diff --git a/app/coffee/Features/Authentication/AuthenticationManager.coffee b/app/coffee/Features/Authentication/AuthenticationManager.coffee index 9ac1c15b747f4678852909b535c32d13d57b8b6d..ac753e42f11a9d2cc8d11040afa6ec196f2bbf10 100644 --- a/app/coffee/Features/Authentication/AuthenticationManager.coffee +++ b/app/coffee/Features/Authentication/AuthenticationManager.coffee @@ -7,58 +7,60 @@ bcrypt = require 'bcrypt' BCRYPT_ROUNDS = Settings?.security?.bcryptRounds or 12 module.exports = AuthenticationManager = - authenticate: (query, password, callback = (error, user) ->) -> - # Using Mongoose for legacy reasons here. The returned User instance - # gets serialized into the session and there may be subtle differences - # between the user returned by Mongoose vs mongojs (such as default values) - User.findOne query, (error, user) => - return callback(error) if error? - if user? - if user.hashedPassword? - bcrypt.compare password, user.hashedPassword, (error, match) -> - return callback(error) if error? - if match - AuthenticationManager.checkRounds user, user.hashedPassword, password, (err) -> - return callback(err) if err? - callback null, user - else - callback null, null - else - callback null, null - else - callback null, null + authenticate: (query, password, callback = (error, user) ->) -> + # Using Mongoose for legacy reasons here. The returned User instance + # gets serialized into the session and there may be subtle differences + # between the user returned by Mongoose vs mongojs (such as default values) + User.findOne query, (error, user) => + return callback(error) if error? + if user? + if user.hashedPassword? + bcrypt.compare password, user.hashedPassword, (error, match) -> + return callback(error) if error? + if match + AuthenticationManager.checkRounds user, user.hashedPassword, password, (err) -> + return callback(err) if err? + callback null, user + else + callback null, null + else + callback null, null + else + callback null, null - ldapAuthenticate: (ldapUser, callback = (error, user) ->) -> - User.findOneAndUpdate {email: eval('ldapUser.' + Settings.ldap.emailAtt)}, {first_name: eval('ldapUser.' + Settings.ldap.nameAtt), last_name: eval('ldapUser.' + Settings.ldap.lastNameAtt), hashedPassword: ldapUser.userPassword, ldap: true}, {new: true, upsert: true, setDefaultsOnInsert: true}, (error, user) => - return callback(error) if error? - if user? - callback null, user - else - callback null, null + ldapAuthenticate: (ldapUser, callback = (error, user) ->) -> + ldapMail = eval('ldapUser.' + Settings.ldap.emailAtt) + mail = if Array.isArray(ldapMail) then ldapMail[0] else ldapMail + User.findOneAndUpdate {email: mail}, {first_name: eval('ldapUser.' + Settings.ldap.nameAtt), last_name: eval('ldapUser.' + Settings.ldap.lastNameAtt), hashedPassword: ldapUser.userPassword, ldap: true}, {new: true, upsert: true, setDefaultsOnInsert: true}, (error, user) => + return callback(error) if error? + if user? + callback null, user + else + callback null, null - setUserPassword: (user_id, password, callback = (error) ->) -> - if (Settings.passwordStrengthOptions?.length?.max? and - Settings.passwordStrengthOptions?.length?.max < password.length) - return callback("password is too long") - if (Settings.passwordStrengthOptions?.length?.min? and - Settings.passwordStrengthOptions?.length?.min > password.length) - return callback("password is too short") + setUserPassword: (user_id, password, callback = (error) ->) -> + if (Settings.passwordStrengthOptions?.length?.max? and + Settings.passwordStrengthOptions?.length?.max < password.length) + return callback("password is too long") + if (Settings.passwordStrengthOptions?.length?.min? and + Settings.passwordStrengthOptions?.length?.min > password.length) + return callback("password is too short") - bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) -> - return callback(error) if error? - bcrypt.hash password, salt, (error, hash) -> - return callback(error) if error? - db.users.update({ - _id: ObjectId(user_id.toString()) - }, { - $set: hashedPassword: hash - $unset: password: true - }, callback) + bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) -> + return callback(error) if error? + bcrypt.hash password, salt, (error, hash) -> + return callback(error) if error? + db.users.update({ + _id: ObjectId(user_id.toString()) + }, { + $set: hashedPassword: hash + $unset: password: true + }, callback) - checkRounds: (user, hashedPassword, password, callback = (error) ->) -> - # check current number of rounds and rehash if necessary - currentRounds = bcrypt.getRounds hashedPassword - if currentRounds < BCRYPT_ROUNDS - AuthenticationManager.setUserPassword user._id, password, callback - else - callback() + checkRounds: (user, hashedPassword, password, callback = (error) ->) -> + # check current number of rounds and rehash if necessary + currentRounds = bcrypt.getRounds hashedPassword + if currentRounds < BCRYPT_ROUNDS + AuthenticationManager.setUserPassword user._id, password, callback + else + callback()