This repository has been archived by the owner on Nov 5, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
21 changed files
with
555 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
node_modules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# IDE | ||
.idea | ||
.vscode | ||
|
||
# Mac OS | ||
.DS_Store | ||
|
||
# Logs | ||
logs | ||
*.log | ||
npm-debug.log* | ||
|
||
# Runtime data | ||
pids | ||
*.pid | ||
*.seed | ||
|
||
# Directory for instrumented libs generated by jscoverage/JSCover | ||
lib-cov | ||
|
||
# Coverage directory used by tools like istanbul | ||
coverage | ||
|
||
# nyc test coverage | ||
.nyc_output | ||
|
||
# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) | ||
.grunt | ||
|
||
# node-waf configuration | ||
.lock-wscript | ||
|
||
# Compiled binary addons (http://nodejs.org/api/addons.html) | ||
build/Release | ||
|
||
# Dependency directories | ||
node_modules | ||
jspm_packages | ||
|
||
# Optional npm cache directory | ||
.npm | ||
|
||
# Optional REPL history | ||
.node_repl_history | ||
|
||
# yarn | ||
yarn.lock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
language: node_js | ||
node_js: | ||
- "7" | ||
after_success: | ||
- npm run coveralls | ||
- test $TRAVIS_BRANCH = "master" && npm i -g now && now -t=$NOW_TOKEN --npm && now -t=$NOW_TOKEN alias |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
########################################################### | ||
# | ||
# Dockerfile for micro-auth-ldap | ||
# | ||
########################################################### | ||
|
||
# Setting the base to nodejs 7.7.3 | ||
FROM node:7.7.3-alpine | ||
|
||
# Maintainer | ||
MAINTAINER Geir Gåsodden | ||
|
||
# Bundle app source | ||
COPY . /src | ||
|
||
# Change working directory | ||
WORKDIR "/src" | ||
|
||
# Install dependencies | ||
RUN npm install --production | ||
|
||
# Expose 3000 | ||
EXPOSE 3000 | ||
|
||
# Startup | ||
ENTRYPOINT npm start |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2017 Telemark fylkeskommune | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,38 @@ | ||
[![Build Status](https://travis-ci.org/telemark/micro-auth-ldap.svg?branch=master)](https://travis-ci.org/telemark/micro-auth-ldap) | ||
[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://github.com/feross/standard) | ||
[![Greenkeeper badge](https://badges.greenkeeper.io/telemark/micro-auth-ldap.svg)](https://greenkeeper.io/) | ||
|
||
# micro-auth-mock | ||
|
||
Mocks the auth service | ||
|
||
## config docker.env | ||
|
||
```bash | ||
JWT_SECRET=Louie Louie, oh no, I got to go Louie Louie, oh no, I got to go | ||
ENCRYPTOR_SECRET=Louie Louie, oh no, I got to go Louie Louie, oh no, I got to go | ||
SESSION_STORAGE_URL=https://tmp.storage.micro.t-fk.no | ||
``` | ||
|
||
## API | ||
|
||
### GET ```/login?origin=<url for redirect>``` | ||
|
||
- returns loginform | ||
- successful login redirects to ```origin?jwt=<jwt>``` | ||
|
||
### POST ```/auth``` | ||
|
||
-post username, password and origin | ||
- successful auth redirects to ```origin?jwt=<jwt>``` | ||
|
||
### GET ```/?jwt=<jwt>``` | ||
|
||
- jwt needs userName and origin | ||
- successful lookup of user redirects to ```origin?jwt=<jwt>``` | ||
|
||
## License | ||
|
||
[MIT](LICENSE) | ||
|
||
![alt text](https://robots.kebabstudios.party/micro-auth-mock.png "Robohash image of micro-auth-mock") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
'use strict' | ||
|
||
const fs = require('fs') | ||
const path = require('path') | ||
|
||
function ldapTlsSettings () { | ||
let config = false | ||
|
||
if (process.env.LDAP_TLS_SETTINGS) { | ||
config = { | ||
rejectUnauthorized: process.env.LDAP_TLS_REJECT_UNAUTHORIZED ? true : false, // eslint-disable-line no-unneeded-ternary | ||
ca: [ | ||
fs.readFileSync(path.join(__dirname, process.env.LDAP_TLS_CA_PATH)) | ||
] | ||
} | ||
} | ||
|
||
return config | ||
} | ||
|
||
module.exports = { | ||
JWT_SECRET: process.env.JWT_SECRET || 'Louie Louie, oh no, I got to go Louie Louie, oh no, I got to go', | ||
ENCRYPTOR_SECRET: process.env.ENCRYPTOR_SECRET || 'Louie Louie, oh no, I got to go Louie Louie, oh no, I got to go', | ||
SESSION_STORAGE_URL: process.env.SESSION_STORAGE_URL || 'https://tmp.storage.service.t-fk.no', | ||
LDAP: { | ||
url: process.env.LDAP_URL || 'ldap://ldap.forumsys.com:389', | ||
bindDn: process.env.LDAP_BIND_DN || 'cn=read-only-admin,dc=example,dc=com', | ||
bindCredentials: process.env.LDAP_BIND_CREDENTIALS || 'password', | ||
searchBase: process.env.LDAP_SEARCH_BASE || 'dc=example,dc=com', | ||
searchFilter: process.env.LDAP_SEARCH_FILTER || '(uid={{username}})', | ||
tlsOptions: ldapTlsSettings() | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
NODE_ENV=production | ||
JWT_SECRET=Louie Louie, oh no, I got to go Louie Louie, oh no, I got to go | ||
ENCRYPTOR_SECRET=Louie Louie, oh no, I got to go Louie Louie, oh no, I got to go | ||
SESSION_STORAGE_URL=https://tmp.storage.micro.t-fk.no |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
'use strict' | ||
|
||
const readFileSync = require('fs').readFileSync | ||
const jwt = require('jsonwebtoken') | ||
const marked = require('marked') | ||
const { parse } = require('url') | ||
const { json, send } = require('micro') | ||
const config = require('./config') | ||
const bodyParser = require('urlencoded-body-parser') | ||
const loginPage = require('./lib/render-login-page') | ||
const lookupUser = require('./lib/lookup-user') | ||
const saveSession = require('./lib/save-session') | ||
const loginUser = require('./lib/login-user') | ||
const generateJwt = require('./lib/generate-jwt') | ||
|
||
function addNextPath (data) { | ||
let nextPath = '' | ||
if (data.nextPath && data.nextPath.length > 0) { | ||
nextPath = `&nextPath=${data.nextPath}` | ||
} | ||
return nextPath | ||
} | ||
|
||
module.exports = async (request, response) => { | ||
const {pathname, query} = await parse(request.url, true) | ||
if (pathname === '/auth') { | ||
const data = request.method === 'POST' ? await bodyParser(request) : query | ||
try { | ||
const result = await loginUser(data) | ||
const session = await saveSession(result) | ||
const jwt = generateJwt(Object.assign({sessionKey: session}, result)) | ||
const url = `${data.origin}?jwt=${jwt}${addNextPath(data)}` | ||
response.writeHead(302, { Location: url }) | ||
response.end() | ||
} catch (error) { | ||
console.error(error) | ||
const errorMessage = typeof error === 'string' ? error : error.message || 'Unknown error' | ||
const em = /80090308/.test(errorMessage) ? 'Ugyldig brukernavn eller passord' : encodeURIComponent(errorMessage) | ||
const url = `/login?origin=${data.origin}${addNextPath(data)}&error=${em}` | ||
response.writeHead(302, { Location: url }) | ||
response.end() | ||
} | ||
} else if (query.jwt) { | ||
const receivedToken = query.jwt | ||
jwt.verify(receivedToken, config.JWT_SECRET, async (error, data) => { | ||
if (error) { | ||
console.error(error) | ||
send(response, 500, error) | ||
} else { | ||
try { | ||
const result = await lookupUser(data) | ||
const session = await saveSession(result) | ||
const jwt = generateJwt(Object.assign({sessionKey: session}, result)) | ||
const url = `${data.origin}?jwt=${jwt}${addNextPath(query)}` | ||
response.writeHead(302, { Location: url }) | ||
response.end() | ||
} catch (error) { | ||
console.error(error) | ||
send(response, 500, error) | ||
} | ||
} | ||
}) | ||
} else if (pathname === '/login') { | ||
const data = request.method === 'POST' ? await json(request) : query | ||
if (data.origin) { | ||
response.setHeader('Content-Type', 'text/html') | ||
send(response, 200, loginPage(data)) | ||
} else { | ||
send(response, 500, {error: 'missing required param: origin'}) | ||
} | ||
} else { | ||
response.setHeader('Content-Type', 'text/html') | ||
const readme = readFileSync('./README.md', 'utf-8') | ||
const html = marked(readme) | ||
send(response, 200, html) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
'use strict' | ||
|
||
const config = require('../config') | ||
const jwt = require('jsonwebtoken') | ||
const encryptor = require('simple-encryptor')(config.ENCRYPTOR_SECRET) | ||
|
||
module.exports = data => { | ||
const tokenOptions = { | ||
expiresIn: '1h', | ||
issuer: 'https://auth.t-fk.no' | ||
} | ||
const tokenData = { | ||
data: encryptor.encrypt({ | ||
userName: data.displayName || data.cn, | ||
userId: data.sAMAccountName || data.uid || '', | ||
session: data.sessionKey | ||
}) | ||
} | ||
const token = jwt.sign(tokenData, config.JWT_SECRET, tokenOptions) | ||
|
||
return token | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
'use strict' | ||
|
||
module.exports = data => { | ||
return new Promise((resolve, reject) => { | ||
const user = { | ||
cn: 'Mock Mr Mock', | ||
uid: data.username | ||
} | ||
resolve(user) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
<!DOCTYPE html> | ||
<html lang="no"> | ||
<head> | ||
<meta charset="UTF-8"> | ||
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1"> | ||
<!-- load MUI --> | ||
<link href="https://cdn.muicss.com/mui-0.9.10/css/mui.min.css" rel="stylesheet" type="text/css" /> | ||
<link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet" /> | ||
<script src="https://cdn.muicss.com/mui-0.9.10/js/mui.min.js"></script> | ||
<title>Pålogging Telemark fylkeskommune</title> | ||
</head> | ||
<body> | ||
<div class="wrapper"> | ||
<div class="mui-panel mui-text-center login"> | ||
<form action="/auth" method="POST" enctype="application/x-www-form-urlencoded" class="mui-form"> | ||
<input type="hidden" name="origin" value="{{origin}}"/> | ||
<input type="hidden" name="nextPath" value="{{nextPath}}"/> | ||
<img src="https://www.telemark.no/bundles/tfktelemark/images/logo/logo.svg" alt="Telemark fylkeskommune logo"> | ||
<h5>Logg inn</h5> | ||
<p class="desc">Telemark fylkeskommune</p> | ||
<div class="mui-textfield"> | ||
<input type="text" name="username" required autofocus> | ||
<label>Brukernavn</label> | ||
</div> | ||
<div class="mui-textfield"> | ||
<input type="password" name="password" required> | ||
<label>Passord</label> | ||
</div> | ||
<span class="error">{{error}}</span> | ||
<button type="submit" class="mui-btn mui-btn--raised">Logg inn</button> | ||
</form> | ||
</div> | ||
</div> | ||
|
||
<style> | ||
body { | ||
font-family: "Roboto", "Georgia", "Times", "Times New Roman", serif !important; | ||
background: #ffd520; | ||
color: #000; | ||
} | ||
button.mui-btn { | ||
background: #6ac4ae; | ||
color: white; | ||
width: 100%; | ||
text-align: center; | ||
} | ||
button.mui-btn:hover { | ||
background: #ffd520; | ||
color: black; | ||
} | ||
h5 { | ||
font-size: 2.4rem; | ||
font-weight: 400; | ||
} | ||
.wrapper { | ||
margin-top: 4em; | ||
display: flex; | ||
flex-direction: column; | ||
align-items: center; | ||
justify-content: center; | ||
} | ||
.login { | ||
width: 350px; | ||
} | ||
.desc { | ||
color: #757575; | ||
padding-bottom: 15px; | ||
} | ||
.mui-textfield>input:focus, .mui-textfield>textarea:focus { | ||
border-color: #6ac4ae; | ||
} | ||
.mui-textfield>input:focus~label, .mui-textfield>textarea:focus~label { | ||
color: #6ac4ae; | ||
} | ||
.error { | ||
color: red | ||
} | ||
</style> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
'use strict' | ||
|
||
module.exports = async data => { | ||
const user = { | ||
cn: 'Mock Mr Mock', | ||
uid: data.username | ||
} | ||
return user | ||
} |
Oops, something went wrong.