juice-shop
39 строк · 1.6 Кб
1import {BasketModel} from "../../../models/basket";
2
3module.exports = function login () {
4function afterLogin (user: { data: User, bid: number }, res: Response, next: NextFunction) {
5BasketModel.findOrCreate({ where: { UserId: user.data.id } })
6.then(([basket]: [BasketModel, boolean]) => {
7const token = security.authorize(user)
8user.bid = basket.id // keep track of original basket
9security.authenticatedUsers.put(token, user)
10res.json({ authentication: { token, bid: basket.id, umail: user.data.email } })
11}).catch((error: Error) => {
12next(error)
13})
14}
15
16return (req: Request, res: Response, next: NextFunction) => {
17models.sequelize.query(`SELECT * FROM Users WHERE email = $1 AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`,
18{ bind: [ req.body.email ], model: models.User, plain: true })
19.then((authenticatedUser) => {
20const user = utils.queryResultToJson(authenticatedUser)
21if (user.data?.id && user.data.totpSecret !== '') {
22res.status(401).json({
23status: 'totp_token_required',
24data: {
25tmpToken: security.authorize({
26userId: user.data.id,
27type: 'password_valid_needs_second_factor_token'
28})
29}
30})
31} else if (user.data?.id) {
32afterLogin(user, res, next)
33} else {
34res.status(401).send(res.__('Invalid email or password.'))
35}
36}).catch((error: Error) => {
37next(error)
38})
39}