diff options
| author | Johannes Zellner <johannes@cloudron.io> | 2017-02-09 13:02:41 +0100 |
|---|---|---|
| committer | Johannes Zellner <johannes@cloudron.io> | 2017-02-09 13:02:41 +0100 |
| commit | 9b7a26fc3708ac42d7d29c4329adbde465d29220 (patch) | |
| tree | dba380079611e9a9e89f0e6e869c94ec5aa57a97 /src | |
| parent | 0af9051c2e2497362c5c118886347c72283d6b88 (diff) | |
| download | Surfer-9b7a26fc3708ac42d7d29c4329adbde465d29220.tar.gz Surfer-9b7a26fc3708ac42d7d29c4329adbde465d29220.tar.zst Surfer-9b7a26fc3708ac42d7d29c4329adbde465d29220.zip | |
Send username/password in body and fix cli
Diffstat (limited to 'src')
| -rw-r--r-- | src/auth.js | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/auth.js b/src/auth.js index f49ca38..5f83cea 100644 --- a/src/auth.js +++ b/src/auth.js | |||
| @@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) { | |||
| 47 | function (req, res, next) { | 47 | function (req, res, next) { |
| 48 | var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); | 48 | var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); |
| 49 | if (!users) return res.send(401); | 49 | if (!users) return res.send(401); |
| 50 | if (!users[req.query.username]) return res.send(401); | 50 | if (!users[req.body.username]) return res.send(401); |
| 51 | 51 | ||
| 52 | bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { | 52 | bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) { |
| 53 | if (error || !valid) return res.send(401); | 53 | if (error || !valid) return res.send(401); |
| 54 | 54 | ||
| 55 | req.user = { | 55 | req.user = { |
| 56 | username: req.query.username | 56 | username: req.body.username |
| 57 | }; | 57 | }; |
| 58 | 58 | ||
| 59 | next(); | 59 | next(); |