diff --git a/server.js b/server.js index 6412b78225..ddfc8bd6b7 100644 --- a/server.js +++ b/server.js @@ -33,6 +33,8 @@ if (process.env.NODE_ENV === 'development') { "\n\t(2) open http://c4milo.github.com/node-webkit-agent/21.0.1180.57/inspector.html?host=localhost:1337&page=0"); }*/ +if (process.env.NODE_ENV === 'development') Error.stackTraceLimit = Infinity; + process.on('uncaughtException', function (error) { function sendEmail(mailData) { diff --git a/src/server/api.coffee b/src/server/api.coffee index 45b0250b17..97c8892b00 100644 --- a/src/server/api.coffee +++ b/src/server/api.coffee @@ -8,6 +8,7 @@ validator = require 'derby-auth/node_modules/validator' check = validator.check sanitize = validator.sanitize misc = require '../app/misc' +utils = require 'derby-auth/utils' NO_TOKEN_OR_UID = err: "You must include a token and uid (user id) in your request" NO_USER_FOUND = err: "No user found." @@ -92,6 +93,35 @@ router.put '/user', auth, (req, res) -> userObj.tasks = _.toArray(userObj.tasks) # FIXME figure out how we're going to consistently handle this. should always be array res.json 201, userObj +### + POST /user/auth +### +router.post '/user/auth', (req, res) -> + username = req.body.username + password = req.body.password + return res.json 401, err: 'No username or password' unless username and password + + model = req.getModel() + + q = model.query("users").withUsername(username) + q.fetch (err, result1) -> + return res.json 401, { err } if err + u1 = result1.get() + return res.json 401, err: 'Username not found' unless u1 # user not found + + # We needed the whole user object first so we can get his salt to encrypt password comparison + q = model.query("users").withLogin(username, utils.encryptPassword(password, u1.auth.local.salt)) + q.fetch (err, result2) -> + return res.json 401, { err } if err + + # joshua tree? + u2 = result2.get() + return res.json 401, err: 'Incorrect password' unless u2 + + res.json + id: u2.id + token: u2.apiToken + ### GET /user/task/:id ### diff --git a/src/server/index.coffee b/src/server/index.coffee index 3f707666e2..4c67ea04ba 100644 --- a/src/server/index.coffee +++ b/src/server/index.coffee @@ -23,9 +23,6 @@ racer.set('bundleTimeout', 40000) # racer.use(racer.logPlugin) # derby.use(derby.logPlugin) -# Infinite stack trace -Error.stackTraceLimit = Infinity if process.env.NODE_ENV is 'development' - ## SERVER CONFIGURATION ## expressApp = express() diff --git a/test/api.mocha.coffee b/test/api.mocha.coffee index 844da7b735..d523be7b16 100644 --- a/test/api.mocha.coffee +++ b/test/api.mocha.coffee @@ -2,6 +2,7 @@ _ = require 'lodash' request = require 'superagent' expect = require 'expect.js' require 'coffee-script' +utils = require 'derby-auth/utils' conf = require("nconf") conf.argv().env().file({file: __dirname + '../config.json'}).defaults @@ -39,6 +40,7 @@ describe 'API', -> model = null user = null uid = null + username = null before (done) -> server = require '../src/server' @@ -51,6 +53,13 @@ describe 'API', -> user = helpers.newUser(true) user.apiToken = model.id() model.session = {userId:uid} + salt = utils.makeSalt() + username = 'jonfishman' + Math.random().toString().split('.')[1] + user.auth = + local: + username: username + hashed_password: utils.encryptPassword('icculus', salt) + salt: salt model.set "users.#{uid}", user delete model.session # Crappy hack to let server start before tests run @@ -390,4 +399,16 @@ describe 'API', -> done() - + it 'POST /api/v1/user/auth', (done) -> + userAuth = + username: username + password: 'icculus' + request.post("#{baseURL}/user/auth") + .set('Accept', 'application/json') + .send(userAuth) + .end (res) -> + expect(res.body.err).to.be undefined + expect(res.statusCode).to.be 200 + expect(res.body.id).to.be currentUser.id + expect(res.body.token).to.be currentUser.apiToken + done()