user.js add logon server

bundle

@@ -314,7 +314,7 @@ if [ ! -d $dist/conf ]; then
   writehead "Setting up initial configs"
   mkdir -p $dist/conf
   cp sample_conf/config.json sample_conf/setup.json $dist/conf/
-  cp -r sample_conf/emails $dist/emails
+  cp -r sample_conf/emails $dist/conf/emails
   cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 > $dist/conf/secret_key
   chmod 400 $dist/conf/secret_key
 fi

lib/user.js

@@ -70,96 +70,100 @@ module.exports = Class.create({
 		return username.toString().toLowerCase().replace(/\W+/g, '');
 	},
 
-	api_create: function(args, callback) {
+	api_create: function (args, callback) {
 		// create new user account
 		var self = this;
 		var user = args.params;
 		var path = 'users/' + this.normalizeUsername(user.username);
-		
+
 		if (!this.config.get('free_accounts')) {
 			return this.doError('user', "Only administrators can create new users.", callback);
 		}
-		
+
 		if (!this.requireParams(user, {
 			username: this.usernameMatch,
 			email: /^\S+\@\S+$/,
 			full_name: /\S/,
 			password: /.+/
 		}, callback)) return;
-		
+
 		if (user.username.toString().match(this.usernameBlock)) {
 			return this.doError('user', "Username is blocked: " + user.username, callback);
 		}
-		
+
 		// first, make sure user doesn't already exist
-		this.storage.get(path, function(err, old_user) {
+		this.storage.get(path, function (err, old_user) {
 			if (old_user) {
 				return self.doError('user', "User already exists: " + user.username, callback);
 			}
-			
+
 			// now we can create the user
 			user.active = 1;
 			user.created = user.modified = Tools.timeNow(true);
-			user.salt = Tools.generateUniqueID( 64, user.username );
-			user.password = self.generatePasswordHash( user.password, user.salt );
-			user.privileges = Tools.copyHash( self.config.get('default_privileges') || {} );
-			
+			user.salt = Tools.generateUniqueID(64, user.username);
+			user.password = self.generatePasswordHash(user.password, user.salt);
+			user.privileges = Tools.copyHash(self.config.get('default_privileges') || {});
+
 			args.user = user;
-			
-			self.fireHook('before_create', args, function(err) {
+
+			self.fireHook('before_create', args, function (err) {
 				if (err) {
 					return self.doError('user', "Failed to create user: " + err, callback);
 				}
-				
+
 				self.logDebug(6, "Creating user", user);
-				
-				self.storage.put( path, user, function(err, data) {
+
+				self.storage.put(path, user, function (err, data) {
 					if (err) {
 						return self.doError('user', "Failed to create user: " + err, callback);
 					}
 					else {
 						self.logDebug(6, "Successfully created user: " + user.username);
-						self.logTransaction('user_create', user.username, 
-							self.getClientInfo(args, { user: Tools.copyHashRemoveKeys( user, { password: 1, salt: 1 } ) }));
-						
+						self.logTransaction('user_create', user.username,
+							self.getClientInfo(args, { user: Tools.copyHashRemoveKeys(user, { password: 1, salt: 1 }) }));
+
 						// add to master user list in the background
 						if (self.config.get('sort_global_users')) {
-							self.storage.listInsertSorted( 'global/users', { username: user.username }, ['username', 1], function(err) {
-								if (err) self.logError( 1, "Failed to add user to master list: " + err );
-								
+							self.storage.listInsertSorted('global/users', { username: user.username }, ['username', 1], function (err) {
+								if (err) self.logError(1, "Failed to add user to master list: " + err);
+
 								callback({ code: 0 });
-								
+
 								// fire after hook in background
 								self.fireHook('after_create', args);
-							} );
+							});
 						}
 						else {
-							self.storage.listUnshift( 'global/users', { username: user.username }, function(err) {
-								if (err) self.logError( 1, "Failed to add user to master list: " + err );
-								
+							self.storage.listUnshift('global/users', { username: user.username }, function (err) {
+								if (err) self.logError(1, "Failed to add user to master list: " + err);
+
 								callback({ code: 0 });
-								
+
 								// fire after hook in background
 								self.fireHook('after_create', args);
-							} );
+							});
 						}
-						
+
 						// send e-mail in background (no callback)
 						args.user = user;
 						args.self_url = self.server.WebServer.getSelfURL(args.request, '/');
-						self.sendEmail( 'welcome_new_user', args );
-						
+						self.sendEmail('welcome_new_user', args);
+
 					} // success
-				} ); // save user
-			} ); // hook before
-		} ); // check exists
+				}); // save user
+			}); // hook before
+		}); // check exists
 	},
 
 	do_ad_auth: function (user, password, domain) {
+		const self = this;
 		return new Promise((resolve, reject) => {
 			let ad = new ActiveDirectory({ url: ('ldap://' + domain) });
 			ad.authenticate(user, password, (err, auth) => {
-				if (err || !auth) { resolve(false) }
+				if (err || !auth) {
+					self.logDebug(3, "LDAP login failed", err)
+					resolve(false)
+				}
 				else { resolve(true) }
 			});
 		});
@@ -208,8 +212,9 @@ module.exports = Class.create({
 		let isValidPassword = false;
 
 		if (user.ext_auth) { // do AD auth
-
+            
 			var ad_domain = self.server.config.get('ad_domain') || 'corp.cronical.com';
+			var ad_logon_server = self.server.config.get('ad_logon_server') || ad_domain
 			var ad_user = params.username + '@' + ad_domain;
 
 			// override default domain if username contains (e.g. [email protected])
@@ -218,7 +223,7 @@ module.exports = Class.create({
 				ad_user = params.username
 			}
 
-			isValidPassword = await self.do_ad_auth(ad_user, params.password, ad_domain);
+			isValidPassword = await self.do_ad_auth(ad_user, params.password, ad_logon_server);
 
 		}
 
@@ -248,6 +253,8 @@ module.exports = Class.create({
 				return self.doError('login', "Username or password incorrect.", callback); // deliberately vague
 			});
 
+			return;
+
 		}