projects / osm / UI.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Session manager modified to catch all requests. Login redirect fix
[osm/UI.git] / skyquake / framework / core / modules / api / sessions.js
1 /*
2 *
3 * Copyright 2016 RIFT.IO Inc
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 /**
20 * sessions api module. Provides API functions for sessions
21 * @module framework/core/modules/api/sessions
22 * @author Kiran Kashalkar <kiran.kashalkar@riftio.com>
23 */
24
25 var Promise = require('bluebird');
26 var constants = require('../../api_utils/constants');
27 var utils = require('../../api_utils/utils');
28 var request = utils.request;
29 var rp = require('request-promise');
30 var sessionsAPI = {};
31 var _ = require('lodash');
32 var base64 = require('base-64');
33 var APIVersion = '/v2';
34 var configurationAPI = require('./configuration');
35
36 function logAndReject(mesg, reject, errCode) {
37 res.errorMessage = {
38 error: mesg
39 }
40 res.statusCode = errCode || constants.HTTP_RESPONSE_CODES.ERROR.BAD_REQUEST;
41 console.log(mesg);
42 reject(res);
43 }
44
45 function logAndRedirectToLogin(mesg, res, req) {
46 var api_server = req.query['api_server'] || (req.protocol + '://' + configurationAPI.globalConfiguration.get().api_server);
47 var upload_server = req.protocol + '://' + (configurationAPI.globalConfiguration.get().upload_server || req.hostname);
48 console.log(mesg);
49 res.redirect('login.html?api_server=' + api_server + '&upload_server=' + upload_server + '&referer=' + encodeURIComponent(req.headers.referer));
50 res.end();
51 }
52
53 sessionsAPI.create = function(req, res) {
54 var api_server = req.query["api_server"];
55 var uri = utils.confdPort(api_server);
56 var login_url = uri + APIVersion + '/api/login';
57 var project_url = uri + APIVersion + '/api/operational/project';
58 var authorization_header_string = 'Basic ' + base64.encode(req.body['username'] + ':' + req.body['password']);
59 return new Promise(function(resolve, reject) {
60 Promise.all([
61 rp({
62 url: login_url,
63 method: 'POST',
64 headers: _.extend({}, constants.HTTP_HEADERS.accept.data, {
65 'Authorization': authorization_header_string
66 }),
67 forever: constants.FOREVER_ON,
68 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
69 resolveWithFullResponse: true
70 }),
71 rp({
72 url: project_url,
73 method: 'GET',
74 headers: _.extend({}, constants.HTTP_HEADERS.accept.collection, {
75 'Authorization': authorization_header_string
76 }),
77 forever: constants.FOREVER_ON,
78 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
79 resolveWithFullResponse: true
80 })
81
82 ]).then(function(results) {
83 // results[0].statusCode => 200/201
84 // results[1].body.collection['rw-project:project'] => List of projects OR 204 with no content
85 if (results[0].statusCode != constants.HTTP_RESPONSE_CODES.SUCCESS.OK) {
86 var errorMsg = 'Invalid credentials provided!';
87 logAndRedirectToLogin(errorMsg, res, req);
88 return;
89 }
90
91 var username = req.body['username'];
92 var project_list_for_user = [];
93
94 if (results[1].statusCode == constants.HTTP_RESPONSE_CODES.SUCCESS.NO_CONTENT) {
95 console.log('No projects added or user ', username ,' not privileged to view projects.');
96 } else {
97 // go through projects and get list of projects that this user belongs to.
98 // pick first one as default project?
99 var isLCM = false;
100 var projects = JSON.parse(results[1].body).collection['rw-project:project'];
101 projects && projects.map(function(project) {
102 project['project-config'] &&
103 project['project-config']['user'] &&
104 project['project-config']['user'].map(function(user) {
105 if (user['user-name'] == username) {
106 project_list_for_user.push(project);
107 user.role.map(function(role) {
108 if(role.role.indexOf('rw-project-mano:lcm') > -1) {
109 isLCM = true;
110 }
111 })
112 }
113 });
114 });
115 if (project_list_for_user.length > 0) {
116 req.session.projectId = project_list_for_user.sort() && project_list_for_user[0].name;
117 req.session.isLCM = isLCM;
118 }
119 }
120
121 req.session.authorization = authorization_header_string;
122 req.session.loggedIn = true;
123 req.session.userdata = {
124 username: username,
125 // project: req.session.projectId
126 };
127 req.session.redirect = true;
128 var successMsg = 'User => ' + username + ' successfully logged in.';
129 successMsg += req.session.projectId ? 'Project => ' + req.session.projectId + ' set as default.' : '';
130
131 console.log(successMsg);
132
133 var response = {
134 statusCode: constants.HTTP_RESPONSE_CODES.SUCCESS.CREATED,
135 data: JSON.stringify({
136 status: successMsg
137 })
138 };
139
140 req.session.save(function(err) {
141 if (err) {
142 console.log('Error saving session to store', err);
143 }
144 })
145
146 resolve(response);
147
148 }).catch(function(error) {
149 // Something went wrong - Redirect to /login
150 var errorMsg = 'Error logging in or getting list of projects. Error: ' + error;
151 console.log(errorMsg);
152 logAndRedirectToLogin(errorMsg, res, req);
153 });
154 })
155 };
156
157 sessionsAPI.addProjectToSession = function(req, res) {
158 return new Promise(function(resolve, reject) {
159 if (req.session && req.session.loggedIn == true) {
160 req.session.projectId = req.params.projectId;
161 req.session.save(function(err) {
162 if (err) {
163 console.log('Error saving session to store', err);
164 }
165 var successMsg = 'Added project ' + req.session.projectId + ' to session ' + req.sessionID;
166 console.log(successMsg);
167
168 return resolve ({
169 statusCode: constants.HTTP_RESPONSE_CODES.SUCCESS.OK,
170 data: JSON.stringify({
171 status: successMsg
172 })
173 });
174
175 var errorMsg = 'Session does not exist or not logged in';
176 logAndReject(errorMsg, reject, constants.HTTP_RESPONSE_CODES.ERROR.NOT_FOUND);
177 });
178 }
179 });
180 }
181
182 sessionsAPI.delete = function(req, res) {
183 var api_server = req.query["api_server"];
184 var uri = utils.confdPort(api_server);
185 var url = uri + '/api/logout';
186 req.returnTo = req.headers.referer;
187 return new Promise(function(resolve, reject) {
188 Promise.all([
189 rp({
190 url: url,
191 method: 'POST',
192 headers: _.extend({}, constants.HTTP_HEADERS.accept.data, {
193 'Authorization': req.session.authorization
194 }),
195 forever: constants.FOREVER_ON,
196 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
197 resolveWithFullResponse: true
198 }),
199 new Promise(function(success, failure) {
200 req.session.destroy(function(err) {
201 if (err) {
202 var errorMsg = 'Error deleting session. Error: ' + err;
203 console.log(errorMsg);
204 success({
205 status: 'error',
206 message: errorMsg
207 });
208 }
209
210 var successMsg = 'Success deleting session';
211 console.log(successMsg);
212
213 success({
214 status: 'success',
215 message: successMsg
216 });
217 });
218 })
219 ]).then(function(result) {
220 // assume the session was deleted!
221 var message = 'Session was deleted.'
222 logAndRedirectToLogin(message, res, req);
223
224 }).catch(function(error) {
225 var message = 'Error deleting session or logging out. Error:' + error;
226 logAndRedirectToLogin(message, res, req);
227 });
228 });
229 }
230
231
232 module.exports = sessionsAPI;