fromACL

This module exports the fromACL method to request and validate a user from the ACL.

Requires

Methods

(async, inner) failedLogin(request) → {Promise.<Error>}

Handles a failed login attempts.

Increases a counter of failed attempts in the user ACL record.

The user account will be locked if the failed attempts exceed the maxFailed attempts from process.env.FAILED_ATTEMPTS. maxFailed attempts defaults to 3.

Verification will be removed and a verification token will stored in the ACL if a user account is getting locked.

An email with the verification token is sent to the user notifying that the account has been locked and asking to renew verification.

It is recommended to reset the password for the account if this happens.

Parameters:
NameTypeDescription
requestObject

The request object.

Properties
NameTypeDescription
emailstring

The email address of the user.

languagestring

The language for the user.

hoststring

The host for the account verification email.

remote_addressstring

The IP address of the client.

Returns:

A Promise that resolves with an Error.

Type: 
Promise.<Error>

(async, inner) fromACL(req) → {Promise.<(Object|Error)>}

Creates a request object for the getUser(request) method argument. The request.email and request.password are taken from the req.body or authorization header.

Parameters:
NameTypeDescription
reqObject

The request object.

Properties
NameTypeAttributesDescription
body.emailstring<optional>

The email address of the user.

body.passwordstring<optional>

The password of the user.

params.languagestring<optional>

The language for the user.

headersObject

The request headers.

Properties
NameTypeAttributesDescription
authorizationstring<optional>

The authorization header containing the email and password.

Returns:

Validated user object or an Error if authentication fails.

Type: 
Promise.<(Object|Error)>

(inner) getUser(request) → {Promise.<(Object|Error)>}

Retrieves the user from the ACL and updates the access_log property.

Will call userExpiry method to check whether user approval has expired.

Will check whether the request.password matches stored user password.

Will call failedLogin method if user object can not be validated.

Returns a validated user object or Error.

Parameters:
NameTypeDescription
requestObject

The request object.

Properties
NameTypeDescription
emailstring

The email address of the user.

dateDate

The current date and time.

remote_addressstring

The IP address of the client.

languagestring

The language for the user.

hoststring

The host for the account verification email.

Returns:

A Promise that resolves with the user object, an Error, or null if the user is not found.

Type: 
Promise.<(Object|Error)>

(async, inner) userExpiry(user, request) → {Promise.<boolean>}

Checks whether an user approval has expired if enabled with process.env.APPROVAL_EXPIRY.

A user account will expire if the user object has an expires_on integer data which is smaller than the current Date.

The approval will be removed from the user record in the ACL.

Admin user accounts do not expire.

Parameters:
NameTypeDescription
userObject

The user object.

requestObject

The request object.

Properties
NameTypeDescription
emailstring

The email address of the user.

languagestring

The language for the user.

Returns:

A Promise that resolves with a boolean indicating if the user account has expired.

Type: 
Promise.<boolean>