wmantly/vpn-p2p
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ldap user

Browse Source
This commit is contained in:
William Mantly 2020-05-01 17:57:25 -04:00
parent 7d9ea08ec9
commit 607a5f33af
15 changed files with 349 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -82,3 +82,6 @@ Berksfile.lock
Policyfile.lock.json Policyfile.lock.json
ops/cookbooks/vendor ops/cookbooks/vendor
secrets.json
secrets.js

13
nodejs/app.js
View File

@ -3,11 +3,19 @@
const path = require('path'); const path = require('path');
const ejs = require('ejs') const ejs = require('ejs')
const express = require('express'); const express = require('express');
const middleware = require('./middleware/auth');
// Set up the express app. // Set up the express app.
const app = express(); const app = express();
// Allow the express app to be exported into other files.
module.exports = app;
// Build the conf object from the conf files.
app.conf = require('./conf/conf');
// Hold onto the auth middleware
const middleware = require('./middleware/auth');
// load the JSON parser middleware. Express will parse JSON into native objects // load the JSON parser middleware. Express will parse JSON into native objects
// for any request that has JSON in its content type. // for any request that has JSON in its content type.
app.use(express.json()); app.use(express.json());
@ -51,6 +59,3 @@ app.use(function(err, req, res, next) {
res.status(err.status || 500); res.status(err.status || 500);
res.json({name: err.name, message: err.message}); res.json({name: err.name, message: err.message});
}); });
// Allow the express app to be exported into other files.
module.exports = app;

13
nodejs/conf/base.js Normal file
View File

@ -0,0 +1,13 @@
'use strict';
module.exports = {
userModel: 'redis', // pam, redis, ldap
ldap: {
url: 'ldap://192.168.1.55:389',
bindDN: 'cn=ldapclient service,ou=people,dc=theta42,dc=com',
bindPassword: '__IN SRECREST FILE__',
searchBase: 'ou=people,dc=theta42,dc=com',
userFilter: '(objectClass=inetOrgPerson)',
userNameAttribute: 'uid'
}
};

32
nodejs/conf/conf.js Normal file
View File

@ -0,0 +1,32 @@
'use strict';
const extend = require('extend');
const environment = process.env.NODE_ENV || 'development';
function load(filePath, required){
try {
return require(filePath);
} catch(error){
if(error.name === 'SyntaxError'){
console.error(`Loading ${filePath} file failed!\n`, error);
process.exit(1);
} else if (error.code === 'MODULE_NOT_FOUND'){
console.warn(`No config file ${filePath} FOUND! This may cause issues...`);
if (required){
process.exit(1);
}
return {};
}else{
console.dir(`Unknown error in loading ${filePath} config file.\n`, error);
}
}
};
module.exports = extend(
true, // enable deep copy
load('./base', true),
load(`./${environment}`),
load('./secrets'),
{environment}
);

2
nodejs/middleware/auth.js
View File

@ -1,6 +1,6 @@
'use strict'; 'use strict';
const {Auth} = require('../models/auth_redis'); const {Auth} = require('../models/auth');
async function auth(req, res, next){ async function auth(req, res, next){
try{ try{

11
nodejs/models/auth_pam.js → nodejs/models/auth.js
View File

@ -1,7 +1,3 @@
const {promisify} = require('util');
const pam = require('authenticate-pam');
const authenticate = promisify(pam.authenticate);
const {User} = require('./user'); const {User} = require('./user');
const {Token, AuthToken} = require('./token'); const {Token, AuthToken} = require('./token');
@ -19,19 +15,16 @@ Auth.errors.login = function(){
Auth.login = async function(data){ Auth.login = async function(data){
try{ try{
let auth = await authenticate(data.username, data.password); let user = await User.login(data);
let user = await User.get(data);
let token = await AuthToken.add(user); let token = await AuthToken.add(user);
return {user, token} return {user, token}
}catch(error){ }catch(error){
if (error == 'Authentication failure'){
throw this.errors.login()
}
throw error; throw error;
} }
}; };
Auth.checkToken = async function(data){ Auth.checkToken = async function(data){
try{ try{
let token = await AuthToken.get(data); let token = await AuthToken.get(data);

55
nodejs/models/auth_red.js
View File

@ -1,55 +0,0 @@
const {promisify} = require('util');
const pam = require('authenticate-pam');
const authenticate = promisify(pam.authenticate);
const {User} = require('./user');
const {Token, AuthToken} = require('./token');
Auth = {}
Auth.errors = {}
Auth.errors.login = function(){
let error = new Error('PamLoginFailed');
error.name = 'PamLoginFailed';
error.message = `Invalid Credentials, login failed.`;
error.status = 401;
return error;
}
Auth.login = async function(data){
try{
let auth = await authenticate(data.username, data.password);
let user = await User.get(data);
let token = await AuthToken.add(user);
return {user, token}
}catch(error){
if (error == 'Authentication failure'){
throw this.errors.login()
}
throw error;
}
};
Auth.checkToken = async function(data){
try{
let token = await AuthToken.get(data);
if(token.is_valid){
return await User.get(token.created_by);
}
}catch(error){
throw this.errors.login();
}
};
Auth.logOut = async function(data){
try{
let token = await AuthToken.get(data);
await token.remove();
}catch(error){
throw error;
}
}
module.exports = {Auth, AuthToken};

62
nodejs/models/auth_redis.js
View File

@ -1,62 +0,0 @@
'use strict';
const bcrypt = require('bcrypt');
const saltRounds = 10;
const {User} = require('./user_redis');
const {Token, AuthToken} = require('./token');
var Auth = {}
Auth.errors = {}
Auth.errors.login = function(){
let error = new Error('ResisLoginFailed');
error.name = 'RedisLoginFailed';
error.message = `Invalid Credentials, login failed.`;
error.status = 401;
return error;
}
Auth.login = async function(data){
try{
let user = await User.get(data);
let auth = await bcrypt.compare(data.password, user.password);
if(auth){
let token = await AuthToken.add(user);
return {user, token}
}else{
throw this.errors.login();
}
}catch(error){
if (error == 'Authentication failure'){
throw this.errors.login()
}
throw error;
}
};
Auth.checkToken = async function(data){
try{
let token = await AuthToken.get(data);
if(token.is_valid){
return await User.get(token.created_by);
}
}catch(error){
throw this.errors.login();
}
};
Auth.logOut = async function(data){
try{
let token = await AuthToken.get(data);
await token.remove();
}catch(error){
throw error;
}
}
module.exports = {Auth, AuthToken};

7
nodejs/models/user.js Normal file
View File

@ -0,0 +1,7 @@
'use strict';
const conf = require('../app').conf;
const User = require(`./user_${conf.userModel}`)
module.exports = User;

235
nodejs/models/user_ldap.js Normal file
View File

@ -0,0 +1,235 @@
'use strict';
const { Client, Attribute, Change } = require('ldapts');
const {Token, InviteToken} = require('./token');
const conf = require('../app').conf.ldap;
const client = new Client({
url: conf.url,
});
const user_parse = function(data){
if(data[conf.userNameAttribute]){
data.username = data[conf.userNameAttribute]
delete data[conf.userNameAttribute];
}
if(data.uidNumber){
data.uid = data.uidNumber;
delete data.uidNumber;
}
return data;
}
var User = {}
User.backing = "LDAP";
User.keyMap = {
'username': {isRequired: true, type: 'string', min: 3, max: 500},
'password': {isRequired: true, type: 'string', min: 3, max: 500},
}
User.list = async function(){
try{
await client.bind(conf.bindDN, conf.bindPassword);
const res = await client.search(conf.searchBase, {
scope: 'sub',
filter: conf.userFilter,
});
await client.unbind();
return res.searchEntries.map(function(user){return user.uid});
}catch(error){
throw error;
}
};
User.listDetail = async function(){
try{
await client.bind(conf.bindDN, conf.bindPassword);
const res = await client.search(conf.searchBase, {
scope: 'sub',
filter: conf.userFilter,
});
await client.unbind();
let users = []
for(let user of res.searchEntries){
let obj = Object.create(this);
Object.assign(obj, user_parse(user));
users.push(obj)
}
return users;
}catch(error){
throw error;
}
};
User.get = async function(data){
try{
if(typeof data !== 'object'){
let username = data;
data = {};
data.username = username;
}
await client.bind(conf.bindDN, conf.bindPassword);
let filter = `(&${conf.userFilter}(${conf.userNameAttribute}=${data.username}))`;
const res = await client.search(conf.searchBase, {
scope: 'sub',
filter: filter,
});
await client.unbind();
let user = res.searchEntries[0]
if(user){
let obj = Object.create(this);
Object.assign(obj, user_parse(user));
return obj;
}else{
let error = new Error('UserNotFound');
error.name = 'UserNotFound';
error.message = `LDAP:${data.username} does not exists`;
error.status = 404;
throw error;
}
}catch(error){
throw error;
}
};
User.exists = async function(data){
// Return true or false if the requested entry exists ignoring error's.
try{
await this.get(data);
return true
}catch(error){
return false;
}
};
// User.add = async function(data) {
// try{
// data = objValidate.processKeys(this.keyMap, data);
// let systemUser = await linuxUser.addUser(data.username);
// await require('util').promisify(setTimeout)(500)
// let systemUserPassword = await linuxUser.setPassword(data.username, data.password);
// return this.get(data.username);
// }catch(error){
// if(error.message.includes('exists')){
// let error = new Error('UserNameUsed');
// error.name = 'UserNameUsed';
// error.message = `PAM:${data.username} already exists`;
// error.status = 409;
// throw error;
// }
// throw error;
// }
// };
// User.addByInvite = async function(data){
// try{
// let token = await InviteToken.get(data.token);
// if(!token.is_valid){
// let error = new Error('Token Invalid');
// error.name = 'Token Invalid';
// error.message = `Token is not valid or as allready been used. ${data.token}`;
// error.status = 401;
// throw error;
// }
// let user = await this.add(data);
// if(user){
// await token.consume({claimed_by: user.username});
// return user;
// }
// }catch(error){
// throw error;
// }
// };
// User.remove = async function(data){
// try{
// return await linuxUser.removeUser(this.username);
// }catch(error){
// throw error;
// }
// };
// User.setPassword = async function(data){
// try{
// await linuxUser.setPassword(this.username, data.password);
// return this;
// }catch(error){
// throw error;
// }
// };
User.invite = async function(){
try{
let token = await InviteToken.add({created_by: this.username});
return token;
}catch(error){
throw error;
}
};
User.login = async function(data){
try{
let user = await this.get(data.username);
await client.bind(user.dn, data.password);
await client.unbind();
return user;
}catch(error){
throw error;
}
};
module.exports = {User};
// (async function(){
// try{
// console.log(await User.list());
// console.log(await User.listDetail());
// console.log(await User.get('wmantly'))
// }catch(error){
// console.error(error)
// }
// })()

19
nodejs/models/user_pam.js
View File

@ -3,6 +3,9 @@
const linuxUser = require('linux-sys-user').promise(); const linuxUser = require('linux-sys-user').promise();
const objValidate = require('../utils/object_validate'); const objValidate = require('../utils/object_validate');
const {Token, InviteToken} = require('./token'); const {Token, InviteToken} = require('./token');
const {promisify} = require('util');
const pam = require('authenticate-pam');
const authenticate = promisify(pam.authenticate);
var User = {} var User = {}
@ -11,6 +14,8 @@ User.keyMap = {
'password': {isRequired: true, type: 'string', min: 3, max: 500}, 'password': {isRequired: true, type: 'string', min: 3, max: 500},
} }
User.backing = "PAM";
User.list = async function(){ User.list = async function(){
try{ try{
let users = await linuxUser.getUsers(); let users = await linuxUser.getUsers();
@ -139,4 +144,18 @@ User.invite = async function(){
} }
}; };
User.login = async function(data){
try{
let auth = await authenticate(data.username, data.password);
let user = await User.get(data);
return user;
}catch(error){
if (error == 'Authentication failure'){
throw this.errors.login()
}
throw error;
}
};
module.exports = {User}; module.exports = {User};

22
nodejs/models/user_redis.js
View File

@ -19,6 +19,9 @@ const User = require('../utils/redis_model')({
} }
}); });
User.backing = "redis";
User.add = async function(data) { User.add = async function(data) {
try{ try{
data['password'] = await bcrypt.hash(data['password'], saltRounds); data['password'] = await bcrypt.hash(data['password'], saltRounds);
@ -78,6 +81,25 @@ User.invite = async function(){
} }
}; };
User.login = async function(data){
try{
let user = await User.get(data);
let auth = await bcrypt.compare(data.password, user.password);
if(auth){
return user
}else{
throw this.errors.login();
}
}catch(error){
if (error == 'Authentication failure'){
throw this.errors.login()
}
throw error;
}
};
module.exports = {User}; module.exports = {User};

2
nodejs/package.json
View File

@ -13,6 +13,8 @@
}, },
"dependencies": { "dependencies": {
"authenticate-pam": "github:WeiAnAn/node-authenticate-pam", "authenticate-pam": "github:WeiAnAn/node-authenticate-pam",
"ldapts": "^2.2.1",
"extend": "^3.0.2",
"ejs": "^3.0.1", "ejs": "^3.0.1",
"express": "~4.16.1", "express": "~4.16.1",
"linux-sys-user": "^1.1.0", "linux-sys-user": "^1.1.0",

4
nodejs/routes/auth.js
View File

@ -1,8 +1,8 @@
'use strict'; 'use strict';
const router = require('express').Router(); const router = require('express').Router();
const {User} = require('../models/user_redis'); const {User} = require('../models/user');
const {Auth, AuthToken} = require('../models/auth_redis'); const {Auth, AuthToken} = require('../models/auth');
router.post('/login', async function(req, res, next){ router.post('/login', async function(req, res, next){

2
nodejs/routes/user.js
View File

@ -1,7 +1,7 @@
'use strict'; 'use strict';
const router = require('express').Router(); const router = require('express').Router();
const {User} = require('../models/user_redis'); const {User} = require('../models/user');
router.get('/', async function(req, res, next){ router.get('/', async function(req, res, next){
try{ try{