firt

nodejs/models/auth.js

@@ -0,0 +1,50 @@
+'use strict';
+
+const {User} = require('./user');
+const {Token, AuthToken} = require('./token');
+
+var Auth = {}
+Auth.errors = {}
+
+Auth.errors.login = function(){
+	let error = new Error('LDAPLoginFailed');
+	error.name = 'LDAPLoginFailed';
+	error.message = `Invalid Credentials, login failed.`;
+	error.status = 401;
+
+	return error;
+}
+
+Auth.login = async function(data){
+	try{
+		let user = await User.login(data);
+		let token = await AuthToken.add(user);
+
+		return {user, token}
+	}catch(error){
+		throw this.errors.login();
+	}
+};
+
+
+Auth.checkToken = async function(data){
+	try{
+		let token = await AuthToken.get(data);
+		if(token.is_valid){
+			return await User.get(token.created_by);
+		}
+	}catch(error){
+		throw this.errors.login();
+	}
+};
+
+Auth.logOut = async function(data){
+	try{
+		let token = await AuthToken.get(data);
+		await token.remove();
+	}catch(error){
+		throw error;
+	}
+}
+
+module.exports = {Auth, AuthToken};

nodejs/models/email.js

@@ -0,0 +1,32 @@
+'use strict';
+
+const sgMail = require('@sendgrid/mail');
+const mustache = require('mustache');
+const conf = require('../app').conf;
+
+sgMail.setApiKey(conf.SENDGRID_API_KEY);
+
+var Mail = {};
+
+Mail.send = async function(to, subject, message, from){
+	await sgMail.send({
+		to: to,
+		from: from || 'Theta 42 Accounts <accounts@no-reply.theta42.com>',
+		subject: subject,
+		text: message,
+		html: message,
+	});
+};
+
+
+Mail.sendTemplate = async function(to, template, context, from){
+	template = require(`../views/email_templates/${template}`);
+	await Mail.send(
+		to,
+		mustache.render(template.subject, context),
+		mustache.render(template.message, context),
+		from || (template.from && mustache.render(template.message, context))
+	)
+};
+
+module.exports = {Mail};

nodejs/models/group_ldap.js

@@ -0,0 +1,281 @@
+'use strict';
+
+const { Client, Attribute, Change } = require('ldapts');
+const conf = require('../app').conf.ldap;
+
+const client = new Client({
+	url: conf.url,
+});
+
+async function getGroups(client, member){
+	try{
+
+		let memberFilter = member ? `(member=${member})`: ''
+
+		let groups = (await client.search(conf.groupBase, {
+			scope: 'sub',
+			filter: `(&(objectClass=groupOfNames)${memberFilter})`,
+			attributes: ['*', 'createTimestamp', 'modifyTimestamp'],
+		})).searchEntries;
+
+		return groups.map(function(group){
+			if(!Array.isArray(group.member)) group.member = [group.member];
+			if(!Array.isArray(group.owner)) group.owner = [group.owner];
+			return group
+		});
+	}catch(error){
+		throw error;
+	}
+}
+
+async function addGroup(client, data){
+	try{
+
+		await client.add(`cn=${data.name},${conf.groupBase}`, {
+			cn: data.name,
+			member: data.owner,
+			description: data.description,
+			owner: data.owner,
+			objectclass: [ 'groupOfNames', 'top'  ]
+		});
+
+		return data;
+
+	}catch(error){
+		throw error;
+	}
+}
+
+async function addMember(client, group, user){
+	try{
+		await client.modify(group.dn, [
+			new Change({
+				operation: 'add',
+				modification: new Attribute({
+					type: 'member',
+					values: [user.dn] 
+				})
+			}),
+		]); 
+	}catch(error){
+		// if(error = "TypeOrValueExistsError"){
+		// 	console.error('addMember error skipped', error)
+		// 	return ;
+		// }
+		throw error;
+	}
+}
+
+async function removeMember(client, group, user){
+  try{
+	await client.modify(group.dn, [
+		new Change({
+			operation: 'delete',
+			modification: new Attribute({
+				type: 'member',
+				values: [user.dn] 
+			})}),
+		]); 
+	}catch(error){
+		if(error = "TypeOrValueExistsError")return ;
+		throw error;
+	}
+}
+
+async function addOwner(client, group, user){
+	try{
+		await client.modify(group.dn, [
+			new Change({
+				operation: 'add',
+				modification: new Attribute({
+					type: 'owner',
+					values: [user.dn] 
+				})
+			}),
+		]); 
+	}catch(error){
+		// if(error = "TypeOrValueExistsError"){
+		// 	console.error('addMember error skipped', error)
+		// 	return ;
+		// }
+		throw error;
+	}
+}
+
+async function removeOwner(client, group, user){
+  try{
+	await client.modify(group.dn, [
+		new Change({
+			operation: 'delete',
+			modification: new Attribute({
+				type: 'owner',
+				values: [user.dn] 
+			})}),
+		]); 
+	}catch(error){
+		if(error = "TypeOrValueExistsError")return ;
+		throw error;
+	}
+}
+
+var Group = {};
+
+Group.list = async function(member){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		let groups = await getGroups(client, member)
+
+		await client.unbind();
+
+		return groups.map(group => group.cn);
+	}catch(error){
+		throw error;
+	}
+}
+
+Group.listDetail = async function(member){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		let groups = await getGroups(client, member)
+
+		await client.unbind();
+
+
+		return groups;
+	}catch(error){
+		throw error;
+	}
+}
+
+Group.get = async function(data){
+	try{
+
+		if(typeof data !== 'object'){
+			let name = data;
+			data = {};
+			data.name = name;
+		}
+		
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		let group = (await client.search(conf.groupBase, {
+			scope: 'sub',
+			filter: `(&(objectClass=groupOfNames)(cn=${data.name}))`,
+			attributes: ['*', 'createTimestamp', 'modifyTimestamp'],
+		})).searchEntries[0];
+
+		await client.unbind();
+
+		if(!Array.isArray(group.member)) group.member = [group.member];
+		if(!Array.isArray(group.owner)) group.owner = [group.owner];
+
+		if(group){
+			let obj = Object.create(this);
+			Object.assign(obj, group);
+			
+			return obj;
+		}else{
+			let error = new Error('GroupNotFound');
+			error.name = 'GroupNotFound';
+			error.message = `LDAP:${data.cn} does not exists`;
+			error.status = 404;
+			throw error;
+		}
+	}catch(error){
+		throw error;
+	}
+}
+
+Group.add = async function(data){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await addGroup(client, data);
+
+		await client.unbind();
+
+		return this.get(data);
+
+	}catch(error){
+		throw error;
+	}
+}
+
+Group.addMember = async function(user){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await addMember(client, this, user);
+
+		await client.unbind();
+
+		return this;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+Group.removeMember = async function(user){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await removeMember(client, this, user);
+
+		await client.unbind();
+
+		return this;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+
+Group.addOwner = async function(user){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await addOwner(client, this, user);
+
+		await client.unbind();
+
+		return this;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+Group.removeOwner = async function(user){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await removeOwner(client, this, user);
+
+		await client.unbind();
+
+		return this;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+Group.remove = async function(){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await client.del(this.dn);
+
+		await client.unbind();
+
+		return true;
+	}catch(error){
+		throw error;
+	}
+}
+
+module.exports = {Group};

nodejs/models/token.js

@@ -0,0 +1,71 @@
+'use strict';
+
+const redis_model = require('../utils/redis_model')
+const UUID = function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)};
+
+
+const Token = function(data){
+	return redis_model({
+		_name: `token_${data.name}`,
+		_key: 'token',
+		_keyMap: Object.assign({}, {
+			'created_by': {isRequired: true, type: 'string', min: 3, max: 500},
+			'created_on': {default: function(){return (new Date).getTime()}},
+			'updated_on': {default: function(){return (new Date).getTime()}, always: true},
+			'token': {default: UUID, type: 'string', min: 36, max: 36},
+			'is_valid': {default: true, type: 'boolean'}
+		}, data.keyMap || {})
+	});
+};
+
+Token.check = async function(data){
+	try{
+		return this.is_valid;
+	}catch(error){
+		return false
+	}
+}
+
+var InviteToken = Object.create(Token({
+	name: 'invite',
+	keyMap:{
+		claimed_by: {default:"__NONE__", isRequired: false, type: 'string',},
+		mail: {default:"__NONE__", isRequired: false, type: 'string',},
+		mail_token: {default: UUID, type: 'string', min: 36, max: 36},
+	}
+}));
+
+InviteToken.consume = async function(data){
+	try{
+		if(this.is_valid){
+			data['is_valid'] = false;
+
+			await this.update(data);
+			return true;
+		}
+		return false;
+
+	}catch(error){
+		throw error;
+	}
+}
+
+var AuthToken = Object.create(Token({
+	name: 'auth',
+}));
+
+AuthToken.add = async function(data){
+	data.created_by = data.uid;
+	return AuthToken.__proto__.add(data);
+};
+
+var PasswordResetToken = Object.create(Token({
+	name: 'auth',
+}));
+
+PasswordResetToken.add = async function(data){
+	data.created_by = data.uid;
+	return PasswordResetToken.__proto__.add(data);
+};
+
+module.exports = {Token, InviteToken, AuthToken, PasswordResetToken};

nodejs/models/user.js

@@ -0,0 +1,7 @@
+'use strict';
+
+const conf = require('../app').conf;
+
+const User = require(`./user_${conf.userModel}`)
+
+module.exports = User;

nodejs/models/user_ldap.js

@@ -0,0 +1,448 @@
+'use strict';
+
+const { Client, Attribute, Change } = require('ldapts');
+const crypto = require('crypto');
+
+const {Mail} = require('./email');
+const {Token, InviteToken, PasswordResetToken} = require('./token');
+const conf = require('../app').conf.ldap;
+
+const client = new Client({
+  url: conf.url,
+});
+
+async function addPosixGroup(client, data){
+
+  try{
+	const groups = (await client.search(conf.groupBase, {
+	  scope: 'sub',
+	  filter: '(&(objectClass=posixGroup))',
+	})).searchEntries;
+
+	data.gidNumber = (Math.max(...groups.map(i => i.gidNumber))+1)+'';
+
+	await client.add(`cn=${data.cn},${conf.groupBase}`, {
+	  cn: data.cn,
+	  gidNumber: data.gidNumber,
+	  objectclass: [ 'posixGroup', 'top' ]
+	});
+
+	return data;
+
+  }catch(error){
+	throw error;
+  }
+}
+
+async function addPosixAccount(client, data){
+  try{
+	const people = (await client.search(conf.userBase, {
+		scope: 'sub',
+		filter: conf.userFilter,
+	})).searchEntries;
+
+	data.uidNumber = (Math.max(...people.map(i => i.uidNumber))+1)+'';
+
+	await client.add(`cn=${data.cn},${conf.userBase}`, {
+		cn: data.cn,
+		sn: data.sn,
+		uid: data.uid,
+		uidNumber: data.uidNumber,
+		gidNumber: data.gidNumber,
+		givenName: data.givenName,
+		mail: data.mail,
+		mobile: data.mobile,
+		loginShell: data.loginShell,
+		homeDirectory: data.homeDirectory,
+		userPassword: data.userPassword,
+		description: data.description || ' ', 
+		sudoHost: 'ALL',
+		sudoCommand: 'ALL',
+		sudoUser: data.uid,
+		sshPublicKey: data.sshPublicKey,
+		objectclass: ['inetOrgPerson', 'sudoRole', 'ldapPublicKey', 'posixAccount', 'top' ]
+	});
+
+	return data
+
+  }catch(error){
+	throw error;
+  }
+
+}
+
+async function addLdapUser(client, data){
+
+	var group;
+
+  try{
+	data.uid = `${data.givenName[0]}${data.sn}`.toLowerCase();
+	data.cn = data.uid;
+	data.loginShell = '/bin/bash';
+	data.homeDirectory= `/home/${data.uid}`;
+	data.userPassword = '{MD5}'+crypto.createHash('md5').update(data.userPassword, "binary").digest('base64');
+
+	group = await addPosixGroup(client, data);
+	data = await addPosixAccount(client, group);
+
+	return data;
+
+  }catch(error){
+  	await deleteLdapDN(client, `cn=${data.uid},${conf.groupBase}`, true);
+	throw error;
+  }
+}
+
+async function deleteLdapUser(client, data){
+	try{
+		await client.del(`cn=${data.cn},${conf.groupBase}`);
+		await client.del(data.dn);
+	}catch(error){
+		throw error;
+	}
+}
+
+async function deleteLdapDN(client, dn, ignoreError){
+	try{
+		client.del(dn)
+	}catch(error){
+		if(!ignoreError) throw error;
+		console.error('ERROR: deleteLdapDN', error)
+	}
+}
+
+const user_parse = function(data){
+	if(data[conf.userNameAttribute]){
+		data.username = data[conf.userNameAttribute]
+		data.userPassword = undefined;
+	}
+
+	return data;
+}
+
+var User = {}
+
+User.backing = "LDAP";
+
+User.list = async function(){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		const res = await client.search(conf.userBase, {
+		  scope: 'sub',
+		  filter: conf.userFilter,
+		  attributes: ['*', 'createTimestamp', 'modifyTimestamp'],
+		});
+
+		await client.unbind();
+
+		return res.searchEntries.map(function(user){return user.uid});
+	}catch(error){
+		throw error;
+	}
+};
+
+User.listDetail = async function(){
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		const res = await client.search(conf.userBase, {
+		  scope: 'sub',
+		  filter: conf.userFilter,
+		  attributes: ['*', 'createTimestamp', 'modifyTimestamp'],
+		});
+
+		await client.unbind();
+
+		let users = []
+
+		for(let user of res.searchEntries){
+			let obj = Object.create(this);
+			Object.assign(obj, user_parse(user));
+			
+			users.push(obj)
+
+		}
+
+		return users;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+User.get = async function(data, key){
+	try{
+		if(typeof data !== 'object'){
+			let uid = data;
+			data = {};
+			data.uid = uid;
+		}
+
+
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		data.searchKey = data.searchKey || key || conf.userNameAttribute;
+		data.searchValue = data.searchValue || data.uid;
+
+		let filter = `(&${conf.userFilter}(${data.searchKey}=${data.searchValue}))`;
+
+		const res = await client.search(conf.userBase, {
+			scope: 'sub',
+			filter: filter,
+			attributes: ['*', 'createTimestamp', 'modifyTimestamp'],
+		});
+
+		await client.unbind();
+
+		let user = res.searchEntries[0]
+
+		if(user){
+			let obj = Object.create(this);
+			Object.assign(obj, user_parse(user));
+			
+			return obj;
+		}else{
+			let error = new Error('UserNotFound');
+			error.name = 'UserNotFound';
+			error.message = `LDAP:${data.searchValue} does not exists`;
+			error.status = 404;
+			throw error;
+		}
+	}catch(error){
+		throw error;
+	}
+};
+
+User.exists = async function(data, key){
+	// Return true or false if the requested entry exists ignoring error's.
+	try{
+		await this.get(data, key);
+
+		return true
+	}catch(error){
+		return false;
+	}
+};
+
+User.add = async function(data) {
+	try{
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await addLdapUser(client, data);
+
+		await client.unbind();
+
+		let user = await this.get(data.uid);
+
+
+		await Mail.sendTemplate(
+			user.mail,
+			'welcome',
+			{
+				user: user
+			}
+		)
+
+		return user;
+
+	}catch(error){
+		if(error.message.includes('exists')){
+			let error = new Error('UserNameUsed');
+			error.name = 'UserNameUsed';
+			error.message = `LDAP:${data.uid} already exists`;
+			error.status = 409;
+
+			throw error;
+		}
+		throw error;
+	}
+};
+
+User.update = async function(data){
+	try{
+		let editableFeilds = ['mobile', 'sshPublicKey', 'description'];
+
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		for(let field of editableFeilds){
+			if(data[field]){
+				await client.modify(this.dn, [
+					new Change({
+						operation: 'replace',
+						modification: new Attribute({
+							type: field,
+							values: [data[field]] 
+						})
+					}),
+				]);
+			}
+		}
+
+		await client.unbind()
+
+		return this;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+User.addByInvite = async function(data){
+	try{
+		let token = await InviteToken.get(data.token);
+
+		if(!token.is_valid && data.mailToken !== token.mail_token){
+			let error = new Error('Token Invalid');
+			error.name = 'Token Invalid';
+			error.message = `Token is not valid or as allready been used. ${data.token}`;
+			error.status = 401;
+			throw error;
+		}
+
+		data.mail = token.mail;
+
+		let user = await this.add(data);
+
+		if(user){
+			await token.consume({claimed_by: user.uid});
+			return user;
+		}
+
+	}catch(error){
+		throw error;
+	}
+
+};
+
+User.verifyEmail = async function(data){
+	try{
+
+		let exists = await this.exists(data.mail, 'mail');
+
+		if(exists) throw new Error('EmailInUse');
+
+		let token = await InviteToken.get(data.token);
+		await token.update({mail: data.mail})
+
+		await Mail.sendTemplate(
+			data.mail,
+			'validate_link',
+			{
+				link:`${data.url}/login/invite/${token.token}/${token.mail_token}`
+			}
+		)
+
+		return this;
+	}catch(error){
+		throw error;
+	}
+};
+
+User.passwordReset = async function(url, mail){
+	try{
+
+		let user = await User.get({
+			searchKey: 'mail',
+			searchValue: mail
+		});
+
+		let token = await PasswordResetToken.add(user);
+
+		await Mail.sendTemplate(
+			user.mail,
+			'reset_link',
+			{
+				user: user,
+				link:`${url}/login/resetpassword/${token.token}`
+			}
+		)
+
+		return true;
+	}catch(error){
+		// if(error.name === 'UserNotFound') return false;
+		throw error;
+	}
+};
+
+
+User.remove = async function(data){
+	try{
+
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await deleteLdapUser(client, this);
+
+		await client.unbind();
+
+		return true;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+User.setPassword = async function(data){
+	try{
+
+		await client.bind(conf.bindDN, conf.bindPassword);
+
+		await client.modify(this.dn, [
+		  new Change({
+			operation: 'replace',
+			modification: new Attribute({
+			  type: 'userPassword',
+			  values: ['{MD5}'+crypto.createHash('md5').update(data.userPassword, "binary").digest('base64')] 
+			})}),
+		]); 
+
+		await client.unbind();
+
+		return this;
+	}catch(error){
+		throw error;
+	}
+};
+
+User.invite = async function(){
+	try{
+		let token = await InviteToken.add({created_by: this.uid});
+		
+		return token;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+User.login = async function(data){
+	try{
+		let user = await this.get(data.uid);
+
+		await client.bind(user.dn, data.password);
+
+		await client.unbind();
+
+		return user;
+
+	}catch(error){
+		throw error;
+	}
+};
+
+
+module.exports = {User};
+
+
+// (async function(){
+// try{
+// 	console.log(await User.list());
+
+// 	console.log(await User.listDetail());
+
+// 	console.log(await User.get('wmantly'))
+
+// }catch(error){
+// 	console.error(error)
+// }
+// })()