From 2d6b53c14a0f068afe9f69a7792cc0919fd2904b Mon Sep 17 00:00:00 2001 From: Mike Date: Tue, 24 Oct 2023 11:56:00 -0400 Subject: [PATCH] user.js add logon server --- bundle | 2 +- lib/user.js | 83 +++++++++++++++++++++++++---------------------- package-lock.json | 4 +-- 3 files changed, 48 insertions(+), 41 deletions(-) diff --git a/bundle b/bundle index 28d3ef3..454e685 100755 --- a/bundle +++ b/bundle @@ -314,7 +314,7 @@ if [ ! -d $dist/conf ]; then writehead "Setting up initial configs" mkdir -p $dist/conf cp sample_conf/config.json sample_conf/setup.json $dist/conf/ - cp -r sample_conf/emails $dist/emails + cp -r sample_conf/emails $dist/conf/emails cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 > $dist/conf/secret_key chmod 400 $dist/conf/secret_key fi diff --git a/lib/user.js b/lib/user.js index fb0cce9..7fb4872 100644 --- a/lib/user.js +++ b/lib/user.js @@ -70,96 +70,100 @@ module.exports = Class.create({ return username.toString().toLowerCase().replace(/\W+/g, ''); }, - api_create: function(args, callback) { + api_create: function (args, callback) { // create new user account var self = this; var user = args.params; var path = 'users/' + this.normalizeUsername(user.username); - + if (!this.config.get('free_accounts')) { return this.doError('user', "Only administrators can create new users.", callback); } - + if (!this.requireParams(user, { username: this.usernameMatch, email: /^\S+\@\S+$/, full_name: /\S/, password: /.+/ }, callback)) return; - + if (user.username.toString().match(this.usernameBlock)) { return this.doError('user', "Username is blocked: " + user.username, callback); } - + // first, make sure user doesn't already exist - this.storage.get(path, function(err, old_user) { + this.storage.get(path, function (err, old_user) { if (old_user) { return self.doError('user', "User already exists: " + user.username, callback); } - + // now we can create the user user.active = 1; user.created = user.modified = Tools.timeNow(true); - user.salt = Tools.generateUniqueID( 64, user.username ); - user.password = self.generatePasswordHash( user.password, user.salt ); - user.privileges = Tools.copyHash( self.config.get('default_privileges') || {} ); - + user.salt = Tools.generateUniqueID(64, user.username); + user.password = self.generatePasswordHash(user.password, user.salt); + user.privileges = Tools.copyHash(self.config.get('default_privileges') || {}); + args.user = user; - - self.fireHook('before_create', args, function(err) { + + self.fireHook('before_create', args, function (err) { if (err) { return self.doError('user', "Failed to create user: " + err, callback); } - + self.logDebug(6, "Creating user", user); - - self.storage.put( path, user, function(err, data) { + + self.storage.put(path, user, function (err, data) { if (err) { return self.doError('user', "Failed to create user: " + err, callback); } else { self.logDebug(6, "Successfully created user: " + user.username); - self.logTransaction('user_create', user.username, - self.getClientInfo(args, { user: Tools.copyHashRemoveKeys( user, { password: 1, salt: 1 } ) })); - + self.logTransaction('user_create', user.username, + self.getClientInfo(args, { user: Tools.copyHashRemoveKeys(user, { password: 1, salt: 1 }) })); + // add to master user list in the background if (self.config.get('sort_global_users')) { - self.storage.listInsertSorted( 'global/users', { username: user.username }, ['username', 1], function(err) { - if (err) self.logError( 1, "Failed to add user to master list: " + err ); - + self.storage.listInsertSorted('global/users', { username: user.username }, ['username', 1], function (err) { + if (err) self.logError(1, "Failed to add user to master list: " + err); + callback({ code: 0 }); - + // fire after hook in background self.fireHook('after_create', args); - } ); + }); } else { - self.storage.listUnshift( 'global/users', { username: user.username }, function(err) { - if (err) self.logError( 1, "Failed to add user to master list: " + err ); - + self.storage.listUnshift('global/users', { username: user.username }, function (err) { + if (err) self.logError(1, "Failed to add user to master list: " + err); + callback({ code: 0 }); - + // fire after hook in background self.fireHook('after_create', args); - } ); + }); } - + // send e-mail in background (no callback) args.user = user; args.self_url = self.server.WebServer.getSelfURL(args.request, '/'); - self.sendEmail( 'welcome_new_user', args ); - + self.sendEmail('welcome_new_user', args); + } // success - } ); // save user - } ); // hook before - } ); // check exists + }); // save user + }); // hook before + }); // check exists }, do_ad_auth: function (user, password, domain) { + const self = this; return new Promise((resolve, reject) => { let ad = new ActiveDirectory({ url: ('ldap://' + domain) }); ad.authenticate(user, password, (err, auth) => { - if (err || !auth) { resolve(false) } + if (err || !auth) { + self.logDebug(3, "LDAP login failed", err) + resolve(false) + } else { resolve(true) } }); }); @@ -208,8 +212,9 @@ module.exports = Class.create({ let isValidPassword = false; if (user.ext_auth) { // do AD auth - + var ad_domain = self.server.config.get('ad_domain') || 'corp.cronical.com'; + var ad_logon_server = self.server.config.get('ad_logon_server') || ad_domain var ad_user = params.username + '@' + ad_domain; // override default domain if username contains (e.g. user@domain.com) @@ -218,7 +223,7 @@ module.exports = Class.create({ ad_user = params.username } - isValidPassword = await self.do_ad_auth(ad_user, params.password, ad_domain); + isValidPassword = await self.do_ad_auth(ad_user, params.password, ad_logon_server); } @@ -248,6 +253,8 @@ module.exports = Class.create({ return self.doError('login', "Username or password incorrect.", callback); // deliberately vague }); + return; + } diff --git a/package-lock.json b/package-lock.json index 2946818..99a48aa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cronicle-edge", - "version": "1.7.3", + "version": "1.7.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "cronicle-edge", - "version": "1.7.3", + "version": "1.7.4", "license": "MIT", "dependencies": { "@iarna/toml": "^2.2.5",