richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
552 Commits
3 Branches
121 Tags
48 MiB
Tree: e0b788501d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e0b788501d'
${ noResults }
wiki/server/controllers/auth.js

118 lines
4.0 KiB
Raw Normal View History

Standard JS code conversion + fixes
8 years ago
refactor: migrate to PostgreSQL + Sequelize
7 years ago
chore: removed global eslint references
7 years ago
LDAP authentication
8 years ago
Standard JS code conversion + fixes
8 years ago
refactor: migrate to PostgreSQL + Sequelize
7 years ago
Standard JS code conversion + fixes
8 years ago
Base server logic
8 years ago
refactor: migrate to PostgreSQL + Sequelize
7 years ago
Standard JS code conversion + fixes
8 years ago
refactor: migrate to PostgreSQL + Sequelize
7 years ago
Standard JS code conversion + fixes
8 years ago
Base server logic
8 years ago
Standard JS code conversion + fixes
8 years ago
Base server logic
8 years ago
Standard JS code conversion + fixes
8 years ago
LDAP authentication
8 years ago
Standard JS code conversion + fixes
8 years ago
LDAP authentication
8 years ago
Standard JS code conversion + fixes
8 years ago
LDAP authentication
8 years ago
Standard JS code conversion + fixes
8 years ago
Local authentication
8 years ago
Standard JS code conversion + fixes
8 years ago
Refactored install + handle long code lines + fuse skip ace
7 years ago
LDAP authentication
8 years ago
refactor: migrate to PostgreSQL + Sequelize
7 years ago
LDAP authentication
8 years ago
refactor: migrate to PostgreSQL + Sequelize
7 years ago
LDAP authentication
8 years ago
Standard JS code conversion + fixes
8 years ago
Base server logic
8 years ago
Added Social Authentication + fixed Agent Cron
8 years ago
Standard JS code conversion + fixes
8 years ago
Added GitHub and Slack authentication integrations
8 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Added Social Authentication + fixed Agent Cron
8 years ago
Standard JS code conversion + fixes
8 years ago
Added GitHub and Slack authentication integrations
8 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Added Social Authentication + fixed Agent Cron
8 years ago
Base server logic
8 years ago
Standard JS code conversion + fixes
8 years ago
Base server logic
8 years ago
Standard JS code conversion + fixes
8 years ago
  1. 'use strict'
  3. /* global wiki */
  5. const Promise = require('bluebird')
  6. const express = require('express')
  7. const router = express.Router()
  8. const passport = require('passport')
  9. const ExpressBrute = require('express-brute')
  10. const ExpressBruteRedisStore = require('express-brute-redis')
  11. const moment = require('moment')
  13. /**
  14. * Setup Express-Brute
  15. */
  16. const EBstore = new ExpressBruteRedisStore({
  17. client: wiki.redis
  18. })
  19. const bruteforce = new ExpressBrute(EBstore, {
  20. freeRetries: 5,
  21. minWait: 60 * 1000,
  22. maxWait: 5 * 60 * 1000,
  23. refreshTimeoutOnRequest: false,
  24. failCallback (req, res, next, nextValidRequestDate) {
  25. req.flash('alert', {
  26. class: 'error',
  27. title: wiki.lang.t('auth:errors.toomanyattempts'),
  28. message: wiki.lang.t('auth:errors.toomanyattemptsmsg', { time: moment(nextValidRequestDate).fromNow() }),
  29. iconClass: 'fa-times'
  30. })
  31. res.redirect('/login')
  32. }
  33. })
  35. /**
  36. * Login form
  37. */
  38. router.get('/login', function (req, res, next) {
  39. res.render('auth/login', {
  40. usr: res.locals.usr
  41. })
  42. })
  44. router.post('/login', bruteforce.prevent, function (req, res, next) {
  45. new Promise((resolve, reject) => {
  46. // [1] LOCAL AUTHENTICATION
  47. passport.authenticate('local', function (err, user, info) {
  48. if (err) { return reject(err) }
  49. if (!user) { return reject(new Error('INVALID_LOGIN')) }
  50. resolve(user)
  51. })(req, res, next)
  52. }).catch({ message: 'INVALID_LOGIN' }, err => {
  53. if (appconfig.auth.ldap && appconfig.auth.ldap.enabled) {
  54. // [2] LDAP AUTHENTICATION
  55. return new Promise((resolve, reject) => {
  56. passport.authenticate('ldapauth', function (err, user, info) {
  57. if (err) { return reject(err) }
  58. if (info && info.message) { return reject(new Error(info.message)) }
  59. if (!user) { return reject(new Error('INVALID_LOGIN')) }
  60. resolve(user)
  61. })(req, res, next)
  62. })
  63. } else {
  64. throw err
  65. }
  66. }).then((user) => {
  67. // LOGIN SUCCESS
  68. return req.logIn(user, function (err) {
  69. if (err) { return next(err) }
  70. req.brute.reset(function () {
  71. return res.redirect('/')
  72. })
  73. }) || true
  74. }).catch(err => {
  75. // LOGIN FAIL
  76. if (err.message === 'INVALID_LOGIN') {
  77. req.flash('alert', {
  78. title: wiki.lang.t('auth:errors.invalidlogin'),
  79. message: wiki.lang.t('auth:errors.invalidloginmsg')
  80. })
  81. return res.redirect('/login')
  82. } else {
  83. req.flash('alert', {
  84. title: wiki.lang.t('auth:errors.loginerror'),
  85. message: err.message
  86. })
  87. return res.redirect('/login')
  88. }
  89. })
  90. })
  92. /**
  93. * Social Login
  94. */
  96. router.get('/login/ms', passport.authenticate('windowslive', { scope: ['wl.signin', 'wl.basic', 'wl.emails'] }))
  97. router.get('/login/google', passport.authenticate('google', { scope: ['profile', 'email'] }))
  98. router.get('/login/facebook', passport.authenticate('facebook', { scope: ['public_profile', 'email'] }))
  99. router.get('/login/github', passport.authenticate('github', { scope: ['user:email'] }))
  100. router.get('/login/slack', passport.authenticate('slack', { scope: ['identity.basic', 'identity.email'] }))
  101. router.get('/login/azure', passport.authenticate('azure_ad_oauth2'))
  103. router.get('/login/ms/callback', passport.authenticate('windowslive', { failureRedirect: '/login', successRedirect: '/' }))
  104. router.get('/login/google/callback', passport.authenticate('google', { failureRedirect: '/login', successRedirect: '/' }))
  105. router.get('/login/facebook/callback', passport.authenticate('facebook', { failureRedirect: '/login', successRedirect: '/' }))
  106. router.get('/login/github/callback', passport.authenticate('github', { failureRedirect: '/login', successRedirect: '/' }))
  107. router.get('/login/slack/callback', passport.authenticate('slack', { failureRedirect: '/login', successRedirect: '/' }))
  108. router.get('/login/azure/callback', passport.authenticate('azure_ad_oauth2', { failureRedirect: '/login', successRedirect: '/' }))
  110. /**
  111. * Logout
  112. */
  113. router.get('/logout', function (req, res) {
  114. req.logout()
  115. res.redirect('/')
  116. })
  118. module.exports = router