Consolidate user verification

author: Johannes Zellner <johannes@cloudron.io> 2019-02-23 23:15:23 +0100
committer: Johannes Zellner <johannes@cloudron.io> 2019-02-23 23:15:23 +0100
commit: 47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6 (patch)
tree: 617213afba0a65b4d56d49993a853569ba5523d5
parent: 7af3d8556de81996d476d92807928fafdc91c41b (diff)
download: Surfer-47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6.tar.gz
Surfer-47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6.tar.zst
Surfer-47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6.zip
3 files changed, 194 insertions, 146 deletions
diff --git a/package-lock.json b/package-lock.json
index 8535c99..c66f538 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4,11 +4,6 @@
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
-    "abbrev": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
-      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
-    },
    "accepts": {
      "version": "1.3.4",
      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
@@ -74,14 +69,14 @@
      "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0="
    },
    "asn1": {
-      "version": "0.2.1",
+      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.1.tgz",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-      "integrity": "sha1-7Mc/ddMeo8btnUdCjbNf7Meyxtw="
+      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y="
    },
    "assert-plus": {
-      "version": "0.1.5",
+      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.1.5.tgz",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-      "integrity": "sha1-7nQAlBMALYTOxyGcasgRgS5yMWA="
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
    },
    "async": {
      "version": "1.5.2",
@@ -103,6 +98,14 @@
      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz",
      "integrity": "sha1-g+9cqGCysy5KDe7e6MdxudtXRx4="
    },
+    "backoff": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
+      "integrity": "sha1-9hbtqdPktmuMp/ynn2lXIsX44m8=",
+      "requires": {
+        "precond": "0.2"
+      }
+    },
    "balanced-match": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
@@ -195,12 +198,14 @@
      }
    },
    "bunyan": {
-      "version": "0.22.1",
+      "version": "1.8.12",
-      "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-0.22.1.tgz",
+      "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-1.8.12.tgz",
-      "integrity": "sha1-Agw4O+1iWvXGyINN2MSsoN0Pdlw=",
+      "integrity": "sha1-8VDw9nSKvdcq6uhPBEA74u8RN5c=",
      "requires": {
-        "dtrace-provider": "0.2.8",
+        "dtrace-provider": "~0.8",
-        "mv": "0.0.5"
+        "moment": "^2.10.6",
+        "mv": "~2",
+        "safe-json-stringify": "~1"
      }
    },
    "bytes": {
@@ -430,10 +435,13 @@
      "dev": true
    },
    "dtrace-provider": {
-      "version": "0.2.8",
+      "version": "0.8.7",
-      "resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.2.8.tgz",
+      "resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.8.7.tgz",
-      "integrity": "sha1-4kPxkhmqlfvw2PL/sH9b1k6U/iA=",
+      "integrity": "sha1-3JObTT4GIM/gwc2APQ0tftBP/QQ=",
-      "optional": true
+      "optional": true,
+      "requires": {
+        "nan": "^2.10.0"
+      }
    },
    "ecc-jsbn": {
      "version": "0.1.1",
@@ -554,9 +562,9 @@
      "integrity": "sha1-p1Xqe8Gt/MWjHOfnYtuq3F5jZEQ="
    },
    "extsprintf": {
-      "version": "1.0.0",
+      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.2.0.tgz",
-      "integrity": "sha1-TVi4Fazlvr/E6/A8+YsKdgSpm4Y="
+      "integrity": "sha1-WtlGwi9bMrp/jNdCZxHG6KP8JSk="
    },
    "fast-deep-equal": {
      "version": "1.0.0",
@@ -861,11 +869,6 @@
      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
      "optional": true
    },
-    "json-schema": {
-      "version": "0.2.2",
-      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.2.tgz",
-      "integrity": "sha1-UDVPGfYDkXxpX3C4Wvp3w7DyNQY="
-    },
    "json-schema-traverse": {
      "version": "0.3.1",
      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz",
@@ -876,37 +879,36 @@
      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
    },
-    "jsprim": {
+    "ldap-filter": {
-      "version": "0.3.0",
+      "version": "0.2.2",
-      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-0.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/ldap-filter/-/ldap-filter-0.2.2.tgz",
-      "integrity": "sha1-zRNGbqJIDb2DlqVw1H0x3aR2+LE=",
+      "integrity": "sha1-8rhCvguG2jNSeYUFsx68rlkNd9A=",
      "requires": {
-        "extsprintf": "1.0.0",
+        "assert-plus": "0.1.5"
-        "json-schema": "0.2.2",
-        "verror": "1.3.3"
      },
      "dependencies": {
-        "verror": {
+        "assert-plus": {
-          "version": "1.3.3",
+          "version": "0.1.5",
-          "resolved": "https://registry.npmjs.org/verror/-/verror-1.3.3.tgz",
+          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.1.5.tgz",
-          "integrity": "sha1-impKw6jHdLb2h/7OSb3/14VS4s0=",
+          "integrity": "sha1-7nQAlBMALYTOxyGcasgRgS5yMWA="
-          "requires": {
-            "extsprintf": "1.0.0"
-          }
        }
      }
    },
    "ldapjs": {
-      "version": "0.7.1",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-0.7.1.tgz",
+      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-1.0.2.tgz",
-      "integrity": "sha1-aEeYpodkC6sa+9gCz1MvMEkt+1Y=",
+      "integrity": "sha1-VE/3Ayt7g8aPBwEyjZKXqmlDQPk=",
      "requires": {
-        "asn1": "0.2.1",
+        "asn1": "0.2.3",
-        "assert-plus": "0.1.5",
+        "assert-plus": "^1.0.0",
-        "bunyan": "0.22.1",
+        "backoff": "^2.5.0",
-        "dtrace-provider": "0.2.8",
+        "bunyan": "^1.8.3",
-        "nopt": "2.1.1",
+        "dashdash": "^1.14.0",
-        "pooling": "0.4.6"
+        "dtrace-provider": "~0.8",
+        "ldap-filter": "0.2.2",
+        "once": "^1.4.0",
+        "vasync": "^1.6.4",
+        "verror": "^1.8.1"
      }
    },
    "lru-cache": {
@@ -1030,6 +1032,12 @@
        }
      }
    },
+    "moment": {
+      "version": "2.24.0",
+      "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz",
+      "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg==",
+      "optional": true
+    },
    "morgan": {
      "version": "1.9.0",
      "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz",
@@ -1063,9 +1071,50 @@
      }
    },
    "mv": {
-      "version": "0.0.5",
+      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/mv/-/mv-0.0.5.tgz",
+      "resolved": "https://registry.npmjs.org/mv/-/mv-2.1.1.tgz",
-      "integrity": "sha1-FerHWUeYhN8RMdbeVrziC2VPU5E=",
+      "integrity": "sha1-rmzg1vbV4KT32JN5jQPB6pVZtqI=",
+      "optional": true,
+      "requires": {
+        "mkdirp": "~0.5.1",
+        "ncp": "~2.0.0",
+        "rimraf": "~2.4.0"
+      },
+      "dependencies": {
+        "glob": {
+          "version": "6.0.4",
+          "resolved": "https://registry.npmjs.org/glob/-/glob-6.0.4.tgz",
+          "integrity": "sha1-DwiGD2oVUSey+t1PnOJLGqtuTSI=",
+          "optional": true,
+          "requires": {
+            "inflight": "^1.0.4",
+            "inherits": "2",
+            "minimatch": "2 || 3",
+            "once": "^1.3.0",
+            "path-is-absolute": "^1.0.0"
+          }
+        },
+        "rimraf": {
+          "version": "2.4.5",
+          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.4.5.tgz",
+          "integrity": "sha1-7nEM5dk6j9uFb7Xqj/Di11k0sto=",
+          "optional": true,
+          "requires": {
+            "glob": "^6.0.1"
+          }
+        }
+      }
+    },
+    "nan": {
+      "version": "2.12.1",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.12.1.tgz",
+      "integrity": "sha512-JY7V6lRkStKcKTvHO5NVSQRv+RV+FIL5pvDoLiAtSL9pKlC5x9PKQcZDsq7m4FO4d57mkhC6Z+QhAh3Jdk5JFw==",
+      "optional": true
+    },
+    "ncp": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ncp/-/ncp-2.0.0.tgz",
+      "integrity": "sha1-GVoh1sRuNh0vsSgbo4uR6d9727M=",
      "optional": true
    },
    "negotiator": {
@@ -1073,14 +1122,6 @@
      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz",
      "integrity": "sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk="
    },
-    "nopt": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/nopt/-/nopt-2.1.1.tgz",
-      "integrity": "sha1-ket8SwF+fACtytH9bWOUTQ/bdcE=",
-      "requires": {
-        "abbrev": "1"
-      }
-    },
    "oauth-sign": {
      "version": "0.8.2",
      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz",
@@ -1140,15 +1181,6 @@
        "passport-strategy": "1.x.x"
      }
    },
-    "passport-ldapjs": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/passport-ldapjs/-/passport-ldapjs-1.0.3.tgz",
-      "integrity": "sha512-pWyqehzK5IAtg53S6uIc9PHqgxL3xDcog3XDhtvidNd4+3z8XTGV2qQKPaUZnkkRLmWqZ7Dm3gnwnAtp6R1LNQ==",
-      "requires": {
-        "ldapjs": "^0.7.1",
-        "passport-strategy": "^1.0.0"
-      }
-    },
    "passport-strategy": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
@@ -1202,24 +1234,10 @@
        "pinkie": "^2.0.0"
      }
    },
-    "pooling": {
+    "precond": {
-      "version": "0.4.6",
+      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/pooling/-/pooling-0.4.6.tgz",
+      "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
-      "integrity": "sha1-dqMXNx6oo2O0hY+keZ5gJF8w5mQ=",
+      "integrity": "sha1-qpWRvKokkj8eD0hJ0kD0fvwQdaw="
-      "requires": {
-        "assert-plus": "0.1.5",
-        "bunyan": "0.22.1",
-        "dtrace-provider": "0.2.8",
-        "once": "1.3.0",
-        "vasync": "1.4.0"
-      },
-      "dependencies": {
-        "once": {
-          "version": "1.3.0",
-          "resolved": "https://registry.npmjs.org/once/-/once-1.3.0.tgz",
-          "integrity": "sha1-FRr4a/wfCMS58H0GqyUP/L61ZYE="
-        }
-      }
    },
    "proxy-addr": {
      "version": "2.0.2",
@@ -1357,6 +1375,12 @@
      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",
      "integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="
    },
+    "safe-json-stringify": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/safe-json-stringify/-/safe-json-stringify-1.2.0.tgz",
+      "integrity": "sha512-gH8eh2nZudPQO6TytOvbxnuhYBOvDBBLW52tz5q6X58lJcd/tkmqFR+5Z9adS8aJtURSXWThWy/xJtJwixErvg==",
+      "optional": true
+    },
    "safetydance": {
      "version": "0.1.1",
      "resolved": "https://registry.npmjs.org/safetydance/-/safetydance-0.1.1.tgz",
@@ -1692,20 +1716,31 @@
      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
    },
    "vasync": {
-      "version": "1.4.0",
+      "version": "1.6.4",
-      "resolved": "https://registry.npmjs.org/vasync/-/vasync-1.4.0.tgz",
+      "resolved": "https://registry.npmjs.org/vasync/-/vasync-1.6.4.tgz",
-      "integrity": "sha1-bqWmNYI1iGjYdDy91v+tyQg7kQ8=",
+      "integrity": "sha1-3+k2Fq0OeugBszKp2Iv8XNyOHR8=",
      "requires": {
-        "jsprim": "0.3.0",
+        "verror": "1.6.0"
-        "verror": "1.1.0"
+      },
+      "dependencies": {
+        "verror": {
+          "version": "1.6.0",
+          "resolved": "https://registry.npmjs.org/verror/-/verror-1.6.0.tgz",
+          "integrity": "sha1-fROyex+swuLakEBetepuW90lLqU=",
+          "requires": {
+            "extsprintf": "1.2.0"
+          }
+        }
      }
    },
    "verror": {
-      "version": "1.1.0",
+      "version": "1.10.0",
-      "resolved": "https://registry.npmjs.org/verror/-/verror-1.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
-      "integrity": "sha1-KktOsUogcFHnWm+U7lExW/FzobA=",
+      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
      "requires": {
-        "extsprintf": "1.0.0"
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
      }
    },
    "webdav-server": {
diff --git a/package.json b/package.json
index 0ec6b50..6cf0187 100644
--- a/package.json
+++ b/package.json
@@ -33,12 +33,12 @@
    "del": "^2.2.0",
    "express": "^4.16.2",
    "express-session": "^1.15.6",
+    "ldapjs": "^1.0.2",
    "mkdirp": "^0.5.1",
    "morgan": "^1.9.0",
    "multiparty": "^4.1.2",
    "passport": "^0.2.2",
    "passport-http-bearer": "^1.0.1",
-    "passport-ldapjs": "^1.0.3",
    "readline-sync": "^1.4.9",
    "request": "^2.83.0",
    "safetydance": "^0.1.1",
diff --git a/src/auth.js b/src/auth.js
index 67c2050..e148fb7 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -7,13 +7,22 @@ var passport = require('passport'),
    bcrypt = require('bcryptjs'),
    uuid = require('uuid/v4'),
    BearerStrategy = require('passport-http-bearer').Strategy,
-    LdapStrategy = require('passport-ldapjs').Strategy,
+    ldapjs = require('ldapjs'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    webdavErrors = require('webdav-server').v2.Errors;
+const LDAP_URL = process.env.LDAP_URL;
+const LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
 const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
 const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE || './.tokens.json');
+const AUTH_METHOD = (LDAP_URL && LDAP_USERS_BASE_DN) ? 'ldap' : 'local';
+if (AUTH_METHOD === 'ldap') {
+    console.log('Use ldap auth');
+} else {
+    console.log(`Use local auth file ${LOCAL_AUTH_FILE}`);
+}
 var tokenStore = {
    data: {},
@@ -68,54 +77,62 @@ passport.deserializeUser(function (id, done) {
    done(null, { uid: id });
 });
-var LDAP_URL = process.env.LDAP_URL;
+function verifyUser(username, password, callback) {
-var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
+    if (AUTH_METHOD === 'ldap') {
+        var ldapClient = ldapjs.createClient({ url: process.env.LDAP_URL });
+        ldapClient.on('error', function (error) {
+            console.error('LDAP error', error);
+        });
-if (LDAP_URL && LDAP_USERS_BASE_DN) {
+        ldapClient.bind(process.env.LDAP_BIND_DN, process.env.LDAP_BIND_PASSWORD, function (error) {
-    console.log('Using ldap auth');
+            if (error) return callback(error);
-    exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
+            var filter = `(|(uid=${username})(mail=${username})(username=${username})(sAMAccountName=${username}))`;
-} else {
+            ldapClient.search(process.env.LDAP_USERS_BASE_DN, { filter: filter }, function (error, result) {
-    console.log(`Using local user file: ${LOCAL_AUTH_FILE}`);
+                if (error) return callback(error);
-    exports.login = [
+                var items = [];
-        function (req, res, next) {
-            var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
-            if (!users) return res.send(401);
-            if (!users[req.body.username]) return res.send(401);
-            bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
+                result.on('searchEntry', function(entry) { items.push(entry.object); });
-                if (error || !valid) return res.send(401);
+                result.on('error', callback);
+                result.on('end', function (result) {
+                    if (result.status !== 0 || items.length === 0) return callback(error);
-                req.user = {
+                    // pick the first found
-                    username: req.body.username
+                    var user = items[0];
-                };
-                next();
+                    ldapClient.bind(user.dn, password, function (error) {
+                        if (error) return callback('Invalid credentials');
+                        callback(null, { username: username });
+                    });
+                });
            });
-        },
+        });
-        issueAccessToken()
+    } else {
-    ];
+        var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
+        if (!users || !users[username]) return callback('Invalid credentials');
+        bcrypt.compare(password, users[username].passwordHash, function (error, valid) {
+            if (error || !valid) return callback('Invalid credentials');
+            callback(null, { username: username });
+        });
+    }
 }
-var opts = {
+exports.login = [
-    server: {
+    function (req, res, next) {
-        url: LDAP_URL,
+        verifyUser(req.body.username, req.body.password, function (error, user) {
-    },
+            if (error) return next(new HttpError(401, 'Invalid credentials'));
-    base: LDAP_USERS_BASE_DN,
-    search: {
-        filter: '(|(username={{username}})(mail={{username}}))',
-        attributes: ['displayname', 'username', 'mail', 'uid'],
-        scope: 'sub'
-    },
-    uidTag: 'cn',
-    usernameField: 'username',
-    passwordField: 'password',
-};
-passport.use(new LdapStrategy(opts, function (profile, done) {
+            req.user = user;
-    done(null, profile);
-}));
+            next();
+        });
+    },
+    issueAccessToken()
+];
 exports.verify = passport.authenticate('bearer', { session: false });
@@ -162,18 +179,14 @@ WebdavUserManager.prototype.getDefaultUser = function (callback) {
 };
 WebdavUserManager.prototype.getUserByNamePassword = function (username, password, callback) {
-    var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
+    verifyUser(username, password, function (error, user) {
-    if (!users) return callback(webdavErrors.UserNotFound);
+        if (error) return callback(webdavErrors.UserNotFound);
-    if (!users[username]) return callback(webdavErrors.UserNotFound);
-    bcrypt.compare(password, users[username].passwordHash, function (error, valid) {
-        if (error || !valid) return callback(webdavErrors.UserNotFound);
        callback(null, {
-            username: username,
+            username: user.username,
            isAdministrator: true,
            isDefaultUser: false,
-            uid: username
+            uid: user.username
        });
    });
 };
author	Johannes Zellner <johannes@cloudron.io>	2019-02-23 23:15:23 +0100
committer	Johannes Zellner <johannes@cloudron.io>	2019-02-23 23:15:23 +0100
commit	47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6 (patch)
tree	617213afba0a65b4d56d49993a853569ba5523d5
parent	7af3d8556de81996d476d92807928fafdc91c41b (diff)
download	Surfer-47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6.tar.gz Surfer-47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6.tar.zst Surfer-47ba3ae4ff8e5a49b06de5bfea908bf6a0c599d6.zip

diff --git a/package-lock.json b/package-lock.json index 8535c99..c66f538 100644 --- a/package-lock.json +++ b/package-lock.json
@@ -4,11 +4,6 @@
4	"lockfileVersion": 1,	4	"lockfileVersion": 1,
5	"requires": true,	5	"requires": true,
6	"dependencies": {	6	"dependencies": {
7	"abbrev": {
8	"version": "1.1.1",
9	"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
10	"integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
11	},
12	"accepts": {	7	"accepts": {
13	"version": "1.3.4",	8	"version": "1.3.4",
14	"resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",	9	"resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
@@ -74,14 +69,14 @@
74	"integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0="	69	"integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0="
75	},	70	},
76	"asn1": {	71	"asn1": {
77	"version": "0.2.1",	72	"version": "0.2.3",
78	"resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.1.tgz",	73	"resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
79	"integrity": "sha1-7Mc/ddMeo8btnUdCjbNf7Meyxtw="	74	"integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y="
80	},	75	},
81	"assert-plus": {	76	"assert-plus": {
82	"version": "0.1.5",	77	"version": "1.0.0",
83	"resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.1.5.tgz",	78	"resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
84	"integrity": "sha1-7nQAlBMALYTOxyGcasgRgS5yMWA="	79	"integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
85	},	80	},
86	"async": {	81	"async": {
87	"version": "1.5.2",	82	"version": "1.5.2",
@@ -103,6 +98,14 @@
103	"resolved": "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz",	98	"resolved": "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz",
104	"integrity": "sha1-g+9cqGCysy5KDe7e6MdxudtXRx4="	99	"integrity": "sha1-g+9cqGCysy5KDe7e6MdxudtXRx4="
105	},	100	},
		101	"backoff": {
		102	"version": "2.5.0",
		103	"resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
		104	"integrity": "sha1-9hbtqdPktmuMp/ynn2lXIsX44m8=",
		105	"requires": {
		106	"precond": "0.2"
		107	}
		108	},
106	"balanced-match": {	109	"balanced-match": {
107	"version": "1.0.0",	110	"version": "1.0.0",
108	"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",	111	"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
@@ -195,12 +198,14 @@
195	}	198	}
196	},	199	},
197	"bunyan": {	200	"bunyan": {
198	"version": "0.22.1",	201	"version": "1.8.12",
199	"resolved": "https://registry.npmjs.org/bunyan/-/bunyan-0.22.1.tgz",	202	"resolved": "https://registry.npmjs.org/bunyan/-/bunyan-1.8.12.tgz",
200	"integrity": "sha1-Agw4O+1iWvXGyINN2MSsoN0Pdlw=",	203	"integrity": "sha1-8VDw9nSKvdcq6uhPBEA74u8RN5c=",
201	"requires": {	204	"requires": {
202	"dtrace-provider": "0.2.8",	205	"dtrace-provider": "~0.8",
203	"mv": "0.0.5"	206	"moment": "^2.10.6",
		207	"mv": "~2",
		208	"safe-json-stringify": "~1"
204	}	209	}
205	},	210	},
206	"bytes": {	211	"bytes": {
@@ -430,10 +435,13 @@
430	"dev": true	435	"dev": true
431	},	436	},
432	"dtrace-provider": {	437	"dtrace-provider": {
433	"version": "0.2.8",	438	"version": "0.8.7",
434	"resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.2.8.tgz",	439	"resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.8.7.tgz",
435	"integrity": "sha1-4kPxkhmqlfvw2PL/sH9b1k6U/iA=",	440	"integrity": "sha1-3JObTT4GIM/gwc2APQ0tftBP/QQ=",
436	"optional": true	441	"optional": true,
		442	"requires": {
		443	"nan": "^2.10.0"
		444	}
437	},	445	},
438	"ecc-jsbn": {	446	"ecc-jsbn": {
439	"version": "0.1.1",	447	"version": "0.1.1",
@@ -554,9 +562,9 @@
554	"integrity": "sha1-p1Xqe8Gt/MWjHOfnYtuq3F5jZEQ="	562	"integrity": "sha1-p1Xqe8Gt/MWjHOfnYtuq3F5jZEQ="
555	},	563	},
556	"extsprintf": {	564	"extsprintf": {
557	"version": "1.0.0",	565	"version": "1.2.0",
558	"resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.0.0.tgz",	566	"resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.2.0.tgz",
559	"integrity": "sha1-TVi4Fazlvr/E6/A8+YsKdgSpm4Y="	567	"integrity": "sha1-WtlGwi9bMrp/jNdCZxHG6KP8JSk="
560	},	568	},
561	"fast-deep-equal": {	569	"fast-deep-equal": {
562	"version": "1.0.0",	570	"version": "1.0.0",
@@ -861,11 +869,6 @@
861	"integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",	869	"integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
862	"optional": true	870	"optional": true
863	},	871	},
864	"json-schema": {
865	"version": "0.2.2",
866	"resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.2.tgz",
867	"integrity": "sha1-UDVPGfYDkXxpX3C4Wvp3w7DyNQY="
868	},
869	"json-schema-traverse": {	872	"json-schema-traverse": {
870	"version": "0.3.1",	873	"version": "0.3.1",
871	"resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz",	874	"resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz",
@@ -876,37 +879,36 @@
876	"resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",	879	"resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
877	"integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="	880	"integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
878	},	881	},
879	"jsprim": {	882	"ldap-filter": {
880	"version": "0.3.0",	883	"version": "0.2.2",
881	"resolved": "https://registry.npmjs.org/jsprim/-/jsprim-0.3.0.tgz",	884	"resolved": "https://registry.npmjs.org/ldap-filter/-/ldap-filter-0.2.2.tgz",
882	"integrity": "sha1-zRNGbqJIDb2DlqVw1H0x3aR2+LE=",	885	"integrity": "sha1-8rhCvguG2jNSeYUFsx68rlkNd9A=",
883	"requires": {	886	"requires": {
884	"extsprintf": "1.0.0",	887	"assert-plus": "0.1.5"
885	"json-schema": "0.2.2",
886	"verror": "1.3.3"
887	},	888	},
888	"dependencies": {	889	"dependencies": {
889	"verror": {	890	"assert-plus": {
890	"version": "1.3.3",	891	"version": "0.1.5",
891	"resolved": "https://registry.npmjs.org/verror/-/verror-1.3.3.tgz",	892	"resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.1.5.tgz",
892	"integrity": "sha1-impKw6jHdLb2h/7OSb3/14VS4s0=",	893	"integrity": "sha1-7nQAlBMALYTOxyGcasgRgS5yMWA="
893	"requires": {
894	"extsprintf": "1.0.0"
895	}
896	}	894	}
897	}	895	}
898	},	896	},
899	"ldapjs": {	897	"ldapjs": {
900	"version": "0.7.1",	898	"version": "1.0.2",
901	"resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-0.7.1.tgz",	899	"resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-1.0.2.tgz",
902	"integrity": "sha1-aEeYpodkC6sa+9gCz1MvMEkt+1Y=",	900	"integrity": "sha1-VE/3Ayt7g8aPBwEyjZKXqmlDQPk=",
903	"requires": {	901	"requires": {
904	"asn1": "0.2.1",	902	"asn1": "0.2.3",
905	"assert-plus": "0.1.5",	903	"assert-plus": "^1.0.0",
906	"bunyan": "0.22.1",	904	"backoff": "^2.5.0",
907	"dtrace-provider": "0.2.8",	905	"bunyan": "^1.8.3",
908	"nopt": "2.1.1",	906	"dashdash": "^1.14.0",
909	"pooling": "0.4.6"	907	"dtrace-provider": "~0.8",
		908	"ldap-filter": "0.2.2",
		909	"once": "^1.4.0",
		910	"vasync": "^1.6.4",
		911	"verror": "^1.8.1"
910	}	912	}
911	},	913	},
912	"lru-cache": {	914	"lru-cache": {
@@ -1030,6 +1032,12 @@
1030	}	1032	}
1031	}	1033	}
1032	},	1034	},
		1035	"moment": {
		1036	"version": "2.24.0",
		1037	"resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz",
		1038	"integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg==",
		1039	"optional": true
		1040	},
1033	"morgan": {	1041	"morgan": {
1034	"version": "1.9.0",	1042	"version": "1.9.0",
1035	"resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz",	1043	"resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz",
@@ -1063,9 +1071,50 @@
1063	}	1071	}
1064	},	1072	},
1065	"mv": {	1073	"mv": {
1066	"version": "0.0.5",	1074	"version": "2.1.1",
1067	"resolved": "https://registry.npmjs.org/mv/-/mv-0.0.5.tgz",	1075	"resolved": "https://registry.npmjs.org/mv/-/mv-2.1.1.tgz",
1068	"integrity": "sha1-FerHWUeYhN8RMdbeVrziC2VPU5E=",	1076	"integrity": "sha1-rmzg1vbV4KT32JN5jQPB6pVZtqI=",
		1077	"optional": true,
		1078	"requires": {
		1079	"mkdirp": "~0.5.1",
		1080	"ncp": "~2.0.0",
		1081	"rimraf": "~2.4.0"
		1082	},
		1083	"dependencies": {
		1084	"glob": {
		1085	"version": "6.0.4",
		1086	"resolved": "https://registry.npmjs.org/glob/-/glob-6.0.4.tgz",
		1087	"integrity": "sha1-DwiGD2oVUSey+t1PnOJLGqtuTSI=",
		1088	"optional": true,
		1089	"requires": {
		1090	"inflight": "^1.0.4",
		1091	"inherits": "2",
		1092	"minimatch": "2 \|\| 3",
		1093	"once": "^1.3.0",
		1094	"path-is-absolute": "^1.0.0"
		1095	}
		1096	},
		1097	"rimraf": {
		1098	"version": "2.4.5",
		1099	"resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.4.5.tgz",
		1100	"integrity": "sha1-7nEM5dk6j9uFb7Xqj/Di11k0sto=",
		1101	"optional": true,
		1102	"requires": {
		1103	"glob": "^6.0.1"
		1104	}
		1105	}
		1106	}
		1107	},
		1108	"nan": {
		1109	"version": "2.12.1",
		1110	"resolved": "https://registry.npmjs.org/nan/-/nan-2.12.1.tgz",
		1111	"integrity": "sha512-JY7V6lRkStKcKTvHO5NVSQRv+RV+FIL5pvDoLiAtSL9pKlC5x9PKQcZDsq7m4FO4d57mkhC6Z+QhAh3Jdk5JFw==",
		1112	"optional": true
		1113	},
		1114	"ncp": {
		1115	"version": "2.0.0",
		1116	"resolved": "https://registry.npmjs.org/ncp/-/ncp-2.0.0.tgz",
		1117	"integrity": "sha1-GVoh1sRuNh0vsSgbo4uR6d9727M=",
1069	"optional": true	1118	"optional": true
1070	},	1119	},
1071	"negotiator": {	1120	"negotiator": {
@@ -1073,14 +1122,6 @@
1073	"resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz",	1122	"resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz",
1074	"integrity": "sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk="	1123	"integrity": "sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk="
1075	},	1124	},
1076	"nopt": {
1077	"version": "2.1.1",
1078	"resolved": "https://registry.npmjs.org/nopt/-/nopt-2.1.1.tgz",
1079	"integrity": "sha1-ket8SwF+fACtytH9bWOUTQ/bdcE=",
1080	"requires": {
1081	"abbrev": "1"
1082	}
1083	},
1084	"oauth-sign": {	1125	"oauth-sign": {
1085	"version": "0.8.2",	1126	"version": "0.8.2",
1086	"resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz",	1127	"resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz",
@@ -1140,15 +1181,6 @@
1140	"passport-strategy": "1.x.x"	1181	"passport-strategy": "1.x.x"
1141	}	1182	}
1142	},	1183	},
1143	"passport-ldapjs": {
1144	"version": "1.0.3",
1145	"resolved": "https://registry.npmjs.org/passport-ldapjs/-/passport-ldapjs-1.0.3.tgz",
1146	"integrity": "sha512-pWyqehzK5IAtg53S6uIc9PHqgxL3xDcog3XDhtvidNd4+3z8XTGV2qQKPaUZnkkRLmWqZ7Dm3gnwnAtp6R1LNQ==",
1147	"requires": {
1148	"ldapjs": "^0.7.1",
1149	"passport-strategy": "^1.0.0"
1150	}
1151	},
1152	"passport-strategy": {	1184	"passport-strategy": {
1153	"version": "1.0.0",	1185	"version": "1.0.0",
1154	"resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",	1186	"resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
@@ -1202,24 +1234,10 @@
1202	"pinkie": "^2.0.0"	1234	"pinkie": "^2.0.0"
1203	}	1235	}
1204	},	1236	},
1205	"pooling": {	1237	"precond": {
1206	"version": "0.4.6",	1238	"version": "0.2.3",
1207	"resolved": "https://registry.npmjs.org/pooling/-/pooling-0.4.6.tgz",	1239	"resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
1208	"integrity": "sha1-dqMXNx6oo2O0hY+keZ5gJF8w5mQ=",	1240	"integrity": "sha1-qpWRvKokkj8eD0hJ0kD0fvwQdaw="
1209	"requires": {
1210	"assert-plus": "0.1.5",
1211	"bunyan": "0.22.1",
1212	"dtrace-provider": "0.2.8",
1213	"once": "1.3.0",
1214	"vasync": "1.4.0"
1215	},
1216	"dependencies": {
1217	"once": {
1218	"version": "1.3.0",
1219	"resolved": "https://registry.npmjs.org/once/-/once-1.3.0.tgz",
1220	"integrity": "sha1-FRr4a/wfCMS58H0GqyUP/L61ZYE="
1221	}
1222	}
1223	},	1241	},
1224	"proxy-addr": {	1242	"proxy-addr": {
1225	"version": "2.0.2",	1243	"version": "2.0.2",
@@ -1357,6 +1375,12 @@
1357	"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",	1375	"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",
1358	"integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="	1376	"integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="
1359	},	1377	},
		1378	"safe-json-stringify": {
		1379	"version": "1.2.0",
		1380	"resolved": "https://registry.npmjs.org/safe-json-stringify/-/safe-json-stringify-1.2.0.tgz",
		1381	"integrity": "sha512-gH8eh2nZudPQO6TytOvbxnuhYBOvDBBLW52tz5q6X58lJcd/tkmqFR+5Z9adS8aJtURSXWThWy/xJtJwixErvg==",
		1382	"optional": true
		1383	},
1360	"safetydance": {	1384	"safetydance": {
1361	"version": "0.1.1",	1385	"version": "0.1.1",
1362	"resolved": "https://registry.npmjs.org/safetydance/-/safetydance-0.1.1.tgz",	1386	"resolved": "https://registry.npmjs.org/safetydance/-/safetydance-0.1.1.tgz",
@@ -1692,20 +1716,31 @@
1692	"integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="	1716	"integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
1693	},	1717	},
1694	"vasync": {	1718	"vasync": {
1695	"version": "1.4.0",	1719	"version": "1.6.4",
1696	"resolved": "https://registry.npmjs.org/vasync/-/vasync-1.4.0.tgz",	1720	"resolved": "https://registry.npmjs.org/vasync/-/vasync-1.6.4.tgz",
1697	"integrity": "sha1-bqWmNYI1iGjYdDy91v+tyQg7kQ8=",	1721	"integrity": "sha1-3+k2Fq0OeugBszKp2Iv8XNyOHR8=",
1698	"requires": {	1722	"requires": {
1699	"jsprim": "0.3.0",	1723	"verror": "1.6.0"
1700	"verror": "1.1.0"	1724	},
		1725	"dependencies": {
		1726	"verror": {
		1727	"version": "1.6.0",
		1728	"resolved": "https://registry.npmjs.org/verror/-/verror-1.6.0.tgz",
		1729	"integrity": "sha1-fROyex+swuLakEBetepuW90lLqU=",
		1730	"requires": {
		1731	"extsprintf": "1.2.0"
		1732	}
		1733	}
1701	}	1734	}
1702	},	1735	},
1703	"verror": {	1736	"verror": {
1704	"version": "1.1.0",	1737	"version": "1.10.0",
1705	"resolved": "https://registry.npmjs.org/verror/-/verror-1.1.0.tgz",	1738	"resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
1706	"integrity": "sha1-KktOsUogcFHnWm+U7lExW/FzobA=",	1739	"integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
1707	"requires": {	1740	"requires": {
1708	"extsprintf": "1.0.0"	1741	"assert-plus": "^1.0.0",
		1742	"core-util-is": "1.0.2",
		1743	"extsprintf": "^1.2.0"
1709	}	1744	}
1710	},	1745	},
1711	"webdav-server": {	1746	"webdav-server": {


diff --git a/package.json b/package.json index 0ec6b50..6cf0187 100644 --- a/package.json +++ b/package.json
@@ -33,12 +33,12 @@
33	"del": "^2.2.0",	33	"del": "^2.2.0",
34	"express": "^4.16.2",	34	"express": "^4.16.2",
35	"express-session": "^1.15.6",	35	"express-session": "^1.15.6",
		36	"ldapjs": "^1.0.2",
36	"mkdirp": "^0.5.1",	37	"mkdirp": "^0.5.1",
37	"morgan": "^1.9.0",	38	"morgan": "^1.9.0",
38	"multiparty": "^4.1.2",	39	"multiparty": "^4.1.2",
39	"passport": "^0.2.2",	40	"passport": "^0.2.2",
40	"passport-http-bearer": "^1.0.1",	41	"passport-http-bearer": "^1.0.1",
41	"passport-ldapjs": "^1.0.3",
42	"readline-sync": "^1.4.9",	42	"readline-sync": "^1.4.9",
43	"request": "^2.83.0",	43	"request": "^2.83.0",
44	"safetydance": "^0.1.1",	44	"safetydance": "^0.1.1",


diff --git a/src/auth.js b/src/auth.js index 67c2050..e148fb7 100644 --- a/src/auth.js +++ b/src/auth.js
@@ -7,13 +7,22 @@ var passport = require('passport'),
7	bcrypt = require('bcryptjs'),	7	bcrypt = require('bcryptjs'),
8	uuid = require('uuid/v4'),	8	uuid = require('uuid/v4'),
9	BearerStrategy = require('passport-http-bearer').Strategy,	9	BearerStrategy = require('passport-http-bearer').Strategy,
10	LdapStrategy = require('passport-ldapjs').Strategy,	10	ldapjs = require('ldapjs'),
11	HttpError = require('connect-lastmile').HttpError,	11	HttpError = require('connect-lastmile').HttpError,
12	HttpSuccess = require('connect-lastmile').HttpSuccess,	12	HttpSuccess = require('connect-lastmile').HttpSuccess,
13	webdavErrors = require('webdav-server').v2.Errors;	13	webdavErrors = require('webdav-server').v2.Errors;
14		14
		15	const LDAP_URL = process.env.LDAP_URL;
		16	const LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
15	const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE \|\| './.users.json');	17	const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE \|\| './.users.json');
16	const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE \|\| './.tokens.json');	18	const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE \|\| './.tokens.json');
		19	const AUTH_METHOD = (LDAP_URL && LDAP_USERS_BASE_DN) ? 'ldap' : 'local';
		20
		21	if (AUTH_METHOD === 'ldap') {
		22	console.log('Use ldap auth');
		23	} else {
		24	console.log(`Use local auth file ${LOCAL_AUTH_FILE}`);
		25	}
17		26
18	var tokenStore = {	27	var tokenStore = {
19	data: {},	28	data: {},
@@ -68,54 +77,62 @@ passport.deserializeUser(function (id, done) {
68	done(null, { uid: id });	77	done(null, { uid: id });
69	});	78	});
70		79
71	var LDAP_URL = process.env.LDAP_URL;	80	function verifyUser(username, password, callback) {
72	var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;	81	if (AUTH_METHOD === 'ldap') {
		82	var ldapClient = ldapjs.createClient({ url: process.env.LDAP_URL });
		83	ldapClient.on('error', function (error) {
		84	console.error('LDAP error', error);
		85	});
73		86
74	if (LDAP_URL && LDAP_USERS_BASE_DN) {	87	ldapClient.bind(process.env.LDAP_BIND_DN, process.env.LDAP_BIND_PASSWORD, function (error) {
75	console.log('Using ldap auth');	88	if (error) return callback(error);
76		89
77	exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];	90	var filter = `(\|(uid=${username})(mail=${username})(username=${username})(sAMAccountName=${username}))`;
78	} else {	91	ldapClient.search(process.env.LDAP_USERS_BASE_DN, { filter: filter }, function (error, result) {
79	console.log(`Using local user file: ${LOCAL_AUTH_FILE}`);	92	if (error) return callback(error);
80		93
81	exports.login = [	94	var items = [];
82	function (req, res, next) {
83	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
84	if (!users) return res.send(401);
85	if (!users[req.body.username]) return res.send(401);
86		95
87	bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {	96	result.on('searchEntry', function(entry) { items.push(entry.object); });
88	if (error \|\| !valid) return res.send(401);	97	result.on('error', callback);
		98	result.on('end', function (result) {
		99	if (result.status !== 0 \|\| items.length === 0) return callback(error);
89		100
90	req.user = {	101	// pick the first found
91	username: req.body.username	102	var user = items[0];
92	};
93		103
94	next();	104	ldapClient.bind(user.dn, password, function (error) {
		105	if (error) return callback('Invalid credentials');
		106
		107	callback(null, { username: username });
		108	});
		109	});
95	});	110	});
96	},	111	});
97	issueAccessToken()	112	} else {
98	];	113	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
		114	if (!users \|\| !users[username]) return callback('Invalid credentials');
		115
		116	bcrypt.compare(password, users[username].passwordHash, function (error, valid) {
		117	if (error \|\| !valid) return callback('Invalid credentials');
		118
		119	callback(null, { username: username });
		120	});
		121	}
99	}	122	}
100		123
101	var opts = {	124	exports.login = [
102	server: {	125	function (req, res, next) {
103	url: LDAP_URL,	126	verifyUser(req.body.username, req.body.password, function (error, user) {
104	},	127	if (error) return next(new HttpError(401, 'Invalid credentials'));
105	base: LDAP_USERS_BASE_DN,
106	search: {
107	filter: '(\|(username={{username}})(mail={{username}}))',
108	attributes: ['displayname', 'username', 'mail', 'uid'],
109	scope: 'sub'
110	},
111	uidTag: 'cn',
112	usernameField: 'username',
113	passwordField: 'password',
114	};
115		128
116	passport.use(new LdapStrategy(opts, function (profile, done) {	129	req.user = user;
117	done(null, profile);	130
118	}));	131	next();
		132	});
		133	},
		134	issueAccessToken()
		135	];
119		136
120	exports.verify = passport.authenticate('bearer', { session: false });	137	exports.verify = passport.authenticate('bearer', { session: false });
121		138
@@ -162,18 +179,14 @@ WebdavUserManager.prototype.getDefaultUser = function (callback) {
162	};	179	};
163		180
164	WebdavUserManager.prototype.getUserByNamePassword = function (username, password, callback) {	181	WebdavUserManager.prototype.getUserByNamePassword = function (username, password, callback) {
165	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));	182	verifyUser(username, password, function (error, user) {
166	if (!users) return callback(webdavErrors.UserNotFound);	183	if (error) return callback(webdavErrors.UserNotFound);
167	if (!users[username]) return callback(webdavErrors.UserNotFound);
168
169	bcrypt.compare(password, users[username].passwordHash, function (error, valid) {
170	if (error \|\| !valid) return callback(webdavErrors.UserNotFound);
171		184
172	callback(null, {	185	callback(null, {
173	username: username,	186	username: user.username,
174	isAdministrator: true,	187	isAdministrator: true,
175	isDefaultUser: false,	188	isDefaultUser: false,
176	uid: username	189	uid: user.username
177	});	190	});
178	});	191	});
179	};	192	};