Sign in form

The login form receives a email / password and finds a appropriate user account in database.

form


const CAPTCHA_SCENARIO = 'captcha';
const Base = require('areto/base/Model');

module.exports = class SignInForm extends Base {

const RateLimit = require('areto/security/rate-limit/RateLimit');
const PasswordAuth = require('../component/auth/PasswordAuth');

Validation of form needed to filter invalid input values.


static getConstants () {
  return {
    RULES: [
      [['email', 'password'], 'required'],
      ['email', 'email'],
      ['password', 'string', {min: 6, max:24}],
      ['rememberMe', 'boolean'],
      ['captchaCode', 'required', {on: [CAPTCHA_SCENARIO]}],
      ['captchaCode', {
        Class: require('areto/security/captcha/CaptchaValidator'),
        on: [CAPTCHA_SCENARIO]
      rememberMe: 'Remember me',
      captchaCode: 'Verification code'

The login method checks form data. If there are no errors it passes control to the checkUser method that will search a user account in database.


async login () {
  await this.validate();
  if (!this.hasError()) {
    const result = await this.createPasswordAuth().login();
    if (result.error) {
        this.addError('email', result.error);
    await this.updateRateLimit();

Look for user in checkUser by unique login. This is the email. If user with passed email exists, you will create a User instance. Its methods make further validate a user.

Pay attention to the same server response in cases of a non-existent user email and wrong password. This disables a brute force of existing login in database.

In addition to authentication, the model checks account status. If a user is blocked, server will return a message login error.

After successful validation webuser.login binds the current user's session to found a model. If the rememberMe flag is checked, the service data will be added to browser cookies. It is required for automatic user log on to a given period (7 days).


constructor (config) {
    // user: [new WebUser]
    rateLimit: config.module.get('rateLimit'),
    rateLimitType: 'signIn',
    rememberPeriod: 7 * 24 * 3600,

createPasswordAuth () {
  return this.spawn(PasswordAuth, {
    email: this.get('email'),
    password: this.get('password'),
    rememberMe: this.get('rememberMe'),
    user: this.user

updateRateLimit () {
  if (this._rateLimitModel) {
    if (this.hasError()) {
      await this._rateLimitModel.increment();
    if (this.isCaptchaRequired()) { // captcha has been validated
      await this._rateLimitModel.reset();