ldap authentication works

nodejs/authentication/index.js

@@ -1,49 +1,76 @@
 module.exports = function(config) {
 
-  authentication = function (username, password, success, fail) {
+  var authentication;
+  
+  if (config) {
     
-    if (config) {
+    authentication = function (username, password, success, fail) {
+
+      console.log("...try: ", username);
       const crypto = require('crypto');
       if (config.passwords && config.passwords[username]) {
+        console.log("...check hash");
         if (crypto.getHashes().indexOf(config.passwords[username][0])>=0) {
           if (crypto.createHash(config.passwords[username][0]).update(password, 'utf8').digest('hex') === config.passwords[username][1]) {
-            success();
+            success(username);
             return;
           } else {
-            fail();
+            fail(username);
             return;
           }
         } else {
           console.log("**** HASH NOT FOUND ****");
           console.log(config.passwords[username][0]);
           console.log(crypto.getHashes());
-          fail();
+          fail(username);
           return;
         }
       }
       if (config.ldap) try {
+        console.log("...check ldap");
         var LdapAuth = require('ldapauth');
         var auth = new LdapAuth(config.ldap);
-        auth.authenticate(username, password, function(err, usr) {
-          auth.close(function(err) {})
-          if (err) {
-            console.log("**** ERROR: LDAP Authentication failed:", err);
-            fail();
-            return;
+        auth.once('connect', function () {
+          try {
+            auth.authenticate(username, password, function(err, usr) {
+              auth.close(function(err) {})
+              if (err) {
+                console.log("**** ERROR: LDAP Authentication failed:", err);
+                fail(username);
+                return;
+              }
+              console.log("**** SUCCESS: LDAP Authentication:");
+              success(username);
+              return;
+            });
+          } catch (e) {
+            console.log("**** Error: LDAP failed: ", e, e.stack);
+            fail(username);
           }
-          console.log("**** SUCCESS: LDAP Authentication:");
-          success();
-          return;
+          return; // need to block here!
         });
-        return; // need to block here!
       } catch (e) {
         console.log("**** Error: LDAP failed: ", e, e.stack);
-        fail();
+        fail(username);
         return;
       }
+      if (config.unrestricted)
+        success(username);
+      else
+        fail(username);
+      return;
     }
-    fail();
-    return;
+
+  } else {
+
+    authentication = function (username, password, success, fail) {
+      console.log('**** Error: no access configuraion. To allow any user, add:')
+      console.log('            "restrict": {');
+      console.log('              "unrestricted": true');
+      console.log('            }');
+      fail(username);
+    }
+
   }
 
   return authentication;

nodejs/etc/servicedock.json

@@ -1,20 +1,15 @@
 {
-    "port": 8888,
-    "restrict": {
-        "passwords": {
-            "marc": ["sha256", "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"],
-            "foo": ["sha256", "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"]
-        },
-        "ldap": {
-            "tlsOptions": {
-                "requestCert": false,
-                "rejectUnauthorized": false
-            },
-            "url": "ldap://dev.marc.waeckerlin.org",
-            "adminDn": "cn=tmp,ou=system,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
-            "adminPassword": "dGg7benUnZ9z",
-            "searchBase": "ou=person,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
-            "searchFilter": "(uid={{username}})"
-        }
+  "port": 8888,
+  "restrict": {
+    "passwords": {
+      "foo": ["sha256", "fcde2b2edxx56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"]
+    },
+    "ldap": {
+      "url": "ldap://dev.marc.waeckerlin.org",
+      "adminDn": "cn=tmp,ou=system,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
+      "adminPassword": "secret",
+      "searchBase": "ou=person,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
+      "searchFilter": "(uid={{username}})"
     }
+  }
 }

nodejs/package.json.in

@@ -9,7 +9,8 @@
     "socket.io": "~1.4.4",
     "pty.js": "~0.3.0",
     "async": "~1.5.2",
-    "socketio-auth": "0.0.5"
+    "socketio-auth": "0.0.5",
+    "ldapauth": "git+https://github.com/DimensionSoftware/node-ldapauth.git"
   },
   "description": "@DESCRIPTION@",
   "main": "@PACKAGE_NAME@.js",

nodejs/servicedock.js

@@ -19,8 +19,8 @@ try {
   var package = require(__dirname+'/package.json');
   var config = require(package.path.config);
   var docker = require(__dirname+'/docker')(app);
-  //var authentication = require(__dirname+'/authentication')(config.restrict);
-  var sockets = require(__dirname+'/sockets')(io);
+  var authentication = require(__dirname+'/authentication')(config.restrict);
+  var sockets = require(__dirname+'/sockets')(io, authentication);
 
   // Configuration
   process.argv.forEach(function(val, index) {

nodejs/sockets/index.js

@@ -1,4 +1,4 @@
-module.exports = function(io) {
+module.exports = function(io, authentication) {
 
   var pty = require('pty.js');
   var proc = require('child_process');
@@ -287,10 +287,9 @@ module.exports = function(io) {
       //get credentials sent by the client
       var username = data.username;
       var password = data.password;
-      if (username=="hello")
-        return callback(null, "world" == password);
-      else
-        return callback(new Error("wrong credentials"));
+      authentication(data.username, data.password,
+                     function() {console.log("####LOGIN-SUCESS####");callback(null, true)},
+                     function() {console.log("####LOGIN-FAIL####");callback(new Error("wrong credentials"))});
     },
     postAuthenticate: connection,
     timeout: "none"