: returnToken, user: userFromDB });
|
|
516
516
|
// return res.json({ success: true, token: req.headers["authorization"], user: userFromDB });
|
|
517
|
-
|
|
517
|
+
|
|
518
518
|
|
|
519
519
|
} else {
|
|
520
520
|
winston.debug('req.headers["authorization"]: '+req.headers["authorization"]);
|
|
521
|
-
|
|
521
|
+
|
|
522
522
|
return res.json({ success: true, token: req.headers["authorization"], user: userToReturn });
|
|
523
523
|
}
|
|
524
524
|
|
|
@@ -527,12 +527,12 @@ router.post('/signinWithCustomToken', [
|
|
|
527
527
|
winston.warn('Authentication failed. Project_user not active.');
|
|
528
528
|
return res.status(401).send({ success: false, msg: 'Authentication failed. Project_user not active.' });
|
|
529
529
|
}
|
|
530
|
-
|
|
530
|
+
|
|
531
531
|
}
|
|
532
532
|
|
|
533
|
-
|
|
533
|
+
|
|
534
534
|
});
|
|
535
|
-
|
|
535
|
+
|
|
536
536
|
});
|
|
537
537
|
|
|
538
538
|
|
|
@@ -541,12 +541,19 @@ router.post('/signinWithCustomToken', [
|
|
|
541
541
|
|
|
542
542
|
|
|
543
543
|
// TODO aggiungere logout? con user.logout event?
|
|
544
|
+
// router.post('/logout',
|
|
545
|
+
// [passport.authenticate(['jwt'], {session: false}), validtoken],
|
|
546
|
+
// function (req, res) {
|
|
547
|
+
// authEvent.emit("user.logout", {user: req.user, req: req});
|
|
548
|
+
// req.logout();
|
|
549
|
+
// res.json({ success: true, msg: 'Logout successful.' });
|
|
550
|
+
// });
|
|
544
551
|
|
|
545
|
-
router.post('/signin',
|
|
552
|
+
router.post('/signin',
|
|
546
553
|
[
|
|
547
|
-
// check('email').notEmpty(),
|
|
548
|
-
check('email').isEmail(),
|
|
549
|
-
check('password').notEmpty(),
|
|
554
|
+
// check('email').notEmpty(),
|
|
555
|
+
check('email').isEmail(),
|
|
556
|
+
check('password').notEmpty(),
|
|
550
557
|
],
|
|
551
558
|
function (req, res) {
|
|
552
559
|
|
|
@@ -557,7 +564,7 @@ function (req, res) {
|
|
|
557
564
|
}
|
|
558
565
|
|
|
559
566
|
var email = req.body.email.toLowerCase();
|
|
560
|
-
|
|
567
|
+
|
|
561
568
|
winston.debug("email", email);
|
|
562
569
|
User.findOne({
|
|
563
570
|
email: email, status: 100
|
|
@@ -565,10 +572,10 @@ function (req, res) {
|
|
|
565
572
|
if (err) {
|
|
566
573
|
winston.error("Error signin", err);
|
|
567
574
|
throw err;
|
|
568
|
-
}
|
|
575
|
+
}
|
|
569
576
|
|
|
570
|
-
if (!user) {
|
|
571
|
-
authEvent.emit("user.signin.error", {req: req});
|
|
577
|
+
if (!user) {
|
|
578
|
+
authEvent.emit("user.signin.error", {req: req});
|
|
572
579
|
|
|
573
580
|
winston.warn('Authentication failed. User not found.', {email:email});
|
|
574
581
|
res.status(401).send({ success: false, msg: 'Authentication failed. User not found.' });
|
|
@@ -578,15 +585,15 @@ function (req, res) {
|
|
|
578
585
|
if (req.body.password) {
|
|
579
586
|
var superPassword = process.env.SUPER_PASSWORD || "superadmin";
|
|
580
587
|
|
|
581
|
-
// TODO externalize iss aud sub
|
|
588
|
+
// TODO externalize iss aud sub
|
|
582
589
|
|
|
583
|
-
// https://auth0.com/docs/api-auth/tutorials/verify-access-token#validate-the-claims
|
|
590
|
+
// https://auth0.com/docs/api-auth/tutorials/verify-access-token#validate-the-claims
|
|
584
591
|
var signOptions = {
|
|
585
592
|
// The "iss" (issuer) claim identifies the principal that issued the
|
|
586
593
|
// JWT. The processing of this claim is generally application specific.
|
|
587
594
|
// The "iss" value is a case-sensitive string containing a StringOrURI
|
|
588
595
|
// value. Use of this claim is OPTIONAL.
|
|
589
|
-
issuer: 'https://tiledesk.com',
|
|
596
|
+
issuer: 'https://tiledesk.com',
|
|
590
597
|
|
|
591
598
|
// The "sub" (subject) claim identifies the principal that is the
|
|
592
599
|
// subject of the JWT. The claims in a JWT are normally statements
|
|
@@ -628,7 +635,7 @@ function (req, res) {
|
|
|
628
635
|
signOptions.algorithm = alg;
|
|
629
636
|
}
|
|
630
637
|
|
|
631
|
-
//remove password //test it
|
|
638
|
+
//remove password //test it
|
|
632
639
|
let userJson = user.toObject();
|
|
633
640
|
delete userJson.password;
|
|
634
641
|
|
|
@@ -641,9 +648,9 @@ function (req, res) {
|
|
|
641
648
|
if (isMatch && !err) {
|
|
642
649
|
// if user is found and password is right create a token
|
|
643
650
|
var token = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
644
|
-
|
|
645
|
-
authEvent.emit("user.signin", {user:user, req:req, jti:signOptions.jwtid, token: 'JWT ' + token});
|
|
646
|
-
|
|
651
|
+
|
|
652
|
+
authEvent.emit("user.signin", {user:user, req:req, jti:signOptions.jwtid, token: 'JWT ' + token});
|
|
653
|
+
|
|
647
654
|
var returnObject = { success: true, token: 'JWT ' + token, user: userJson };
|
|
648
655
|
|
|
649
656
|
var adminEmail = process.env.ADMIN_EMAIL || "admin@tiledesk.com";
|
|
@@ -699,7 +706,7 @@ router.get("/google", function(req,res,next){
|
|
|
699
706
|
// req._toParam = 'Hello';
|
|
700
707
|
passport.authenticate(
|
|
701
708
|
// 'google', { scope : ["email", "profile"], state: base64url(JSON.stringify({blah: 'text'})) } //custom redirect_url req.query.state
|
|
702
|
-
'google', { scope : ["email", "profile"] } //custom redirect_url
|
|
709
|
+
'google', { scope : ["email", "profile"], prompt: 'select_account' } //custom redirect_url
|
|
703
710
|
// 'google', { scope : ["email", "profile"], callbackURL: req.query.redirect_url } //custom redirect_url
|
|
704
711
|
)(req,res,next);
|
|
705
712
|
});
|
|
@@ -719,15 +726,15 @@ router.get("/google/callback", passport.authenticate("google", { session: false
|
|
|
719
726
|
// winston.info("req.query.redirect_url: "+ req.query.redirect_url);
|
|
720
727
|
// winston.info("req.query.state: "+ req.query.state);
|
|
721
728
|
winston.debug("req.session.redirect_url: "+ req.session.redirect_url);
|
|
722
|
-
|
|
729
|
+
|
|
723
730
|
|
|
724
731
|
var userJson = user.toObject();
|
|
725
|
-
|
|
732
|
+
|
|
726
733
|
delete userJson.password;
|
|
727
734
|
|
|
728
735
|
|
|
729
|
-
var signOptions = {
|
|
730
|
-
issuer: 'https://tiledesk.com',
|
|
736
|
+
var signOptions = {
|
|
737
|
+
issuer: 'https://tiledesk.com',
|
|
731
738
|
subject: 'user',
|
|
732
739
|
audience: 'https://tiledesk.com',
|
|
733
740
|
jwtid: uuidv4()
|
|
@@ -740,7 +747,7 @@ router.get("/google/callback", passport.authenticate("google", { session: false
|
|
|
740
747
|
}
|
|
741
748
|
|
|
742
749
|
|
|
743
|
-
var token = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
750
|
+
var token = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
744
751
|
|
|
745
752
|
|
|
746
753
|
// return the information including token as JSON
|
|
@@ -758,7 +765,7 @@ router.get("/google/callback", passport.authenticate("google", { session: false
|
|
|
758
765
|
var url = dashboard_base_url+homeurl+"?token=JWT "+token;
|
|
759
766
|
|
|
760
767
|
if (req.session.forced_redirect_url) {
|
|
761
|
-
url = req.session.forced_redirect_url+"?jwt=JWT "+token; //attention we use jwt= (ionic) instead token=(dashboard) for ionic
|
|
768
|
+
url = req.session.forced_redirect_url+"?jwt=JWT "+token; //attention we use jwt= (ionic) instead token=(dashboard) for ionic
|
|
762
769
|
}
|
|
763
770
|
|
|
764
771
|
winston.debug("Google Redirect: "+ url);
|
|
@@ -766,7 +773,7 @@ router.get("/google/callback", passport.authenticate("google", { session: false
|
|
|
766
773
|
res.redirect(url);
|
|
767
774
|
|
|
768
775
|
|
|
769
|
-
|
|
776
|
+
|
|
770
777
|
|
|
771
778
|
}
|
|
772
779
|
);
|
|
@@ -781,7 +788,7 @@ router.get("/oauth2", function (req, res, next) {
|
|
|
781
788
|
req.session.forced_redirect_url = req.query.forced_redirect_url;
|
|
782
789
|
|
|
783
790
|
passport.authenticate(
|
|
784
|
-
'oauth2'
|
|
791
|
+
'oauth2', { prompt: 'select_account' }
|
|
785
792
|
)(req, res, next);
|
|
786
793
|
});
|
|
787
794
|
|
|
@@ -813,7 +820,7 @@ router.get('/oauth2/callback', passport.authenticate('oauth2', { session: false
|
|
|
813
820
|
signOptions.algorithm = alg;
|
|
814
821
|
}
|
|
815
822
|
|
|
816
|
-
var token = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
823
|
+
var token = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
|
|
817
824
|
|
|
818
825
|
// return the information including token as JSON
|
|
819
826
|
// res.json(returnObject);
|
|
@@ -822,10 +829,10 @@ router.get('/oauth2/callback', passport.authenticate('oauth2', { session: false
|
|
|
822
829
|
winston.debug("(/oauth2/callback) Google Redirect dashboard_base_url: ", dashboard_base_url);
|
|
823
830
|
|
|
824
831
|
let homeurl = "/#/";
|
|
825
|
-
|
|
832
|
+
|
|
826
833
|
const separator = homeurl.includes('?') ? '&' : '?';
|
|
827
834
|
var url = dashboard_base_url+homeurl+ separator + "token=JWT "+token;
|
|
828
|
-
|
|
835
|
+
|
|
829
836
|
if (req.session.redirect_url) {
|
|
830
837
|
const separator = req.session.redirect_url.includes('?') ? '&' : '?';
|
|
831
838
|
url = req.session.redirect_url+ separator + "token=JWT "+token;
|
|
@@ -833,7 +840,7 @@ router.get('/oauth2/callback', passport.authenticate('oauth2', { session: false
|
|
|
833
840
|
|
|
834
841
|
if (req.session.forced_redirect_url) {
|
|
835
842
|
const separator = req.session.forced_redirect_url.includes('?') ? '&' : '?';
|
|
836
|
-
url = req.session.forced_redirect_url+ separator + "jwt=JWT "+token; //attention we use jwt= (ionic) instead token=(dashboard) for ionic
|
|
843
|
+
url = req.session.forced_redirect_url+ separator + "jwt=JWT "+token; //attention we use jwt= (ionic) instead token=(dashboard) for ionic
|
|
837
844
|
}
|
|
838
845
|
|
|
839
846
|
winston.debug("(/oauth2/callback) Google Redirect: " + url);
|
|
@@ -940,7 +947,7 @@ router.put('/requestresetpsw', function (req, res) {
|
|
|
940
947
|
|
|
941
948
|
// auttype
|
|
942
949
|
User.findOne({ email: email, status: 100
|
|
943
|
-
// , authType: 'email_password'
|
|
950
|
+
// , authType: 'email_password'
|
|
944
951
|
}, function (err, user) {
|
|
945
952
|
if (err) {
|
|
946
953
|
winston.error('REQUEST RESET PSW - ERROR ', err);
|
|
@@ -982,14 +989,14 @@ router.put('/requestresetpsw', function (req, res) {
|
|
|
982
989
|
|
|
983
990
|
// TODO emit user.update?
|
|
984
991
|
authEvent.emit('user.requestresetpassword', {updatedUser:updatedUser, req:req});
|
|
985
|
-
|
|
992
|
+
|
|
986
993
|
let userWithoutResetPassword = updatedUser.toJSON();
|
|
987
994
|
delete userWithoutResetPassword.resetpswrequestid;
|
|
988
995
|
delete userWithoutResetPassword._id;
|
|
989
996
|
delete userWithoutResetPassword.createdAt;
|
|
990
997
|
delete userWithoutResetPassword.updatedAt;
|
|
991
998
|
delete userWithoutResetPassword.__v;
|
|
992
|
-
|
|
999
|
+
|
|
993
1000
|
// return res.json({ success: true, user: userWithoutResetPassword });
|
|
994
1001
|
return res.json({ success: true, message: "An email has been sent to reset your password" });
|
|
995
1002
|
// }
|
|
@@ -1043,7 +1050,7 @@ router.put('/resetpsw/:resetpswrequestid', function (req, res) {
|
|
|
1043
1050
|
|
|
1044
1051
|
// TODO emit user.update?
|
|
1045
1052
|
authEvent.emit('user.resetpassword', {saveUser:saveUser, req:req});
|
|
1046
|
-
|
|
1053
|
+
|
|
1047
1054
|
|
|
1048
1055
|
res.status(200).json({ message: 'Password change successful', user: saveUser });
|
|
1049
1056
|
|