Refactor authentication flow
This commit is contained in:
Pavel Djundik
parent
d87662482b
commit
3190fd00bf
@ -562,7 +562,7 @@ $(function() {
|
||||
});
|
||||
|
||||
sidebar.on("click", "#sign-out", function() {
|
||||
socket.emit("sign-out", storage.get("token"));
|
||||
socket.emit("sign-out");
|
||||
storage.remove("token");
|
||||
|
||||
if (!socket.connected) {
|
||||
|
||||
@ -300,13 +300,13 @@ Client.prototype.updateSession = function(token, ip, request) {
|
||||
const agent = UAParser(request.headers["user-agent"] || "");
|
||||
let friendlyAgent = "";
|
||||
|
||||
if (agent.browser.name.length) {
|
||||
if (agent.browser.name) {
|
||||
friendlyAgent = `${agent.browser.name} ${agent.browser.major}`;
|
||||
} else {
|
||||
friendlyAgent = "Unknown browser";
|
||||
}
|
||||
|
||||
if (agent.os.name.length) {
|
||||
if (agent.os.name) {
|
||||
friendlyAgent += ` on ${agent.os.name} ${agent.os.version}`;
|
||||
}
|
||||
|
||||
|
||||
@ -100,9 +100,10 @@ in ${config.public ? "public" : "private"} mode`);
|
||||
|
||||
sockets.on("connect", function(socket) {
|
||||
if (config.public) {
|
||||
auth.call(socket, {});
|
||||
performAuthentication.call(socket, {});
|
||||
} else {
|
||||
init(socket);
|
||||
socket.emit("auth", {success: true});
|
||||
socket.on("auth", performAuthentication);
|
||||
}
|
||||
});
|
||||
|
||||
@ -173,15 +174,9 @@ function index(req, res, next) {
|
||||
res.render("index", data);
|
||||
}
|
||||
|
||||
function init(socket, client, generateToken) {
|
||||
if (!client) {
|
||||
socket.emit("auth", {success: true});
|
||||
socket.on("auth", auth);
|
||||
} else {
|
||||
function initializeClient(socket, client, generateToken, token) {
|
||||
socket.emit("authorized");
|
||||
|
||||
client.ip = getClientIp(socket.request);
|
||||
|
||||
socket.on("disconnect", function() {
|
||||
client.clientDetach(socket.id);
|
||||
});
|
||||
@ -193,21 +188,25 @@ function init(socket, client, generateToken) {
|
||||
client.input(data);
|
||||
}
|
||||
);
|
||||
|
||||
socket.on(
|
||||
"more",
|
||||
function(data) {
|
||||
client.more(data);
|
||||
}
|
||||
);
|
||||
|
||||
socket.on(
|
||||
"conn",
|
||||
function(data) {
|
||||
// prevent people from overriding webirc settings
|
||||
data.ip = null;
|
||||
data.hostname = null;
|
||||
|
||||
client.connect(data);
|
||||
}
|
||||
);
|
||||
|
||||
if (!Helper.config.public && !Helper.config.ldap.enable) {
|
||||
socket.on(
|
||||
"change-password",
|
||||
@ -256,18 +255,21 @@ function init(socket, client, generateToken) {
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
socket.on(
|
||||
"open",
|
||||
function(data) {
|
||||
client.open(socket.id, data);
|
||||
}
|
||||
);
|
||||
|
||||
socket.on(
|
||||
"sort",
|
||||
function(data) {
|
||||
client.sort(data);
|
||||
}
|
||||
);
|
||||
|
||||
socket.on(
|
||||
"names",
|
||||
function(data) {
|
||||
@ -294,7 +296,7 @@ function init(socket, client, generateToken) {
|
||||
}
|
||||
});
|
||||
|
||||
socket.on("sign-out", (token) => {
|
||||
socket.on("sign-out", () => {
|
||||
delete client.config.sessions[token];
|
||||
|
||||
client.manager.updateUser(client.name, {
|
||||
@ -310,16 +312,18 @@ function init(socket, client, generateToken) {
|
||||
|
||||
socket.join(client.id);
|
||||
|
||||
const sendInitEvent = (token) => {
|
||||
const sendInitEvent = (tokenToSend) => {
|
||||
socket.emit("init", {
|
||||
active: client.lastActiveChannel,
|
||||
networks: client.networks,
|
||||
token: token
|
||||
token: tokenToSend
|
||||
});
|
||||
};
|
||||
|
||||
if (generateToken) {
|
||||
client.generateToken((token) => {
|
||||
client.generateToken((newToken) => {
|
||||
token = newToken;
|
||||
|
||||
client.updateSession(token, getClientIp(socket.request), socket.request);
|
||||
|
||||
client.manager.updateUser(client.name, {
|
||||
@ -336,21 +340,6 @@ function init(socket, client, generateToken) {
|
||||
sendInitEvent(null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function reverseDnsLookup(socket, client) {
|
||||
client.ip = getClientIp(socket.request);
|
||||
|
||||
dns.reverse(client.ip, function(err, host) {
|
||||
if (!err && host.length) {
|
||||
client.hostname = host[0];
|
||||
} else {
|
||||
client.hostname = client.ip;
|
||||
}
|
||||
|
||||
init(socket, client);
|
||||
});
|
||||
}
|
||||
|
||||
function localAuth(client, user, password, callback) {
|
||||
// If no user is found, or if the client has not provided a password,
|
||||
@ -408,18 +397,25 @@ function ldapAuth(client, user, password, callback) {
|
||||
});
|
||||
}
|
||||
|
||||
function auth(data) {
|
||||
function performAuthentication(data) {
|
||||
const socket = this;
|
||||
let client;
|
||||
|
||||
const finalInit = () => initializeClient(socket, client, !!data.remember, data.token || null);
|
||||
|
||||
const initClient = () => {
|
||||
// If webirc is enabled and we do not know this users IP address,
|
||||
// perform reverse dns lookup
|
||||
if (Helper.config.webirc !== null && !client.config.ip) {
|
||||
reverseDnsLookup(socket, client);
|
||||
} else {
|
||||
init(socket, client, data.remember === "on");
|
||||
client.ip = getClientIp(socket.request);
|
||||
|
||||
// If webirc is enabled perform reverse dns lookup
|
||||
if (Helper.config.webirc === null) {
|
||||
return finalInit();
|
||||
}
|
||||
|
||||
reverseDnsLookup(client.ip, (hostname) => {
|
||||
client.hostname = hostname;
|
||||
|
||||
finalInit();
|
||||
});
|
||||
};
|
||||
|
||||
if (Helper.config.public) {
|
||||
@ -470,3 +466,13 @@ function auth(data) {
|
||||
localAuth(client, data.user, data.password, authCallback);
|
||||
}
|
||||
}
|
||||
|
||||
function reverseDnsLookup(ip, callback) {
|
||||
dns.reverse(ip, (err, hostnames) => {
|
||||
if (!err && hostnames.length) {
|
||||
return callback(hostnames[0]);
|
||||
}
|
||||
|
||||
callback(ip);
|
||||
});
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user