Send username/password in body and fix cli

author Johannes Zellner <johannes@cloudron.io>

Thu, 9 Feb 2017 12:02:41 +0000 (13:02 +0100)

committer Johannes Zellner <johannes@cloudron.io>

Thu, 9 Feb 2017 12:02:41 +0000 (13:02 +0100)
author Johannes Zellner <johannes@cloudron.io>
Thu, 9 Feb 2017 12:02:41 +0000 (13:02 +0100)
committer Johannes Zellner <johannes@cloudron.io>
Thu, 9 Feb 2017 12:02:41 +0000 (13:02 +0100)
diff --git a/cli/actions.js b/cli/actions.js

index a862b4ba90cf11e71596f37b0ce0693370cfece6..45656a6fb14fc593a5317e955e43332e9af4e928 100644 (file)
--- a/cli/actions.js
+++ b/cli/actions.js
@@ -22,12 +22,12 @@ var API = '/api/files/';
  var gQuery = {};
  
  function checkConfig() {
-    if (!config.server() || !config.username() || !config.password()) {
+    if (!config.server() || !config.accessToken()) {
          console.log('You have run "login" first');
          process.exit(1);
      }
  
-    gQuery = { username: config.username(), password: config.password() };
+    gQuery = { access_token: config.accessToken() };
  
      console.error('Using server %s', config.server().cyan);
  }
@@ -65,7 +65,7 @@ function login(uri) {
      var username = readlineSync.question('Username: ');
      var password = readlineSync.question('Password: ', { hideEchoBack: true, mask: '' });
  
-    superagent.get(server + API + '/').query({ username: username, password: password }).end(function (error, result) {
+    superagent.post(server + '/api/login').send({ username: username, password: password }).end(function (error, result) {
          if (error && error.code === 'ENOTFOUND') {
              console.log('Server %s not found.'.red, server.bold);
              process.exit(1);
@@ -74,18 +74,19 @@ function login(uri) {
              console.log('Failed to connect to server %s'.red, server.bold, error.code);
              process.exit(1);
          }
-        if (result.status === 401) {
-            console.log('Login failed.'.red);
-            process.exit(1);
+        if (result.status !== 201) {
+            console.log('Login failed.\n'.red);
+            return login(uri);
          }
  
-        config.set('server', server);
-        config.set('username', username);
+        // TODO remove at some point, this is just to clear the previous old version values
+        config.set('username', '');
+        config.set('password', '');
  
-        // TODO this is clearly bad and needs fixing
-        config.set('password', password);
+        config.set('server', server);
+        config.set('accessToken', result.body.accessToken);
  
-        gQuery = { username: username, password: password };
+        gQuery = { access_token: result.body.accessToken };
  
          console.log('Login successful'.green);
      });
diff --git a/cli/config.js b/cli/config.js

index 68eae5f1a5a503aa3df6e2e28eb4f07e4edc97f2..bb5c4ad5ee73331814c1011be1e5ca95f81cff4a 100644 (file)
--- a/cli/config.js
+++ b/cli/config.js
@@ -16,8 +16,7 @@ exports = module.exports = {
  
      // convenience
      server: function () { return get('server'); },
-    username: function () { return get('username'); },
-    password: function () { return get('password'); }
+    accessToken: function () { return get('accessToken'); }
  };
  
  var HOME = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;
diff --git a/frontend/js/app.js b/frontend/js/app.js

index b07560affa57d8bff120ad7c87d3ac92bbfd12a1..de61dcf8f522aa48c49d929feba1e52e0891bc30 100644 (file)
--- a/frontend/js/app.js
+++ b/frontend/js/app.js
@@ -27,7 +27,7 @@ function login(username, password) {
  
      app.busy = true;
  
-    superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) {
+    superagent.post('/api/login').send({ username: username, password: password }).end(function (error, result) {
          app.busy = false;
  
          if (error) return console.error(error);
diff --git a/src/auth.js b/src/auth.js

index f49ca38130b3a0e839a51f73e0c5dc7d9c2b3839..5f83cea3e9e8321027ce9d00fdd24ad53630d43d 100644 (file)
--- a/src/auth.js
+++ b/src/auth.js
@@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
          function (req, res, next) {
              var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
              if (!users) return res.send(401);
-            if (!users[req.query.username]) return res.send(401);
+            if (!users[req.body.username]) return res.send(401);
  
-            bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
+            bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
                  if (error || !valid) return res.send(401);
  
                  req.user = {
-                    username: req.query.username
+                    username: req.body.username
                  };
  
                  next();
author	Johannes Zellner <johannes@cloudron.io>
	Thu, 9 Feb 2017 12:02:41 +0000 (13:02 +0100)
committer	Johannes Zellner <johannes@cloudron.io>
	Thu, 9 Feb 2017 12:02:41 +0000 (13:02 +0100)
cli/actions.js		patch \| blob \| blame \| history
cli/config.js		patch \| blob \| blame \| history
frontend/js/app.js		patch \| blob \| blame \| history
src/auth.js		patch \| blob \| blame \| history