176 lines
4.9 KiB
JavaScript
Executable File
176 lines
4.9 KiB
JavaScript
Executable File
"use strict";
|
|
|
|
const express = require("express"),
|
|
config = require("config"),
|
|
LdapAuth = require("ldapauth-fork"),
|
|
crypto = require("crypto"),
|
|
createTransport = require("nodemailer").createTransport;
|
|
|
|
const router = express.Router();
|
|
|
|
let userDB;
|
|
|
|
let mail = createTransport({
|
|
host: config.get("smtp.host"),
|
|
pool: true,
|
|
port: config.has("smtp.port") ? config.get("smtp.port") : 25
|
|
});
|
|
|
|
let ldap;
|
|
if (config.has("ldap.url")) {
|
|
ldap = new LdapAuth(config.get("ldap"));
|
|
} else {
|
|
ldap = null;
|
|
}
|
|
|
|
require("../db/users").then(function(db) {
|
|
userDB = db;
|
|
});
|
|
|
|
router.get("/", function(req, res/*, next*/) {
|
|
if (req.session.user) {
|
|
return res.status(200).send(req.session.user);
|
|
}
|
|
return res.status(200).send({});
|
|
});
|
|
|
|
function ldapPromise(username, password) {
|
|
if (!ldap) {
|
|
return Promise.reject("LDAP not being used");
|
|
}
|
|
return new Promise(function(resolve, reject) {
|
|
ldap.authenticate(username.replace(/@.*$/, ""), password, function(error, user) {
|
|
if (error) {
|
|
return reject(error);
|
|
}
|
|
return resolve(user);
|
|
});
|
|
});
|
|
}
|
|
|
|
router.post("/create", function(req, res) {
|
|
let who = req.query.w || req.body.w || "",
|
|
password = req.query.p || req.body.p || "",
|
|
name = req.query.n || req.body.n || username,
|
|
mail = req.query.m || req.body.m;
|
|
|
|
if (!who || !password || !mail || !name) {
|
|
return res.status(400).send("Missing who you know, name, password, and/or email");
|
|
}
|
|
|
|
let query = "SELECT * FROM users WHERE uid=:username";
|
|
return userDB.sequelize.query(query, {
|
|
replacements: {
|
|
username: mail
|
|
},
|
|
type: userDB.Sequelize.QueryTypes.SELECT
|
|
}).then(function(results) {
|
|
if (results.length != 0) {
|
|
return res.status(400).send("Email address already used.");
|
|
}
|
|
|
|
let re = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
|
|
if (!re.exec(mail)) {
|
|
return res.status(400).send("Invalid email address.");
|
|
}
|
|
|
|
return userDB.sequelize.query("INSERT INTO users " +
|
|
"(uid,displayName,password,mail,memberSince,authenticated,notes) " +
|
|
"VALUES(:username,:name,:password,:mail,CURRENT_TIMESTAMP,0,:notes)", {
|
|
replacements: {
|
|
username: mail,
|
|
name: name,
|
|
password: crypto.createHash('sha256').update(password).digest('base64'),
|
|
mail: mail,
|
|
notes: who
|
|
}
|
|
}).spread(function(results, metadata) {
|
|
return userDB.sequelize.query("INSERT INTO authentications " +
|
|
"(userId,issued,key,type) VALUES " +
|
|
"(:userId,CURRENT_TIMESTAMP,:key,'account-setup')", {
|
|
replacements: {
|
|
key: "magic cookie",
|
|
userId: metadata.lastID
|
|
}
|
|
}).then(function() {
|
|
});
|
|
/*
|
|
req.session.user = {
|
|
name: name,
|
|
mail: mail,
|
|
username: username,
|
|
};
|
|
return res.status(200).send(req.session.user);
|
|
*/
|
|
}).then(function() {
|
|
req.session.user = {};
|
|
return res.status(401).send("Account has not been authenticated.");
|
|
});
|
|
});
|
|
});
|
|
|
|
router.post("/login", function(req, res) {
|
|
let username = req.query.u || req.body.u || "",
|
|
password = req.query.p || req.body.p || "";
|
|
|
|
console.log("Login attempt");
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).send("Missing username and/or password");
|
|
}
|
|
|
|
/* We use LDAP as the primary authenticator; if the user is not
|
|
* found there, we look them up in the site-specific user database */
|
|
|
|
return ldapPromise(username, password).then(function(user) {
|
|
user.authenticated = 1;
|
|
return user;
|
|
}).catch(function() {
|
|
console.log("User not found in LDAP. Looking up in DB.");
|
|
let query = "SELECT * FROM users WHERE uid=:username AND password=:password";
|
|
return userDB.sequelize.query(query, {
|
|
replacements: {
|
|
username: username,
|
|
password: crypto.createHash('sha256').update(password).digest('base64')
|
|
},
|
|
type: userDB.Sequelize.QueryTypes.SELECT
|
|
}).then(function(users) {
|
|
if (users.length != 1) {
|
|
return null;
|
|
}
|
|
return users[0];
|
|
});
|
|
}).then(function(user) {
|
|
if (!user) {
|
|
console.log(username + " not found.");
|
|
req.session.user = {};
|
|
return res.status(401).send("Invalid login credentials");
|
|
}
|
|
|
|
if (!user.authenticated) {
|
|
console.log(username + " not authenticated.");
|
|
req.session.user = {};
|
|
return res.status(401).send("Account has not been authenticated.");
|
|
}
|
|
|
|
console.log("Logging in as " + user.displayName);
|
|
|
|
req.session.user = {
|
|
name: user.displayName,
|
|
mail: user.mail,
|
|
username: user.uid
|
|
};
|
|
|
|
return res.status(200).send(req.session.user);
|
|
});
|
|
});
|
|
|
|
router.get("/logout", function(req, res) {
|
|
if (req.session && req.session.user) {
|
|
req.session.user = {};
|
|
}
|
|
res.status(200).send(req.session.user);
|
|
});
|
|
|
|
module.exports = router;
|