diff --git a/defaults/config.js b/defaults/config.js index 1a342d1a..f97b0b33 100644 --- a/defaults/config.js +++ b/defaults/config.js @@ -86,6 +86,56 @@ module.exports = { // displayNetwork: true, + // + // LDAP authentication settings (only available if public=false) + // @type object + // @default {} + ldap: { + // + // Enable LDAP user authentication + // + // @type boolean + // @default false + // + enabled: false, + + // + // LDAP server URL + // + // @type string + // + //url: "ldaps://example.com", + + // + // LDAP bind user + // + // @type string + // + //adminDn: "cn=user,ou=binders,dc=example,dc=com", + + // + // LDAP bind password + // + // @type string + // + //adminPassword: "superS3cr3t", + + // + // LDAP search base + // + // @type string + // + //searchBase: "ou=accounts,dc=example,dc=com", + + // + // LDAP search filter + // + // @type string + // @default "(uid={{username}})" + // + searchFilter: "(uid={{username}})" + }, + // // Log settings // diff --git a/src/clientManager.js b/src/clientManager.js index 624dd9d7..29358a3a 100644 --- a/src/clientManager.js +++ b/src/clientManager.js @@ -10,11 +10,13 @@ function ClientManager() { this.clients = []; } -ClientManager.prototype.findClient = function(name) { +ClientManager.prototype.findClient = function(name, token) { for (var i in this.clients) { var client = this.clients[i]; if (client.name === name) { return client; + } else if (token && token === client.token ) { + return client; } } return false; diff --git a/src/command-line/start.js b/src/command-line/start.js index 676fccb1..b93a6e3b 100644 --- a/src/command-line/start.js +++ b/src/command-line/start.js @@ -20,7 +20,7 @@ program } else if (program.private) { mode = false; } - if (!mode && !users.length) { + if (!mode && !users.length && !config.ldap.enabled) { console.log(""); console.log("No users found!"); console.log("Create a new user with 'shout add '."); diff --git a/src/server.js b/src/server.js index 5beb6707..d307197c 100644 --- a/src/server.js +++ b/src/server.js @@ -6,6 +6,7 @@ var express = require("express"); var fs = require("fs"); var io = require("socket.io"); var Helper = require("./helper"); +var LdapAuth = require("ldapauth"); var config = {}; var sockets = null; @@ -130,6 +131,24 @@ function init(socket, client, token) { } } +function local_auth(client, user, password, callback) { + callback(bcrypt.compareSync(password || "", client.config.password)); +} + +function ldap_auth(client, user, password, callback) { + ldap = new LdapAuth(config.ldap); + ldap.authenticate(user, password, function(err, ldap_user){ + if (!err && !client) { + // we've authenticated, but having no client means we + // have a valid LDAP user that doesn't exist locally. + if (!manager.addUser(user, null)) { + console.log("Unable to create new user", user); + } + } + callback(!err); + }); +} + function auth(data) { var socket = this; if (config.public) { @@ -141,27 +160,34 @@ function auth(data) { }); init(socket, client); } else { - var success = false; - _.each(manager.clients, function(client) { - if (data.token) { - if (data.token === client.token) { - success = true; - } - } else if (client.config.user === data.user) { - if (bcrypt.compareSync(data.password || "", client.config.password)) { - success = true; - } - } - if (success) { - var token; - if (data.remember || data.token) { - token = client.token; + var client = manager.findClient(data.user, data.token); + var token; + var auth_func; + if (data.remember || data.token) { + token = client.token; + } + + if (client || config.ldap.enabled) { + auth_func = ldap_auth; + } else if (client) { + auth_func = local_auth; + } + + if (auth_func) { + auth_func(client, data.user, data.password, function(passed) { + if (passed) { + if (!client) { + //LDAP auth just created a user + manager.loadUser(data.user); + client = manager.findClient(data.user); + } + init(socket, client, token); + } else { + socket.emit("auth"); } - init(socket, client, token); - return false; - } - }); - if (!success) { + }); + } + else { socket.emit("auth"); } }