95 lines
3.1 KiB
JavaScript
95 lines
3.1 KiB
JavaScript
/*\
|
|
title: $:/core/modules/server/authenticators/basic.js
|
|
type: application/javascript
|
|
module-type: authenticator
|
|
|
|
Authenticator for WWW basic authentication
|
|
|
|
\*/
|
|
(function(){
|
|
|
|
/*jslint node: true, browser: true */
|
|
/*global $tw: false */
|
|
"use strict";
|
|
|
|
if($tw.node) {
|
|
var util = require("util"),
|
|
fs = require("fs"),
|
|
url = require("url"),
|
|
path = require("path");
|
|
}
|
|
|
|
function BasicAuthenticator(server) {
|
|
this.server = server;
|
|
this.credentialsData = [];
|
|
}
|
|
|
|
/*
|
|
Returns true if the authenticator is active, false if it is inactive, or a string if there is an error
|
|
*/
|
|
BasicAuthenticator.prototype.init = function() {
|
|
// Read the credentials data
|
|
this.credentialsFilepath = this.server.get("credentials");
|
|
if(this.credentialsFilepath) {
|
|
var resolveCredentialsFilepath = path.resolve($tw.boot.wikiPath,this.credentialsFilepath);
|
|
if(fs.existsSync(resolveCredentialsFilepath) && !fs.statSync(resolveCredentialsFilepath).isDirectory()) {
|
|
var credentialsText = fs.readFileSync(resolveCredentialsFilepath,"utf8"),
|
|
credentialsData = $tw.utils.parseCsvStringWithHeader(credentialsText);
|
|
if(typeof credentialsData === "string") {
|
|
return "Error: " + credentialsData + " reading credentials from '" + resolveCredentialsFilepath + "'";
|
|
} else {
|
|
this.credentialsData = credentialsData;
|
|
}
|
|
} else {
|
|
return "Error: Unable to load user credentials from '" + credentialsFilepath + "'";
|
|
}
|
|
}
|
|
// Add the hardcoded username and password if specified
|
|
if(this.server.get("username") && this.server.get("password")) {
|
|
this.credentialsData = this.credentialsData || [];
|
|
this.credentialsData.push({
|
|
username: this.server.get("username"),
|
|
password: this.server.get("password")
|
|
});
|
|
}
|
|
return this.credentialsData.length > 0;
|
|
};
|
|
|
|
/*
|
|
Returns true if the request is authenticated and assigns the "authenticatedUsername" state variable.
|
|
Returns false if the request couldn't be authenticated having sent an appropriate response to the browser
|
|
*/
|
|
BasicAuthenticator.prototype.authenticateRequest = function(request,response,state) {
|
|
// Extract the incoming username and password from the request
|
|
var header = request.headers.authorization || "";
|
|
if(!header && state.allowAnon) {
|
|
// If there's no header and anonymous access is allowed then we don't set authenticatedUsername
|
|
return true;
|
|
}
|
|
var token = header.split(/\s+/).pop() || "",
|
|
auth = $tw.utils.base64Decode(token),
|
|
parts = auth.split(/:/),
|
|
incomingUsername = parts[0],
|
|
incomingPassword = parts[1];
|
|
// Check that at least one of the credentials matches
|
|
var matchingCredentials = this.credentialsData.find(function(credential) {
|
|
return credential.username === incomingUsername && credential.password === incomingPassword;
|
|
});
|
|
if(matchingCredentials) {
|
|
// If so, add the authenticated username to the request state
|
|
state.authenticatedUsername = incomingUsername;
|
|
return true;
|
|
} else {
|
|
// If not, return an authentication challenge
|
|
response.writeHead(401,"Authentication required",{
|
|
"WWW-Authenticate": 'Basic realm="Please provide your username and password to login to ' + state.server.servername + '"'
|
|
});
|
|
response.end();
|
|
return false;
|
|
}
|
|
};
|
|
|
|
exports.AuthenticatorClass = BasicAuthenticator;
|
|
|
|
})();
|