From: Johannes Zellner Date: Thu, 9 Feb 2017 12:02:41 +0000 (+0100) Subject: Send username/password in body and fix cli X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FProjets%2FNodejs%2FSurfer.git;a=commitdiff_plain;h=9b7a26fc3708ac42d7d29c4329adbde465d29220 Send username/password in body and fix cli --- diff --git a/cli/actions.js b/cli/actions.js index a862b4b..45656a6 100644 --- a/cli/actions.js +++ b/cli/actions.js @@ -22,12 +22,12 @@ var API = '/api/files/'; var gQuery = {}; function checkConfig() { - if (!config.server() || !config.username() || !config.password()) { + if (!config.server() || !config.accessToken()) { console.log('You have run "login" first'); process.exit(1); } - gQuery = { username: config.username(), password: config.password() }; + gQuery = { access_token: config.accessToken() }; console.error('Using server %s', config.server().cyan); } @@ -65,7 +65,7 @@ function login(uri) { var username = readlineSync.question('Username: '); var password = readlineSync.question('Password: ', { hideEchoBack: true, mask: '' }); - superagent.get(server + API + '/').query({ username: username, password: password }).end(function (error, result) { + superagent.post(server + '/api/login').send({ username: username, password: password }).end(function (error, result) { if (error && error.code === 'ENOTFOUND') { console.log('Server %s not found.'.red, server.bold); process.exit(1); @@ -74,18 +74,19 @@ function login(uri) { console.log('Failed to connect to server %s'.red, server.bold, error.code); process.exit(1); } - if (result.status === 401) { - console.log('Login failed.'.red); - process.exit(1); + if (result.status !== 201) { + console.log('Login failed.\n'.red); + return login(uri); } - config.set('server', server); - config.set('username', username); + // TODO remove at some point, this is just to clear the previous old version values + config.set('username', ''); + config.set('password', ''); - // TODO this is clearly bad and needs fixing - config.set('password', password); + config.set('server', server); + config.set('accessToken', result.body.accessToken); - gQuery = { username: username, password: password }; + gQuery = { access_token: result.body.accessToken }; console.log('Login successful'.green); }); diff --git a/cli/config.js b/cli/config.js index 68eae5f..bb5c4ad 100644 --- a/cli/config.js +++ b/cli/config.js @@ -16,8 +16,7 @@ exports = module.exports = { // convenience server: function () { return get('server'); }, - username: function () { return get('username'); }, - password: function () { return get('password'); } + accessToken: function () { return get('accessToken'); } }; var HOME = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE; diff --git a/frontend/js/app.js b/frontend/js/app.js index b07560a..de61dcf 100644 --- a/frontend/js/app.js +++ b/frontend/js/app.js @@ -27,7 +27,7 @@ function login(username, password) { app.busy = true; - superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) { + superagent.post('/api/login').send({ username: username, password: password }).end(function (error, result) { app.busy = false; if (error) return console.error(error); diff --git a/src/auth.js b/src/auth.js index f49ca38..5f83cea 100644 --- a/src/auth.js +++ b/src/auth.js @@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) { function (req, res, next) { var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); if (!users) return res.send(401); - if (!users[req.query.username]) return res.send(401); + if (!users[req.body.username]) return res.send(401); - bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { + bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) { if (error || !valid) return res.send(401); req.user = { - username: req.query.username + username: req.body.username }; next();