aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJohannes Zellner <johannes@cloudron.io>2017-02-09 13:02:41 +0100
committerJohannes Zellner <johannes@cloudron.io>2017-02-09 13:02:41 +0100
commit9b7a26fc3708ac42d7d29c4329adbde465d29220 (patch)
treedba380079611e9a9e89f0e6e869c94ec5aa57a97
parent0af9051c2e2497362c5c118886347c72283d6b88 (diff)
downloadSurfer-9b7a26fc3708ac42d7d29c4329adbde465d29220.tar.gz
Surfer-9b7a26fc3708ac42d7d29c4329adbde465d29220.tar.zst
Surfer-9b7a26fc3708ac42d7d29c4329adbde465d29220.zip
Send username/password in body and fix cli
Diffstat
-rw-r--r--cli/actions.js23
-rw-r--r--cli/config.js3
-rw-r--r--frontend/js/app.js2
-rw-r--r--src/auth.js6
4 files changed, 17 insertions, 17 deletions
diff --git a/cli/actions.js b/cli/actions.js
index a862b4b..45656a6 100644
--- a/cli/actions.js
+++ b/cli/actions.js
@@ -22,12 +22,12 @@ var API = '/api/files/';
22var gQuery = {}; 22var gQuery = {};
23 23
24function checkConfig() { 24function checkConfig() {
25 if (!config.server() || !config.username() || !config.password()) { 25 if (!config.server() || !config.accessToken()) {
26 console.log('You have run "login" first'); 26 console.log('You have run "login" first');
27 process.exit(1); 27 process.exit(1);
28 } 28 }
29 29
30 gQuery = { username: config.username(), password: config.password() }; 30 gQuery = { access_token: config.accessToken() };
31 31
32 console.error('Using server %s', config.server().cyan); 32 console.error('Using server %s', config.server().cyan);
33} 33}
@@ -65,7 +65,7 @@ function login(uri) {
65 var username = readlineSync.question('Username: '); 65 var username = readlineSync.question('Username: ');
66 var password = readlineSync.question('Password: ', { hideEchoBack: true, mask: '' }); 66 var password = readlineSync.question('Password: ', { hideEchoBack: true, mask: '' });
67 67
68 superagent.get(server + API + '/').query({ username: username, password: password }).end(function (error, result) { 68 superagent.post(server + '/api/login').send({ username: username, password: password }).end(function (error, result) {
69 if (error && error.code === 'ENOTFOUND') { 69 if (error && error.code === 'ENOTFOUND') {
70 console.log('Server %s not found.'.red, server.bold); 70 console.log('Server %s not found.'.red, server.bold);
71 process.exit(1); 71 process.exit(1);
@@ -74,18 +74,19 @@ function login(uri) {
74 console.log('Failed to connect to server %s'.red, server.bold, error.code); 74 console.log('Failed to connect to server %s'.red, server.bold, error.code);
75 process.exit(1); 75 process.exit(1);
76 } 76 }
77 if (result.status === 401) { 77 if (result.status !== 201) {
78 console.log('Login failed.'.red); 78 console.log('Login failed.\n'.red);
79 process.exit(1); 79 return login(uri);
80 } 80 }
81 81
82 config.set('server', server); 82 // TODO remove at some point, this is just to clear the previous old version values
83 config.set('username', username); 83 config.set('username', '');
84 config.set('password', '');
84 85
85 // TODO this is clearly bad and needs fixing 86 config.set('server', server);
86 config.set('password', password); 87 config.set('accessToken', result.body.accessToken);
87 88
88 gQuery = { username: username, password: password }; 89 gQuery = { access_token: result.body.accessToken };
89 90
90 console.log('Login successful'.green); 91 console.log('Login successful'.green);
91 }); 92 });
diff --git a/cli/config.js b/cli/config.js
index 68eae5f..bb5c4ad 100644
--- a/cli/config.js
+++ b/cli/config.js
@@ -16,8 +16,7 @@ exports = module.exports = {
16 16
17 // convenience 17 // convenience
18 server: function () { return get('server'); }, 18 server: function () { return get('server'); },
19 username: function () { return get('username'); }, 19 accessToken: function () { return get('accessToken'); }
20 password: function () { return get('password'); }
21}; 20};
22 21
23var HOME = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE; 22var HOME = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;
diff --git a/frontend/js/app.js b/frontend/js/app.js
index b07560a..de61dcf 100644
--- a/frontend/js/app.js
+++ b/frontend/js/app.js
@@ -27,7 +27,7 @@ function login(username, password) {
27 27
28 app.busy = true; 28 app.busy = true;
29 29
30 superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) { 30 superagent.post('/api/login').send({ username: username, password: password }).end(function (error, result) {
31 app.busy = false; 31 app.busy = false;
32 32
33 if (error) return console.error(error); 33 if (error) return console.error(error);
diff --git a/src/auth.js b/src/auth.js
index f49ca38..5f83cea 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
47 function (req, res, next) { 47 function (req, res, next) {
48 var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); 48 var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
49 if (!users) return res.send(401); 49 if (!users) return res.send(401);
50 if (!users[req.query.username]) return res.send(401); 50 if (!users[req.body.username]) return res.send(401);
51 51
52 bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { 52 bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
53 if (error || !valid) return res.send(401); 53 if (error || !valid) return res.send(401);
54 54
55 req.user = { 55 req.user = {
56 username: req.query.username 56 username: req.body.username
57 }; 57 };
58 58
59 next(); 59 next();
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 16:09:49 +0000