From a0d10989ad6f6317aaa11cb34d45a6ba532970bc Mon Sep 17 00:00:00 2001 From: Jonathan Sambrook Date: Wed, 22 Apr 2020 14:33:35 +0100 Subject: [PATCH] Tidy up the auth plugin API mechanism to hide implementation details The caller doesn't care which plugin is being used, so this commit consolidates implementation details within auth.js The motivation for this work is to prepare for extending the auth API (to allow "advanced" LDAP to query user entry ontological state at start up), by tidying up rather than duplicating the existing mechanism. --- src/plugins/auth.js | 44 +++++++++++++++++++++++++++++++++++++++ src/plugins/auth/ldap.js | 1 + src/plugins/auth/local.js | 1 + src/server.js | 18 ++-------------- 4 files changed, 48 insertions(+), 16 deletions(-) create mode 100644 src/plugins/auth.js diff --git a/src/plugins/auth.js b/src/plugins/auth.js new file mode 100644 index 00000000..e53fb3ee --- /dev/null +++ b/src/plugins/auth.js @@ -0,0 +1,44 @@ +"use strict"; + +const log = require("../log"); +const colors = require("chalk"); + +// The order defines priority: the first available plugin is used. +// Always keep 'local' auth plugin at the end of the list; it should always be enabled. +const plugins = [require("./auth/ldap"), require("./auth/local")]; + +function unimplemented(funcName) { + log.debug( + `Auth module ${colors.bold( + module.exports.moduleName + )} doesn't implement function ${colors.bold(funcName)}` + ); +} + +// Default API implementations +module.exports = { + moduleName: "", + + // Must override: implements authentication mechanism + auth: () => unimplemented("auth"), +}; + +// local auth should always be enabled, but check here to verify +let somethingEnabled = false; + +// Override default API stubs with exports from first enabled plugin found +for (const plugin of plugins) { + if (plugin.isEnabled()) { + somethingEnabled = true; + + for (const name in plugin) { + module.exports[name] = plugin[name]; + } + + break; + } +} + +if (!somethingEnabled) { + log.error("None of the auth plugins is enabled"); +} diff --git a/src/plugins/auth/ldap.js b/src/plugins/auth/ldap.js index 18441e5e..091c892e 100644 --- a/src/plugins/auth/ldap.js +++ b/src/plugins/auth/ldap.js @@ -144,6 +144,7 @@ function isLdapEnabled() { } module.exports = { + moduleName: "ldap", auth: ldapAuth, isEnabled: isLdapEnabled, }; diff --git a/src/plugins/auth/local.js b/src/plugins/auth/local.js index e5ff367c..1b062f31 100644 --- a/src/plugins/auth/local.js +++ b/src/plugins/auth/local.js @@ -46,6 +46,7 @@ function localAuth(manager, client, user, password, callback) { } module.exports = { + moduleName: "local", auth: localAuth, isEnabled: () => true, }; diff --git a/src/server.js b/src/server.js index a5a08c06..59f7e33b 100644 --- a/src/server.js +++ b/src/server.js @@ -17,16 +17,13 @@ const net = require("net"); const Identification = require("./identification"); const changelog = require("./plugins/changelog"); const inputs = require("./plugins/inputs"); +const Auth = require("./plugins/auth"); const themes = require("./plugins/packages/themes"); themes.loadLocalThemes(); const packages = require("./plugins/packages/index"); -// The order defined the priority: the first available plugin is used -// ALways keep local auth in the end, which should always be enabled. -const authPlugins = [require("./plugins/auth/ldap"), require("./plugins/auth/local")]; - // A random number that will force clients to reload the page if it differs const serverHash = Math.floor(Date.now() * Math.random()); @@ -854,18 +851,7 @@ function performAuthentication(data) { } // Perform password checking - let auth = () => { - log.error("None of the auth plugins is enabled"); - }; - - for (let i = 0; i < authPlugins.length; ++i) { - if (authPlugins[i].isEnabled()) { - auth = authPlugins[i].auth; - break; - } - } - - auth(manager, client, data.user, data.password, authCallback); + Auth.auth(manager, client, data.user, data.password, authCallback); } function reverseDnsLookup(ip, callback) {