hopfma
/
om
Watch 4
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
134 Commits
2 Branches
Tree: 82f8e4bbde
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '82f8e4bbde'
${ noResults }
om/server/authorization.js

authorization.js 4.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 
  1. // Original file created by Prof.Dr. Matthias Hopf

  2. 

  3. /*

  4.  * Authorization

  5.  */

  6. var   common, User;

  7. const ldap   = require ('./ldap_ohm'),

  8.       crypto = require ("../server/crypto");

  9. 

  10. // deactivated is not used yet

  11. const serverVisibleSession = { user: true, name: true, type: true, mail: true, roles: true, deactivated: true, host: true };

  12. const clientVisibleSession = { user: true, name: true, type: true, mail: true, roles: true };

  13. 

  14. 

  15. // Fill in session object

  16. function fillSession (req, user, roles, cb) {

  17.     if (req.session === undefined)

  18.         next (common.genError (500, "Error"));

  19.     req.session.regenerate (function (err) {

  20.         if (user !== undefined && ! err) {

  21.             common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session);

  22.             if (user._id) {

  23.                 req.session.user = user._id;

  24.             }

  25.             req.session.roles = roles;

  26.         }

  27.         return cb (err);

  28.     });

  29. }

  30. 

  31. const authorization = {

  32.     // Generate Error object suitible for throwing or next()ing

  33.     genCheckAuthorized: function (group) {

  34.         return function (req, res, next) {

  35.             if (req.session === undefined || req.session.user === undefined ||

  36.                 req.session.roles === undefined)

  37.                 return next (common.genError (403, "Unauthorized"));

  38.             if (req.session.roles[group] === undefined)

  39.                 return next (common.genError (403, "Unauthorized"));

  40.             next ();

  41.         }

  42.     },

  43. 

  44.     // Login route: requires .user and .pwd params

  45.     login: function (req, res, next) {

  46.         var user = req.body.user || '';

  47.         var pwd = req.body.pwd || '';

  48. 

  49.         // Helper: Return valid session Object

  50.         function returnSession () {

  51.             // Only export client visible parts of session object

  52.             var copy = common.shallowCopy (req.session, clientVisibleSession);

  53.             return res.json (copy);

  54.         }

  55.         // Helper: Return error

  56.         function returnError () {

  57.             fillSession (req, undefined, undefined, function (err) {

  58.                 next (common.genError (401, "Unauthorized"));

  59.             });

  60.         }

  61. 

  62.         // TODO Auth: validate session ID

  63.         // Check whether to just validate current session ID

  64.         if (user === '' && pwd === '') {

  65.             console.log ("auth revalidate: " + req.session.user);

  66.             if (req.session.user === undefined)

  67.                 return returnError();

  68.             return returnSession ();

  69.         }

  70. /*

  71.         // check local database, then ldap

  72.         User.findById (req.body.user) .exec (function (err, entry) {

  73.             // If there is a local user AND it has a password associated, test against this, and only this

  74.             if (entry != null && entry.pwd) {

  75.                 if (crypto.checkLocalAuth (entry, req.body.pwd)) {

  76.                     return fillSession (req, entry, common.arrayToHash(entry.roles), returnSession);

  77.                 }

  78.                 return returnError ();

  79.             }

  80. 

  81.             // check ldap

  82.             ldap.authorize (user.toLowerCase(), pwd, function (found) {

  83.                 console.log ("ldap authorize " + user + " returns " + JSON.stringify (found));

  84.                 // No ldap entry either -> unauthorized

  85.                 if (found == null) {

  86.                     return returnError ();

  87.                 }

  88.                 // If there is an entry w/o password, use it for roles etc.

  89.                 if (entry) {

  90.                     if (! entry.name || entry.name === "")

  91.                         entry.name = found.name;

  92.                     if (! entry.mail || entry.mail === "")

  93.                         entry.mail = found.mail;

  94.                     if (! entry.type || entry.type === "")

  95.                         entry.type = found.type;

  96.                     if (! entry.orclgender || entry.orclgender === "")

  97.                         entry.orclgender = found.orclgender;

  98.                     return fillSession (req, entry, entry.roles.length > 0 ? common.arrayToHash(entry.roles) : {user:true}, returnSession);

  99.                 }

  100.                 // Otherwise create standard user entry

  101.                 return fillSession (req, found, {user:true}, returnSession);

  102.             });

  103.         });*/

  104.     },

  105.     logout: function (req, res, next) {

  106.         fillSession (req, undefined, undefined, function (err) {

  107.             return res.json ({});

  108.         });

  109.     },

  110.     init: function (_common) {

  111.         common = _common;

  112.         ldap.init (_common);

  113.         //User = require('../database/user.model.js');;

  114.     },

  115. };

  116. 

  117. 

  118. module.exports = authorization;