@nephele/authenticator-pam
Version:
PAM based authenticator (local system users) for the Nephele WebDAV server.
62 lines • 2.16 kB
JavaScript
import { createRequire } from 'node:module';
import userid from 'userid';
import { ForbiddenError, UnauthorizedError } from 'nephele';
const require = createRequire(import.meta.url);
const pam = require('authenticate-pam');
const { ids, groupname, gids } = userid;
export default class User {
constructor({ username }) {
this.authenticated = false;
this.username = username;
try {
const { uid, gid } = ids(username);
this.uid = uid;
this.gid = gid;
this.groupname = groupname(gid);
this.gids = gids(username);
}
catch (e) {
if (e.message.includes('username not found')) {
this.uid = undefined;
this.gid = undefined;
this.groupname = undefined;
this.gids = undefined;
}
}
}
async authenticate(password, remoteHost = '127.0.0.1') {
if (this.authenticated) {
return;
}
return await new Promise((resolve, reject) => {
pam.authenticate(this.username, password, (err) => {
if (err) {
reject(new UnauthorizedError(err));
}
else {
this.authenticated = true;
resolve();
}
}, { serviceName: 'login', remoteHost });
});
}
async checkUID(allowedUIDs) {
if (this.uid == null) {
throw new UnauthorizedError('Unknown user.');
}
for (let range of allowedUIDs) {
const parts = range.split('-');
if (parts.length < 1 || parts.length > 2) {
throw new Error('allowedUIDs settings is misconfigured!');
}
if ((parts.length === 1 && this.uid === parseInt(parts[0])) ||
(parts.length === 2 &&
this.uid >= parseInt(parts[0]) &&
this.uid <= parseInt(parts[1]))) {
return;
}
}
throw new ForbiddenError('You are not allowed to log in.');
}
}
//# sourceMappingURL=User.js.map