1. Advisor
  2. sqreen
  3. functions
  4. sqreen.auth_track
View all sqreen analysis

How to use the sqreen.auth_track function in sqreen

To help you get started, we’ve selected a few sqreen examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github vpdb / server / src / app / authentication / authentication.api.ts View on Github external
private async assertUserIsActive(ctx: Context, user: UserDocument): Promise {
		if (!user.is_active) {
			/* istanbul ignore if */
			if (process.env.SQREEN_ENABLED) {
				require('sqreen').auth_track(false, { email: user.email });
			}
			if (user.email_status && user.email_status.code === 'pending_registration') {
				await LogUserUtil.failure(ctx, user, 'authenticate', { provider: 'local' }, null, 'Inactive account due to pending email confirmation.');
				throw new ApiError('User <%s> tried to login with unconfirmed email address.', user.email)
					.display('Your account is inactive until you confirm your email address <%s>. If you did not get an email from <%s>, please contact an administrator.', user.email, config.vpdb.email.sender.email)
					.code('email_unconfirmed')
					.warn()
					.status(403);

			} else {
				await LogUserUtil.failure(ctx, user, 'authenticate', { provider: 'local' }, null, 'Inactive account.');
				throw new ApiError('User <%s> is disabled, refusing access', user.email)
					.display('Inactive account. Please contact an administrator')
					.code('account_disabled')
					.warn()
					.status(403);
github vpdb / server / src / app / authentication / authentication.api.ts View on Github external
}
			throw new ApiError('Cannot use token of type "%s" for authentication (must be of type "personal").', token.type).status(401);
		}
		// fail if not login token
		if (!scope.isIdentical(token.scopes, ['login'])) {
			/* istanbul ignore if */
			if (process.env.SQREEN_ENABLED) {
				require('sqreen').auth_track(false, { email: (token._created_by as UserDocument).email });
			}
			throw new ApiError('Token to exchange for JWT must exclusively be "login" ([ "' + token.scopes.join('", "') + '" ] given).').status(401);
		}
		// fail if token expired
		if (token.expires_at.getTime() < Date.now()) {
			/* istanbul ignore if */
			if (process.env.SQREEN_ENABLED) {
				require('sqreen').auth_track(false, { email: (token._created_by as UserDocument).email });
			}
			throw new ApiError('Token has expired.').status(401);
		}
		// fail if token inactive
		if (!token.is_active) {
			/* istanbul ignore if */
			if (process.env.SQREEN_ENABLED) {
				require('sqreen').auth_track(false, { email: (token._created_by as UserDocument).email });
			}
			throw new ApiError('Token is inactive.').status(401);
		}
		await token.update({ last_used_at: new Date() });
		return token._created_by as UserDocument;
	}
github vpdb / server / src / app / authentication / authentication.api.ts View on Github external
protected async authenticateUser(ctx: Context, authenticatedUser: UserDocument, how: 'password' | 'token' | 'oauth') {

		await this.assertUserIsActive(ctx, authenticatedUser);

		// generate token and return.
		const now = new Date();
		const expires = new Date(now.getTime() + config.vpdb.apiTokenLifetime);
		const token = AuthenticationUtil.generateApiToken(authenticatedUser, now, how !== 'password' && how !== 'oauth');

		await LogUserUtil.success(ctx, authenticatedUser, 'authenticate', { provider: 'local', how });
		logger.info(ctx.state, '[AuthenticationApi.authenticate] User <%s> successfully authenticated using %s.', authenticatedUser.email, how);
		/* istanbul ignore if */
		if (process.env.SQREEN_ENABLED) {
			require('sqreen').auth_track(true, { email: authenticatedUser.email });
		}
		const span = this.apmStartSpan(`UserUtil.getACLs()`);
		const acls = await UserUtil.getACLs(authenticatedUser);
		this.apmEndSpan(span);
		const response = {
			token,
			expires,
			user: assign(state.serializers.User.detailed(ctx, authenticatedUser), acls),
		};

		/* istanbul ignore if */
		if (process.env.SQREEN_ENABLED) {
			require('sqreen').auth_track(true, { email: authenticatedUser.email });
		}
		this.success(ctx, response, 200);
	}
github vpdb / server / src / app / authentication / authentication.api.ts View on Github external
private async authenticateLocally(ctx: Context): Promise {
		// try to authenticate with user/pass
		if (!ctx.request.body.username || !ctx.request.body.password) {
			return null;
		}
		const localUser = await state.models.User.findOne({ username: sanitize(ctx.request.body.username) }).exec();
		if (localUser && localUser.authenticate(ctx.request.body.password)) {
			// all good, return.
			return localUser;
		}
		// log if there was a user
		if (localUser) {
			await LogUserUtil.failure(ctx, localUser, 'authenticate', { provider: 'local' }, null, 'Invalid password.');
			/* istanbul ignore if */
			if (process.env.SQREEN_ENABLED) {
				require('sqreen').auth_track(false, { username: ctx.request.body.username });
			}
		} // don't bother logging unknown user names
		throw new ApiError('Authentication denied for user "%s" (%s)', ctx.request.body.username, localUser ? 'password' : 'username')
			.display('Wrong username or password')
			.code('wrong_username_or_password')
			.warn()
			.status(401);
	}
github vpdb / server / src / controllers / api / user.js View on Github external
return Token.findOne({ token: req.body.token }).populate('_created_by').exec().then(token => {

			// fail if not found
			if (!token) {
				antiBruteForce = true;
				throw error('Invalid token.').status(401);
			}

			// fail if invalid type
			if (token.type !== 'personal') {
				if (config.vpdb.services.sqreen.enabled) {
					require('sqreen').auth_track(false, { email: token._created_by.email });
				}
				throw error('Cannot use token of type "%s" for authentication (must be of type "personal").', token.type).status(401);
			}

			// fail if not login token
			if (!scope.isIdentical(token.scopes, [ 'login' ])) {
				if (config.vpdb.services.sqreen.enabled) {
					require('sqreen').auth_track(false, { email: token._created_by.email });
				}
				throw error('Token to exchange for JWT must exclusively be "login" ([ "' + token.scopes.join('", "') + '" ] given).').status(401);
			}

			// fail if token expired
			if (token.expires_at.getTime() < new Date().getTime()) {
				if (config.vpdb.services.sqreen.enabled) {
					require('sqreen').auth_track(false, { email: token._created_by.email });
github vpdb / server / src / app / authentication / authentication.api.ts View on Github external
private async updateOAuthUser(ctx: Context, user: UserDocument, provider: string, profile: OAuthProfile, emails: string[]): Promise {

		/* istanbul ignore if */
		if (process.env.SQREEN_ENABLED) {
			require('sqreen').auth_track(true, { email: user.email });
		}
		if (!user.providers || !user.providers[provider]) {
			user.providers = user.providers || {};
			user.providers[provider] = {
				id: String(profile.id),
				name: UserUtil.getNameFromProfile(profile),
				emails,
				created_at: new Date(),
				modified_at: new Date(),
				profile: profile._json,
			};
			await LogUserUtil.success(ctx, user, 'authenticate', {
				provider,
				profile: profile._json,
			});
			logger.info(ctx.state, '[AuthenticationApi.updateOAuthUser] Adding profile from %s to user.', provider, emails[0]);

sqreen

Node.js agent for Sqreen, please see https://www.sqreen.io/

proprietary-free-to-use
Latest version published 1 year ago

Package Health Score

43 / 100
Full package analysis

Popular sqreen functions

Similar packages