fleet/website/api/responses/unauthorized.js

/**
 * unauthorized.js
 *
 * A custom response that content-negotiates the current request to either:
 *  • log out the current user and redirect them to the login page
 *  • or send back 401 (Unauthorized) with no response body.
 *
 * Example usage:
 * ```
 *     return res.unauthorized();
 * ```
 *
 * Or with actions2:
 * ```
 *     exits: {
 *       badCombo: {
 *         description: 'That email address and password combination is not recognized.',
 *         responseType: 'unauthorized'
 *       }
 *     }
 * ```
 */
module.exports = function unauthorized() {

  var req = this.req;
  var res = this.res;

  sails.log.verbose('Ran custom response: res.unauthorized()');

  if (req.wantsJSON) {
    return res.sendStatus(401);
  }
  // Or log them out (if necessary) and then redirect to the login page.
  else {

    if (req.session.userId) {
      delete req.session.userId;
    }

    return res.redirect('/login');
  }

};
Move fleetdm.com into main Fleet repo (#83) * rename dir * no need to install website or docs from npm At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code * Bring in fleetdm.com website From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21 * add procfile for heroku Using https://github.com/timanovsky/subdir-heroku-buildpack * avoid getting anybody's hopes up * Create deploy-fleet-website.yml (#82) * Create deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * update pjs with SPDX-like license expressions. also fix repo URL and remove package lock * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * remove dummy uri * Dissect deploy script * Update deploy-fleet-website.yml * workaround for eslintrc nesting issue * lint fixes * forgot the .js * add per-commit git config * Update deploy-fleet-website.yml * might as well remove that * cleanup * connect w/ heroku app and have it actually push * fix bug I introduced in 578a1a01ffb8404aae869e05005e30a6ba2b2a95 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * the beauty, the glory, of javascript * GH actions don't like "\n" * Update deploy-fleet-website.yml * restore \n chars from 0d45e568f693efba7d7072085bc98d72a482d9ae hoping I was wrong in 0d45e568f693efba7d7072085bc98d72a482d9ae but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * rename script to prevent duplicate building * Configure the real website * clean up * a test of the deploy workflow * add handbook to npmignore * I guess you could call this fixing a typo * point workflow at master branch * now clearly bogus: this completely unused version string 2020-12-02 20:48:03 +00:00			`/**`
			`* unauthorized.js`
			`*`
			`* A custom response that content-negotiates the current request to either:`
			`* • log out the current user and redirect them to the login page`
			`* • or send back 401 (Unauthorized) with no response body.`
			`*`
			`* Example usage:`
			* ```
			`* return res.unauthorized();`
			* ```
			`*`
			`* Or with actions2:`
			* ```
			`* exits: {`
			`* badCombo: {`
			`* description: 'That email address and password combination is not recognized.',`
			`* responseType: 'unauthorized'`
			`* }`
			`* }`
			* ```
			`*/`
			`module.exports = function unauthorized() {`

			`var req = this.req;`
			`var res = this.res;`

			`sails.log.verbose('Ran custom response: res.unauthorized()');`

			`if (req.wantsJSON) {`
			`return res.sendStatus(401);`
			`}`
			`// Or log them out (if necessary) and then redirect to the login page.`
			`else {`

			`if (req.session.userId) {`
			`delete req.session.userId;`
			`}`

Website: Fleet Sandbox (#6380) * create pages, add routes, update policies * add new pages to importer * sandbox page * login -> sandbox-login * Update login.less * psuedo-code/code comments * remove sandbox page * Revert "remove sandbox page" This reverts commit d5a1280759266f6bf587c9bab275d1a3e69ec16a. * view action drafts * delete forgot-password page * two new actions + draft code * change action name * Draft view actions and page scripts * Update signup.js * update comments * update signup & sandbox-login page script * update helper comments * update helper usage in comments * view-sandbox » view-sandbox-or-redirect * Update helpers, actions, and routes * login » sandbox-login * update attributes on user model * update signup action * update page scripts and importer * Update view-register.js * html + css * update signup and view-sandbox-or-redirect * Password reset Update user's sandbox password when they have a sandbox instance * add new-sandbox, update sandbox page - `/try-fleet/new-sandbox` added for users who don't have an existing Fleet Sandbox instance, - `/sandbox` updated to redirect users to the `/demologin` endpoint of their Fleet Sandbox instance if it is still valid, or display the sandbox expired state - updated policies & routes * layout and importer updates * update sandbox-login links & page script * update signup action * change logout redirect location to homepage * lint fixes * lint fixes * Update sandbox & sandbox-expired * Comment updates * update password requirements for existing pages * remove /get-started route * lint fixes * replace env variable with url * remove `required: false` from organization attribute on user model * send redirectToSandbox from view instead of routes * changes sandbox page name * add 10 second timeout to /healthz check, add authorization header to cloud provisioner request * update environment variable name * update authorization header * remove /new-sandbox * update unauthorized response to redirect to correct login screen * update comments * update layout * replace new-sandbox redirects with consistency violation errors * Provision Fleet sandbox for users logging in * Revert "Provision Fleet sandbox for users logging in" This reverts commit 6297c33892231d0ef98bed4cbb127f4263ebc48d. * Revert "Revert "Provision Fleet sandbox for users logging in"" This reverts commit c2a2567b68325ea92e19f908226de2f52d8265f9. * Revert "Revert "Revert "Provision Fleet sandbox for users logging in""" This reverts commit acc178ea76ece637f7f6eab9f44ee51c44f59a00. * update sandbox-login mobile styles * update sandbox-expired page to match latest wireframes * remove required: false and planned changes comments, update signup errors and behavior * update error * lint fix on updated error * Update error's indentation * remove added forgot-password flow, add redirect for sandbox users changing their password * Use fleetSandboxDemoKey to login to Fleet Sandbox, remove password changing flow * update bootstrap to give admin user an expired sandbox * Update signup.js * remove unused exits, revert password recovery email changes * required:false is implied if unspecified, so can be omitted * Remove defaultsTo: '', since it is not needed This applies the changes discussed in https://github.com/fleetdm/fleet/pull/6380#discussion_r929538495 It also makes two other trivial changes. * Eliminate another unnecessary require:false I think this one is actually baked into the sails-generate template. * remove custom password validation * update page name (sandbox-teleporter) and view action name * revert minor changes to existing files * update sandbox login friendlyName * Update unauthorized response to redirect to /login * Delete new-sandbox.less * update layouts and importer * add /fleetctl-preview route for old get-started page, update sandbox route * update signup action with changes from review, add retry() to cloud provisioner request * Update routes.js * add missing comma to route * update layout, fix typo in signup * Update sandbox-expired.ejs * lint fixes * Update download-sitemap.js * small whitespace changes, regenerate cloud-sdk * remove placeholder text in password inputs * add loading spinner to sandbox teleporter * add logout button to header nav * hide header on sandbox-teleporter * update errors, check if a user already exists before cloud provisioner request * Update sandbox-teleporter.page.js * Update sandbox-teleporter.page.js * Update signup.js * resize loading spinner, history.pushState() » history.replaceState() * send users who reset their password back to the fleetdm.com homepage * Add Zapier webhook request for sandbox signups * rebuild-scloud-sdk after resolving merge conflict * update zapier request error * Add comment w/ context about how Zapier responds with a 2xx even if there was a problem * Update links to /get-started to go to /try-fleet/register, change /get-started redirect * Revert changes to links * add /test-fleet-sandbox redirect, revert /try-fleet redirect * send logged out users to the sandbox login page when they go to /try-fleet/sandbox Co-authored-by: Mike McNeil <[email protected]> 2022-08-12 22:31:01 +00:00			`return res.redirect('/login');`
Move fleetdm.com into main Fleet repo (#83) * rename dir * no need to install website or docs from npm At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code * Bring in fleetdm.com website From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21 * add procfile for heroku Using https://github.com/timanovsky/subdir-heroku-buildpack * avoid getting anybody's hopes up * Create deploy-fleet-website.yml (#82) * Create deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * update pjs with SPDX-like license expressions. also fix repo URL and remove package lock * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * remove dummy uri * Dissect deploy script * Update deploy-fleet-website.yml * workaround for eslintrc nesting issue * lint fixes * forgot the .js * add per-commit git config * Update deploy-fleet-website.yml * might as well remove that * cleanup * connect w/ heroku app and have it actually push * fix bug I introduced in 578a1a01ffb8404aae869e05005e30a6ba2b2a95 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * the beauty, the glory, of javascript * GH actions don't like "\n" * Update deploy-fleet-website.yml * restore \n chars from 0d45e568f693efba7d7072085bc98d72a482d9ae hoping I was wrong in 0d45e568f693efba7d7072085bc98d72a482d9ae but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * rename script to prevent duplicate building * Configure the real website * clean up * a test of the deploy workflow * add handbook to npmignore * I guess you could call this fixing a typo * point workflow at master branch * now clearly bogus: this completely unused version string 2020-12-02 20:48:03 +00:00			`}`

			`};`