forked from auth0/ad-ldap-connector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathendpoints.js
124 lines (101 loc) · 3.83 KB
/
endpoints.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
var passport = require('passport');
var nconf = require('nconf');
var jwt = require('jsonwebtoken');
var wsfederationResponses = require('./lib/wsfederation-responses');
var Users = require('./lib/users');
var integrated_headers = ['x-forwarded-user', 'x-iisnode-logon_user'];
var kerberos_middleware;
exports.install = function (app) {
var validateAccessToken = function (req, res, next) {
if (!req.headers.authorization) return res.send(403);
var token = req.headers.authorization.replace('Bearer ', '');
jwt.verify(token, nconf.get('TENANT_SIGNING_KEY'), function (err) {
if (err) {
console.log('Validate Access Token Error', err);
return res.send(401);
}
next();
});
};
if (nconf.get('LDAP_URL')) {
var users = new Users();
app.get('/users', validateAccessToken, function (req, res) {
var options = {
limit: req.query.limit
};
users.list(req.query.criteria, options, function (err, users) {
if (err) return res.send(500);
res.json(users);
});
});
}
app.get('/test-iis', function (req, res) {
res.send(200, 'worked! your iis user is: ' + req.headers['x-iisnode-logon_user']);
});
app.get('/wsfed',
function (req, res, next) {
var strategies = nconf.get('LDAP_URL') ?
['IISIntegrated', 'ApacheKerberos', 'WindowsAuthentication'] :
['WindowsAuthentication'];
passport.authenticate(strategies, {
failureRedirect: req.url,
failureMessage: "The username or password you entered is incorrect.",
session: false
}, function (err, profile) {
if (err) return next(err);
if (!profile) return next();
req.session.user = profile;
next();
})(req, res, next);
}, function (req, res, next) {
var is_integrated = integrated_headers.some(function (h) {
return !!req.headers[h];
});
if (req.session.user && (req.query.wprompt !== 'consent' || is_integrated)) {
req.user = req.session.user;
return wsfederationResponses.token(req, res);
}
next();
}, function (req, res) {
var messages = (req.session.messages || []).join('<br />');
delete req.session.messages;
return res.render('login', {
title: nconf.get('SITE_NAME'),
errors: messages
});
});
app.post('/wsfed', function (req, res, next) {
passport.authenticate('WindowsAuthentication', {
failureRedirect: req.url,
failureMessage: "The username or password you entered is incorrect.",
session: false
})(req, res, next);
}, function (req, res, next) {
console.log('user ' + (req.user.displayName || 'unknown').green + ' authenticated');
req.session.user = req.user;
next();
}, wsfederationResponses.token);
app.post('/wsfed/direct', function (req, res, next) {
passport.authenticate('WindowsAuthentication', {
session: false
}, function (err, profile, info) {
if (err) return next(err);
if (!profile) {
return res.json(401, { invalid_user_password: info && info.message ? info.message : 'Wrong email or password.' });
}
req.user = profile;
next();
})(req, res, next);
}, function (req, res, next) {
console.log('user ' + (req.user.displayName || 'unknown').green + ' authenticated');
req.session.user = req.user;
next();
}, wsfederationResponses.tokenDirect);
app.get('/logout', function (req, res) {
console.log('user ' + (req.session.user.displayName || 'unknown').green + ' logged out');
delete req.session;
res.send('bye');
});
app.get('/wsfed/FederationMetadata/2007-06/FederationMetadata.xml',
wsfederationResponses.metadata());
};