You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

109 lines
2.6 KiB

  1. 'use strict'
  2. /* global db, lang */
  3. const Mongoose = require('mongoose')
  4. const Promise = require('bluebird')
  5. const bcrypt = require('bcryptjs-then')
  6. const _ = require('lodash')
  7. /**
  8. * Users schema
  9. *
  10. * @type {<Mongoose.Schema>}
  11. */
  12. var userSchema = Mongoose.Schema({
  13. email: {
  14. type: String,
  15. required: true,
  16. index: true
  17. },
  18. provider: {
  19. type: String,
  20. required: true
  21. },
  22. providerId: {
  23. type: String
  24. },
  25. password: {
  26. type: String
  27. },
  28. name: {
  29. type: String
  30. },
  31. rights: [{
  32. role: String,
  33. path: String,
  34. exact: Boolean,
  35. deny: Boolean
  36. }]
  37. }, { timestamps: {} })
  38. userSchema.statics.processProfile = (profile) => {
  39. let primaryEmail = ''
  40. if (_.isArray(profile.emails)) {
  41. let e = _.find(profile.emails, ['primary', true])
  42. primaryEmail = (e) ? e.value : _.first(profile.emails).value
  43. } else if (_.isString(profile.email) && profile.email.length > 5) {
  44. primaryEmail = profile.email
  45. } else if (_.isString(profile.mail) && profile.mail.length > 5) {
  46. primaryEmail = profile.mail
  47. } else if (profile.user && profile.user.email && profile.user.email.length > 5) {
  48. primaryEmail = profile.user.email
  49. } else {
  50. return Promise.reject(new Error(lang.t('auth:errors.invaliduseremail')))
  51. }
  52. profile.provider = _.lowerCase(profile.provider)
  53. primaryEmail = _.toLower(primaryEmail)
  54. return db.User.findOneAndUpdate({
  55. email: primaryEmail,
  56. provider: profile.provider
  57. }, {
  58. email: primaryEmail,
  59. provider: profile.provider,
  60. providerId: profile.id,
  61. name: profile.displayName || _.split(primaryEmail, '@')[0]
  62. }, {
  63. new: true
  64. }).then((user) => {
  65. // Handle unregistered accounts
  66. if (!user && profile.provider !== 'local' && (appconfig.auth.defaultReadAccess || profile.provider === 'ldap' || profile.provider === 'azure')) {
  67. let nUsr = {
  68. email: primaryEmail,
  69. provider: profile.provider,
  70. providerId: profile.id,
  71. password: '',
  72. name: profile.displayName || profile.name || profile.cn,
  73. rights: [{
  74. role: 'read',
  75. path: '/',
  76. exact: false,
  77. deny: false
  78. }]
  79. }
  80. return db.User.create(nUsr)
  81. }
  82. return user || Promise.reject(new Error(lang.t('auth:errors:notyetauthorized')))
  83. })
  84. }
  85. userSchema.statics.hashPassword = (rawPwd) => {
  86. return bcrypt.hash(rawPwd)
  87. }
  88. userSchema.methods.validatePassword = function (rawPwd) {
  89. return bcrypt.compare(rawPwd, this.password).then((isValid) => {
  90. return (isValid) ? true : Promise.reject(new Error(lang.t('auth:errors:invalidlogin')))
  91. })
  92. }
  93. module.exports = Mongoose.model('User', userSchema)