Changed the authentication mechanism to support hooks
Egil Moeller
parent
7b39da2d69
commit
ecac40d062
|
|
@ -51,22 +51,23 @@
|
|||
Note: /admin always requires authentication. */
|
||||
"requireAuthentication": false,
|
||||
|
||||
/* Require authorization by a module, or a user with is_admin set,
|
||||
see below. Access to /admin allways requires either, regardless
|
||||
of this setting. */
|
||||
/* Require authorization by a module, or a user with is_admin set, see below. */
|
||||
"requireAuthorization": false,
|
||||
|
||||
/* Users for basic authentication. is_admin = true gives access to /admin */
|
||||
/* Users for basic authentication. is_admin = true gives access to /admin.
|
||||
If you do not uncomment this, /admin will not be available! */
|
||||
/*
|
||||
"users": {
|
||||
"admin": {
|
||||
"password": "changeme",
|
||||
"password": "changeme1",
|
||||
"is_admin": true
|
||||
},
|
||||
"user": {
|
||||
"password": "changeme",
|
||||
"password": "changeme1",
|
||||
"is_admin": false
|
||||
}
|
||||
},
|
||||
*/
|
||||
|
||||
/* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
|
||||
"loglevel": "INFO"
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ exports.expressCreateServer = function (hook_name, args, cb) {
|
|||
exports.socketio = function (hook_name, args, cb) {
|
||||
var io = args.io.of("/pluginfw/installer");
|
||||
io.on('connection', function (socket) {
|
||||
if (!socket.handshake.session.user.is_admin) return;
|
||||
if (!socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
|
||||
|
||||
socket.on("load", function (query) {
|
||||
socket.emit("installed-results", {results: plugins.plugins});
|
||||
|
|
|
|||
|
|
@ -8,7 +8,13 @@ var hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks');
|
|||
|
||||
//checks for basic http auth
|
||||
exports.basicAuth = function (req, res, next) {
|
||||
var authorize = function (cb) {
|
||||
var hookResultMangle = function (cb) {
|
||||
return function (err, data) {
|
||||
return cb(!err && data.length && data[0]);
|
||||
}
|
||||
}
|
||||
|
||||
var authorize = function (cb) {
|
||||
// Do not require auth for static paths...this could be a bit brittle
|
||||
if (req.path.match(/^\/(static|javascripts|pluginfw)/)) return cb(true);
|
||||
|
||||
|
|
@ -19,8 +25,7 @@ exports.basicAuth = function (req, res, next) {
|
|||
|
||||
if (req.session && req.session.user && req.session.user.is_admin) return cb(true);
|
||||
|
||||
// hooks.aCallFirst("authorize", {resource: req.path, req: req}, cb);
|
||||
cb(false);
|
||||
hooks.aCallFirst("authorize", {req: req, res:res, next:next, resource: req.path}, hookResultMangle(cb));
|
||||
}
|
||||
|
||||
var authenticate = function (cb) {
|
||||
|
|
@ -35,24 +40,28 @@ exports.basicAuth = function (req, res, next) {
|
|||
req.session.user = settings.users[username];
|
||||
return cb(true);
|
||||
}
|
||||
// return hooks.aCallFirst("authenticate", {req: req, username: username, password: password}, cb);
|
||||
return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(cb));
|
||||
}
|
||||
// hooks.aCallFirst("authenticate", {req: req}, cb);
|
||||
cb(false);
|
||||
hooks.aCallFirst("authenticate", {req: req, res:res, next:next}, hookResultMangle(cb));
|
||||
}
|
||||
|
||||
|
||||
/* Authentication OR authorization failed. */
|
||||
var failure = function () {
|
||||
/* Authentication OR authorization failed. Return Auth required
|
||||
* Headers, delayed for 1 second, if authentication failed. */
|
||||
res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
|
||||
if (req.headers.authorization) {
|
||||
setTimeout(function () {
|
||||
return hooks.aCallFirst("authFailure", {req: req, res:res, next:next}, hookResultMangle(function (ok) {
|
||||
if (ok) return;
|
||||
/* No plugin handler for invalid auth. Return Auth required
|
||||
* Headers, delayed for 1 second, if authentication failed
|
||||
* before. */
|
||||
res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
|
||||
if (req.headers.authorization) {
|
||||
setTimeout(function () {
|
||||
res.send('Authentication required', 401);
|
||||
}, 1000);
|
||||
} else {
|
||||
res.send('Authentication required', 401);
|
||||
}, 1000);
|
||||
} else {
|
||||
res.send('Authentication required', 401);
|
||||
}
|
||||
}
|
||||
}));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ var path = require('path');
|
|||
var plugins = require("ep_etherpad-lite/static/js/pluginfw/plugins");
|
||||
var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks");
|
||||
var npm = require("npm/lib/npm.js");
|
||||
var _ = require("underscore");
|
||||
|
||||
//try to get the git version
|
||||
var version = "";
|
||||
|
|
@ -88,11 +89,11 @@ async.waterfall([
|
|||
//let the server listen
|
||||
app.listen(settings.port, settings.ip);
|
||||
console.log("Server is listening at " + settings.ip + ":" + settings.port);
|
||||
if(settings.adminHttpAuth){
|
||||
if(!_.isEmpty(settings.users)){
|
||||
console.log("Plugin admin page listening at " + settings.ip + ":" + settings.port + "/admin/plugins");
|
||||
}
|
||||
else{
|
||||
console.log("Admin username and password not set in settings.json. To access admin please uncomment and edit adminHttpAuth in settings.json");
|
||||
console.log("Admin username and password not set in settings.json. To access admin please uncomment and edit 'users' in settings.json");
|
||||
}
|
||||
callback(null);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue