return new rsvp.Promise(function(resolve, reject) {
var dcString = buildLdapDc(adDomain);
var protocol = secure ? 'ldaps://' : 'ldap://';
var config = {url: protocol + adServerUrl,
baseDN: dcString,
username: username,
password: password,
tlsOptions: {
ca: adCaCert
}};
if (!secure) {
delete config.tlsOptions;
}
var ad = new ActiveDirectory(config);
ad.authenticate(username, password, function (err, auth) {
if (err) {
logger.debug('AD/LDAP authentication error: ' + JSON.stringify(err));
reject('AD/LDAP authentication error.');
}
if (auth) {
logger.info('AD/LDAP Authenticated: ' + username);
resolve(config);
} else {
logger.error('AD/LDAP authentication failed.');
reject('AD/LDAP authentication failed.');
}
});
});
User.findOne({ username: username }, function (err, user) {
// if (err) return done(null, false, { message: err });
if (err) return done(err);
if (!user) return done(null, false, { message: 'Wrong user name.' });
// local testing
if (true) {
console.log('===== LOCAL TESTING ====');
req.user = user;
return done(null, user);
} else {
// config active directory connection
var url = config.get('security:host');
var ad = new ActiveDirectory({ url: url });
// authenticate user
var email = username + config.get('security:domain');
ad.authenticate(email, password, function(err, auth) {
if (err) {
return done(null, false, { message: err });
}
if (!auth) {
return done(null, false, { message: 'Incorrect credentials' });
}
return done(null, user);
});
}
});
.then(function(server) {
var protocol = server.secure ? 'ldaps://' : 'ldap://';
logger.debug('LDAP protocol used: ' + protocol);
var config = {url: protocol + server.serverUrl,
baseDN: buildLdapDc(domainName),
username: username,
password: password,
tlsOptions: {
ca: server.caCertificate
}};
var ad = new ActiveDirectory(config);
ad.authenticate(username, password, function (err, auth) {
if (err) {
logger.debug('AD/LDAP authentication error: ' + JSON.stringify(err));
reject('AD/LDAP authentication error.');
}
if (auth) {
logger.info('AD/LDAP Authenticated: ' + username);
resolve({
domain: domainName,
ad: ad
});
} else {
logger.error('AD/LDAP authentication failed.');
reject('AD/LDAP authentication failed.');
}
});
}).catch(function(error) {
return new Promise((resolve, reject) => {
// eslint-disable-next-line no-unused-vars
ad.authenticate(username, password, (err, results) => {
if (err) {
return resolve(false);
}
return resolve({id: username});
});
});
app.post("/session", function(req, res) {
let username = req.body.username.toString();
let password = req.body.password.toString();
let authResult = {
"time": new Date().toLocaleString(),
"username": username,
"ip": req.ip,
"authed": false,
"grantedUser": false,
"error": null
};
ad.authenticate(`${username}@${config.domain}`, password, function(err, auth) {
if (auth) { // авторизован
authResult.authed=auth;
ad.isUserMemberOf(username, config.groupName, function(err, isMember) {
if (err) {
console.log("ERROR: " + JSON.stringify(err));
return;
};
authResult.grantedUser=isMember;
console.log("\nАвторизация в приложении:");
console.log(authResult);
if(isMember){
// авторизован и есть доступ
req.session.user = { "username": username, "granted": isMember};
res.redirect("/");
} else {
// авторизован, но нет в группе для доступа
req.session.user = null;
res.status(403).render("authError", {
username: username,
code: 405,
group: config.groupName
});
};
});
} else {
// ошибка авторизации
console.log(authResult);
req.session.user = null;
res.status(403).render("authError", { "username": username, "code": 403})
}
});
});
findUser(username, function (err, user) {
if (err) {
return callback(err, null);
}
var cb = function (err, auth) {
if (auth) {
callback(null, user);
} else {
callback(err, null)
}
};
if (user) {
ad.authenticate(user.userPrincipalName, password, cb);
} else {
return callback('Incorrect credentials', null);
}
})
function authenticate(uname, pwd, authCompleteCallback) {
var fqUsername = uname + "@IC.AC.UK";
serverUtils.log("Attempting to authenticate user: " + fqUsername);
ad.authenticate(fqUsername, pwd, function(err, auth) {
if (err) {
serverUtils.log('ERROR: ' + JSON.stringify(err));
authCompleteCallback(uname, false);
} else {
if (auth) {
serverUtils.log('Authenticated user ' + uname);
authCompleteCallback(uname, true);
} else {
serverUtils.log('Authentication failed for user ' + uname);
authCompleteCallback(uname, false);
}
}
});
}
app.get("/login/ad", function(req, res) {
// connect to AD
const adConfig = config.get("ad");
const client = new ad(adConfig);
// authenticate the user
const credentials = JSON.parse(req.cookies.credentials);
client.authenticate(credentials.username, credentials.password, function(err, auth) {
if (err) {
res.status(401).send(JSON.stringify(err));
}
if (auth) {
client.getGroupMembershipForUser(credentials.username, function(err, groups) {
if (err) {
res.status(500).send(JSON.stringify(err));
}
if (groups) {
// build a list of group names
var membership = [];
groups.forEach(function(group) {
if (group.cn.startsWith("testauth_")) {
membership.push(group.cn.replace("testauth_", ""));
}
});
// define rights
var rights = [];
if (membership.indexOf("admins") > -1) {
rights.push("can admin");
rights.push("can edit");
rights.push("can view");
} else if (membership.indexOf("users") > -1) {
rights.push("can view");
}
// build the claims
var claims = {
iss: "http://testauth.plasne.com",
sub: credentials.username,
scope: membership,
rights: rights
};
// build the JWT
var jwt = nJwt.create(claims, jwtKey);
jwt.setExpiration(new Date().getTime() + (4 * 60 * 60 * 1000)); // 4 hours
res.cookie("accessToken", jwt.compact(), {
maxAge: 4 * 60 * 60 * 1000
});
// return to the client
res.status(200).end();
}
});
} else {
res.status(401).send("Unknown authorization failure.");
}
});
});
//
// if (! user) console.log('User: '******' not found.');
// else console.log(JSON.stringify(user));
//});
var username = '******',
password = '******'
ad.authenticate(username, password, function(err, auth) {
if (err) {
console.log('ERROR: '+JSON.stringify(err));
return;
}
if (auth) {
console.log('Authenticated!');
}
else {
console.log('Authentication failed!');
}
});
var Users = require('./users');
console.log('test Users:\n', JSON.stringify(Users.testUsers, null, 4));
module.exports = {
localStrategy: new localStrategy(
function(username, password, done) {
var adAuth = function(req, res) {
var username = req.body.username || '';
var password = req.body.password || '';
ad.authenticate(username + domainName, password, callbackData);
}