hopfma
/
om
Watch 4
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

User creation on login (server-seitig)

master
Erik Römmelt 5 years ago
parent
a6dd34cf81
commit
85bca37a8c
6 changed files with 117 additions and 65 deletions
Unified View Show Diff Stats
  1. 6
    3
      mong.js
  2. 2
    2
      mong_usr.js
  3. 33
    7
      public/routes/auth.js
  4. 2
    2
      server.js
  5. 51
    7
      server/authorization.js
  6. 23
    44
      server/dbs.js

+ 6
- 3
mong.js View File

var db = db.getSiblingDB('omdb'); var db = db.getSiblingDB('omdb');


// Delete all collections + all records
db.messages.deleteMany({});
db.tags.deleteMany({});
db.users.deleteMany({});
db.sessions.deleteMany({});

// Insert data in collections // Insert data in collections
load('mong_msg.js'); load('mong_msg.js');
load('mong_tag.js'); load('mong_tag.js');
load('mong_usr.js'); load('mong_usr.js');


// Delete all collections + all records
//db.messages.drop(); db.tags.drop(); db.user.drop(); db.sessions.drop()

// Print all collections + records count // Print all collections + records count
var collections = db.getCollectionNames(); var collections = db.getCollectionNames();
print('Collections inside the db:'); print('Collections inside the db:');

+ 2
- 2
mong_usr.js View File

db.users.insert([ db.users.insert([
// author,OHMNEWS2019 // author,OHMNEWS2019
{"_id":"author","name":"Test Author","type":"author","roles":["user","author"],"hash":"sha256","salt":"cy5CkPrplcEze6o4psURhw==","pwd":"Gc8ozlxjEGITkS+fW9tz2xLROzws44s04EOCWuP04qE=","tags":["wichtig","th"],"bookmarks":["th"],},
{"_id":"author","name":"Test Author","type":"author","roles":["user","author"],"hash":"sha256","salt":"cy5CkPrplcEze6o4psURhw==","pwd":"Gc8ozlxjEGITkS+fW9tz2xLROzws44s04EOCWuP04qE=","abos":["wichtig","th"],"bookmarks":["th"],},
// admin,oZuse1 // admin,oZuse1
{"_id":"admin","name":"Test Admin","type":"admin","roles":["user","author","admin"],"hash":"sha256","salt":"PoIUHbDp7tP34ji31iQ0zw==","pwd":"mJpIfIksYs6LJJwYRBemFKqR6TacsSl2E0ZtpO1GMuk=","tags":["wichtig","th"],"bookmarks":["wichtig"],},
{"_id":"admin","name":"Test Admin","type":"admin","roles":["user","author","admin"],"hash":"sha256","salt":"PoIUHbDp7tP34ji31iQ0zw==","pwd":"mJpIfIksYs6LJJwYRBemFKqR6TacsSl2E0ZtpO1GMuk=","abos":["wichtig","th"],"bookmarks":["wichtig"],},
]) ])


db.users.insert({"name":"mustermannmax", "roles":["user"],"abos":[],"bookmarks":[]}) db.users.insert({"name":"mustermannmax", "roles":["user"],"abos":[],"bookmarks":[]})

+ 33
- 7
public/routes/auth.js View File

auth.mail = ''; // Full mail address auth.mail = ''; // Full mail address
auth.roles = {}; // Role authorizations e.g. {user: true} auth.roles = {}; // Role authorizations e.g. {user: true}
auth.gender = ''; // Gender (e.g. Frau) auth.gender = ''; // Gender (e.g. Frau)
auth.bookmarks = []; // Ids of bookmarks
auth.abos = []; // Abos
auth.abos = []; // Followed tags
auth.bookmarks = []; // Ids of bookmarks
} }
clearAuthState(); clearAuthState();


} }
} }


function updateUserInDB() {
$.ajax({
url: "api/usr",
data: {
abos: JSON.stringify(auth.abos),
bookmarks: JSON.stringify(auth.bookmarks),
mail: auth.mail,
name: auth.name,
_id: auth.user,
roles: JSON.stringify(auth.roles),
type: auth.type,
},
method: "POST"
}).done(successful_save).fail(failed_save);

function successful_save(res) {
console.info("User-save: Successful.");
console.info(res);
}

function failed_save(err) {
console.info("User-save: Failed.");
console.error(err);
}
}

// Login component: Login panel (if not logged in) or Logout element (if logged in) // Login component: Login panel (if not logged in) or Logout element (if logged in)
Vue.component('login-panel', { Vue.component('login-panel', {
template: ` template: `
</div>`, </div>`,
data: function () { data: function () {
return { return {
auth: auth,
user: '', user: '',
pwd: '', pwd: '',
error: false, error: false,
}; };
}, },
// TODO: Check if enough for session cookie re-login; checkbox // TODO: Check if enough for session cookie re-login; checkbox
// Doesn't work
// mounted: function() { // mounted: function() {
// this.checkData(); // this.checkData();
// }, // },


function successful_login(resData) { function successful_login(resData) {
fillAuthState(resData); fillAuthState(resData);
updateUserInDB();
console.info("Correct credentials"); console.info("Correct credentials");
this.closeLoginPanel; this.closeLoginPanel;




function failed_login(err) { function failed_login(err) {
console.info("Wrong credentials"); console.info("Wrong credentials");
this.showError=true;
this.error=true;
this.showLoginPanel; this.showLoginPanel;


console.log("error: " + err.responseText); console.log("error: " + err.responseText);


function failed_login(err) { function failed_login(err) {
console.info("Re-Auth: Wrong credentials"); console.info("Re-Auth: Wrong credentials");
this.showError=true;
this.error=true;
this.showLoginPanel; this.showLoginPanel;


console.log("error: " + err.responseText);
console.log(err); console.log(err);
} }
}, },
clearAuthState(); clearAuthState();
$.ajax({ url: "api/logout", method: "POST" }); $.ajax({ url: "api/logout", method: "POST" });
this.closeLoginPanel; this.closeLoginPanel;
}
},
}, },
}); });

+ 2
- 2
server.js View File

app.set('trust proxy', 1) // trust first proxy, neccessary for cookie secure: true flag app.set('trust proxy', 1) // trust first proxy, neccessary for cookie secure: true flag
app.use(session({ app.use(session({
secret: 'ahhgylhuvh', // caesar(3) 2 letter surname secret: 'ahhgylhuvh', // caesar(3) 2 letter surname
resave: false,
saveUninitialized: false,
saveUninitialized: false, // don't create session until something stored
resave: false, //don't save session if unmodified
cookie: { cookie: {
maxAge: 30 * 24 * 3600 * 1000, // TODO: ttl for session as well (Store) maxAge: 30 * 24 * 3600 * 1000, // TODO: ttl for session as well (Store)
secure: true, // true for https only (since our app works only with https) secure: true, // true for https only (since our app works only with https)

+ 51
- 7
server/authorization.js View File

function fillSession (req, user, roles, cb) { function fillSession (req, user, roles, cb) {
if (req.session === undefined) if (req.session === undefined)
next (common.genError (500, "Error")); next (common.genError (500, "Error"));
// regenerate a new session-id with clean instance
req.session.regenerate (function (err) { req.session.regenerate (function (err) {
if (user !== undefined && ! err) { if (user !== undefined && ! err) {
common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session); common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session);
console.info(req.session);
if (user._id) { if (user._id) {
req.session.user = user._id; req.session.user = user._id;
} }
req.session.roles = roles; req.session.roles = roles;
} else if (user === undefined && roles === undefined) {
// User logged out
req.session.destroy(function(err) {
if (err) {
console.error(err);
}
});
} }
return cb (err); return cb (err);
}); });
} }


// Save found user into DB, if not already exists
function saveFoundToDB(found) {
console.info(found);
Users.findById(found.user)
.exec(function(err, result){
if (err) {
console.error("Error: Users collection.");
console.error(err);
}
// User doesn't exist
if (found !== undefined && !result) {
Users.create({
_id: found.user,
name: found.name,
mail: found.mail,
type: found.type,
abos: '',
bookmarks: '',
roles: '',
}, function(err, done) {
if (err) {
console.error("User creation: Failed");
console.error(err);
} else {
console.info("New User created!");
}
if (done == null) {
console.error("Can not create user.");
}
});
}
});
}

const authorization = { const authorization = {
// Generate Error object suitible for throwing or next()ing // Generate Error object suitible for throwing or next()ing
genCheckAuthorized: function (group) { genCheckAuthorized: function (group) {


// Check whether to just validate current session ID // Check whether to just validate current session ID
if (user === '' && pwd === '') { if (user === '' && pwd === '') {
console.log ("auth revalidate: " + req.session.user);
console.log ("auth revalidate: " + req.session._id);
if (req.session.user === undefined) if (req.session.user === undefined)
return returnError(); return returnError();
return returnSession (); return returnSession ();
// check local database, then ldap // check local database, then ldap
Users.findById (req.body.user) .exec (function (err, entry) { Users.findById (req.body.user) .exec (function (err, entry) {
// If there is a local user AND it has a password associated, test against this, and only this // If there is a local user AND it has a password associated, test against this, and only this
if (entry != null && entry.pwd) {
if (crypto.checkLocalAuth (entry, req.body.pwd)) {
return fillSession (req, entry, common.arrayToHash(entry.roles), returnSession);
}
return returnError ();
}
// if (entry != null && entry.pwd) {
// if (crypto.checkLocalAuth (entry, req.body.pwd)) {
// return fillSession (req, entry, common.arrayToHash(entry.roles), returnSession);
// }
// return returnError ();
// }


// check ldap // check ldap
ldap.authorize (user.toLowerCase(), pwd, function (found) { ldap.authorize (user.toLowerCase(), pwd, function (found) {
return fillSession (req, entry, entry.roles.length > 0 ? common.arrayToHash(entry.roles) : {user:true}, returnSession); return fillSession (req, entry, entry.roles.length > 0 ? common.arrayToHash(entry.roles) : {user:true}, returnSession);
} }
// Otherwise create standard user entry // Otherwise create standard user entry
saveFoundToDB(found);
return fillSession (req, found, {user:true}, returnSession); return fillSession (req, found, {user:true}, returnSession);
}); });
}); });

+ 23
- 44
server/dbs.js View File

* -> User schema * -> User schema
* Create a new user * Create a new user
*/ */
post: function (req, res) {
post: function(req, res) {
// console.info(req.body);
model.Users.create({ model.Users.create({
_id: req.body.id,
_id: req.body._id,
name: req.body.name, name: req.body.name,
mail: req.body.mail,
type: req.body.type, type: req.body.type,
roles: req.body.roles,
hash: req.body.hash,
salt: req.body.salt,
pwd: req.body.pwd,
abos: req.body.abos, abos: req.body.abos,
bookmarks: req.body.bookmarks, bookmarks: req.body.bookmarks,
}, function (err, result) {
roles: req.body.roles,
}, function(err, result) {
if (err) { if (err) {
console.log(err); console.log(err);
return res.status(401).json(err.message); return res.status(401).json(err.message);
} else { } else {
res.json({
message: "User created!!"
});
res.json({message: "User created!", user: req.body});
} }
if (result == null) { if (result == null) {
return res.status(500).json("Can not create user.") return res.status(500).json("Can not create user.")
model.Tags._list = [""]; model.Tags._list = [""];


var userSchema = common.mongoose.Schema({ var userSchema = common.mongoose.Schema({
/*_id: {
type: String
},*/
name: {
type: String,
required: true,
_comment: ""
},
pwd: {
type: String,
_comment: ""
},
hash: {
type: String
},
salt: {
type: String
},
type: {
type: String
},
roles: {
type: [String],
required: true,
_comment: ""
},
abos: {
type: [String],
_comment: ""
},
_id: { type: String, required: true },
name: { type: String,
_comment: "" },
mail: { type: String },
type: { type: String },
pwd: { type: String,
_comment: "" },
hash: { type: String },
salt: { type: String },
abos: { type: [String],
_comment: "" },
//deactivated: { type: Boolean }, //deactivated: { type: Boolean },
//host: { type: Boolean }, //host: { type: Boolean },
bookmarks: {
type: [String],
_comment: ""
},
bookmarks: { type: [String],
_comment: "" },
sessionid: { type: String },
roles: { type: [String], required: true,
_comment: "" },
}); });
model.Users = common.mongoose.model('users', userSchema); model.Users = common.mongoose.model('users', userSchema);
model.Users._list = [""]; model.Users._list = [""];

Write Preview
Loading…
Cancel
Save