rewrite superLogin for initial login, create base for other login types

2021-04-01 22:40:37 -07:00 · 2021-04-01 22:40:37 -07:00 · aa4192b6fe
parent 76f02de24e
commit aa4192b6fe
3 changed files with 120 additions and 62 deletions
--- a/libs/auth.js
+++ b/libs/auth.js
@ -247,39 +247,18 @@ module.exports = function(s,config,lang){
                    if(userSelected){
                        resp.$user = userSelected
                    }
-                    if(adminUsersSelected){
-                        resp.users = adminUsersSelected
-                    }
                }
                callback({
                    ip : ip,
                    $user: userSelected,
-                    users: adminUsersSelected,
                    config: chosenConfig,
-                    lang:lang
+                    lang: lang
                })
            }
-            var foundUser = function(){
-                if(params.users === true){
-                    s.knexQuery({
-                        action: "select",
-                        columns: "*",
-                        table: "Users",
-                        where: [
-                            ['details','NOT LIKE','%"sub"%'],
-                        ]
-                    },(err,r) => {
-                        adminUsersSelected = r
-                        success()
-                    })
-                }else{
-                    success()
-                }
-            }
            if(params.auth && Object.keys(s.superUsersApi).indexOf(params.auth) > -1){
                userFound = true
                userSelected = s.superUsersApi[params.auth].$user
-                foundUser()
+                success()
            }else{
                var superUserList = JSON.parse(fs.readFileSync(s.location.super))
                superUserList.forEach(function(superUser,n){
@ -300,7 +279,7 @@ module.exports = function(s,config,lang){
                    ){
                        userFound = true
                        userSelected = superUser
-                        foundUser()
+                        success()
                    }
                })
            }
--- a/libs/auth/utils.js
+++ b/libs/auth/utils.js
@ -0,0 +1,96 @@
+var fs = require('fs');
+module.exports = function(s,config,lang){
+    function basicLogin(username,password,page){
+
+    }
+    function adminLogin(username,password){
+        //use basic login
+    }
+    function superUserAuth(params){
+        const response = { ok: false }
+        if(!fs.existsSync(s.location.super)){
+            response.msg = lang.superAdminText
+        }else{
+            const authToken = params.auth
+            const username = params.mail
+            const password = params.pass
+            let userFound = false
+            let userSelected = false
+            try{
+                if(authToken && Object.keys(s.superUsersApi).indexOf(authToken) > -1){
+                    userFound = true
+                    userSelected = s.superUsersApi[authToken].$user
+                }else{
+                    var superUserList = JSON.parse(fs.readFileSync(s.location.super))
+                    superUserList.forEach(function(superUser,n){
+                        if(
+                            userFound === false &&
+                            (
+                                authToken && superUser.tokens && superUser.tokens[authToken] || //using API key (object)
+                                authToken && superUser.tokens && superUser.tokens.indexOf && superUser.tokens.indexOf(authToken) > -1 || //using API key (array)
+                                (
+                                    username && username.toLowerCase() === superUser.mail.toLowerCase() && //email matches
+                                    (
+                                        password === superUser.pass || //user give it already hashed
+                                        superUser.pass === s.createHash(password) || //hash and check it
+                                        superUser.pass.toLowerCase() === s.md5(password).toLowerCase() //check if still using md5
+                                    )
+                                )
+                            )
+                        ){
+                            userFound = true
+                            userSelected = superUser
+                        }
+                    })
+                }
+            }catch(err){
+                s.systemLog('The following error may mean your super.json is not formatted correctly.')
+                s.systemLog('You can reset it by replacing it with the super.sample.json file.')
+                console.error(`super.json error`)
+                console.error(err)
+            }
+            if(userFound){
+                response.ok = true
+                response.user = userSelected
+            }else{
+                response.msg = lang['Not Authorized']
+            }
+        }
+        return response
+    }
+    function superLogin(username,password){
+        return new Promise((resolve,reject) => {
+            const response = { ok: false }
+            const authResponse = superUserAuth({
+                mail: username,
+                pass: password,
+            })
+            if(authResponse.ok){
+                response.ok = true
+                response.user = authResponse.user
+            }else{
+                response.msg = lang['Not Authorized']
+            }
+            resolve(response)
+        })
+    }
+    function twoFactorLogin(user){
+        //use basic login first
+
+    }
+    function twoFactorLoginPart2(loginCode){
+
+    }
+    function ldapLogin(username,password){
+
+    }
+    return {
+        basicLogin: basicLogin,
+        adminLogin: adminLogin,
+        superUserAuth: superUserAuth,
+        superLogin: superLogin,
+        twoFactorLogin: twoFactorLogin,
+        twoFactorLoginPart2: twoFactorLoginPart2,
+        ldapLogin: ldapLogin,
+    }
+}
--- a/libs/webServerPaths.js
+++ b/libs/webServerPaths.js
@ -19,6 +19,14 @@ module.exports = function(s,config,lang,app,io){
    const {
        triggerEvent,
    } = require('./events/utils.js')(s,config,lang)
+    const {
+        basicLogin,
+        adminLogin,
+        superLogin,
+        twoFactorLogin,
+        twoFactorLoginPart2,
+        ldapLogin,
+    } = require('./auth/utils.js')(s,config,lang)
    if(config.productType === 'Pro'){
        var LdapAuth = require('ldapauth-fork');
    }
@ -160,7 +168,7 @@ module.exports = function(s,config,lang,app,io){
        s.checkCorrectPathEnding(config.webPaths.home)+':screen',
        s.checkCorrectPathEnding(config.webPaths.admin)+':screen',
        s.checkCorrectPathEnding(config.webPaths.super)+':screen',
-    ],function (req,res){
+    ],async function (req,res){
        var response = {ok: false};
        req.ip = s.getClientIp(req)
        var screenChooser = function(screen){
@ -573,46 +581,21 @@ module.exports = function(s,config,lang,app,io){
                        req.default()
                    }
                })
-            }else{
-                if(req.body.function === 'super'){
-                    if(!fs.existsSync(s.location.super)){
-                        res.end(lang.superAdminText)
-                        return
-                    }
-                    var ok = s.superAuth({
-                        mail: req.body.mail,
-                        pass: req.body.pass,
-                        users: true,
-                        md5: true
-                    },function(data){
-                        s.knexQuery({
-                            action: "select",
-                            columns: "*",
-                            table: "Logs",
-                            where: [
-                                ['ke','=','$'],
-                            ],
-                            orderBy: ['time','desc'],
-                            limit: 30
-                        },(err,r) => {
-                            if(!r){
-                                r=[]
-                            }
-                            data.Logs = r
-                            data.customAutoLoad = s.customAutoLoadTree
-                            data.currentVersion = s.currentVersion
-                            fs.readFile(s.location.config,'utf8',function(err,file){
-                                data.plainConfig = JSON.parse(file)
-                                renderPage(config.renderPaths.super,data)
-                            })
-                        })
+            }else if(req.body.function === 'super'){
+                const superLoginResponse = await superLogin(req.body.mail,req.body.pass);
+                if(superLoginResponse.ok){
+                    renderPage(config.renderPaths.super,{
+                        config: config,
+                        lang: lang,
+                        $user: superLoginResponse.user,
+                        customAutoLoad: s.customAutoLoadTree,
+                        currentVersion: s.currentVersion,
                    })
-                    if(ok === false){
-                        failedAuthentication(req.body.function)
-                    }
                }else{
-                    req.default()
+                    failedAuthentication(req.body.function)
                }
+            }else{
+                req.default()
            }
        }else{
            if(req.body.machineID&&req.body.factorAuthKey){