@ -20,7 +20,7 @@ class AuthController extends Controller {
async get _traps ( req , res , next ) {
async get _traps ( req , res , next ) {
const trap _config = this . configs . get ( 'traps' )
const trap _config = this . configs . get ( 'traps' )
const data = [ { name : req . T ( 'auth : none') , trap : '' , redirect _to : '/' } ]
const data = [ { name : req . T ( 'auth . none') , trap : '' , redirect _to : '/' } ]
for ( const name in trap _config . types ) {
for ( const name in trap _config . types ) {
if ( ! trap _config . types . hasOwnProperty ( name ) ) continue
if ( ! trap _config . types . hasOwnProperty ( name ) ) continue
data . push ( {
data . push ( {
@ -44,18 +44,18 @@ class AuthController extends Controller {
for ( const field of required _fields ) {
for ( const field of required _fields ) {
if ( ! req . body [ field ] )
if ( ! req . body [ field ] )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : missing_field') } ${ field } ` )
. message ( ` ${ req . T ( 'api . missing_field') } ${ field } ` )
. api ( )
. api ( )
}
}
if ( ! req . body . uid . match ( /^([A-Z]|[a-z]|[0-9]|_|-|\.)+$/ ) )
if ( ! req . body . uid . match ( /^([A-Z]|[a-z]|[0-9]|_|-|\.)+$/ ) )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : improper_field') } uid ${ req . T ( 'api : alphanum_underscores') } ` )
. message ( ` ${ req . T ( 'api . improper_field') } uid ${ req . T ( 'api . alphanum_underscores') } ` )
. api ( )
. api ( )
if ( ! email _validator . validate ( req . body . email ) )
if ( ! email _validator . validate ( req . body . email ) )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : improper_field') } email ` )
. message ( ` ${ req . T ( 'api . improper_field') } email ` )
. api ( )
. api ( )
for ( const field of unique _fields ) {
for ( const field of unique _fields ) {
@ -64,7 +64,7 @@ class AuthController extends Controller {
const match _user = await User . findOne ( params )
const match _user = await User . findOne ( params )
if ( match _user )
if ( match _user )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'auth : user_exists_with_field') } ${ field } ` )
. message ( ` ${ req . T ( 'auth . user_exists_with_field') } ${ field } ` )
. api ( )
. api ( )
}
}
@ -91,12 +91,12 @@ class AuthController extends Controller {
|| req . user . mfa _token . recovery _codes . length < 1
|| req . user . mfa _token . recovery _codes . length < 1
)
)
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : no_mfa_or_recovery') )
. message ( req . T ( 'auth . no_mfa_or_recovery') )
. api ( )
. api ( )
if ( ! req . body . code )
if ( ! req . body . code )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : missing_field') } code ` )
. message ( ` ${ req . T ( 'api . missing_field') } code ` )
. api ( )
. api ( )
const success = await req . user . mfa _token . attempt _recovery ( req . body . code )
const success = await req . user . mfa _token . attempt _recovery ( req . body . code )
@ -176,7 +176,7 @@ class AuthController extends Controller {
if ( ! group || ! group . active )
if ( ! group || ! group . active )
return res . status ( 404 )
return res . status ( 404 )
. message ( req . T ( 'api : group_not_found') )
. message ( req . T ( 'api . group_not_found') )
. api ( )
. api ( )
if ( ! req . user . can ( ` auth:group: ${ group . id } :view ` ) )
if ( ! req . user . can ( ` auth:group: ${ group . id } :view ` ) )
@ -196,12 +196,12 @@ class AuthController extends Controller {
if ( ! user )
if ( ! user )
return res . status ( 404 )
return res . status ( 404 )
. message ( req . T ( 'api : user_not_found') )
. message ( req . T ( 'api . user_not_found') )
. api ( )
. api ( )
if ( ! req . user . can ( ` auth:user: ${ user . id } :view ` ) )
if ( ! req . user . can ( ` auth:user: ${ user . id } :view ` ) )
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'api : insufficient_permissions') )
. message ( req . T ( 'api . insufficient_permissions') )
. api ( )
. api ( )
return res . api ( await user . to _api ( ) )
return res . api ( await user . to _api ( ) )
@ -210,12 +210,12 @@ class AuthController extends Controller {
async create _group ( req , res , next ) {
async create _group ( req , res , next ) {
if ( ! req . user . can ( ` auth:group:create ` ) )
if ( ! req . user . can ( ` auth:group:create ` ) )
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'api : insufficient_permissions') )
. message ( req . T ( 'api . insufficient_permissions') )
. api ( )
. api ( )
if ( ! req . body . name )
if ( ! req . body . name )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : missing_field') } name ` )
. message ( ` ${ req . T ( 'api . missing_field') } name ` )
. api ( )
. api ( )
const Group = this . models . get ( 'auth:Group' )
const Group = this . models . get ( 'auth:Group' )
@ -224,7 +224,7 @@ class AuthController extends Controller {
const existing _group = await Group . findOne ( { name : req . body . name } )
const existing _group = await Group . findOne ( { name : req . body . name } )
if ( existing _group )
if ( existing _group )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'api : group_already_exists') )
. message ( req . T ( 'api . group_already_exists') )
. api ( )
. api ( )
const group = new Group ( { name : req . body . name } )
const group = new Group ( { name : req . body . name } )
@ -238,7 +238,7 @@ class AuthController extends Controller {
const user = await User . findById ( user _id )
const user = await User . findById ( user _id )
if ( ! user )
if ( ! user )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'common : invalid') } user_id. ` )
. message ( ` ${ req . T ( 'common . invalid') } user_id. ` )
. api ( )
. api ( )
}
}
@ -252,14 +252,14 @@ class AuthController extends Controller {
async create _user ( req , res , next ) {
async create _user ( req , res , next ) {
if ( ! req . user . can ( 'auth:user:create' ) )
if ( ! req . user . can ( 'auth:user:create' ) )
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'api : insufficient_permissions') )
. message ( req . T ( 'api . insufficient_permissions') )
. api ( )
. api ( )
const required _fields = [ 'uid' , 'first_name' , 'last_name' , 'email' , 'password' ]
const required _fields = [ 'uid' , 'first_name' , 'last_name' , 'email' , 'password' ]
for ( const field of required _fields ) {
for ( const field of required _fields ) {
if ( ! req . body [ field ] )
if ( ! req . body [ field ] )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : missing_field') } ${ field } ` )
. message ( ` ${ req . T ( 'api . missing_field') } ${ field } ` )
. api ( )
. api ( )
}
}
@ -272,7 +272,7 @@ class AuthController extends Controller {
const existing _user = await User . findOne ( filter )
const existing _user = await User . findOne ( filter )
if ( existing _user )
if ( existing _user )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'auth : user_exists_with_field') } ${ field } ` )
. message ( ` ${ req . T ( 'auth . user_exists_with_field') } ${ field } ` )
. api ( )
. api ( )
}
}
@ -281,7 +281,7 @@ class AuthController extends Controller {
const result = zxcvbn ( req . body . password )
const result = zxcvbn ( req . body . password )
if ( result . score < min _score )
if ( result . score < min _score )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : password_complexity_fail') . replace ( 'MIN_SCORE' , min _score ) )
. message ( req . T ( 'auth . password_complexity_fail') . replace ( 'MIN_SCORE' , min _score ) )
. api ( )
. api ( )
const user = new User ( {
const user = new User ( {
@ -297,7 +297,7 @@ class AuthController extends Controller {
if ( req . body . trap ) {
if ( req . body . trap ) {
if ( ! req . trap . trap _exists ( req . body . trap ) )
if ( ! req . trap . trap _exists ( req . body . trap ) )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : invalid_trap') )
. message ( req . T ( 'auth . invalid_trap') )
. api ( )
. api ( )
user . trap = req . body . trap
user . trap = req . body . trap
@ -315,24 +315,24 @@ class AuthController extends Controller {
const group = await Group . findById ( req . params . id )
const group = await Group . findById ( req . params . id )
if ( ! group )
if ( ! group )
return res . status ( 404 )
return res . status ( 404 )
. message ( req . T ( 'api : group_not_found') )
. message ( req . T ( 'api . group_not_found') )
. api ( )
. api ( )
if ( ! req . user . can ( ` auth:group: ${ group . id } :update ` ) )
if ( ! req . user . can ( ` auth:group: ${ group . id } :update ` ) )
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'api : insufficient_permissions') )
. message ( req . T ( 'api . insufficient_permissions') )
. api ( )
. api ( )
if ( ! req . body . name )
if ( ! req . body . name )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : missing_field') } name ` )
. message ( ` ${ req . T ( 'api . missing_field') } name ` )
. api ( )
. api ( )
// Make sure the group name is unique
// Make sure the group name is unique
const existing _group = await Group . findOne ( { name : req . body . name } )
const existing _group = await Group . findOne ( { name : req . body . name } )
if ( existing _group && existing _group . id !== group . id )
if ( existing _group && existing _group . id !== group . id )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'api : group_already_exists') )
. message ( req . T ( 'api . group_already_exists') )
. api ( )
. api ( )
// Validate user_ids
// Validate user_ids
@ -343,7 +343,7 @@ class AuthController extends Controller {
const user = await User . findById ( user _id )
const user = await User . findById ( user _id )
if ( ! user )
if ( ! user )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'common : invalid') } user_id. ` )
. message ( ` ${ req . T ( 'common . invalid') } user_id. ` )
. api ( )
. api ( )
}
}
@ -363,19 +363,19 @@ class AuthController extends Controller {
if ( ! user )
if ( ! user )
return res . status ( 404 )
return res . status ( 404 )
. message ( req . T ( 'api : user_not_found') )
. message ( req . T ( 'api . user_not_found') )
. api ( )
. api ( )
if ( ! req . user . can ( ` auth:user: ${ user . id } :update ` ) )
if ( ! req . user . can ( ` auth:user: ${ user . id } :update ` ) )
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'api : insufficient_permissions') )
. message ( req . T ( 'api . insufficient_permissions') )
. api ( )
. api ( )
const required _fields = [ 'uid' , 'first_name' , 'last_name' , 'email' ]
const required _fields = [ 'uid' , 'first_name' , 'last_name' , 'email' ]
for ( const field of required _fields ) {
for ( const field of required _fields ) {
if ( ! req . body [ field ] )
if ( ! req . body [ field ] )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : missing_field') } ${ field } ` )
. message ( ` ${ req . T ( 'api . missing_field') } ${ field } ` )
. api ( )
. api ( )
}
}
@ -387,7 +387,7 @@ class AuthController extends Controller {
const existing _user = await User . findOne ( filter )
const existing _user = await User . findOne ( filter )
if ( existing _user && existing _user . id !== user . id )
if ( existing _user && existing _user . id !== user . id )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'auth : user_exists_with_field') } ${ field } ` )
. message ( ` ${ req . T ( 'auth . user_exists_with_field') } ${ field } ` )
. api ( )
. api ( )
}
}
@ -397,7 +397,7 @@ class AuthController extends Controller {
const result = zxcvbn ( req . body . password )
const result = zxcvbn ( req . body . password )
if ( result . score < min _score )
if ( result . score < min _score )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : password_complexity_fail') . replace ( 'MIN_SCORE' , min _score ) )
. message ( req . T ( 'auth . password_complexity_fail') . replace ( 'MIN_SCORE' , min _score ) )
. api ( )
. api ( )
await user . reset _password ( req . body . password , 'api' )
await user . reset _password ( req . body . password , 'api' )
@ -416,7 +416,7 @@ class AuthController extends Controller {
if ( req . body . trap ) {
if ( req . body . trap ) {
if ( ! req . trap . trap _exists ( req . body . trap ) )
if ( ! req . trap . trap _exists ( req . body . trap ) )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : invalid_trap') )
. message ( req . T ( 'auth . invalid_trap') )
. api ( )
. api ( )
user . trap = req . body . trap
user . trap = req . body . trap
@ -433,12 +433,12 @@ class AuthController extends Controller {
if ( ! group )
if ( ! group )
return res . status ( 404 )
return res . status ( 404 )
. message ( req . T ( 'api : group_not_found') )
. message ( req . T ( 'api . group_not_found') )
. api ( )
. api ( )
if ( ! req . user . can ( ` auth:group: ${ group . id } :delete ` ) )
if ( ! req . user . can ( ` auth:group: ${ group . id } :delete ` ) )
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'api : insufficient_permissions') )
. message ( req . T ( 'api . insufficient_permissions') )
. api ( )
. api ( )
group . active = false
group . active = false
@ -452,12 +452,12 @@ class AuthController extends Controller {
if ( ! user )
if ( ! user )
return res . status ( 404 )
return res . status ( 404 )
. message ( req . T ( 'api : user_not_found') )
. message ( req . T ( 'api . user_not_found') )
. api ( )
. api ( )
if ( ! req . user . can ( ` auth:user: ${ user . id } :delete ` ) )
if ( ! req . user . can ( ` auth:user: ${ user . id } :delete ` ) )
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'api : insufficient_permissions') )
. message ( req . T ( 'api . insufficient_permissions') )
. api ( )
. api ( )
// check if the user is an LDAP client. if so, delete the client
// check if the user is an LDAP client. if so, delete the client
@ -493,7 +493,7 @@ class AuthController extends Controller {
if ( ! req . body . username && ! req . body . email )
if ( ! req . body . username && ! req . body . email )
return res . status ( 400 )
return res . status ( 400 )
. message ( ` ${ req . T ( 'api : provide_one') } username, email ` )
. message ( ` ${ req . T ( 'api . provide_one') } username, email ` )
. api ( )
. api ( )
const data = { }
const data = { }
@ -529,7 +529,7 @@ class AuthController extends Controller {
const errors = await flitter . validate _login ( req . body )
const errors = await flitter . validate _login ( req . body )
if ( errors && errors . length > 0 )
if ( errors && errors . length > 0 )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : unable_to_complete') )
. message ( req . T ( 'auth . unable_to_complete') )
. api ( { errors } )
. api ( { errors } )
const login _args = await flitter . get _login _args ( req . body )
const login _args = await flitter . get _login _args ( req . body )
@ -537,9 +537,9 @@ class AuthController extends Controller {
if ( ! user )
if ( ! user )
return res . status ( 200 )
return res . status ( 200 )
. message ( req . T ( 'auth : invalid_un_or_pw') )
. message ( req . T ( 'auth . invalid_un_or_pw') )
. api ( {
. api ( {
message : req . T ( 'auth : invalid_un_or_pw') ,
message : req . T ( 'auth . invalid_un_or_pw') ,
success : false ,
success : false ,
} )
} )
@ -549,9 +549,9 @@ class AuthController extends Controller {
const client = await Client . findOne ( { user _id : user . id } )
const client = await Client . findOne ( { user _id : user . id } )
if ( client )
if ( client )
return res . status ( 200 )
return res . status ( 200 )
. message ( req . T ( 'auth : invalid_un_or_pw') )
. message ( req . T ( 'auth . invalid_un_or_pw') )
. api ( {
. api ( {
message : req . T ( 'auth : invalid_un_or_pw') ,
message : req . T ( 'auth . invalid_un_or_pw') ,
success : false ,
success : false ,
} )
} )
@ -585,7 +585,7 @@ class AuthController extends Controller {
}
}
} else {
} else {
return res . status ( 401 )
return res . status ( 401 )
. message ( req . T ( 'auth : unable_to_grant_trust') )
. message ( req . T ( 'auth . unable_to_grant_trust') )
. api ( )
. api ( )
}
}
}
}
@ -600,7 +600,7 @@ class AuthController extends Controller {
async get _mfa _recovery ( req , res , next ) {
async get _mfa _recovery ( req , res , next ) {
if ( ! req . user . mfa _enabled )
if ( ! req . user . mfa _enabled )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : no_mfa') )
. message ( req . T ( 'auth . no_mfa') )
. api ( )
. api ( )
const token = req . user . mfa _token
const token = req . user . mfa _token
@ -617,7 +617,7 @@ class AuthController extends Controller {
async generate _mfa _recovery ( req , res , next ) {
async generate _mfa _recovery ( req , res , next ) {
if ( ! req . user . mfa _enabled )
if ( ! req . user . mfa _enabled )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : no_mfa') )
. message ( req . T ( 'auth . no_mfa') )
. api ( )
. api ( )
const token = req . user . mfa _token
const token = req . user . mfa _token
@ -631,7 +631,7 @@ class AuthController extends Controller {
async generate _mfa _key ( req , res , next ) {
async generate _mfa _key ( req , res , next ) {
if ( req . user . mfa _enabled )
if ( req . user . mfa _enabled )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : already_has_mfa') )
. message ( req . T ( 'auth . already_has_mfa') )
. api ( )
. api ( )
const MFAToken = this . models . get ( 'auth:MFAToken' )
const MFAToken = this . models . get ( 'auth:MFAToken' )
@ -654,7 +654,7 @@ class AuthController extends Controller {
async attempt _mfa ( req , res , next ) {
async attempt _mfa ( req , res , next ) {
if ( ! req . user . mfa _token )
if ( ! req . user . mfa _token )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : no_mfa') )
. message ( req . T ( 'auth . no_mfa') )
. api ( )
. api ( )
const code = req . body . verify _code
const code = req . body . verify _code
@ -682,7 +682,7 @@ class AuthController extends Controller {
async enable _mfa ( req , res , next ) {
async enable _mfa ( req , res , next ) {
if ( ! req . user . mfa _token )
if ( ! req . user . mfa _token )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : no_mfa') )
. message ( req . T ( 'auth . no_mfa') )
. api ( )
. api ( )
req . user . mfa _enabled = true
req . user . mfa _enabled = true
@ -700,7 +700,7 @@ class AuthController extends Controller {
async disable _mfa ( req , res , next ) {
async disable _mfa ( req , res , next ) {
if ( ! req . user . mfa _enabled )
if ( ! req . user . mfa _enabled )
return res . status ( 400 )
return res . status ( 400 )
. message ( req . T ( 'auth : no_mfa') )
. message ( req . T ( 'auth . no_mfa') )
. api ( )
. api ( )
req . user . mfa _enabled = false
req . user . mfa _enabled = false