From 23779c3abee6eb91e68afbdc4b126bfe571b4222 Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Fri, 22 Feb 2019 22:51:12 -0700 Subject: [PATCH] Use authInfo obj vs weird params. auth factor 1: factor 2 for 2FA, etc. --- core/servers/content/nntp.js | 2 +- core/servers/login/ssh.js | 7 +++---- core/user.js | 23 +++++++++++++---------- core/user_login.js | 11 ++++++++++- 4 files changed, 27 insertions(+), 16 deletions(-) diff --git a/core/servers/content/nntp.js b/core/servers/content/nntp.js index 4959dc64..9f7c5a13 100644 --- a/core/servers/content/nntp.js +++ b/core/servers/content/nntp.js @@ -141,7 +141,7 @@ class NNTPServer extends NNTPServerBase { return new Promise( resolve => { const user = new User(); - user.authenticate(username, password, err => { + user.authenticateFactor1({ type : User.AuthFactor1Types.Password, username, password }, err => { if(err) { // :TODO: Log IP address this.log.debug( { username, reason : err.message }, 'Authentication failure'); diff --git a/core/servers/login/ssh.js b/core/servers/login/ssh.js index 3b0e852f..3e486bbd 100644 --- a/core/servers/login/ssh.js +++ b/core/servers/login/ssh.js @@ -23,7 +23,6 @@ const fs = require('graceful-fs'); const util = require('util'); const _ = require('lodash'); const assert = require('assert'); -const crypto = require('crypto'); const ModuleInfo = exports.moduleInfo = { name : 'SSH', @@ -108,7 +107,7 @@ function SSHClient(clientConn) { }; const authWithPasswordOrPubKey = (authType) => { - if('pubKey' !== authType || !self.user.isAuthenticated() || !ctx.signature) { + if(User.AuthFactor1Types.PubKey !== authType || !self.user.isAuthenticated() || !ctx.signature) { // step 1: login/auth using PubKey userLogin(self, ctx.username, ctx.password, { authType, ctx }, (err) => { if(err) { @@ -188,11 +187,11 @@ function SSHClient(clientConn) { switch(ctx.method) { case 'password' : - return authWithPasswordOrPubKey('password'); + return authWithPasswordOrPubKey(User.AuthFactor1Types.Password); //return authWithPassword(); case 'publickey' : - return authWithPasswordOrPubKey('pubKey'); + return authWithPasswordOrPubKey(User.AuthFactor1Types.PubKey); //return authWithPubKey(); case 'keyboard-interactive' : diff --git a/core/user.js b/core/user.js index 36a2f72f..3b20aa76 100644 --- a/core/user.js +++ b/core/user.js @@ -178,17 +178,20 @@ module.exports = class User { }); } - authenticate(username, password, options, cb) { - if(!cb && _.isFunction(options)) { - cb = options; - options = {}; - } + static get AuthFactor1Types() { + return { + PubKey : 'pubKey', + Password : 'password', + }; + } + authenticateFactor1(authInfo, cb) { + const username = authInfo.username; const self = this; const tempAuthInfo = {}; const validatePassword = (props, callback) => { - User.generatePasswordDerivedKey(password, props[UserProps.PassPbkdf2Salt], (err, dk) => { + User.generatePasswordDerivedKey(authInfo.password, props[UserProps.PassPbkdf2Salt], (err, dk) => { if(err) { return callback(err); } @@ -212,8 +215,8 @@ module.exports = class User { return callback(Errors.AccessDenied('Invalid public key')); } - if(options.ctx.key.algo != pubKeyActual.type || - !crypto.timingSafeEqual(options.ctx.key.data, pubKeyActual.getPublicSSH())) + if(authInfo.pubKey.key.algo != pubKeyActual.type || + !crypto.timingSafeEqual(authInfo.pubKey.key.data, pubKeyActual.getPublicSSH())) { return callback(Errors.AccessDenied('Invalid public key')); } @@ -234,12 +237,12 @@ module.exports = class User { }, function getRequiredAuthProperties(callback) { // fetch properties required for authentication - User.loadProperties( tempAuthInfo.userId, { names : User.StandardPropertyGroups.auth }, (err, props) => { + User.loadProperties(tempAuthInfo.userId, { names : User.StandardPropertyGroups.auth }, (err, props) => { return callback(err, props); }); }, function validatePassOrPubKey(props, callback) { - if('pubKey' === options.authType) { + if(User.AuthFactor1Types.PubKey === authInfo.type) { return validatePubKey(props, callback); } return validatePassword(props, callback); diff --git a/core/user_login.js b/core/user_login.js index 1f1180da..98bdeefb 100644 --- a/core/user_login.js +++ b/core/user_login.js @@ -15,6 +15,7 @@ const { const UserProps = require('./user_property.js'); const SysProps = require('./system_property.js'); const SystemLogKeys = require('./system_log.js'); +const User = require('./user.js'); // deps const async = require('async'); @@ -39,7 +40,15 @@ function userLogin(client, username, password, options, cb) { }, 2000); } - client.user.authenticate(username, password, options, err => { + const authInfo = { + username, + password, + }; + + authInfo.type = options.authType || User.AuthFactor1Types.Password; + authInfo.pubKey = options.ctx; + + client.user.authenticateFactor1(authInfo, err => { if(err) { client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1; const disconnect = config.users.failedLogin.disconnect;