From e0582797f220a906293a0e8cbba2930df91dcb38 Mon Sep 17 00:00:00 2001 From: Avery Pennarun Date: Sun, 31 Dec 2017 12:32:50 +0000 Subject: [PATCH] Call authentication hooks before default basic authentication. This allows authenticators to do any extra session setup for a given user, even if their username/password happens to match settings.json. --- src/node/hooks/express/webaccess.js | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 190021a3e..e0b35831c 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -36,13 +36,16 @@ exports.basicAuth = function (req, res, next) { var userpass = new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString().split(":") var username = userpass.shift(); var password = userpass.join(':'); - - if (settings.users[username] != undefined && settings.users[username].password == password) { - settings.users[username].username = username; - req.session.user = settings.users[username]; - return cb(true); - } - return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(cb)); + var fallback = function(success) { + if (success) return cb(true); + if (settings.users[username] != undefined && settings.users[username].password == password) { + settings.users[username].username = username; + req.session.user = settings.users[username]; + return cb(true); + } + return cb(false); + }; + return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(fallback)); } hooks.aCallFirst("authenticate", {req: req, res:res, next:next}, hookResultMangle(cb)); }