Skip to content

Commit

Permalink
#294 Regenerate session on login failure too
Browse files Browse the repository at this point in the history
  • Loading branch information
@tariqksoliman
tariqksoliman committed Dec 13, 2022
1 parent 5058612 commit 3edcc10
Show file tree
Hide file tree
Showing 2 changed files with 78 additions and 65 deletions.
136 changes: 71 additions & 65 deletions API/Backend/Users/routes/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,32 +153,34 @@ router.post("/signup", function (req, res, next) {
* User login
*/
router.post("/login", function (req, res) {
let MMGISUser = req.cookies.MMGISUser
? JSON.parse(req.cookies.MMGISUser)
: false;
let username = req.body.username || (MMGISUser ? MMGISUser.username : null);
clearLoginSession(req);

if (username == null) {
res.send({ status: "failure", message: "No username provided." });
return;
}
req.session.regenerate((err) => {
let MMGISUser = req.cookies.MMGISUser
? JSON.parse(req.cookies.MMGISUser)
: false;
let username = req.body.username || (MMGISUser ? MMGISUser.username : null);

User.findOne({
where: {
username: username,
},
attributes: ["id", "username", "email", "password", "permission"],
})
.then((user) => {
if (!user) {
res.send({
status: "failure",
message: "Invalid username or password.",
});
} else {
function pass(err, result, again) {
if (result) {
req.session.regenerate((err) => {
if (username == null) {
res.send({ status: "failure", message: "No username provided." });
return;
}

User.findOne({
where: {
username: username,
},
attributes: ["id", "username", "email", "password", "permission"],
})
.then((user) => {
if (!user) {
res.send({
status: "failure",
message: "Invalid username or password.",
});
} else {
function pass(err, result, again) {
if (result) {
// Save the user's info in the session
req.session.user = user.username;
req.session.uid = user.id;
Expand Down Expand Up @@ -219,50 +221,50 @@ router.post("/login", function (req, res) {
res.send({ status: "failure", message: "Login failed." });
return null;
});
});
return null;
} else {
res.send({
status: "failure",
message: "Invalid username or password.",
});
return null;
return null;
} else {
res.send({
status: "failure",
message: "Invalid username or password.",
});
return null;
}
}
}

if (req.body.useToken && MMGISUser) {
if (MMGISUser.token == null) {
res.send({ status: "failure", message: "Bad token." });
return null;
}
User.findOne({
where: {
username: MMGISUser.username,
token: MMGISUser.token,
},
})
.then((user) => {
if (!user) {
res.send({ status: "failure", message: "Bad token." });
} else {
pass(null, true, true);
}
if (req.body.useToken && MMGISUser) {
if (MMGISUser.token == null) {
res.send({ status: "failure", message: "Bad token." });
return null;
}
User.findOne({
where: {
username: MMGISUser.username,
token: MMGISUser.token,
},
})
.catch((err) => {
res.send({ status: "failure", message: "Bad token." });
});
.then((user) => {
if (!user) {
res.send({ status: "failure", message: "Bad token." });
} else {
pass(null, true, true);
}
return null;
})
.catch((err) => {
res.send({ status: "failure", message: "Bad token." });
});
return null;
} else {
bcrypt.compare(req.body.password, user.password, pass);
}
return null;
} else {
bcrypt.compare(req.body.password, user.password, pass);
}
return null;
}
return null;
})
.catch((err) => {
res.send({ status: "failure", message: "Bad token." });
});
})
.catch((err) => {
res.send({ status: "failure", message: "Bad token." });
});
});
return null;
});

Expand All @@ -271,10 +273,7 @@ router.post("/logout", function (req, res) {
? JSON.parse(req.cookies.MMGISUser)
: false;

req.session.user = "guest";
req.session.uid = null;
req.session.token = null;
req.session.permission = null;
clearLoginSession(req);

if (MMGISUser == false) {
res.send({ status: "failure", message: "No user." });
Expand Down Expand Up @@ -315,4 +314,11 @@ function getUserGroups(user, leadGroupName) {
return Object.keys(groups);
}

function clearLoginSession(req) {
req.session.user = "guest";
req.session.uid = null;
req.session.token = null;
req.session.permission = null;
}

module.exports = router;
7 changes: 7 additions & 0 deletions run/init-db.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ async function initializeDatabase() {
"connection"
);
keepGoing();
return null;
})
.catch((err) => {
logger(
Expand All @@ -47,6 +48,7 @@ async function initializeDatabase() {
"connection"
);
keepGoing();
return null;
});

async function keepGoing() {
Expand Down Expand Up @@ -75,13 +77,15 @@ async function initializeDatabase() {
.query(`CREATE EXTENSION postgis;`)
.then(() => {
logger("info", `Created POSTGIS extension.`, "connection");
return null;
})
.catch((err) => {
logger(
"info",
`POSTGIS extension already exists. Nothing to do...`,
"connection"
);
return null;
});
await sequelize
.query(
Expand All @@ -99,13 +103,15 @@ async function initializeDatabase() {
)
.then(() => {
logger("info", `Created "session" table.`, "connection");
return null;
})
.catch((err) => {
logger(
"info",
`"session" table already exists. Nothing to do...`,
"connection"
);
return null;
});
resolve();
})
Expand All @@ -118,6 +124,7 @@ async function initializeDatabase() {
err
);
reject();
return null;
});
}
});
Expand Down

0 comments on commit 3edcc10

Please sign in to comment.