mailtrain/lib/passport.js

'use strict';

let config = require('config');
let log = require('npmlog');

let passport = require('passport');
let LocalStrategy = require('passport-local').Strategy;
let LdapStrategy = require('passport-ldapjs').Strategy;
let csrf = require('csurf');
let bodyParser = require('body-parser');
let users = require('./models/users');

module.exports.csrfProtection = csrf({
    cookie: true
});

module.exports.parseForm = bodyParser.urlencoded({
    extended: false,
    limit: config.www.postsize
});

module.exports.setup = app => {
    app.use(passport.initialize());
    app.use(passport.session());
};

module.exports.logout = (req, res) => {
    if (req.user) {
        req.flash('info', req.user.username + ' logged out');
        req.logout();
    }
    res.redirect('/');
};

module.exports.login = (req, res, next) => {
    passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {
        if (err) {
            req.flash('danger', err.message);
            return next(err);
        }
        if (!user) {
            req.flash('danger', info && info.message || 'Failed to authenticate user');
            return res.redirect('/users/login' + (req.body.next ? '?next=' + encodeURIComponent(req.body.next) : ''));
        }
        req.logIn(user, err => {
            if (err) {
                return next(err);
            }

            if (req.body.remember) {
                // Cookie expires after 30 days
                req.session.cookie.maxAge = 30 * 24 * 60 * 60 * 1000;
            } else {
                // Cookie expires at end of session
                req.session.cookie.expires = false;
            }

            req.flash('success', 'Logged in as ' + user.username);
            return res.redirect(req.body.next || '/');
        });
    })(req, res, next);
};

if (config.ldap.enabled) {
    log.info('Using LDAP auth');

    var opts = {
        server: {
            url: 'ldap://' + config.ldap.host + ':' + config.ldap.port,
        },
        base: config.ldap.baseDN,
        search: {
            filter: config.ldap.filter,
            attributes: ['username', 'mail'],
            scope: 'sub'
        }
    };

    passport.use(new LdapStrategy(opts, function (profile, done) {
        users.findByUsername(profile.username, (err, user) => {
            if (err) {
                return done(err);
            }

            if (!user) {
                // password is empty for ldap
                users.add(profile.username, '', profile.mail, (err, id) => {
                    if (err) {
                        return done(err);
                    }

                    return done(null, {
                        id: id,
                        username: profile.username
                    });
                });
            } else {
                return done(null, {
                    id: user.id,
                    username: user.username
                });
            }
        });
    }));
} else {
    log.info('Using local auth');

    passport.use(new LocalStrategy((username, password, done) => {
        users.authenticate(username, password, (err, user) => {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: 'Incorrect username or password'
                });
            }

            return done(null, user);
        });
    }));
}

passport.serializeUser((user, done) => {
    done(null, user.id);
});

passport.deserializeUser((id, done) => {
    users.get(id, done);
});
Initial import 2016-04-04 12:36:30 +00:00			`'use strict';`

added max post size option 2016-04-13 05:36:55 +00:00			`let config = require('config');`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`let log = require('npmlog');`

Initial import 2016-04-04 12:36:30 +00:00			`let passport = require('passport');`
			`let LocalStrategy = require('passport-local').Strategy;`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`let LdapStrategy = require('passport-ldapjs').Strategy;`
Initial import 2016-04-04 12:36:30 +00:00			`let csrf = require('csurf');`
			`let bodyParser = require('body-parser');`
			`let users = require('./models/users');`

			`module.exports.csrfProtection = csrf({`
			`cookie: true`
			`});`

			`module.exports.parseForm = bodyParser.urlencoded({`
added max post size option 2016-04-13 05:36:55 +00:00			`extended: false,`
			`limit: config.www.postsize`
Initial import 2016-04-04 12:36:30 +00:00			`});`

			`module.exports.setup = app => {`
			`app.use(passport.initialize());`
			`app.use(passport.session());`
			`};`

			`module.exports.logout = (req, res) => {`
			`if (req.user) {`
			`req.flash('info', req.user.username + ' logged out');`
			`req.logout();`
			`}`
			`res.redirect('/');`
			`};`

			`module.exports.login = (req, res, next) => {`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {`
Initial import 2016-04-04 12:36:30 +00:00			`if (err) {`
			`req.flash('danger', err.message);`
			`return next(err);`
			`}`
			`if (!user) {`
			`req.flash('danger', info && info.message \|\| 'Failed to authenticate user');`
			`return res.redirect('/users/login' + (req.body.next ? '?next=' + encodeURIComponent(req.body.next) : ''));`
			`}`
			`req.logIn(user, err => {`
			`if (err) {`
			`return next(err);`
			`}`

			`if (req.body.remember) {`
			`// Cookie expires after 30 days`
			`req.session.cookie.maxAge = 30 * 24 * 60 * 60 * 1000;`
			`} else {`
			`// Cookie expires at end of session`
			`req.session.cookie.expires = false;`
			`}`

			`req.flash('success', 'Logged in as ' + user.username);`
			`return res.redirect(req.body.next \|\| '/');`
			`});`
			`})(req, res, next);`
			`};`

Add ldap authentication 2016-08-11 11:21:48 +00:00			`if (config.ldap.enabled) {`
			`log.info('Using LDAP auth');`
Initial import 2016-04-04 12:36:30 +00:00
Add ldap authentication 2016-08-11 11:21:48 +00:00			`var opts = {`
			`server: {`
			`url: 'ldap://' + config.ldap.host + ':' + config.ldap.port,`
			`},`
			`base: config.ldap.baseDN,`
			`search: {`
			`filter: config.ldap.filter,`
			`attributes: ['username', 'mail'],`
			`scope: 'sub'`
Initial import 2016-04-04 12:36:30 +00:00			`}`
Add ldap authentication 2016-08-11 11:21:48 +00:00			`};`

			`passport.use(new LdapStrategy(opts, function (profile, done) {`
			`users.findByUsername(profile.username, (err, user) => {`
			`if (err) {`
			`return done(err);`
			`}`

			`if (!user) {`
			`// password is empty for ldap`
			`users.add(profile.username, '', profile.mail, (err, id) => {`
			`if (err) {`
			`return done(err);`
			`}`

			`return done(null, {`
			`id: id,`
			`username: profile.username`
			`});`
			`});`
			`} else {`
			`return done(null, {`
			`id: user.id,`
			`username: user.username`
			`});`
			`}`
			`});`
			`}));`
			`} else {`
			`log.info('Using local auth');`
Initial import 2016-04-04 12:36:30 +00:00
Add ldap authentication 2016-08-11 11:21:48 +00:00			`passport.use(new LocalStrategy((username, password, done) => {`
			`users.authenticate(username, password, (err, user) => {`
			`if (err) {`
			`return done(err);`
			`}`

			`if (!user) {`
			`return done(null, false, {`
			`message: 'Incorrect username or password'`
			`});`
			`}`

			`return done(null, user);`
			`});`
			`}));`
			`}`
Initial import 2016-04-04 12:36:30 +00:00
			`passport.serializeUser((user, done) => {`
			`done(null, user.id);`
			`});`

			`passport.deserializeUser((id, done) => {`
			`users.get(id, done);`
			`});`