function login (req,res) {
+console.log('login');
+var tkn = req.sanitize(req.body._csrf);
+console.log('login:tkn=' + tkn);
+
var loggedInAdmin={};
- var email = req.body.email;
+ var email = req.sanitize(req.body.email);
+ var pswd = req.sanitize(req.body.password);
dbRoutes.findAdminUser(email,res,function(adminUser){
if(adminUser !== null){
// make sure correct password is provided
- if (req.body.password != adminUser.password) {
+ if (pswd != adminUser.password) {
res.render("pages/login",
{
result:
var loggedInAdmin = {
email:adminUser.email,
+ csrfToken: tkn,
password:adminUser.password,
privilege:adminUser.privilege
}
}
function checkAuth(req,res,next){
+
var host = req.get('host');
var url = req.url;
var originalUrl = req.originalUrl;
console.log("checkAuth");
var host = req.headers['host'];
-console.log('host=' + host);
-
+ console.log('host=' + host);
console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin));
if(req.session == null || req.session == undefined
|| req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
next();
}
+function checkPriv(req,res,next)
+{
+ var priv = req.session.loggedInAdmin;
+ if(req.session == null || req.session == undefined
+ || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
+ {
+ res.render("pages/err",
+ {
+ result: {code:'error', msg:'Unexpected null session.'},
+ header: process.env.MAIN_MENU
+ });
+ return;
+ }
+ else
+ {
+ if (priv.privilege == 'A')
+ {
+ next();
+ return;
+ }
+ else
+ {
+ res.render("pages/err",
+ {
+ result: { code:'error', msg:'User does not have permission to run operation.'},
+ header: process.env.MAIN_MENU
+ });
+ return;
+ }
+ }
+}
+
+
exports.login = login;
exports.logout = logout;
exports.checkAuth = checkAuth;
+exports.checkPriv = checkPriv;
Code Review / sdnc / oam.git / blobdiff