(appId, username, password, accessList, isMasterKey, encryption_key)
| 21 | const userService = { |
| 22 | |
| 23 | login(appId, username, password, accessList, isMasterKey, encryption_key) { |
| 24 | const deferred = q.defer(); |
| 25 | |
| 26 | try { |
| 27 | customService.findOne(appId, Collections.User, { |
| 28 | username, |
| 29 | }, null, null, null, accessList, isMasterKey).then((user) => { |
| 30 | if (!user) { |
| 31 | deferred.reject('Invalid Username'); |
| 32 | return; |
| 33 | } |
| 34 | |
| 35 | let encryptedPassword; |
| 36 | let isAuthenticatedUser = false; |
| 37 | if (encryption_key && encryption_key.iv && encryption_key.key) { |
| 38 | encryptedPassword = encryptText(cipher_alg, encryption_key.key, encryption_key.iv, password); |
| 39 | } else { |
| 40 | encryptedPassword = crypto.pbkdf2Sync(password, config.secureKey, 10000, 64, 'sha1').toString('base64'); |
| 41 | } |
| 42 | if (encryptedPassword === user.password) { |
| 43 | isAuthenticatedUser = true; |
| 44 | } |
| 45 | |
| 46 | appService.getAllSettings(appId).then((appSettings) => { |
| 47 | const auth = _.first(_.where(appSettings, { |
| 48 | category: 'auth', |
| 49 | })); |
| 50 | let signupEmailSettingsFound = false; |
| 51 | let allowOnlyVerifiedLogins = false; |
| 52 | |
| 53 | if (auth && auth.settings && auth.settings.signupEmail) { |
| 54 | signupEmailSettingsFound = true; |
| 55 | if (auth.settings.signupEmail.allowOnlyVerifiedLogins) { |
| 56 | allowOnlyVerifiedLogins = true; |
| 57 | } |
| 58 | } |
| 59 | |
| 60 | if (isAuthenticatedUser) { |
| 61 | if (signupEmailSettingsFound && allowOnlyVerifiedLogins) { |
| 62 | if (user.verified) { |
| 63 | deferred.resolve(user); |
| 64 | } else { |
| 65 | deferred.reject('User is not verified'); |
| 66 | } |
| 67 | } else { |
| 68 | deferred.resolve(user); |
| 69 | } |
| 70 | } else { |
| 71 | deferred.reject('User is not authenticated'); |
| 72 | } |
| 73 | }, (error) => { |
| 74 | deferred.reject(error); |
| 75 | }); |
| 76 | }, (error) => { |
| 77 | deferred.reject(error); |
| 78 | }); |
| 79 | } catch (err) { |
| 80 | winston.log('error', { |
nothing calls this directly
no test coverage detected