Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

authorization.js 6.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. // Original file created by Prof.Dr. Matthias Hopf
  2. /*
  3. * Authorization
  4. */
  5. var common, Users;
  6. const ldap = require ('./ldap_ohm'),
  7. crypto = require ('./crypto'),
  8. dbs = require ('./dbs');
  9. // deactivated is not used yet
  10. const serverVisibleSession = { user: true, name: true, type: true, mail: true, roles: true, gender: true, deactivated: true, host: true };
  11. const clientVisibleSession = { user: true, name: true, type: true, mail: true, roles: true, gender: true };
  12. // Return user role, query from found.mail
  13. function getUserRole(found) {
  14. var roles = "user";
  15. var mail = found.mail;
  16. if (!/\d/.test(mail)) {
  17. // Mail contains no number
  18. roles += ',"author"';
  19. }
  20. return ('{'+roles+'}');
  21. }
  22. // Fill in session object
  23. function fillSession (req, user, roles, cb) {
  24. if (req.session === undefined)
  25. next (common.genError (500, "Error"));
  26. // regenerate a new session-id with clean instance
  27. if (user !== undefined && roles !== undefined) {
  28. req.session.regenerate (function (err) {
  29. if (user !== undefined && ! err) {
  30. common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session);
  31. // console.info(req.session);
  32. if (user._id) {
  33. req.session.user = user._id;
  34. }
  35. req.session.roles = roles;
  36. console.info(req.session);
  37. }
  38. return cb (err);
  39. });
  40. } else {
  41. return cb ();
  42. }
  43. }
  44. // Save found user into DB, if not already exists
  45. function saveFoundToDB(found, cb) {
  46. // console.info(found);
  47. Users.findById(found.user)
  48. .exec(function(err, result){
  49. if (err) {
  50. console.error("Error: Users collection.");
  51. console.error(err);
  52. }
  53. // User doesn't exist
  54. if (found !== undefined && !result) {
  55. Users.create({
  56. _id: found.user,
  57. name: found.name,
  58. mail: found.mail,
  59. type: found.type,
  60. gender: found.gender,
  61. abos: '',
  62. bookmarks: '',
  63. roles: getUserRole(found),
  64. }, function(err, done) {
  65. if (err) {
  66. console.error("User creation: Failed");
  67. console.error(err);
  68. } else {
  69. console.info("User created: "+ found.user);
  70. }
  71. if (done == null) {
  72. console.error("Can not create user.");
  73. }
  74. return cb(err);
  75. });
  76. } else {
  77. return cb(err);
  78. }
  79. });
  80. }
  81. const authorization = {
  82. // Generate Error object suitible for throwing or next()ing
  83. genCheckAuthorized: function (group) {
  84. return function (req, res, next) {
  85. if (req.session === undefined || req.session.user === undefined ||
  86. req.session.roles === undefined)
  87. return next (common.genError (403, "Unauthorized"));
  88. if (req.session.roles[group] === undefined)
  89. return next (common.genError (403, "Unauthorized"));
  90. next ();
  91. }
  92. },
  93. // Login route: requires .user and .pwd params
  94. login: function (req, res, next) {
  95. var user = req.body.user || '';
  96. var pwd = req.body.pwd || '';
  97. // Helper: Return valid session Object
  98. function returnSession () {
  99. // Only export client visible parts of session object
  100. var copy = common.shallowCopy (req.session, clientVisibleSession);
  101. return res.json (copy);
  102. }
  103. // Helper: Return error
  104. function returnError () {
  105. fillSession (req, undefined, undefined, function (err) {
  106. next (common.genError (401, "Unauthorized"));
  107. });
  108. }
  109. // Check whether to just validate current session ID
  110. if (user === '' && pwd === '') {
  111. console.log ("auth revalidate: " + req.session._id);
  112. if (req.session.user === undefined)
  113. return returnError();
  114. return returnSession ();
  115. }
  116. // check local database, then ldap
  117. Users.findById (req.body.user) .exec (function (err, entry) {
  118. // If there is a local user AND it has a password associated, test against this, and only this
  119. if (entry != null && entry.pwd) {
  120. console.info(entry);
  121. if (crypto.checkLocalAuth (entry, req.body.pwd)) {
  122. return fillSession (req, entry, entry.roles, returnSession);
  123. }
  124. return returnError ();
  125. }
  126. // check ldap
  127. ldap.authorize (user.toLowerCase(), pwd, function (found) {
  128. //console.log ("ldap authorize " + user + " returns " + JSON.stringify (found));
  129. // No ldap entry either -> unauthorized
  130. if (found == null) {
  131. return returnError ();
  132. }
  133. // If there is an entry w/o password, use it for roles etc.
  134. if (entry) {
  135. if (! entry.name || entry.name === "")
  136. entry.name = found.name;
  137. if (! entry.mail || entry.mail === "")
  138. entry.mail = found.mail;
  139. if (! entry.type || entry.type === "")
  140. entry.type = found.type;
  141. if (! entry.orclgender || entry.orclgender === "")
  142. entry.orclgender = found.orclgender;
  143. return fillSession (req, entry, entry.roles.length > 0 ? entry.roles : {user:true}, returnSession);
  144. }
  145. // Otherwise create standard user entry
  146. saveFoundToDB(found, function() {
  147. return fillSession (req, found, {user:true}, returnSession);
  148. });
  149. });
  150. });
  151. },
  152. logout: function (req, res, next) {
  153. fillSession (req, undefined, undefined, function (err) {
  154. // Session delete, exists further in db
  155. req.session.destroy(function(err) {
  156. if (err) {
  157. console.error(err);
  158. }
  159. });
  160. // console.info(req.session);
  161. return res.json ({});
  162. });
  163. },
  164. init: function (_common) {
  165. common = _common;
  166. ldap.init (_common);
  167. Users = dbs.models.Users;
  168. },
  169. };
  170. module.exports = authorization;