Skip to content
Browse files

preliminary authentication implementation

  • Loading branch information...
1 parent 1306184 commit daa2353ae0bb21dc495f42a6c7e291a41489bc7c @davybrion committed Jan 22, 2012
View
1 jslint.sh
@@ -0,0 +1 @@
+node_modules/node-jslint-all/bin/jslint-all.js --onevar --regexp --bitwise --newcap --evil false --exclude=./lib/public .
View
7 lib/app.js
@@ -34,10 +34,11 @@ app.configure(function(){
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});
-require('./routes/customer')(app);
-require('./rest_api/customer')(app);
+var restrict = require('./auth.js')(app);
+require('./routes/customer')(app, restrict);
+require('./rest_api/customer')(app, restrict);
-app.get('/', function(req, res){
+app.get('/', restrict, function(req, res){
res.render('index');
});
View
51 lib/auth.js
@@ -0,0 +1,51 @@
+var User = require('./entities/User');
+
+var authenticate = function(username, password, callback) {
+ User.findOne({ name: username }, function(err, user) {
+ if (err) return callback(new Error('User not found'));
+ if (user.validatePassword(password)) return callback(null, user);
+ return callback(new Error('Invalid password'));
+ });
+};
+
+var restrict = function(req, res, next) {
+ if (req.session.username) {
+ next();
+ } else {
+ req.session.error = "access denied";
+ res.redirect('/login');
+ }
+};
+
+module.exports = function(app) {
+
+ app.get('/logout', function(req, res) {
+ req.session.destroy(function() {
+ res.redirect('/login');
+ });
+ });
+
+ app.get('/login', function(req, res) {
+ if (req.session && req.session.username) {
+ res.redirect('/');
+ } else {
+ res.render('login');
+ }
+ });
+
+ app.post('/login', function(req, res) {
+ authenticate(req.body.username, req.body.password, function(err, user) {
+ if (user) {
+ req.session.regenerate(function() {
+ req.session.username = user.name;
+ res.redirect('/');
+ });
+ } else {
+ req.session.error = "authentication failed";
+ res.redirect('/login');
+ }
+ });
+ });
+
+ return restrict;
+};
View
6 lib/rest_api/customer.js
@@ -1,8 +1,8 @@
var Customer = require('../entities/Customer');
-module.exports = function(app){
+module.exports = function(app, restrict){
- app.get('/customer/:id', function(req, res, next) {
+ app.get('/customer/:id', restrict, function(req, res, next) {
Customer.findById(req.params.id, function(err, customer) {
if (err) { return next(err); }
@@ -16,7 +16,7 @@ module.exports = function(app){
});
});
- app.post('/customer', function(req, res, next) {
+ app.post('/customer', restrict, function(req, res, next) {
if (req.body.id) {
res.send('customer should not have an id value', 412);
return;
View
6 lib/routes/customer.js
@@ -1,12 +1,12 @@
var Customer = require('../entities/Customer');
-module.exports = function(app){
+module.exports = function(app, restrict){
- app.get('/customer/create', function(req, res) {
+ app.get('/customer/create', restrict, function(req, res) {
res.render('customer/create');
});
- app.get('/customer/list', function(req, res, next) {
+ app.get('/customer/list', restrict, function(req, res, next) {
var customers = Customer.find({}, [ 'name' ], function(err, docs) {
if (err) { return next(err); }
res.render('customer/list', { customers: docs });
View
25 lib/views/login.html
@@ -0,0 +1,25 @@
+<% page.title = 'Login' %>
+<% script('/scripts/jquery.validate.js') %>
+
+<script>
+ $(function() {
+ $('#login_form').validate();
+ });
+</script>
+
+<form action="/login" method="post" id="login_form">
+ <fieldset>
+ <legend>Credentials:</legend>
+ <p>
+ <label for="username">Username</label>
+ <input type="text" name="username" class="required" />
+ </p>
+ <p>
+ <label for="password">Password</label>
+ <input type="password" name="password" class="required" />
+ </p>
+ <p>
+ <input type="submit" value="Login" />
+ </p>
+ </fieldset>
+</form>
View
1 package.json
@@ -7,7 +7,6 @@
{
"async": ">= 0.1.15",
"node-uuid": ">= 1.3.3",
- "everyauth": ">= 0.2.29",
"mongoose" : ">= 2.4.10",
"express" : ">= 2.5.6",
"ejs": "0.4.2",
View
19 spec/rest_api/auth_helper.js
@@ -0,0 +1,19 @@
+var User = require('../../lib/entities/user'),
+ request_helper = require('./request_helper');
+
+
+var user = new User({
+ name: 'test_user',
+ email: 'blah'
+});
+user.setPassword('test');
+
+user.save(function(err, result) {
+ request_helper.post('/login', {
+ username: user.name,
+ password: 'test'
+ }, function(err, result) {
+ if (err) throw err;
+ });
+});
+
View
3 spec/rest_api/customerSpec.js
@@ -4,7 +4,6 @@ var mongooseInit = require('../../lib/mongoose_init').connect('mongodb://localho
CustomerBuilder = require('../builders/customer_builder'),
requesthelper = require('./request_helper'),
entityhelper = require('./../helper_functions'),
- http = require('http'),
response = null;
function handleResponse(err, res) {
@@ -13,6 +12,8 @@ function handleResponse(err, res) {
asyncSpecDone();
}
+require('./auth_helper.js');
+
describe('post /customer', function() {
describe('when the request contains a customer document with all required fields provided', function() {
View
5 spec/rest_api/request_helper.js
@@ -10,11 +10,6 @@ function sendRequest(method, route, body, callback) {
});
}
-function post(route, body) {
- sendRequest('post', route, body);
-}
-
-
module.exports = {
post: function(route, body, callback) {
sendRequest('post', route, body, callback);
View
1 test.sh
@@ -1,2 +1 @@
-node_modules/node-jslint-all/bin/jslint-all.js --onevar --regexp --bitwise --newcap --evil false --exclude=./lib/public . &&
node_modules/jasmine-node/bin/jasmine-node spec

0 comments on commit daa2353

Please sign in to comment.
Something went wrong with that request. Please try again.