3 var env
= require('gitter-web-env');
4 var identifyRoute
= env
.middlewares
.identifyRoute
;
5 var config
= env
.config
;
7 const ensureUserIdentityByProvider
= require('../../web/middlewares/ensure-user-identity-from-provider');
8 var passport
= require('passport');
9 const identityService
= require('gitter-web-identity');
10 var trackLoginForProvider
= require('../../web/middlewares/track-login-for-provider');
11 var rememberMe
= require('../../web/middlewares/rememberme-middleware');
12 var ensureLoggedIn
= require('../../web/middlewares/ensure-logged-in');
13 var redirectAfterLogin
= require('../../web/middlewares/redirect-after-login');
14 var passportCallbackForStrategy
= require('../../web/middlewares/passport-callback-for-strategy');
15 var userScopes
= require('gitter-web-identity/lib/user-scopes');
16 var fonts
= require('../../web/fonts');
20 const SCOPE_ALLOWLIST
= {
26 function getScopesFromReq(req
) {
27 const inputScopes
= req
.query
.scopes
? req
.query
.scopes
.split(/\s*,\s*/) : [''];
28 const newScopes
= inputScopes
.filter(scope
=> SCOPE_ALLOWLIST
[scope
]);
29 newScopes
.push('user:email');
30 newScopes
.push('read:org');
36 identifyRoute('login-github'),
37 trackLoginForProvider('github'),
38 passport
.authorize('github_user', {
39 scope
: 'user:email,read:org',
45 identifyRoute('login-invited'),
47 var query
= req
.query
;
49 // checks if we have a relative url path and adds it to the session
50 if (query
.uri
) req
.session
.returnTo
= config
.get('web:basepath') + '/' + query
.uri
;
52 res
.render('login_invited', {
53 username
: query
.welcome
,
55 bootScriptName
: 'router-login',
56 cssFileName
: 'styles/login.css',
57 // TODO: remove this and just show it anyway
63 routes
.upgradeLandingPage
= [
65 identifyRoute('login-upgrade-landing-page'),
66 // Once we allow multiple identities for a single user, we should get rid of this #multiple-identity-user
67 ensureUserIdentityByProvider(identityService
.GITHUB_IDENTITY_PROVIDER
),
69 const newScopes
= getScopesFromReq(req
);
71 res
.render('login-upgrade-landing', {
72 accessToken
: req
.accessToken
,
75 fonts
: fonts
.getFonts(),
76 hasCachedFonts
: fonts
.hasCachedFonts(req
.cookies
)
83 identifyRoute('login-upgrade'),
84 // Once we allow multiple identities for a single user, we should get rid of this #multiple-identity-user
85 ensureUserIdentityByProvider(identityService
.GITHUB_IDENTITY_PROVIDER
),
86 function(req
, res
, next
) {
87 var scopes
= getScopesFromReq(req
);
88 var existing
= req
.user
.githubScopes
|| {};
89 var addedScopes
= false;
91 scopes
.forEach(function(scope
) {
92 if (!existing
[scope
]) addedScopes
= true;
93 existing
[scope
] = true;
97 res
.render('github-upgrade-complete', {
98 oAuthCompletePostMessage
: JSON
.stringify({
99 type
: 'oauth_upgrade_complete',
100 scopes
: userScopes
.getScopesHash(req
.user
)
106 var requestedScopes
= Object
.keys(existing
).filter(function(f
) {
109 req
.session
.githubScopeUpgrade
= true;
111 passport
.authorize('github_upgrade', {
112 scope
: requestedScopes
,
119 identifyRoute('login-callback'),
120 function(req
, res
, next
) {
121 var upgrade
= req
.session
&& req
.session
.githubScopeUpgrade
;
124 strategy
= 'github_upgrade';
126 strategy
= 'github_user';
128 passportCallbackForStrategy(strategy
, { failWithError
: true })(req
, res
, next
);
131 rememberMe
.generateRememberMeTokenMiddleware
,
135 module
.exports
= routes
;
