194 lines
5.7 KiB
JavaScript
194 lines
5.7 KiB
JavaScript
'use strict';
|
|
|
|
let config = require('config');
|
|
let log = require('npmlog');
|
|
let _ = require('./translate')._;
|
|
let util = require('util');
|
|
|
|
let passport = require('passport');
|
|
let LocalStrategy = require('passport-local').Strategy;
|
|
|
|
let csrf = require('csurf');
|
|
let bodyParser = require('body-parser');
|
|
let users = require('./models/users');
|
|
|
|
let LdapStrategy;
|
|
try {
|
|
LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require
|
|
} catch (E) {
|
|
if (config.ldap.enabled) {
|
|
log.info('LDAP', 'Module "passport-ldapjs" not installed. It will not be used for LDAP auth.');
|
|
}
|
|
}
|
|
|
|
let LdapAuthStrategy;
|
|
try {
|
|
LdapAuthStrategy = require('passport-ldapauth').Strategy; // eslint-disable-line global-require
|
|
} catch (E) {
|
|
if (config.ldapauth.enabled) {
|
|
log.info('LDAP', 'Module "passport-ldapauth" not installed. It will not be used for LDAP auth.');
|
|
}
|
|
}
|
|
|
|
module.exports.csrfProtection = csrf({
|
|
cookie: true
|
|
});
|
|
|
|
module.exports.parseForm = bodyParser.urlencoded({
|
|
extended: false,
|
|
limit: config.www.postsize
|
|
});
|
|
|
|
module.exports.setup = app => {
|
|
app.use(passport.initialize());
|
|
app.use(passport.session());
|
|
};
|
|
|
|
module.exports.logout = (req, res) => {
|
|
if (req.user) {
|
|
req.flash('info', util.format(_('%s logged out'), req.user.username));
|
|
req.logout();
|
|
}
|
|
res.redirect('/');
|
|
};
|
|
|
|
module.exports.login = (req, res, next) => {
|
|
let authMode = config.ldapauth.enabled ? 'ldapauth' : config.ldap.enabled ? 'ldap' : 'local';
|
|
passport.authenticate(authMode, (err, user, info) => {
|
|
if (err) {
|
|
req.flash('danger', err.message);
|
|
return next(err);
|
|
}
|
|
if (!user) {
|
|
req.flash('danger', info && info.message || _('Failed to authenticate user'));
|
|
return res.redirect('/users/login' + (req.body.next ? '?next=' + encodeURIComponent(req.body.next) : ''));
|
|
}
|
|
req.logIn(user, err => {
|
|
if (err) {
|
|
return next(err);
|
|
}
|
|
|
|
if (req.body.remember) {
|
|
// Cookie expires after 30 days
|
|
req.session.cookie.maxAge = 30 * 24 * 60 * 60 * 1000;
|
|
} else {
|
|
// Cookie expires at end of session
|
|
req.session.cookie.expires = false;
|
|
}
|
|
|
|
req.flash('success', util.format(_('Logged in as %s'), user.username));
|
|
return res.redirect(req.body.next || '/');
|
|
});
|
|
})(req, res, next);
|
|
};
|
|
|
|
if (config.ldap.enabled && LdapStrategy) {
|
|
log.info('Using LDAP auth (passport-ldapjs)');
|
|
|
|
let opts = {
|
|
server: {
|
|
url: 'ldap://' + config.ldap.host + ':' + config.ldap.port
|
|
},
|
|
base: config.ldap.baseDN,
|
|
search: {
|
|
filter: config.ldap.filter,
|
|
attributes: [config.ldap.uidTag, 'mail'],
|
|
scope: 'sub'
|
|
},
|
|
uidTag: config.ldap.uidTag,
|
|
bindUser: config.ldap.bindUser,
|
|
bindPassword: config.ldap.bindPassword
|
|
};
|
|
|
|
passport.use(new LdapStrategy(opts, (profile, done) => {
|
|
users.findByUsername(profile[config.ldap.uidTag], (err, user) => {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
if (!user) {
|
|
// password is empty for ldap
|
|
users.add(profile[config.ldap.uidTag], '', profile.mail, (err, id) => {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
return done(null, {
|
|
id,
|
|
username: profile[config.ldap.uidTag]
|
|
});
|
|
});
|
|
} else {
|
|
return done(null, {
|
|
id: user.id,
|
|
username: user.username
|
|
});
|
|
}
|
|
});
|
|
}));
|
|
} else if (config.ldapauth.enabled && LdapAuthStrategy) {
|
|
log.info("Using LDAP auth (passport-ldapauth)");
|
|
let opts = {
|
|
server: {
|
|
url: 'ldap://' + config.ldap.host + ':' + config.ldap.port,
|
|
searchBase: config.ldapauth.baseDN,
|
|
searchFilter: config.ldapauth.filter,
|
|
searchAttributes: [config.ldapauth.uidTag, 'mail'],
|
|
bindDN: config.ldapauth.bindUser,
|
|
bindCredentials: config.ldapauth.bindPassword
|
|
},
|
|
};
|
|
|
|
passport.use(new LdapAuthStrategy(opts, (profile, done) => {
|
|
users.findByUsername(profile[config.ldapauth.uidTag], (err, user) => {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
if (!user) {
|
|
// password is empty for ldap
|
|
users.add(profile[config.ldapauth.uidTag], '', profile.mail, (err, id) => {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
return done(null, {
|
|
id,
|
|
username: profile[config.ldapauth.uidTag]
|
|
});
|
|
});
|
|
} else {
|
|
return done(null, {
|
|
id: user.id,
|
|
username: user.username
|
|
});
|
|
}
|
|
});
|
|
}));
|
|
} else {
|
|
log.info('Using local auth');
|
|
|
|
passport.use(new LocalStrategy((username, password, done) => {
|
|
users.authenticate(username, password, (err, user) => {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
if (!user) {
|
|
return done(null, false, {
|
|
message: _('Incorrect username or password')
|
|
});
|
|
}
|
|
|
|
return done(null, user);
|
|
});
|
|
}));
|
|
}
|
|
|
|
passport.serializeUser((user, done) => {
|
|
done(null, user.id);
|
|
});
|
|
|
|
passport.deserializeUser((id, done) => {
|
|
users.get(id, done);
|
|
});
|