]>
Commit | Line | Data |
---|---|---|
1 | 'use strict'; | |
2 | ||
3 | var passport = require('passport'), | |
4 | path = require('path'), | |
5 | safe = require('safetydance'), | |
6 | bcrypt = require('bcryptjs'), | |
7 | LdapStrategy = require('passport-ldapjs').Strategy; | |
8 | ||
9 | var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json'); | |
10 | ||
11 | passport.serializeUser(function (user, done) { | |
12 | console.log('serializeUser', user); | |
13 | done(null, user.uid); | |
14 | }); | |
15 | ||
16 | passport.deserializeUser(function (id, done) { | |
17 | console.log('deserializeUser', id); | |
18 | done(null, { uid: id }); | |
19 | }); | |
20 | ||
21 | var LDAP_URL = process.env.LDAP_URL; | |
22 | var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN; | |
23 | ||
24 | if (LDAP_URL && LDAP_USERS_BASE_DN) { | |
25 | console.log('Enable ldap auth'); | |
26 | ||
27 | exports.verify = passport.authenticate('ldap'); | |
28 | } else { | |
29 | console.log('Use local user file:', LOCAL_AUTH_FILE); | |
30 | ||
31 | exports.verify = function (req, res, next) { | |
32 | var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); | |
33 | if (!users) return res.send(401); | |
34 | if (!users[req.query.username]) return res.send(401); | |
35 | ||
36 | bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { | |
37 | if (error || !valid) return res.send(401); | |
38 | next(); | |
39 | }); | |
40 | }; | |
41 | } | |
42 | ||
43 | var opts = { | |
44 | server: { | |
45 | url: LDAP_URL, | |
46 | }, | |
47 | base: LDAP_USERS_BASE_DN, | |
48 | search: { | |
49 | filter: '(|(username={{username}})(mail={{username}}))', | |
50 | attributes: ['displayname', 'username', 'mail', 'uid'], | |
51 | scope: 'sub' | |
52 | }, | |
53 | uidTag: 'cn', | |
54 | usernameField: 'username', | |
55 | passwordField: 'password', | |
56 | }; | |
57 | ||
58 | passport.use(new LdapStrategy(opts, function (profile, done) { | |
59 | done(null, profile); | |
60 | })); |