diff --git a/libs/auth.js b/libs/auth.js index 1dbf7038..250c449c 100644 --- a/libs/auth.js +++ b/libs/auth.js @@ -247,39 +247,18 @@ module.exports = function(s,config,lang){ if(userSelected){ resp.$user = userSelected } - if(adminUsersSelected){ - resp.users = adminUsersSelected - } } callback({ ip : ip, $user: userSelected, - users: adminUsersSelected, config: chosenConfig, - lang:lang + lang: lang }) } - var foundUser = function(){ - if(params.users === true){ - s.knexQuery({ - action: "select", - columns: "*", - table: "Users", - where: [ - ['details','NOT LIKE','%"sub"%'], - ] - },(err,r) => { - adminUsersSelected = r - success() - }) - }else{ - success() - } - } if(params.auth && Object.keys(s.superUsersApi).indexOf(params.auth) > -1){ userFound = true userSelected = s.superUsersApi[params.auth].$user - foundUser() + success() }else{ var superUserList = JSON.parse(fs.readFileSync(s.location.super)) superUserList.forEach(function(superUser,n){ @@ -300,7 +279,7 @@ module.exports = function(s,config,lang){ ){ userFound = true userSelected = superUser - foundUser() + success() } }) } diff --git a/libs/auth/utils.js b/libs/auth/utils.js new file mode 100644 index 00000000..034af0e5 --- /dev/null +++ b/libs/auth/utils.js @@ -0,0 +1,96 @@ +var fs = require('fs'); +module.exports = function(s,config,lang){ + function basicLogin(username,password,page){ + + } + function adminLogin(username,password){ + //use basic login + } + function superUserAuth(params){ + const response = { ok: false } + if(!fs.existsSync(s.location.super)){ + response.msg = lang.superAdminText + }else{ + const authToken = params.auth + const username = params.mail + const password = params.pass + let userFound = false + let userSelected = false + try{ + if(authToken && Object.keys(s.superUsersApi).indexOf(authToken) > -1){ + userFound = true + userSelected = s.superUsersApi[authToken].$user + }else{ + var superUserList = JSON.parse(fs.readFileSync(s.location.super)) + superUserList.forEach(function(superUser,n){ + if( + userFound === false && + ( + authToken && superUser.tokens && superUser.tokens[authToken] || //using API key (object) + authToken && superUser.tokens && superUser.tokens.indexOf && superUser.tokens.indexOf(authToken) > -1 || //using API key (array) + ( + username && username.toLowerCase() === superUser.mail.toLowerCase() && //email matches + ( + password === superUser.pass || //user give it already hashed + superUser.pass === s.createHash(password) || //hash and check it + superUser.pass.toLowerCase() === s.md5(password).toLowerCase() //check if still using md5 + ) + ) + ) + ){ + userFound = true + userSelected = superUser + } + }) + } + }catch(err){ + s.systemLog('The following error may mean your super.json is not formatted correctly.') + s.systemLog('You can reset it by replacing it with the super.sample.json file.') + console.error(`super.json error`) + console.error(err) + } + if(userFound){ + response.ok = true + response.user = userSelected + }else{ + response.msg = lang['Not Authorized'] + } + } + return response + } + function superLogin(username,password){ + return new Promise((resolve,reject) => { + const response = { ok: false } + const authResponse = superUserAuth({ + mail: username, + pass: password, + }) + if(authResponse.ok){ + response.ok = true + response.user = authResponse.user + }else{ + response.msg = lang['Not Authorized'] + } + resolve(response) + }) + } + function twoFactorLogin(user){ + //use basic login first + + } + function twoFactorLoginPart2(loginCode){ + + } + function ldapLogin(username,password){ + + } + return { + basicLogin: basicLogin, + adminLogin: adminLogin, + superUserAuth: superUserAuth, + superLogin: superLogin, + twoFactorLogin: twoFactorLogin, + twoFactorLoginPart2: twoFactorLoginPart2, + ldapLogin: ldapLogin, + } +} diff --git a/libs/webServerPaths.js b/libs/webServerPaths.js index 123eebdc..f2f7bac2 100644 --- a/libs/webServerPaths.js +++ b/libs/webServerPaths.js @@ -19,6 +19,14 @@ module.exports = function(s,config,lang,app,io){ const { triggerEvent, } = require('./events/utils.js')(s,config,lang) + const { + basicLogin, + adminLogin, + superLogin, + twoFactorLogin, + twoFactorLoginPart2, + ldapLogin, + } = require('./auth/utils.js')(s,config,lang) if(config.productType === 'Pro'){ var LdapAuth = require('ldapauth-fork'); } @@ -160,7 +168,7 @@ module.exports = function(s,config,lang,app,io){ s.checkCorrectPathEnding(config.webPaths.home)+':screen', s.checkCorrectPathEnding(config.webPaths.admin)+':screen', s.checkCorrectPathEnding(config.webPaths.super)+':screen', - ],function (req,res){ + ],async function (req,res){ var response = {ok: false}; req.ip = s.getClientIp(req) var screenChooser = function(screen){ @@ -573,46 +581,21 @@ module.exports = function(s,config,lang,app,io){ req.default() } }) - }else{ - if(req.body.function === 'super'){ - if(!fs.existsSync(s.location.super)){ - res.end(lang.superAdminText) - return - } - var ok = s.superAuth({ - mail: req.body.mail, - pass: req.body.pass, - users: true, - md5: true - },function(data){ - s.knexQuery({ - action: "select", - columns: "*", - table: "Logs", - where: [ - ['ke','=','$'], - ], - orderBy: ['time','desc'], - limit: 30 - },(err,r) => { - if(!r){ - r=[] - } - data.Logs = r - data.customAutoLoad = s.customAutoLoadTree - data.currentVersion = s.currentVersion - fs.readFile(s.location.config,'utf8',function(err,file){ - data.plainConfig = JSON.parse(file) - renderPage(config.renderPaths.super,data) - }) - }) + }else if(req.body.function === 'super'){ + const superLoginResponse = await superLogin(req.body.mail,req.body.pass); + if(superLoginResponse.ok){ + renderPage(config.renderPaths.super,{ + config: config, + lang: lang, + $user: superLoginResponse.user, + customAutoLoad: s.customAutoLoadTree, + currentVersion: s.currentVersion, }) - if(ok === false){ - failedAuthentication(req.body.function) - } }else{ - req.default() + failedAuthentication(req.body.function) } + }else{ + req.default() } }else{ if(req.body.machineID&&req.body.factorAuthKey){