UNPKG

webhandle-users

Version:

Webhandle auth and users module

github.com/EmergentIdeas/webhandle-users

EmergentIdeas/webhandle-users

154 lines (133 loc) 3.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
const crypto = require('crypto'); const filog = require('filter-log') let log = filog('webhandle-users:AuthService') const User = require('./user') const Group = require('./group') const AuthorizationFailed = require('./errors/authorization-failed') const addCallbackToPromise = require('add-callback-to-promise') class AuthService { constructor(options) { options = options || {} this.iterations = options.iterations || 156; this.salt = options.salt || 'two may keep it if one is dead'; this.algorithm = options.algorithm || 'sha256' this.mongoCollection = options.mongoCollection this.mongoUsersCollection = options.mongoUsersCollection this.mongoGroupsCollection = options.mongoGroupsCollection this.maxFailures = options.maxFailures || 10 } passHash(plainTextPass, name) { name = name || '' let hash = plainTextPass + name for (var i = 0; i < this.iterations; ++i) { hash = crypto.createHmac(this.algorithm, this.salt).update(hash).digest('hex') } return hash } verify(cypherTextPass, plainTextPass, name) { try { let calculatedPass = this.passHash(plainTextPass, name) return crypto.timingSafeEqual(Buffer.from(cypherTextPass, 'utf-8'), Buffer.from(calculatedPass, 'utf-8')) } catch (e) { log.error(e) return false } } async findUser(name, callback) { let p = new Promise((resolve, reject) => { this.mongoCollection.findOne({ name: name }, (err, found) => { if (err) { return reject(err) } if (found) { return resolve(new User(found)) } return resolve() }) }) return addCallbackToPromise(p, callback) } async fetchGroups() { let groups = await this.mongoGroupsCollection.find({}).toArray() return groups.map(group => new Group(group)) } async createGroup(name) { let result = await this.mongoGroupsCollection.insertOne({ name: name }) return result } async save(user, callback) { let p = new Promise((resolve, reject) => { this.mongoCollection.save(user, (err) => { if (err) { return reject(err) } return resolve() }) }) return addCallbackToPromise(p, callback) } /* Callback signature is (err, user) */ async login(name, pass, callback /* (err, user) */) { let p = new Promise(async (resolve, reject) => { try { let user = await this.findUser(name) if (user) { if ((user.enabled === true || user.enabled === 'true') && this.verify(user.hashedPass, pass, name)) { if (user.failedAttempts > 0) { user.failedAttempts = 0 await this.save(user) } return resolve(user) } else { user.failedAttempts++ if (user.failedAttempts >= this.maxFailures) { user.enabled = false } await this.save(user) } } let e = new Error('Login failed') e.user = user return reject(e) } catch (e) { return reject(e) } }) return addCallbackToPromise(p, callback) } changePassword(name, oldpass, newpass, callback /* (err, user) */) { let p = new Promise(async (resolve, reject) => { try { let user = await this.findUser(name) if (user) { if (user.enabled && this.verify(user.hashedPass, oldpass, name)) { this.updatePass(user, newpass) await this.save(user) return resolve(user) } else { return reject(new AuthorizationFailed()) } } return reject(new AuthorizationFailed()) } catch (e) { return reject(e) } }) return addCallbackToPromise(p, callback) } /* Updates hash, does not save */ updatePass(user /* User */, newPassword) { user.hashedPass = this.passHash(newPassword, user.name) return user } } module.exports = AuthService