Use authInfo obj vs weird params. auth factor 1: factor 2 for 2FA, etc.

2019-02-22 22:51:12 -07:00 · 2019-02-22 22:51:12 -07:00 · 23779c3abe
parent 57938e761e
commit 23779c3abe
4 changed files with 27 additions and 16 deletions
--- a/core/servers/content/nntp.js
+++ b/core/servers/content/nntp.js
@ -141,7 +141,7 @@ class NNTPServer extends NNTPServerBase {

        return new Promise( resolve => {
            const user = new User();
-            user.authenticate(username, password, err => {
+            user.authenticateFactor1({ type : User.AuthFactor1Types.Password, username, password }, err => {
                if(err) {
                    //  :TODO: Log IP address
                    this.log.debug( { username, reason : err.message }, 'Authentication failure');
--- a/core/servers/login/ssh.js
+++ b/core/servers/login/ssh.js
@ -23,7 +23,6 @@ const fs            = require('graceful-fs');
 const util          = require('util');
 const _             = require('lodash');
 const assert        = require('assert');
-const crypto        = require('crypto');

 const ModuleInfo = exports.moduleInfo = {
    name        : 'SSH',
@ -108,7 +107,7 @@ function SSHClient(clientConn) {
        };

        const authWithPasswordOrPubKey = (authType) => {
-            if('pubKey' !== authType || !self.user.isAuthenticated() || !ctx.signature) {
+            if(User.AuthFactor1Types.PubKey !== authType || !self.user.isAuthenticated() || !ctx.signature) {
                //  step 1: login/auth using PubKey
                userLogin(self, ctx.username, ctx.password, { authType, ctx }, (err) => {
                    if(err) {
@ -188,11 +187,11 @@ function SSHClient(clientConn) {

        switch(ctx.method) {
            case 'password' :
-                return authWithPasswordOrPubKey('password');
+                return authWithPasswordOrPubKey(User.AuthFactor1Types.Password);
                //return authWithPassword();

            case 'publickey' :
-                return authWithPasswordOrPubKey('pubKey');
+                return authWithPasswordOrPubKey(User.AuthFactor1Types.PubKey);
                //return authWithPubKey();

            case 'keyboard-interactive' :
--- a/core/user.js
+++ b/core/user.js
@ -178,17 +178,20 @@ module.exports = class User {
        });
    }

-    authenticate(username, password, options, cb) {
-        if(!cb && _.isFunction(options)) {
-            cb = options;
-            options = {};
-        }
+    static get AuthFactor1Types() {
+        return {
+            PubKey      : 'pubKey',
+            Password    : 'password',
+        };
+    }

+    authenticateFactor1(authInfo, cb) {
+        const username = authInfo.username;
        const self = this;
        const tempAuthInfo = {};

        const validatePassword = (props, callback) => {
-            User.generatePasswordDerivedKey(password, props[UserProps.PassPbkdf2Salt], (err, dk) => {
+            User.generatePasswordDerivedKey(authInfo.password, props[UserProps.PassPbkdf2Salt], (err, dk) => {
                if(err) {
                    return callback(err);
                }
@ -212,8 +215,8 @@ module.exports = class User {
                return callback(Errors.AccessDenied('Invalid public key'));
            }

-            if(options.ctx.key.algo != pubKeyActual.type ||
-                !crypto.timingSafeEqual(options.ctx.key.data, pubKeyActual.getPublicSSH()))
+            if(authInfo.pubKey.key.algo != pubKeyActual.type ||
+                !crypto.timingSafeEqual(authInfo.pubKey.key.data, pubKeyActual.getPublicSSH()))
            {
                return callback(Errors.AccessDenied('Invalid public key'));
            }
@ -234,12 +237,12 @@ module.exports = class User {
                },
                function getRequiredAuthProperties(callback) {
                    //  fetch properties required for authentication
-                    User.loadProperties( tempAuthInfo.userId, { names : User.StandardPropertyGroups.auth }, (err, props) => {
+                    User.loadProperties(tempAuthInfo.userId, { names : User.StandardPropertyGroups.auth }, (err, props) => {
                        return callback(err, props);
                    });
                },
                function validatePassOrPubKey(props, callback) {
-                    if('pubKey' === options.authType) {
+                    if(User.AuthFactor1Types.PubKey === authInfo.type) {
                        return validatePubKey(props, callback);
                    }
                    return validatePassword(props, callback);
--- a/core/user_login.js
+++ b/core/user_login.js
@ -15,6 +15,7 @@ const {
 const UserProps         = require('./user_property.js');
 const SysProps          = require('./system_property.js');
 const SystemLogKeys     = require('./system_log.js');
+const User              = require('./user.js');

 //  deps
 const async             = require('async');
@ -39,7 +40,15 @@ function userLogin(client, username, password, options, cb) {
        }, 2000);
    }

-    client.user.authenticate(username, password, options, err => {
+    const authInfo = {
+        username,
+        password,
+    };
+
+    authInfo.type   = options.authType || User.AuthFactor1Types.Password;
+    authInfo.pubKey = options.ctx;
+
+    client.user.authenticateFactor1(authInfo, err => {
        if(err) {
            client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1;
            const disconnect = config.users.failedLogin.disconnect;