Skip to content

Commit

Permalink
Merge pull request #141 from GeographicaGS/robertosolis/ch21088/confi…
Browse files Browse the repository at this point in the history
…gure-ldap-for-badajoz

Robertosolis/ch21088/configure ldap for badajoz
  • Loading branch information
Ignacio Domingo Martínez authored Feb 6, 2019
2 parents c4888c5 + b47a166 commit e73db8f
Show file tree
Hide file tree
Showing 3 changed files with 99 additions and 48 deletions.
143 changes: 96 additions & 47 deletions auth_graph/check.js
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
// Copyright 2017 Telefónica Digital España S.L.
//
//
// This file is part of UrboCore API.
//
//
// UrboCore API is free software: you can redistribute it and/or
// modify it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
//
// UrboCore API is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
// General Public License for more details.
//
//
// You should have received a copy of the GNU Affero General Public License
// along with UrboCore API. If not, see http://www.gnu.org/licenses/.
//
//
// For those usages not covered by this license please contact with
// iot_support at tid dot es

Expand All @@ -37,97 +37,147 @@ function invalidUserPassword() {
return error;
}

function invalidLdapUser() {
var error = new Error('Invalid Ldap user or password');
error.status = 401;
return error;
}

function createdbUserFromLdapUser(ldapuser, password, email, callback) {
var user = {};

try {
user.name = ldapuser.uid;
user.surname = ldapuser.uid || '';
user.password = 'urboldappassword';
user.nocipher = true;
user.email = email;
user.superadmin = false;
user.ldap = true;
user.scopes = ldapopts.defaultScopes;
var um = new usersmodel();
um.saveUser(user, function(err, id) {

var userid = id;
if (err)
return callback (new Error('Error importing user into DB'), null);

var resUser = {
id: userid,
name: user.name,
superadmin: false,
email: email,
ldap: true
}

return callback (null, resUser) ;

});
} catch (e) {
var error = new Error(util.format('Something went wrong importing user from LDAP: %s', e));
return callback(error, null);
}

}

function authLdapUser(password, email, callback) {
var auth = new LdapAuth(ldapopts);
var ldapusername = email.replace(/@.*$/,'');
auth.authenticate(ldapusername, password, function(err, user) {
if (err) {
return callback(user, null);
}
else {
return callback(null, user);
}
});
}

module.exports.password = function (req, res, next) {
var email = req.body.email;
var password = req.body.password;

// params validation
if (!email||!password) {
var error = new Error('Invalid parameters');
error.status = 422;
return next(error);
}


var m = new model();
m.getUserByEmail(email,function(err, data) {

// NO URBO USER
if (err || !data.rows.length) {
// User not in DB, trying out LDAP, if available
if (ldapopts) {
var auth = new LdapAuth(ldapopts);
auth.authenticate(email, password, function(err, user) {

if (err) {
return next(new Error(util.format('Cannot get user [%s] from DB nor LDAP',email)));
}
if (ldapopts && ldapopts.autoCreateUserByLdap === true && ldapopts.forceLdapAuthentication !== true) {


// If user, auto-add user to DB
try {
user.name = user.cn;
user.surname = user.sn || '';
user.password = password;
user.nocipher = true;
user.email = email;
user.superadmin = false;
user.ldap = true;
user.scopes = ldapopts.defaultScopes;
var um = new usersmodel();
um.saveUser(user, function(err, id) {
if (err)
return next(new Error('Error importing user into DB'));

res.user = {
id: id,
name: user.name,
superadmin: false,
email: email,
}
return next();
});
} catch (e) {
return next(new Error(util.format('Something went wrong importing user from LDAP: %s', e)))
authLdapUser(password, email, function(err, ldapuser) {
if (err) {
return next(invalidLdapUser());
}
return createdbUserFromLdapUser(ldapuser, password, email, function(err, resUser) {
if (err) {
return next(err);
}
res.user = resUser;
return next();
});

});


} else {
}
else {
return next(invalidUserPassword());
}

}

// URBO USER
if (data && data.rows && data.rows.length) {
var user = data.rows[0];

if (user.ldap && ldapopts) {
var auth = new LdapAuth(ldapopts);
auth.authenticate(email, password, function(err, ldapuser) {
// Check LDAP USER if necessary
if (user.ldap && ldapopts && ldapopts.forceLdapAuthentication === true) {
authLdapUser(password, email, function(err, ldapuser) {
if (err) {
return next(invalidUserPassword());
return next(invalidLdapUser());
}

var um = new usersmodel();
um.editHashedPassword(user.users_id, ldapuser.userPassword, function(err, done) {
um.editHashedPassword(user.users_id, password, function(err, done) {
user.id = user.users_id;
delete user.password;
delete user.users_id;
res.user = user;
return next();
});
});
}

if (!user.ldap && ldapopts && ldapopts.forceLdapAuthentication === true) {
return next(invalidUserPassword());
}

// Check PASSWORD
else if (user.password === password) {
user.id = user.users_id;
delete user.password;
delete user.users_id;
res.user = user;
return next();
}

else {
return next(invalidUserPassword());
}
}

});



}

function checkToken(req,res,next) {
Expand Down Expand Up @@ -227,7 +277,6 @@ function checkPublishedOrCheckToken(req, res, next) {
}

}).catch(function(err) {
log.error(err);
var error = new Error('Invalid token');
error.status = 403;
return next(error);
Expand Down Expand Up @@ -425,4 +474,4 @@ module.exports.checkNodesMiddleware = checkNodesMiddleware;
module.exports.checkNotifierToken = checkNotifierToken;
module.exports.checkCallback = checkCallback;

module.exports.invalidUserPassword = invalidUserPassword;
module.exports.invalidUserPassword = invalidUserPassword;
2 changes: 2 additions & 0 deletions config.sample.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ ldap:
searchFilter: "mail={{username}}"
defaultScopes:
- scope_name
autoCreateUserByLdap: false
forceLdapAuthtentication: false

dema:
orion:
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"js-yaml": "^3.5.3",
"json2csv": "^3.5.1",
"jwt-simple": "^0.5.0",
"ldapauth-fork": "^3.0.0",
"ldapauth-fork": "4.0.2",
"log4js": "^0.6.32",
"memory-cache": "0.1.6",
"merge-yaml": "1.0.0",
Expand Down

0 comments on commit e73db8f

Please sign in to comment.