Add beforeLogin trigger with support for auth providers (#5445)

* Add beforeLogin trigger with support for auth providers * adjust comment that boxed off beforeLogin to a negative use-case only * add internal error to help future maintainers regarding use of beforeLogin * let beforeLogin accept className or constructor like other hook types * add assertions for beforeLogin trigger className validation
2019-04-23 16:24:20 +01:00
parent 3e003ee9f4
commit a1e1cef6d2
6 changed files with 340 additions and 60 deletions
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -7,6 +7,7 @@ import ClassesRouter from './ClassesRouter';
 import rest from '../rest';
 import Auth from '../Auth';
 import passwordCrypto from '../password';
+import { maybeRunTrigger, Types as TriggerTypes } from '../triggers';

 export class UsersRouter extends ClassesRouter {
  className() {
@@ -202,68 +203,68 @@ export class UsersRouter extends ClassesRouter {
      });
  }

-  handleLogIn(req) {
-    let user;
-    return this._authenticateUserFromRequest(req)
-      .then(res => {
-        user = res;
+  async handleLogIn(req) {
+    const user = await this._authenticateUserFromRequest(req);

-        // handle password expiry policy
-        if (
-          req.config.passwordPolicy &&
-          req.config.passwordPolicy.maxPasswordAge
-        ) {
-          let changedAt = user._password_changed_at;
+    // handle password expiry policy
+    if (req.config.passwordPolicy && req.config.passwordPolicy.maxPasswordAge) {
+      let changedAt = user._password_changed_at;

-          if (!changedAt) {
-            // password was created before expiry policy was enabled.
-            // simply update _User object so that it will start enforcing from now
-            changedAt = new Date();
-            req.config.database.update(
-              '_User',
-              { username: user.username },
-              { _password_changed_at: Parse._encode(changedAt) }
-            );
-          } else {
-            // check whether the password has expired
-            if (changedAt.__type == 'Date') {
-              changedAt = new Date(changedAt.iso);
-            }
-            // Calculate the expiry time.
-            const expiresAt = new Date(
-              changedAt.getTime() +
-                86400000 * req.config.passwordPolicy.maxPasswordAge
-            );
-            if (expiresAt < new Date())
-              // fail of current time is past password expiry time
-              throw new Parse.Error(
-                Parse.Error.OBJECT_NOT_FOUND,
-                'Your password has expired. Please reset your password.'
-              );
-          }
+      if (!changedAt) {
+        // password was created before expiry policy was enabled.
+        // simply update _User object so that it will start enforcing from now
+        changedAt = new Date();
+        req.config.database.update(
+          '_User',
+          { username: user.username },
+          { _password_changed_at: Parse._encode(changedAt) }
+        );
+      } else {
+        // check whether the password has expired
+        if (changedAt.__type == 'Date') {
+          changedAt = new Date(changedAt.iso);
        }
+        // Calculate the expiry time.
+        const expiresAt = new Date(
+          changedAt.getTime() +
+            86400000 * req.config.passwordPolicy.maxPasswordAge
+        );
+        if (expiresAt < new Date())
+          // fail of current time is past password expiry time
+          throw new Parse.Error(
+            Parse.Error.OBJECT_NOT_FOUND,
+            'Your password has expired. Please reset your password.'
+          );
+      }
+    }

-        // Remove hidden properties.
-        UsersRouter.removeHiddenProperties(user);
+    // Remove hidden properties.
+    UsersRouter.removeHiddenProperties(user);

-        const { sessionData, createSession } = Auth.createSession(req.config, {
-          userId: user.objectId,
-          createdWith: {
-            action: 'login',
-            authProvider: 'password',
-          },
-          installationId: req.info.installationId,
-        });
+    // Before login trigger; throws if failure
+    await maybeRunTrigger(
+      TriggerTypes.beforeLogin,
+      req.auth,
+      Parse.User.fromJSON(Object.assign({ className: '_User' }, user)),
+      null,
+      req.config
+    );

-        user.sessionToken = sessionData.sessionToken;
+    const { sessionData, createSession } = Auth.createSession(req.config, {
+      userId: user.objectId,
+      createdWith: {
+        action: 'login',
+        authProvider: 'password',
+      },
+      installationId: req.info.installationId,
+    });

-        req.config.filesController.expandFilesInObject(req.config, user);
+    user.sessionToken = sessionData.sessionToken;

-        return createSession();
-      })
-      .then(() => {
-        return { response: user };
-      });
+    req.config.filesController.expandFilesInObject(req.config, user);
+
+    await createSession();
+    return { response: user };
  }

  handleVerifyPassword(req) {