async function checkUser(req, username, password) {
const email = username.toLowerCase();
let [user, isLocked] = await Promise.all([
PassportProvider.findUserForLogin('email', email),
PassportProvider.isLockedOut('email', email)
]);
if (isLocked) {
// do absolutely nothing if locked
return false;
}
// TODO: add audit log
const checkPassword = user ? user.password : '******';
const isValid = await bcrypt.compare(password, checkPassword);
if (isValid) {
await PassportProvider.clearUserLockout('email', email);
return user;
} else {
const maxFailTries = parseInt(settings.maxFailTries, 10);
const maxLockTime = parseInt(settings.maxLockTime, 10);
await PassportProvider.incrementLockOut('email', email, maxFailTries, function(failedCount) {
return Math.min(
maxLockTime,
Math.pow(failedCount - maxFailTries, 2) * 5
);
});
return false;
}
}
async function checkUser(req, username, token) {
const email = username.toLowerCase();
let [user, isLocked] = await Promise.all([
PassportProvider.findUserForToken('email', email),
PassportProvider.isLockedOut('email', email)
]);
if (isLocked) {
// do absolutely nothing if locked
return false;
}
const checkToken = user ? user.logintoken : 'THISISNOTVALIDPASSWORD';
const isValid = await bcrypt.compare(token, checkToken);
// we don't mess with the lock out with tokens, but we could
if (!isValid) {
return false;
}
await PassportProvider.alterUser(user, {
logintoken: null,
tokenexpire: null
});
return user;
}
var promise = new Promise(function (resolve, reject) {
var hash = result.rows[0].password_hash;
bcrypt.compare(password, hash, function(err, res) {
if (res) resolve(result.rows[0].id);
else reject('Invalid password');
});
});
.then(function (user) {
const title_ = 'Reset password';
if (req.body['passwdnew'] != req.body['passwdnewr']) {
return res.render('user_resetpasswd', {
layout: 'subpage', user, title_,
'redirecturl': req.body['redirecturl'],
'failed_message': 'New password doesnot match'
});
}
if (!user) {
return next({ 'status': 404, 'message': 'user not found' }); }
compare(req.body['passwdorg'], user['passwd'], (err, result) =>
(err || (!result)) ? res.render('user_resetpasswd', {
layout: 'subpage', user, title_,
'redirecturl': req.body['redirecturl'],
'failed_message': 'Original password doesnot match'
}) :
genSalt(10, function (err, salt) {
if (err) { return next(err); }
hash(req.body['passwdnew'], salt, (err, hashed) => (err) ? next(err) :
db().none("UPDATE stakeholder SET passwd = $2 WHERE id = $1",
[ req.params['id'], hashed ])
.then(() => res.render('user_resetpasswd', {
layout: 'subpage', user, title_,
'redirecturl': req.body['redirecturl'],
'succeeded_message': 'Password modified.'
}), (reason) => next(emit500()))
);
})
);
}, () => next(emit404('user not found')))
}, function (err, user) {
console.log("user",user);
if (err) throw err;
if (!user) {
res.json({ success: false, message: 'Authentication failed. User not found.' });
} else if (user) {
// check if password matches
bcrypt.compare(req.body.password, user.password, function(err, match) {
if (err) throw err;
if (!match) {
res.json({ success: false, message: 'Authentication failed. Wrong password.' });
} else {
// if user is found and password is right
// create a token
var token = jwt.sign(user, config.JWTSECRET, {
expiresIn: config.JWTEXPIRE // expires in 24 hours (minutes)
});
// return the information including token as JSON
res.json({
success: true,
token: token
});
}
});
}
});
managers.dbManager.userLogin(userId,function(err, results) {
var loginResult = {};
if (err) {
console.log(err);
res.status(500).send("Error");
}
else {
if(results.length === 0) {
loginResult['authenticated'] = false;
res.status(500).send();
}
else {
loginResult = results[0];
bcrypt.compare(password, loginResult['Password'], function(err, result) {
if(result) {
loginResult['authenticated'] = true;
delete loginResult['Password'];
delete loginResult['ServerKey'];
res.status(200).send(loginResult);
}
else
res.status(500).send();
});
}
}
})
return new Promise<boolean>((resolve, reject) => {
bcrypt.compare(plainText, hashedText, (err, res) => {
if (err) return reject(err);
return resolve(res);
});
});
userSchema.method('comparePassword', function(password, done) {
bcrypt.compare(password, this.password, (err, isMatch) => {
/* istanbul ignore next */
if (err) return done(err);
done(null, isMatch);
});
});
return new Promise<boolean>(( resolve, reject ) => {
bcrypt.compare( key, this._hashedApiKey, function( err, same: boolean ) {
if ( err )
return reject( err );
else
return resolve( same );
} );
} );
UserSchema.methods.comparePassword = function (passw, cb) {
bcrypt.compare(passw, this.password, function (err, isMatch) {
if (err) {
return cb(err);
}
cb(null, isMatch);
});
};
