[perso/Immae/Projets/Nodejs/Surfer.git] / src / auth.js

'use strict';

var passport = require('passport'),
    path = require('path'),
    safe = require('safetydance'),
    bcrypt = require('bcryptjs'),
    LdapStrategy = require('passport-ldapjs').Strategy;

var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');

passport.serializeUser(function (user, done) {
    console.log('serializeUser', user);
    done(null, user.uid);
});

passport.deserializeUser(function (id, done) {
    console.log('deserializeUser', id);
    done(null, { uid: id });
});

var LDAP_URL = process.env.LDAP_URL;
var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;

if (LDAP_URL && LDAP_USERS_BASE_DN) {
    console.log('Enable ldap auth');

    exports.ldap = passport.authenticate('ldap');
} else {
    console.log('Use local user file:', LOCAL_AUTH_FILE);

    exports.ldap = function (req, res, next) {
        var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
        if (!users) return res.send(401);
        if (!users[req.query.username]) return res.send(401);

        bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
            if (error || !valid) return res.send(401);
            next();
        });
    };
}

var opts = {
    server: {
        url: LDAP_URL,
    },
    base: LDAP_USERS_BASE_DN,
    search: {
        filter: '(|(username={{username}})(mail={{username}}))',
        attributes: ['displayname', 'username', 'mail', 'uid'],
        scope: 'sub'
    },
    uidTag: 'cn',
    usernameField: 'username',
    passwordField: 'password',
};

passport.use(new LdapStrategy(opts, function (profile, done) {
    done(null, profile);
}));
Commit	Line	Data
591ad40c JZ	1	'use strict';
	2
	3	var passport = require('passport'),
dcb20866 J	4	path = require('path'),
	5	safe = require('safetydance'),
	6	bcrypt = require('bcryptjs'),
591ad40c JZ	7	LdapStrategy = require('passport-ldapjs').Strategy;
591ad40c JZ	8
dcb20866 J	9	var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE \|\| './.users.json');
dcb20866 J	10
a90a633f JZ	11	passport.serializeUser(function (user, done) {
a90a633f JZ	12	console.log('serializeUser', user);
cfe24a27	13	done(null, user.uid);
a90a633f JZ	14	});
	15
	16	passport.deserializeUser(function (id, done) {
	17	console.log('deserializeUser', id);
cfe24a27	18	done(null, { uid: id });
a90a633f JZ	19	});
a90a633f JZ	20
591ad40c JZ	21	var LDAP_URL = process.env.LDAP_URL;
	22	var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
	23
	24	if (LDAP_URL && LDAP_USERS_BASE_DN) {
	25	console.log('Enable ldap auth');
	26
a90a633f	27	exports.ldap = passport.authenticate('ldap');
591ad40c	28	} else {
dcb20866	29	console.log('Use local user file:', LOCAL_AUTH_FILE);
a90a633f	30
dcb20866 J	31	exports.ldap = function (req, res, next) {
	32	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
	33	if (!users) return res.send(401);
	34	if (!users[req.query.username]) return res.send(401);
	35
	36	bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
	37	if (error \|\| !valid) return res.send(401);
	38	next();
	39	});
591ad40c JZ	40	};
	41	}
	42
	43	var opts = {
	44	server: {
	45	url: LDAP_URL,
	46	},
	47	base: LDAP_USERS_BASE_DN,
	48	search: {
b99589fc	49	filter: '(\|(username={{username}})(mail={{username}}))',
591ad40c JZ	50	attributes: ['displayname', 'username', 'mail', 'uid'],
	51	scope: 'sub'
	52	},
a90a633f	53	uidTag: 'cn',
591ad40c JZ	54	usernameField: 'username',
	55	passwordField: 'password',
	56	};
	57
	58	passport.use(new LdapStrategy(opts, function (profile, done) {
591ad40c JZ	59	done(null, profile);
591ad40c JZ	60	}));