How can I deny a user from logging in with mongoose-auth / everyauth
Question
Using node.js / expressjs / mongoose / mongoose-auth / everyauth. All versions are up to date.
I'm trying to use a database table to whitelist users by email address during development, but I want the primary method of auth to be facebook. I'm looking to have mongoose-auth only create the account if the facebook email is found in alpha_whitelist. This creates accounts as expected for addresses that are in the table, but it times out and crashes the server if the user is not in the whitelist.
findOrCreateUser: function (sess, accessTok, accessTokExtra, fbUser) {
var promise = this.Promise(),
User = this.User()();
// TODO Check user in session or request helper first
// e.g., req.user or sess.auth.userId
User.findOne({'fb.id': fbUser.id}, function (err, foundUser) {
if(foundUser)
return promise.fulfill(foundUser);
alpha_whitelist.findOne(
{email: fbUser.email},
function(err,doc) {
if(doc) {
console.log("CREATING");
User.createWithFB(fbUser, accessTok, accessTokExtra.expires, function (err, createdUser) {
console.log(err,createdUser);
if (err) return promise.fail(err);
return promise.fulfill(createdUser);
});
} else {
console.log('Denied');
//not sure what to do here... i need to break the auth chain and redirect the user back to '/'
}
});
});
return promise;
}
It seems that no matter what I put there, it fails and crashes the server. I'm clearly missing something. Any help would be appreciated.
Solution
I haven't tested this, but I'm sure you just need to return the Promise just as the other code blocks are doing
else {
console.log('Denied');
return promise.fail('Denied');
}
OTHER TIPS
I haven't used everyauth, but I guess you are looking for the validateRegistration
function, if you put your whitelist code there like:
.validateRegistration(function (newUser) {
db.checkWhiteList(function (success) {
return null; // everything OK
},
function (err) {
return [ "Not on whitelist" ];
}
});
There is a short description on this at the GitHub page.