-
Notifications
You must be signed in to change notification settings - Fork 2
/
backend.js
170 lines (154 loc) · 4.39 KB
/
backend.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
var dgram = require('dgram');
var _ = require('underscore');
var radius = require('radius');
var request = require("request");
/**
* Authenticates user log in.
*
* `username` - auth0 username
* `password` - the password for the user
* `options` - extra options (optional)
* string `connection` - name of the AD/Database Connection. Only works for endpoints that allow active auth
* string `domain` - Auth0 Domain,
* string client_id - client_id for the application where the Connection is enabled
* `callback` - callback with signature: callback(err, obj)
* object `obj`
* string `username` - the username
* string `domain` - auth0 domain
* boolean `status` - true if accepted, false otherwise
*/
var authenticate;
module.exports.authenticate = authenticate = function(username, password, options, callback) {
//auth0 active connection auth
var url = 'https://' + options.domain + '/oauth/token'
if (options.connection) {
var optionsReq = { method: 'POST',
url: url,
headers: { 'content-type': 'application/json' },
body:
{ grant_type: 'http://auth0.com/oauth/grant-type/password-realm',
username: username,
password: password,
audience: options.audience,
client_id: options.client_id,
client_secret: options.client_secret,
realm: options.connection
},
json: true };
}
else {
var optionsReq = { method: 'POST',
url: url,
headers: { 'content-type': 'application/json' },
body:
{ grant_type: 'password',
username: username,
password: password,
audience: options.audience,
client_id: options.client_id,
client_secret: options.client_secret
},
json: true };
}
request(optionsReq, function (error, response, body) {
if (response.body.error) {
console.log(response.body.error_description);
callback(response.body.error_description);
}
else {
if(response.statusCode === 200)
{
console.log(body);
var obj = {
username: username,
domain: options.domain,
status: true,
};
callback(null, obj);
}
else
{
callback(response);
}
}
});
}
/**
* Creates a datagram socket that handles RADIUS Access-Request messages.
*
* object `options`
* string `secret` - the radius secret
* string `protocol` - "udp4" (default) or "udp6"
*
* The additional events can be emitted by the returned socket object:
*
* "radius" - when authentication of a user has completed. The following object
* will be passed with the event:
*
* object `obj`
* string `username` - the username
* string `domain` - the auth0 domain
* boolean `status` - true if accepted, false otherwise
*
* "radius-error" - when an error occurs decoding or parsing the RADIUS
* packet. The following object will be passed with the event:
*
* object `obj`
* string `domain` - the auth0 domain the RADIUS server is authenticating against
* string `message` - the error description
*/
module.exports.createServer = function (options) {
// Defaults
if (!options) {
options = {};
}
if (!options.protocol) {
options.protocol = 'udp4';
}
// Create server
var server = dgram.createSocket(options.protocol);
// Register callback
server.on('message', function (msg, rinfo) {
try {
var packet = radius.decode({
packet: msg,
secret: options.secret
});
} catch (ex) {
server.emit('radius-error', {
domain: options.domain,
message: ex.toString()
});
return;
}
if (packet.code != 'Access-Request') {
server.emit('radius-error', {
domain: options.domain,
message: 'Packet code error: not "Access-Request"'
});
return;
}
var username = packet.attributes['User-Name'];
var password = packet.attributes['User-Password'];
// Reply function
authenticate(username, password, options, function (err, obj) {
var code = !err && obj.status ? 'Access-Accept' : 'Access-Reject';
var response = radius.encode_response({
packet: packet,
code: code,
secret: options.secret
});
server.send(response, 0, response.length, rinfo.port, rinfo.address, function() {
if (err) {
obj = {
username: username,
domain: options.domain,
status: false,
};
}
server.emit('radius', obj);
});
});
});
return server;
};