return new rsvp.Promise(function(resolve, reject) { var dcString = buildLdapDc(adDomain); var protocol = secure ? 'ldaps://' : 'ldap://'; var config = {url: protocol + adServerUrl, baseDN: dcString, username: username, password: password, tlsOptions: { ca: adCaCert }}; if (!secure) { delete config.tlsOptions; } var ad = new ActiveDirectory(config); ad.authenticate(username, password, function (err, auth) { if (err) { logger.debug('AD/LDAP authentication error: ' + JSON.stringify(err)); reject('AD/LDAP authentication error.'); } if (auth) { logger.info('AD/LDAP Authenticated: ' + username); resolve(config); } else { logger.error('AD/LDAP authentication failed.'); reject('AD/LDAP authentication failed.'); } }); });
User.findOne({ username: username }, function (err, user) { // if (err) return done(null, false, { message: err }); if (err) return done(err); if (!user) return done(null, false, { message: 'Wrong user name.' }); // local testing if (true) { console.log('===== LOCAL TESTING ===='); req.user = user; return done(null, user); } else { // config active directory connection var url = config.get('security:host'); var ad = new ActiveDirectory({ url: url }); // authenticate user var email = username + config.get('security:domain'); ad.authenticate(email, password, function(err, auth) { if (err) { return done(null, false, { message: err }); } if (!auth) { return done(null, false, { message: 'Incorrect credentials' }); } return done(null, user); }); } });
.then(function(server) { var protocol = server.secure ? 'ldaps://' : 'ldap://'; logger.debug('LDAP protocol used: ' + protocol); var config = {url: protocol + server.serverUrl, baseDN: buildLdapDc(domainName), username: username, password: password, tlsOptions: { ca: server.caCertificate }}; var ad = new ActiveDirectory(config); ad.authenticate(username, password, function (err, auth) { if (err) { logger.debug('AD/LDAP authentication error: ' + JSON.stringify(err)); reject('AD/LDAP authentication error.'); } if (auth) { logger.info('AD/LDAP Authenticated: ' + username); resolve({ domain: domainName, ad: ad }); } else { logger.error('AD/LDAP authentication failed.'); reject('AD/LDAP authentication failed.'); } }); }).catch(function(error) {
return new Promise((resolve, reject) => { // eslint-disable-next-line no-unused-vars ad.authenticate(username, password, (err, results) => { if (err) { return resolve(false); } return resolve({id: username}); }); });
app.post("/session", function(req, res) { let username = req.body.username.toString(); let password = req.body.password.toString(); let authResult = { "time": new Date().toLocaleString(), "username": username, "ip": req.ip, "authed": false, "grantedUser": false, "error": null }; ad.authenticate(`${username}@${config.domain}`, password, function(err, auth) { if (auth) { // авторизован authResult.authed=auth; ad.isUserMemberOf(username, config.groupName, function(err, isMember) { if (err) { console.log("ERROR: " + JSON.stringify(err)); return; }; authResult.grantedUser=isMember; console.log("\nАвторизация в приложении:"); console.log(authResult); if(isMember){ // авторизован и есть доступ req.session.user = { "username": username, "granted": isMember}; res.redirect("/"); } else { // авторизован, но нет в группе для доступа req.session.user = null; res.status(403).render("authError", { username: username, code: 405, group: config.groupName }); }; }); } else { // ошибка авторизации console.log(authResult); req.session.user = null; res.status(403).render("authError", { "username": username, "code": 403}) } }); });
findUser(username, function (err, user) { if (err) { return callback(err, null); } var cb = function (err, auth) { if (auth) { callback(null, user); } else { callback(err, null) } }; if (user) { ad.authenticate(user.userPrincipalName, password, cb); } else { return callback('Incorrect credentials', null); } })
function authenticate(uname, pwd, authCompleteCallback) { var fqUsername = uname + "@IC.AC.UK"; serverUtils.log("Attempting to authenticate user: " + fqUsername); ad.authenticate(fqUsername, pwd, function(err, auth) { if (err) { serverUtils.log('ERROR: ' + JSON.stringify(err)); authCompleteCallback(uname, false); } else { if (auth) { serverUtils.log('Authenticated user ' + uname); authCompleteCallback(uname, true); } else { serverUtils.log('Authentication failed for user ' + uname); authCompleteCallback(uname, false); } } }); }
app.get("/login/ad", function(req, res) { // connect to AD const adConfig = config.get("ad"); const client = new ad(adConfig); // authenticate the user const credentials = JSON.parse(req.cookies.credentials); client.authenticate(credentials.username, credentials.password, function(err, auth) { if (err) { res.status(401).send(JSON.stringify(err)); } if (auth) { client.getGroupMembershipForUser(credentials.username, function(err, groups) { if (err) { res.status(500).send(JSON.stringify(err)); } if (groups) { // build a list of group names var membership = []; groups.forEach(function(group) { if (group.cn.startsWith("testauth_")) { membership.push(group.cn.replace("testauth_", "")); } }); // define rights var rights = []; if (membership.indexOf("admins") > -1) { rights.push("can admin"); rights.push("can edit"); rights.push("can view"); } else if (membership.indexOf("users") > -1) { rights.push("can view"); } // build the claims var claims = { iss: "http://testauth.plasne.com", sub: credentials.username, scope: membership, rights: rights }; // build the JWT var jwt = nJwt.create(claims, jwtKey); jwt.setExpiration(new Date().getTime() + (4 * 60 * 60 * 1000)); // 4 hours res.cookie("accessToken", jwt.compact(), { maxAge: 4 * 60 * 60 * 1000 }); // return to the client res.status(200).end(); } }); } else { res.status(401).send("Unknown authorization failure."); } }); });
// // if (! user) console.log('User: '******' not found.'); // else console.log(JSON.stringify(user)); //}); var username = '******', password = '******' ad.authenticate(username, password, function(err, auth) { if (err) { console.log('ERROR: '+JSON.stringify(err)); return; } if (auth) { console.log('Authenticated!'); } else { console.log('Authentication failed!'); } }); var Users = require('./users'); console.log('test Users:\n', JSON.stringify(Users.testUsers, null, 4)); module.exports = { localStrategy: new localStrategy( function(username, password, done) {
var adAuth = function(req, res) { var username = req.body.username || ''; var password = req.body.password || ''; ad.authenticate(username + domainName, password, callbackData); }