From 4487c9b7d091568559b05a48c962101cb395d2d4 Mon Sep 17 00:00:00 2001
From: Guillaume WANG <guillaume.wang@polytechnique.edu>
Date: Tue, 1 May 2018 15:50:49 +0200
Subject: [PATCH] started gerer-ing authentication from front

---
 src/admin_view/admin_router.js |  1 +
 src/index.js                   | 12 ++++++++++-
 src/server.js                  | 39 ++++++++++++++++++++++++++--------
 3 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/src/admin_view/admin_router.js b/src/admin_view/admin_router.js
index c9e30ba..fd5a422 100644
--- a/src/admin_view/admin_router.js
+++ b/src/admin_view/admin_router.js
@@ -25,6 +25,7 @@ router.get('/', function (req, res) {
     res.redirect('/admin');
 });
 
+//note that this doesn't conflict with the server.get('/login', ...) in index.js since this catches path '/adminview/login'
 router.get('/login', function (req, res) {
     console.log('Connecting to ' + req.url);
     res.render('login', { title: 'Login', port: port, 
diff --git a/src/index.js b/src/index.js
index 48992cb..04cce6d 100644
--- a/src/index.js
+++ b/src/index.js
@@ -5,9 +5,19 @@
 import server from './server';
 import colors from 'colors';
 import router from './admin_view/admin_router';
+import passport from 'passport';
 
 // setting up l'interface admin des BDD
-server.use(router);
+server.use('/adminview',router); // catches and resolves HTTP requests to paths '/adminview/*'
+
+// gere les requetes de login du front
+server.post('/login',
+    passport.authenticate('ldapauth', {
+        successRedirect: '/admin',
+        failureRedirect: '/login',
+        failureFlash: true
+    })
+);
 
 let port = process.env.PORT || 3000;
 
diff --git a/src/server.js b/src/server.js
index 9f43383..a91bba2 100644
--- a/src/server.js
+++ b/src/server.js
@@ -43,6 +43,7 @@ server.use(bodyParser.urlencoded({ //parses bodies of media type "application/x-
  * et deserializeUser prend cette cle, fait une requete vers une BDD de users et met dans l'objet JS req.user toutes les infos issues de la BDD
  * Cette repartition permet de ne stocker dans la session (i.e. en memoire sur le serveur) que la cle des utilisateurs connectes et de ne "charger en memoire" toutes les infos de la BDD que lorsque necessaire
  * cf https://stackoverflow.com/questions/27637609/understanding-passport-serialize-deserialize#27637668
+ * et http://toon.io/understanding-passportjs-authentication-flow/
  * 
  * Mais en fait dans notre cas c'est graphql qui communique avec la BDD, donc on s'en fiche! On peut se contenter de dire a serializeUser et deserializeUser de ne s'occuper que du champ uid)
  */
@@ -59,15 +60,27 @@ passport.use(new LdapStrategy({
         //searchAttributes: ['givenName', 'sn'],
         //tlsOptions: '..........',
     },
+
     //usernameField: 'username', // Field name where the username is found, defaults to username
-    //passwordField: 'password', // Field name where the password is found, defaults to password
-    passReqToCallback: true, // set verify callback to have req as the first argument
-    function (req, user, done) {
-        // "verify callback", called after each passport.authenticate(...) when the authentication succeeded
+    //passwordField: 'password', // Field name where the pas    sword is found, defaults to password
+    
+    // LdapStrategy has a default verify callback ! j'ai perdu plein de temps pour rien :'(
+    // cf. https://github.com/vesse/passport-ldapauth/blob/master/lib/passport-ldapauth/strategy.js, line 195 (` var verify = function() { ... } `)
+    /*
+    function (user, done) {
+        // "verify callback", called after each passport.authenticate(...),
+        // unless missing credentials (in which case a 400 Error is returned)
+
+        // "The purpose of a verify callback is to find the user that possesses a set of credentials" (from passport doc)
+        // i.e. we query the database (in our case the LDAP) to get user's data
+        console.log("Entering passport's verify callback");
+
         if (user){
             //if user exists
+            console.log("Successfully authenticated " + user.uid);
         }
     }
+    */
 })
 );
 
@@ -129,14 +142,22 @@ server.use('/graphql', bodyParser.json(),
         let uid;
         let password;
         
-        try {
-            uid = req.user.uid;
-            password = "mythe";
-        } catch (err) {
+        if (req.isAuthenticated) {
+            try {
+                uid = req.user.uid;
+                password = "mythe";
+            } catch (err) {
+                console.log("Error: req is authenticated, but pb when trying to extract uid from req.user. Probably user was either not serialized or not deserialized properly");
+                console.log(err);
+                // FOR DEVELOPMENT ONLY. for production, replace with a "publicUser" or "notLoggedInUser" or something.
+                //uid = defaultUser.dn.split("=")[1].split(",")[0];
+                //password = defaultUser.passwd;
+            }
+        } else {
+            // FOR DEVELOPMENT ONLY. for production, replace with a "publicUser" or "notLoggedInUser" or something.
             uid = defaultUser.dn.split("=")[1].split(",")[0];
             password = defaultUser.passwd;
         }
-
         // console.log("Accessing GraphQL as: ",uid);
 
         return {
-- 
GitLab