started gerer-ing authentication from front

4487c9b7 · Guillaume WANG · ec9e99e1 · 4487c9b7 · 4487c9b7 · 4487c9b7
Commit 4487c9b7 authored 6 years ago by Guillaume WANG
--- a/src/admin_view/admin_router.js
+++ b/src/admin_view/admin_router.js
@@ -25,6 +25,7 @@ router.get('/', function (req, res) {
    res.redirect('/admin');
 });

+//note that this doesn't conflict with the server.get('/login', ...) in index.js since this catches path '/adminview/login'
 router.get('/login', function (req, res) {
    console.log('Connecting to ' + req.url);
    res.render('login', { title: 'Login', port: port, 

--- a/src/index.js
+++ b/src/index.js
@@ -5,9 +5,19 @@
 import server from './server';
 import colors from 'colors';
 import router from './admin_view/admin_router';
+import passport from 'passport';

 // setting up l'interface admin des BDD
-server.use(router);
+server.use('/adminview',router); // catches and resolves HTTP requests to paths '/adminview/*'
+
+// gere les requetes de login du front
+server.post('/login',
+    passport.authenticate('ldapauth', {
+        successRedirect: '/admin',
+        failureRedirect: '/login',
+        failureFlash: true
+    })
+);

 let port = process.env.PORT || 3000;


--- a/src/server.js
+++ b/src/server.js
@@ -43,6 +43,7 @@ server.use(bodyParser.urlencoded({ //parses bodies of media type "application/x-
 * et deserializeUser prend cette cle, fait une requete vers une BDD de users et met dans l'objet JS req.user toutes les infos issues de la BDD
 * Cette repartition permet de ne stocker dans la session (i.e. en memoire sur le serveur) que la cle des utilisateurs connectes et de ne "charger en memoire" toutes les infos de la BDD que lorsque necessaire
 * cf https://stackoverflow.com/questions/27637609/understanding-passport-serialize-deserialize#27637668
+ * et http://toon.io/understanding-passportjs-authentication-flow/
 * 
 * Mais en fait dans notre cas c'est graphql qui communique avec la BDD, donc on s'en fiche! On peut se contenter de dire a serializeUser et deserializeUser de ne s'occuper que du champ uid)
 */
@@ -59,15 +60,27 @@ passport.use(new LdapStrategy({
        //searchAttributes: ['givenName', 'sn'],
        //tlsOptions: '..........',
    },
+
    //usernameField: 'username', // Field name where the username is found, defaults to username
-    //passwordField: 'password', // Field name where the password is found, defaults to password
-    passReqToCallback: true, // set verify callback to have req as the first argument
-    function (req, user, done) {
-        // "verify callback", called after each passport.authenticate(...) when the authentication succeeded
+    //passwordField: 'password', // Field name where the pas    sword is found, defaults to password
+    
+    // LdapStrategy has a default verify callback ! j'ai perdu plein de temps pour rien :'(
+    // cf. https://github.com/vesse/passport-ldapauth/blob/master/lib/passport-ldapauth/strategy.js, line 195 (` var verify = function() { ... } `)
+    /*
+    function (user, done) {
+        // "verify callback", called after each passport.authenticate(...),
+        // unless missing credentials (in which case a 400 Error is returned)
+
+        // "The purpose of a verify callback is to find the user that possesses a set of credentials" (from passport doc)
+        // i.e. we query the database (in our case the LDAP) to get user's data
+        console.log("Entering passport's verify callback");
+
        if (user){
            //if user exists
+            console.log("Successfully authenticated " + user.uid);
        }
    }
+    */
 })
 );

@@ -129,14 +142,22 @@ server.use('/graphql', bodyParser.json(),
        let uid;
        let password;
        
-        try {
-            uid = req.user.uid;
-            password = "mythe";
-        } catch (err) {
+        if (req.isAuthenticated) {
+            try {
+                uid = req.user.uid;
+                password = "mythe";
+            } catch (err) {
+                console.log("Error: req is authenticated, but pb when trying to extract uid from req.user. Probably user was either not serialized or not deserialized properly");
+                console.log(err);
+                // FOR DEVELOPMENT ONLY. for production, replace with a "publicUser" or "notLoggedInUser" or something.
+                //uid = defaultUser.dn.split("=")[1].split(",")[0];
+                //password = defaultUser.passwd;
+            }
+        } else {
+            // FOR DEVELOPMENT ONLY. for production, replace with a "publicUser" or "notLoggedInUser" or something.
            uid = defaultUser.dn.split("=")[1].split(",")[0];
            password = defaultUser.passwd;
        }
-
        // console.log("Accessing GraphQL as: ",uid);

        return {