Commit 8f0b270f authored by Simon M. Haller-Seeber's avatar Simon M. Haller-Seeber
Browse files

Adapt AuthenticationManager.js to work with sharelatex versions > 2.3.1

parent ca58b485
Loading
Loading
Loading
Loading
+4 −1
Original line number Diff line number Diff line
FROM sharelatex/sharelatex:2.3.1
FROM sharelatex/sharelatex:2.5.2
# FROM sharelatex/sharelatex:latest
# latest might not be tested 
# e.g. the AuthenticationManager.js script had to be adapted between versions after 2.3.1 
LABEL maintainer="Simon Haller-Seeber"
LABEL version="0.1"

+194 −204
Original line number Diff line number Diff line
const Settings = require('settings-sharelatex')
const { User } = require('../../models/User')
const {db, ObjectId} = require('../../infrastructure/mongojs')
const { db, ObjectId } = require('../../infrastructure/mongodb')
const bcrypt = require('bcrypt')
const EmailHelper = require('../Helpers/EmailHelper')
const V1Handler = require('../V1/V1Handler')
const {
  InvalidEmailError,
  InvalidPasswordError
@@ -20,7 +19,7 @@ const BCRYPT_MINOR_VERSION = Settings.security.bcryptMinorVersion || 'a'

const _checkWriteResult = function(result, callback) {
  // for MongoDB
    if (result && result.nModified === 1) {
  if (result && result.modifiedCount === 1) {
    callback(null, true)
  } else {
    callback(null, false)
@@ -31,7 +30,7 @@ const AuthenticationManager = {
  authenticate(query, password, callback) {
    // Using Mongoose for legacy reasons here. The returned User instance
    // gets serialized into the session and there may be subtle differences
    // between the user returned by Mongoose vs mongojs (such as default values)
    // between the user returned by Mongoose vs mongodb (such as default values)
    User.findOne(query, (error, user) => {
      //console.log("Begining:" + JSON.stringify(query))
      AuthenticationManager.authUserObj(error, user, query, password, callback)
@@ -57,7 +56,7 @@ const AuthenticationManager = {
      //console.log("Creating User:" + JSON.stringify(query))
      //create random pass for local userdb, does not get checked for ldap users during login
      let pass = require("crypto").randomBytes(32).toString("hex")
      console.log("Creating User:" + JSON.stringify(query) + "Random Pass" + pass)
      //console.log("Creating User:" + JSON.stringify(query) + "Random Pass" + pass)

      const userRegHand = require('../User/UserRegistrationHandler.js')
      userRegHand.registerNewUser({
@@ -123,10 +122,9 @@ const AuthenticationManager = {
  },

  // validates a password based on a similar set of rules to `complexPassword.js` on the frontend
  // note that `passfield.js` enforces more rules than this, but these are the most commonly set
  // returns null on success, or an error string.
  // Actually we do not need this because we always use the ldap backend
  validatePassword(password) {
  // note that `passfield.js` enforces more rules than this, but these are the most commonly set.
  // returns null on success, or an error object.
  validatePassword(password, email) {
    if (password == null) {
      return new InvalidPasswordError({
        message: 'password not set',
@@ -175,20 +173,20 @@ const AuthenticationManager = {
      return null
    },

    setUserPassword(userId, password, callback) {
      AuthenticationManager.setUserPasswordInV2(userId, password, callback)
  setUserPassword(user, password, callback) {
    AuthenticationManager.setUserPasswordInV2(user, password, callback)
  },

  checkRounds(user, hashedPassword, password, callback) {
    // Temporarily disable this function, TODO: re-enable this
        return callback()
    //return callback()
    if (Settings.security.disableBcryptRoundsUpgrades) {
      return callback()
    }
    // check current number of rounds and rehash if necessary
    const currentRounds = bcrypt.getRounds(hashedPassword)
    if (currentRounds < BCRYPT_ROUNDS) {
            AuthenticationManager.setUserPassword(user._id, password, callback)
      AuthenticationManager.setUserPassword(user, password, callback)
    } else {
      callback()
    }
@@ -203,8 +201,13 @@ const AuthenticationManager = {
    })
  },

    setUserPasswordInV2(userId, password, callback) {
        const validationError = this.validatePassword(password)
  setUserPasswordInV2(user, password, callback) {
    //if (!user || !user.email || !user._id) {
    //  return callback(new Error('invalid user object'))
    //}
    
    console.log("Setting pass for user: " + JSON.stringify(user))
    const validationError = this.validatePassword(password, user.email)
    if (validationError) {
      return callback(validationError)
    }
@@ -212,9 +215,9 @@ const AuthenticationManager = {
      if (error) {
        return callback(error)
      }
            db.users.update(
      db.users.updateOne(
        {
                    _id: ObjectId(userId.toString())
          _id: ObjectId(user._id.toString())
        },
        {
          $set: {
@@ -234,20 +237,6 @@ const AuthenticationManager = {
    })
  },

    setUserPasswordInV1(v1UserId, password, callback) {
        const validationError = this.validatePassword(password)
        if (validationError) {
            return callback(validationError.message)
        }

        V1Handler.doPasswordReset(v1UserId, password, function (error, reset) {
            if (error) {
                return callback(error)
            }
            callback(error, reset)
        })
    },

  _passwordCharactersAreValid(password) {
    let digits, letters, lettersUp, symbols
    if (
@@ -307,12 +296,12 @@ const AuthenticationManager = {
        filter: filterstr ,
      });
      await searchEntries
          console.log(JSON.stringify(searchEntries))
      //console.log(JSON.stringify(searchEntries))
      if (searchEntries[0]) {
        mail = searchEntries[0].mail
        firstname = searchEntries[0].givenName
        lastname = searchEntries[0].sn
            console.log("Found user: " + mail + " Name: " + firstname + " " + lastname)
        //console.log("Found user: " + mail + " Name: " + firstname + " " + lastname)
      }
    } catch (ex) {
      console.log("An Error occured while getting user data during ldapsearch: " + String(ex))
@@ -329,7 +318,7 @@ const AuthenticationManager = {
          filter: adminfilter,
        });
        await adminEntry;
  	    console.log("Admin Search response:" + JSON.stringify(adminEntry.searchEntries))
        //console.log("Admin Search response:" + JSON.stringify(adminEntry.searchEntries))
        if (adminEntry.searchEntries[0].mail) {
          console.log("is Admin")
          isAdmin=true;
@@ -345,7 +334,7 @@ const AuthenticationManager = {
      console.log("Mail not set - exit. This should not happen - please set mail-entry in ldap.")
      return callback(null, null)
    }
        console.log("Logging in iser: " + mail + " Name: " + firstname + " " + lastname + " isAdmin: " + String(isAdmin))
    //console.log("Logging in user: " + mail + " Name: " + firstname + " " + lastname + " isAdmin: " + String(isAdmin))
    // we are authenticated now let's set the query to the correct mail from ldap
    query.email = mail
    User.findOne(query, (error, user) => {
@@ -364,7 +353,8 @@ const AuthenticationManager = {

AuthenticationManager.promises = {
  authenticate: util.promisify(AuthenticationManager.authenticate),
    hashPassword: util.promisify(AuthenticationManager.hashPassword)
  hashPassword: util.promisify(AuthenticationManager.hashPassword),
  setUserPassword: util.promisify(AuthenticationManager.setUserPassword)
}

module.exports = AuthenticationManager