Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

authorization.js 4.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. // Original file created by Prof.Dr. Matthias Hopf
  2. /*
  3. * Authorization
  4. */
  5. var common, User;
  6. const ldap = require ('./ldap_ohm'),
  7. crypto = require ("../server/crypto");
  8. // deactivated is not used yet
  9. const serverVisibleSession = { user: true, name: true, type: true, mail: true, roles: true, deactivated: true, host: true };
  10. const clientVisibleSession = { user: true, name: true, type: true, mail: true, roles: true };
  11. // Fill in session object
  12. function fillSession (req, user, roles, cb) {
  13. if (req.session === undefined)
  14. next (common.genError (500, "Error"));
  15. req.session.regenerate (function (err) {
  16. if (user !== undefined && ! err) {
  17. common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session);
  18. if (user._id) {
  19. req.session.user = user._id;
  20. }
  21. req.session.roles = roles;
  22. }
  23. return cb (err);
  24. });
  25. }
  26. const authorization = {
  27. // Generate Error object suitible for throwing or next()ing
  28. genCheckAuthorized: function (group) {
  29. return function (req, res, next) {
  30. if (req.session === undefined || req.session.user === undefined ||
  31. req.session.roles === undefined)
  32. return next (common.genError (403, "Unauthorized"));
  33. if (req.session.roles[group] === undefined)
  34. return next (common.genError (403, "Unauthorized"));
  35. next ();
  36. }
  37. },
  38. // Login route: requires .user and .pwd params
  39. login: function (req, res, next) {
  40. var user = req.body.user || '';
  41. var pwd = req.body.pwd || '';
  42. // Helper: Return valid session Object
  43. function returnSession () {
  44. // Only export client visible parts of session object
  45. var copy = common.shallowCopy (req.session, clientVisibleSession);
  46. return res.json (copy);
  47. }
  48. // Helper: Return error
  49. function returnError () {
  50. fillSession (req, undefined, undefined, function (err) {
  51. next (common.genError (401, "Unauthorized"));
  52. });
  53. }
  54. // TODO Auth: validate session ID
  55. // Check whether to just validate current session ID
  56. if (user === '' && pwd === '') {
  57. console.log ("auth revalidate: " + req.session.user);
  58. if (req.session.user === undefined)
  59. return returnError();
  60. return returnSession ();
  61. }
  62. /*
  63. // check local database, then ldap
  64. User.findById (req.body.user) .exec (function (err, entry) {
  65. // If there is a local user AND it has a password associated, test against this, and only this
  66. if (entry != null && entry.pwd) {
  67. if (crypto.checkLocalAuth (entry, req.body.pwd)) {
  68. return fillSession (req, entry, common.arrayToHash(entry.roles), returnSession);
  69. }
  70. return returnError ();
  71. }
  72. // check ldap
  73. ldap.authorize (user.toLowerCase(), pwd, function (found) {
  74. console.log ("ldap authorize " + user + " returns " + JSON.stringify (found));
  75. // No ldap entry either -> unauthorized
  76. if (found == null) {
  77. return returnError ();
  78. }
  79. // If there is an entry w/o password, use it for roles etc.
  80. if (entry) {
  81. if (! entry.name || entry.name === "")
  82. entry.name = found.name;
  83. if (! entry.mail || entry.mail === "")
  84. entry.mail = found.mail;
  85. if (! entry.type || entry.type === "")
  86. entry.type = found.type;
  87. if (! entry.orclgender || entry.orclgender === "")
  88. entry.orclgender = found.orclgender;
  89. return fillSession (req, entry, entry.roles.length > 0 ? common.arrayToHash(entry.roles) : {user:true}, returnSession);
  90. }
  91. // Otherwise create standard user entry
  92. return fillSession (req, found, {user:true}, returnSession);
  93. });
  94. });*/
  95. },
  96. logout: function (req, res, next) {
  97. fillSession (req, undefined, undefined, function (err) {
  98. return res.json ({});
  99. });
  100. },
  101. init: function (_common) {
  102. common = _common;
  103. ldap.init (_common);
  104. //User = require('../database/user.model.js');;
  105. },
  106. };
  107. module.exports = authorization;