Cleaning up auth and authentication model, routes, and controllers.

diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
index 6f50eabc34814f3477969cf15e189bfa47abf063..bac979d9979f3fea4a6b759aeb8596529ba4562a 100644 (file)
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -18,7 +18,7 @@ module.exports = {
         return next( createError( 400, !email ? 'You must provide an email to login.' : 'You must provide a password to login.' ) );
       }
       const user = await db.user.find_one( { email } );
-      if (!user || !user.is_active || user.is_deleted) {
+      if (!user || !user.is_active || user.is_deleted || user.is_locked) {
         return res.status( 401 ).send( { success:false, user:null, token:null } );
       }
       const isValid = await user.comparePassword( password );

diff --git a/src/models/authentication.model.js b/src/models/authentication.model.js
index df6a08a380d5c31466d39a3a1bc6f50fbd1da1b1..c9cc1913a899dd18a8692ca374b44e4f6c67f3a5 100644 (file)
--- a/src/models/authentication.model.js
+++ b/src/models/authentication.model.js
@@ -178,6 +178,10 @@ class Authentication extends Model {
     } );
   };
 
+  to_safe_json() {
+    const { password, password_salt, password_verification_token, password_reset_token, ...safeData } = this.toJSON();
+    return safeData;
+  };
 }
 
 module.exports = Authentication;
\ No newline at end of file

diff --git a/src/routes/authentication.routes.js b/src/routes/authentication.routes.js
index 5b78f0bc08307bbab22e6b27b2f189f741e308e4..f5498ddcbd7a6d5f11814440f41a17e947294d44 100644 (file)
--- a/src/routes/authentication.routes.js
+++ b/src/routes/authentication.routes.js
@@ -13,13 +13,15 @@ const authentication_controller = require( '../controllers/authentication.contro
  * @returns {Object} Express router with authentication routes
  */
 module.exports = ( passport ) => {
-  router.post( '/create', validate_auth( passport ), authentication_controller.create );
-  router.get( '/user/:user_id', validate_auth( passport ), authentication_controller.find_by_user_id );
-  router.get( '/reset/:token', validate_auth( passport ), authentication_controller.find_by_reset_token );
-  router.get( '/:id', validate_auth( passport ), authentication_controller.find_one );
-  router.get( '/', validate_auth( passport ), authentication_controller.find_many );
-  router.put( '/:id/lock', validate_auth( passport ), authentication_controller.lock_account );
-  router.put( '/:id/unlock', validate_auth( passport ), authentication_controller.unlock_account );
-  router.put( '/:id/soft_delete', validate_auth( passport ), authentication_controller.soft_delete );
+  router.use( validate_auth( passport ) );
+
+  router.post( '/create', authentication_controller.create );
+  router.get( '/user/:user_id', authentication_controller.find_by_user_id );
+  router.get( '/reset/:token', authentication_controller.find_by_reset_token );
+  router.get( '/:id', authentication_controller.find_one );
+  router.get( '/', authentication_controller.find_many );
+  router.put( '/:id/lock', authentication_controller.lock_account );
+  router.put( '/:id/unlock', authentication_controller.unlock_account );
+  router.put( '/:id/soft_delete', authentication_controller.soft_delete );
   return router;
 };
\ No newline at end of file