]>
Commit | Line | Data |
---|---|---|
591ad40c JZ |
1 | 'use strict'; |
2 | ||
3 | var passport = require('passport'), | |
dcb20866 J |
4 | path = require('path'), |
5 | safe = require('safetydance'), | |
6 | bcrypt = require('bcryptjs'), | |
591ad40c JZ |
7 | LdapStrategy = require('passport-ldapjs').Strategy; |
8 | ||
dcb20866 J |
9 | var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json'); |
10 | ||
a90a633f JZ |
11 | passport.serializeUser(function (user, done) { |
12 | console.log('serializeUser', user); | |
cfe24a27 | 13 | done(null, user.uid); |
a90a633f JZ |
14 | }); |
15 | ||
16 | passport.deserializeUser(function (id, done) { | |
17 | console.log('deserializeUser', id); | |
cfe24a27 | 18 | done(null, { uid: id }); |
a90a633f JZ |
19 | }); |
20 | ||
591ad40c JZ |
21 | var LDAP_URL = process.env.LDAP_URL; |
22 | var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN; | |
23 | ||
24 | if (LDAP_URL && LDAP_USERS_BASE_DN) { | |
25 | console.log('Enable ldap auth'); | |
26 | ||
a90a633f | 27 | exports.ldap = passport.authenticate('ldap'); |
591ad40c | 28 | } else { |
dcb20866 | 29 | console.log('Use local user file:', LOCAL_AUTH_FILE); |
a90a633f | 30 | |
dcb20866 J |
31 | exports.ldap = function (req, res, next) { |
32 | var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); | |
33 | if (!users) return res.send(401); | |
34 | if (!users[req.query.username]) return res.send(401); | |
35 | ||
36 | bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { | |
37 | if (error || !valid) return res.send(401); | |
38 | next(); | |
39 | }); | |
591ad40c JZ |
40 | }; |
41 | } | |
42 | ||
43 | var opts = { | |
44 | server: { | |
45 | url: LDAP_URL, | |
46 | }, | |
47 | base: LDAP_USERS_BASE_DN, | |
48 | search: { | |
b99589fc | 49 | filter: '(|(username={{username}})(mail={{username}}))', |
591ad40c JZ |
50 | attributes: ['displayname', 'username', 'mail', 'uid'], |
51 | scope: 'sub' | |
52 | }, | |
a90a633f | 53 | uidTag: 'cn', |
591ad40c JZ |
54 | usernameField: 'username', |
55 | passwordField: 'password', | |
56 | }; | |
57 | ||
58 | passport.use(new LdapStrategy(opts, function (profile, done) { | |
591ad40c JZ |
59 | done(null, profile); |
60 | })); |