mailtrain/lib/passport.js

'use strict';

let config = require('config');
let log = require('npmlog');
let _ = require('./translate')._;
let util = require('util');

let passport = require('passport');
let LocalStrategy = require('passport-local').Strategy;

let csrf = require('csurf');
let bodyParser = require('body-parser');
let users = require('./models/users');

let LdapStrategy;
try {
    LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require
} catch (E) {
    // ignore
    console.warn('Module "passport-ldapjs" not installed. LDAP auth will fail.');
}

module.exports.csrfProtection = csrf({
    cookie: true
});

module.exports.parseForm = bodyParser.urlencoded({
    extended: false,
    limit: config.www.postsize
});

module.exports.setup = app => {
    app.use(passport.initialize());
    app.use(passport.session());
};

module.exports.logout = (req, res) => {
    if (req.user) {
        req.flash('info', util.format(_('%s  logged out'), req.user.username));
        req.logout();
    }
    res.redirect('/');
};

module.exports.login = (req, res, next) => {
    passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {
        if (err) {
            req.flash('danger', err.message);
            return next(err);
        }
        if (!user) {
            req.flash('danger', info && info.message || _('Failed to authenticate user'));
            return res.redirect('/users/login' + (req.body.next ? '?next=' + encodeURIComponent(req.body.next) : ''));
        }
        req.logIn(user, err => {
            if (err) {
                return next(err);
            }

            if (req.body.remember) {
                // Cookie expires after 30 days
                req.session.cookie.maxAge = 30 * 24 * 60 * 60 * 1000;
            } else {
                // Cookie expires at end of session
                req.session.cookie.expires = false;
            }

            req.flash('success', util.format(_('Logged in as %s'), user.username));
            return res.redirect(req.body.next || '/');
        });
    })(req, res, next);
};

if (config.ldap.enabled && LdapStrategy) {
    log.info('Using LDAP auth');

    let opts = {
        server: {
            url: 'ldap://' + config.ldap.host + ':' + config.ldap.port
        },
        base: config.ldap.baseDN,
        search: {
            filter: config.ldap.filter,
            attributes: [config.ldap.uidTag, 'mail'],
            scope: 'sub'
        },
        uidTag: config.ldap.uidTag
    };

    passport.use(new LdapStrategy(opts, (profile, done) => {
        users.findByUsername(profile[config.ldap.uidTag], (err, user) => {
            if (err) {
                return done(err);
            }

            if (!user) {
                // password is empty for ldap
                users.add(profile[config.ldap.uidTag], '', profile.mail, (err, id) => {
                    if (err) {
                        return done(err);
                    }

                    return done(null, {
                        id,
                        username: profile[config.ldap.uidTag]
                    });
                });
            } else {
                return done(null, {
                    id: user.id,
                    username: user.username
                });
            }
        });
    }));
} else {
    log.info('Using local auth');

    passport.use(new LocalStrategy((username, password, done) => {
        users.authenticate(username, password, (err, user) => {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: _('Incorrect username or password')
                });
            }

            return done(null, user);
        });
    }));
}

passport.serializeUser((user, done) => {
    done(null, user.id);
});

passport.deserializeUser((id, done) => {
    users.get(id, done);
});
Initial import 2016-04-04 12:36:30 +00:00			`'use strict';`

added max post size option 2016-04-13 05:36:55 +00:00			`let config = require('config');`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`let log = require('npmlog');`
Updated translation support 2017-03-07 14:30:56 +00:00			`let _ = require('./translate')._;`
			`let util = require('util');`
Add ldap authentication 2016-08-11 11:21:48 +00:00
Initial import 2016-04-04 12:36:30 +00:00			`let passport = require('passport');`
			`let LocalStrategy = require('passport-local').Strategy;`
v1.16.0 2016-08-29 10:57:27 +00:00
Initial import 2016-04-04 12:36:30 +00:00			`let csrf = require('csurf');`
			`let bodyParser = require('body-parser');`
			`let users = require('./models/users');`

v1.16.0 2016-08-29 10:57:27 +00:00			`let LdapStrategy;`
			`try {`
			`LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require`
			`} catch (E) {`
			`// ignore`
Remove passport-ldapjs from packpage.json and add warning message 2017-03-15 18:26:54 +00:00			`console.warn('Module "passport-ldapjs" not installed. LDAP auth will fail.');`
v1.16.0 2016-08-29 10:57:27 +00:00			`}`

Initial import 2016-04-04 12:36:30 +00:00			`module.exports.csrfProtection = csrf({`
			`cookie: true`
			`});`

			`module.exports.parseForm = bodyParser.urlencoded({`
added max post size option 2016-04-13 05:36:55 +00:00			`extended: false,`
			`limit: config.www.postsize`
Initial import 2016-04-04 12:36:30 +00:00			`});`

			`module.exports.setup = app => {`
			`app.use(passport.initialize());`
			`app.use(passport.session());`
			`};`

			`module.exports.logout = (req, res) => {`
			`if (req.user) {`
Updated translation support 2017-03-07 14:30:56 +00:00			`req.flash('info', util.format(_('%s logged out'), req.user.username));`
Initial import 2016-04-04 12:36:30 +00:00			`req.logout();`
			`}`
			`res.redirect('/');`
			`};`

			`module.exports.login = (req, res, next) => {`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {`
Initial import 2016-04-04 12:36:30 +00:00			`if (err) {`
			`req.flash('danger', err.message);`
			`return next(err);`
			`}`
			`if (!user) {`
Updated translation support 2017-03-07 14:30:56 +00:00			`req.flash('danger', info && info.message \|\| _('Failed to authenticate user'));`
Initial import 2016-04-04 12:36:30 +00:00			`return res.redirect('/users/login' + (req.body.next ? '?next=' + encodeURIComponent(req.body.next) : ''));`
			`}`
			`req.logIn(user, err => {`
			`if (err) {`
			`return next(err);`
			`}`

			`if (req.body.remember) {`
			`// Cookie expires after 30 days`
			`req.session.cookie.maxAge = 30 * 24 * 60 * 60 * 1000;`
			`} else {`
			`// Cookie expires at end of session`
			`req.session.cookie.expires = false;`
			`}`

Updated translation support 2017-03-07 14:30:56 +00:00			`req.flash('success', util.format(_('Logged in as %s'), user.username));`
Initial import 2016-04-04 12:36:30 +00:00			`return res.redirect(req.body.next \|\| '/');`
			`});`
			`})(req, res, next);`
			`};`

v1.16.0 2016-08-29 10:57:27 +00:00			`if (config.ldap.enabled && LdapStrategy) {`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`log.info('Using LDAP auth');`
Initial import 2016-04-04 12:36:30 +00:00
v1.16.0 2016-08-29 10:57:27 +00:00			`let opts = {`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`server: {`
v1.16.0 2016-08-29 10:57:27 +00:00			`url: 'ldap://' + config.ldap.host + ':' + config.ldap.port`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`},`
			`base: config.ldap.baseDN,`
			`search: {`
			`filter: config.ldap.filter,`
[bugfix] Fix LDAP issue with OpenLDAP/MS AD 2017-03-15 17:10:00 +00:00			`attributes: [config.ldap.uidTag, 'mail'],`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`scope: 'sub'`
[bugfix] Fix LDAP issue with OpenLDAP/MS AD 2017-03-15 17:10:00 +00:00			`},`
			`uidTag: config.ldap.uidTag`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`};`

v1.16.0 2016-08-29 10:57:27 +00:00			`passport.use(new LdapStrategy(opts, (profile, done) => {`
[bugfix] Fix LDAP issue with OpenLDAP/MS AD 2017-03-15 17:10:00 +00:00			`users.findByUsername(profile[config.ldap.uidTag], (err, user) => {`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`if (err) {`
			`return done(err);`
			`}`

			`if (!user) {`
			`// password is empty for ldap`
[bugfix] Fix LDAP issue with OpenLDAP/MS AD 2017-03-15 17:10:00 +00:00			`users.add(profile[config.ldap.uidTag], '', profile.mail, (err, id) => {`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`if (err) {`
			`return done(err);`
			`}`

			`return done(null, {`
v1.16.0 2016-08-29 10:57:27 +00:00			`id,`
[bugfix] Fix LDAP issue with OpenLDAP/MS AD 2017-03-15 17:10:00 +00:00			`username: profile[config.ldap.uidTag]`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`});`
			`});`
			`} else {`
			`return done(null, {`
			`id: user.id,`
			`username: user.username`
			`});`
			`}`
			`});`
			`}));`
			`} else {`
			`log.info('Using local auth');`
Initial import 2016-04-04 12:36:30 +00:00
Add ldap authentication 2016-08-11 11:21:48 +00:00			`passport.use(new LocalStrategy((username, password, done) => {`
			`users.authenticate(username, password, (err, user) => {`
			`if (err) {`
			`return done(err);`
			`}`

			`if (!user) {`
			`return done(null, false, {`
Updated translation support 2017-03-07 14:30:56 +00:00			`message: _('Incorrect username or password')`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`});`
			`}`

			`return done(null, user);`
			`});`
			`}));`
			`}`
Initial import 2016-04-04 12:36:30 +00:00
			`passport.serializeUser((user, done) => {`
			`done(null, user.id);`
			`});`

			`passport.deserializeUser((id, done) => {`
			`users.get(id, done);`
			`});`