James Ketrenos 698cd6a202 Login and account creation working
Signed-off-by: James Ketrenos <james_git@ketrenos.com>
2018-09-27 15:26:37 -07:00

153 lines
4.0 KiB
JavaScript
Executable File

"use strict";
const express = require("express"),
config = require("config"),
LdapAuth = require("ldapauth-fork"),
crypto = require("crypto");
const router = express.Router();
let userDB;
let ldap;
if (config.has("ldap.url")) {
ldap = new LdapAuth(config.get("ldap"));
} else {
ldap = null;
}
require("../db/users").then(function(db) {
userDB = db;
});
router.get("/", function(req, res/*, next*/) {
if (req.session.user) {
return res.status(200).send(req.session.user);
}
return res.status(200).send({});
});
function ldapPromise(username, password) {
if (!ldap) {
return Promise.reject("LDAP not being used");
}
return new Promise(function(resolve, reject) {
ldap.authenticate(username, password, function(error, user) {
if (error) {
return reject(error);
}
return resolve(user);
});
});
}
router.post("/create", function(req, res) {
let username = req.query.u || req.body.u || "",
password = req.query.p || req.body.p || "",
name = req.query.n || req.body.n || username,
mail = req.query.m || req.body.m;
if (!username || !password || !mail || !name) {
return res.status(400).send("Missing user id, name, password, and/or email");
}
let query = "SELECT * FROM users WHERE uid=:username";
return userDB.sequelize.query(query, {
replacements: {
username: username
},
type: userDB.Sequelize.QueryTypes.SELECT
}).then(function(results) {
if (results.length != 0) {
return res.status(400).send("Username already exists.");
}
return userDB.sequelize.query("INSERT INTO users " +
"(uid,displayName,password,mail,memberSince,authenticated) " +
"VALUES(:username,:name,:password,:mail,CURRENT_TIMESTAMP,0)", {
replacements: {
username: username,
name: name,
password: crypto.createHash('sha256').update(password).digest('base64'),
mail: mail
}
}).then(function(results) {
/*
req.session.user = {
name: name,
mail: mail,
username: username,
};
return res.status(200).send(req.session.user);
*/
req.session.user = {};
return res.status(401).send("Account has not been authenticated.");
});
});
});
router.post("/login", function(req, res) {
let username = req.query.u || req.body.u || "",
password = req.query.p || req.body.p || "";
console.log("Login attempt");
if (!username || !password) {
return res.status(400).send("Missing username and/or password");
}
/* We use LDAP as the primary authenticator; if the user is not
* found there, we look them up in the site-specific user database */
return ldapPromise(username, password).then(function(user) {
return user;
}).catch(function() {
console.log("User not found in LDAP. Looking up in DB.");
let query = "SELECT * FROM users WHERE uid=:username AND password=:password";
return userDB.sequelize.query(query, {
replacements: {
username: username,
password: crypto.createHash('sha256').update(password).digest('base64')
},
type: userDB.Sequelize.QueryTypes.SELECT
}).then(function(users) {
if (users.length != 1) {
return null;
}
return users[0];
});
}).then(function(user) {
if (!user) {
console.log(username + " not found.");
req.session.user = {};
return res.status(401).send("Invalid login credentials");
}
if (!user.authenticated) {
console.log(username + " not authenticated.");
req.session.user = {};
return res.status(401).send("Account has not been authenticated.");
}
console.log("Logging in as " + user.displayName);
req.session.user = {
name: user.displayName,
mail: user.mail,
username: user.uid
};
return res.status(200).send(req.session.user);
});
});
router.get("/logout", function(req, res) {
if (req.session && req.session.user) {
req.session.user = {};
}
res.status(200).send(req.session.user);
});
module.exports = router;