How can I deny a user from logging in with mongoose-auth / everyauth

StackOverflow https://stackoverflow.com/questions/8337848

Using node.js / expressjs / mongoose / mongoose-auth / everyauth. All versions are up to date.

I'm trying to use a database table to whitelist users by email address during development, but I want the primary method of auth to be facebook. I'm looking to have mongoose-auth only create the account if the facebook email is found in alpha_whitelist. This creates accounts as expected for addresses that are in the table, but it times out and crashes the server if the user is not in the whitelist.

findOrCreateUser:   function (sess, accessTok, accessTokExtra, fbUser) {
    var promise = this.Promise(),
        User = this.User()();
        // TODO Check user in session or request helper first
        // e.g., req.user or sess.auth.userId
        User.findOne({'fb.id': fbUser.id}, function (err, foundUser) {
            if(foundUser)
                return promise.fulfill(foundUser);
            alpha_whitelist.findOne(
                {email: fbUser.email},
                function(err,doc) {
                    if(doc) {
                        console.log("CREATING");
                        User.createWithFB(fbUser, accessTok, accessTokExtra.expires, function (err, createdUser) {
                            console.log(err,createdUser);
                            if (err) return promise.fail(err);
                            return promise.fulfill(createdUser);
                        });
                    } else {
                        console.log('Denied');
                        //not sure what to do here... i need to break the auth chain and redirect the user back to '/'
                    }
                });
        });
        return promise;
    }

It seems that no matter what I put there, it fails and crashes the server. I'm clearly missing something. Any help would be appreciated.

有帮助吗?

解决方案

I haven't tested this, but I'm sure you just need to return the Promise just as the other code blocks are doing

else {
    console.log('Denied');
    return promise.fail('Denied');
}

其他提示

I haven't used everyauth, but I guess you are looking for the validateRegistration function, if you put your whitelist code there like:

.validateRegistration(function (newUser) {
    db.checkWhiteList(function (success) {
        return null; // everything OK
    },
    function (err) {
        return [ "Not on whitelist" ];
    }
});

There is a short description on this at the GitHub page.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top