"use strict"; const express = require("express"), config = require("config"), LdapAuth = require("ldapauth-fork"); const router = express.Router(); let userDB; let ldap; if (config.has("ldap.url")) { ldap = new LdapAuth(config.get("ldap")); } else { ldap = null; } require("../db/users").then(function(db) { userDB = db; }); router.get("/", function(req, res/*, next*/) { if (req.session.user) { return res.status(200).send(req.session.user); } return res.status(200).send({}); }); function ldapPromise(username, password) { if (!ldap) { throw "LDAP not being used"; } return new Promise(function(resolve, reject) { ldap.authenticate(username, password, function(error, user) { if (error) { return reject(error); } return resolve(user); }); }); } router.post("/login", function(req, res) { let username = req.query.u || req.body.u || "", password = req.query.p || req.body.p || ""; console.log("Login attempt"); if (!username || !password) { return res.status(400).send("Missing username and/or password"); } /* We use LDAP as the primary authenticator; if the user is not * found there, we look them up in the site-specific user database */ return ldapPromise(username, password).then(function(user) { return user; }).catch(function() { let query = "SELECT * FROM users WHERE uid=:username"; return userDB.sequelize.query(query, { replacements: { username: username, }, type: userDB.Sequelize.QueryTypes.SELECT }).then(function(users) { if (users.length != 1) { return null; } return users[0]; }); }).then(function(user) { if (!user) { console.log(username + " not found."); req.session.user = {}; return res.status(401).send("Invalid login credentials"); } console.log("Logging in as " + user.displayName); req.session.user = { name: user.displayName, mail: user.mail, username: user.uid }; return res.status(200).send(req.session.user); }); }); router.get("/logout", function(req, res) { if (req.session && req.session.user) { req.session.user = {}; } res.status(200).send(req.session.user); }); module.exports = router;