manuel.sowada/radixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

handle case sensitive

Browse Source
This commit is contained in:
Manuel Sowada
2026-04-23 11:58:02 +02:00
parent 8c0e0408d2
commit 12d7de5065
3 changed files with 242 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

318
src/services/authenticationManager.js
View File

@@ -1,80 +1,66 @@
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
let { levelId, message } = '';
const { fn, col, where } = require('sequelize');
/**
* Authentication class for login method, token validation and password setting
*/
class AuthenticationManager {
/**
*
* @param {object} model - Use the authentication database model for interact with the database
* @param {string} secretKey - Defines the server secret for token validation
*/
constructor(model, secretKey, eventManager) {
this.eventManager = eventManager;
// if (!model) throw new Error('Sequelize Model wird benötigt');
// if (!secretKey) throw new Error('Secret Key wird benötigt');
constructor(model, secretKey) {
this.Authentication = model;
this.SECRET_KEY = secretKey;
}
/**
* Helper: Case-insensitive User Lookup
*/
async findUser(sAMAccountName) {
return await this.Authentication.findOne({
where: where(
fn('LOWER', col('sAMAccountName')),
sAMAccountName.toLowerCase()
)
});
}
/**
* Set or reset password of user
* @param {string} sAMAccountName - Windows account name
* @param {string} password - Set the new password
*/
async setPassword(sAMAccountName, password) {
const user = await this.Authentication.findOne({ where: { sAMAccountName } });
const user = await this.findUser(sAMAccountName);
if (!user) {
// this.eventManager.write(null, 2, 0, { aboveLevel: 1 }, `User nicht gefunden`);
levelId = 2;
message = `Unbekannter User`
return {token: null, levelId: levelId };
// throw new Error(`User ${sAMAccountName} nicht gefunden`);
return { token: null, levelId: 2, message: 'Unbekannter User' };
}
// if (user.password) throw new Error('Passwort bereits gesetzt');
const hashedPassword = await bcrypt.hash(password, 10);
user.password = hashedPassword;
await user.save();
return { token: null, levelId: 0, message: 'Passwort gesetzt' };
}
/**
* Login mit Speicherung des Tokens in der Datenbank
* Login
*/
async login(sAMAccountName, password) {
const user = await this.Authentication.findOne({ where: { sAMAccountName } });
const user = await this.findUser(sAMAccountName);
if (!user) {
//this.eventManager.write(null, 2, null, null, `User ${sAMAccountName} nicht geufunden`)
levelId = 2;
message = `Unbekannter Benutzer`;
return { token: null, levelId: levelId, message: message };
// throw new Error('Unkown user');
return { token: null, levelId: 2, message: 'Unbekannter Benutzer' };
}
if (!user.password) {
this.setPassword(sAMAccountName, password);
// this.eventManager.write(user.ObjectGUID, 2, null, null, 'User registration initialized')
levelId = 1;
message = `Benutzer nicht registiert`;
return { token: null, levelId: levelId, message: message };
// throw new Error('User not registered');
await this.setPassword(sAMAccountName, password);
return { token: null, levelId: 1, message: 'Benutzer nicht registriert' };
}
const passwordMatch = await bcrypt.compare(password, user.password);
if (!passwordMatch) {
// this.eventManager.write(user.ObjectGUID, 2, null, null, 'Password doesn\'t match');
levelId = 2;
message = `Falsches Passwort`;
return { token: null, levelId: levelId, message: message };
// throw new Error('Wrong password');
return { token: null, levelId: 2, message: 'Falsches Passwort' };
}
// Token erzeugen
const payload = {
sAMAccountName: user.sAMAccountName,
mail: user.mail,
@@ -83,90 +69,266 @@ class AuthenticationManager {
};
const token = jwt.sign(payload, this.SECRET_KEY, { expiresIn: '100y' });
// Token in DB speichern
user.refreshtoken = token;
user.online = true;
await user.save();
// this.eventManager.write(user.ObjectGUID, 1, null, null, 'Erfolgreich angemeldet');
levelId = 0;
message = `Erfolgreich angemeldet`;
return { token: token, levelId: levelId, message: message };
return {
token,
levelId: 0,
message: 'Erfolgreich angemeldet'
};
}
/**
* Logout löscht Token aus der DB
* Logout
*/
async logout(sAMAccountName) {
const user = await this.Authentication.findOne({ where: { sAMAccountName } });
if (user) {
user.refreshtoken = null;
user.online = false;
await user.save();
levelId = 0;
message = `Erfolgreich abgemeldet`;
return { token: null, levelId: levelId, message: message };
const user = await this.findUser(sAMAccountName);
if (!user) {
return { token: null, levelId: 2, message: 'User nicht gefunden' };
}
user.refreshtoken = null;
user.online = false;
await user.save();
return { token: null, levelId: 0, message: 'Erfolgreich abgemeldet' };
}
/**
* Token-Prüfung (über DB)
* Token prüfen
*/
async verifyUserToken(sAMAccountName) {
const user = await this.Authentication.findOne({ where: { sAMAccountName } });
const user = await this.findUser(sAMAccountName);
if (!user || !user.refreshtoken) {
levelId = 1,
message = `Kein gültiger Token`;
// throw new Error('Kein gespeicherter Token gefunden');
return { valid: false, levelId: 1, message: 'Kein gültiger Token' };
}
try {
const payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
levelId = 0;
message = `User verifiziert`;
return { valid: true, payload, user, levelId: levelId, message: message }
return {
valid: true,
payload,
user,
levelId: 0,
message: 'User verifiziert'
};
} catch {
levelId = 4;
message = `Ungültiger Token`;
return { valid: false, payload, user, levelId: levelId, message: message }
return {
valid: false,
levelId: 4,
message: 'Ungültiger Token'
};
}
}
/**
* Express Middleware prüft Token direkt aus DB anhand sAMAccountNamec
* Middleware
*/
authenticate() {
return async (req, res, next) => {
try {
const sAMAccountName = req.cookies?.sAMAccountName;
const objectGUID = req.cookies?.ObjectGUID;
if (!sAMAccountName || !objectGUID) {
return res.redirect('/login');
// return res.status(401).json({ message: 'Kein Benutzer-Cookie gefunden' });
}
const user = await this.Authentication.findOne({ where: { sAMAccountName } });
if (!user || !user.refreshtoken) {
const user = await this.findUser(sAMAccountName);
if (!user || !user.refreshtoken || user.active === false) {
return res.redirect('/login');
// return res.status(401).json({ message: 'Benutzer oder Token nicht gefunden' });
}
if (user.active === false) {
return res.redirect('/login');
// return res.status(401).json({ message: 'Benutzer ist nicht aktiv' });
}
jwt.verify(user.refreshtoken, this.SECRET_KEY);
// Token aus DB prüfen
const payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
req.user = user;
next();
} catch (err) {
console.error(err);
return res.redirect('/login');
// res.status(401).json({ message: 'Authentifizierung fehlgeschlagen' });
}
};
}
}
module.exports = AuthenticationManager;
// const jwt = require('jsonwebtoken');
// const bcrypt = require('bcryptjs');
// let { levelId, message } = '';
// /**
// * Authentication class for login method, token validation and password setting
// */
// class AuthenticationManager {
// /**
// *
// * @param {object} model - Use the authentication database model for interact with the database
// * @param {string} secretKey - Defines the server secret for token validation
// */
// constructor(model, secretKey, eventManager) {
// this.eventManager = eventManager;
// // if (!model) throw new Error('Sequelize Model wird benötigt');
// // if (!secretKey) throw new Error('Secret Key wird benötigt');
// this.Authentication = model;
// this.SECRET_KEY = secretKey;
// }
// /**
// * Set or reset password of user
// * @param {string} sAMAccountName - Windows account name
// * @param {string} password - Set the new password
// */
// async setPassword(sAMAccountName, password) {
// const user = await this.Authentication.findOne({ where: { sAMAccountName } });
// if (!user) {
// // this.eventManager.write(null, 2, 0, { aboveLevel: 1 }, `User nicht gefunden`);
// levelId = 2;
// message = `Unbekannter User`
// return {token: null, levelId: levelId };
// // throw new Error(`User ${sAMAccountName} nicht gefunden`);
// }
// // if (user.password) throw new Error('Passwort bereits gesetzt');
// const hashedPassword = await bcrypt.hash(password, 10);
// user.password = hashedPassword;
// await user.save();
// }
// /**
// * Login mit Speicherung des Tokens in der Datenbank
// */
// async login(sAMAccountName, password) {
// const user = await this.Authentication.findOne({ where: { sAMAccountName } });
// if (!user) {
// //this.eventManager.write(null, 2, null, null, `User ${sAMAccountName} nicht geufunden`)
// levelId = 2;
// message = `Unbekannter Benutzer`;
// return { token: null, levelId: levelId, message: message };
// // throw new Error('Unkown user');
// }
// if (!user.password) {
// this.setPassword(sAMAccountName, password);
// // this.eventManager.write(user.ObjectGUID, 2, null, null, 'User registration initialized')
// levelId = 1;
// message = `Benutzer nicht registiert`;
// return { token: null, levelId: levelId, message: message };
// // throw new Error('User not registered');
// }
// const passwordMatch = await bcrypt.compare(password, user.password);
// if (!passwordMatch) {
// // this.eventManager.write(user.ObjectGUID, 2, null, null, 'Password doesn\'t match');
// levelId = 2;
// message = `Falsches Passwort`;
// return { token: null, levelId: levelId, message: message };
// // throw new Error('Wrong password');
// }
// // Token erzeugen
// const payload = {
// sAMAccountName: user.sAMAccountName,
// mail: user.mail,
// givenName: user.givenName,
// sn: user.sn
// };
// const token = jwt.sign(payload, this.SECRET_KEY, { expiresIn: '100y' });
// // Token in DB speichern
// user.refreshtoken = token;
// user.online = true;
// await user.save();
// // this.eventManager.write(user.ObjectGUID, 1, null, null, 'Erfolgreich angemeldet');
// levelId = 0;
// message = `Erfolgreich angemeldet`;
// return { token: token, levelId: levelId, message: message };
// }
// /**
// * Logout löscht Token aus der DB
// */
// async logout(sAMAccountName) {
// const user = await this.Authentication.findOne({ where: { sAMAccountName } });
// if (user) {
// user.refreshtoken = null;
// user.online = false;
// await user.save();
// levelId = 0;
// message = `Erfolgreich abgemeldet`;
// return { token: null, levelId: levelId, message: message };
// }
// }
// /**
// * Token-Prüfung (über DB)
// */
// async verifyUserToken(sAMAccountName) {
// const user = await this.Authentication.findOne({ where: { sAMAccountName } });
// if (!user || !user.refreshtoken) {
// levelId = 1,
// message = `Kein gültiger Token`;
// // throw new Error('Kein gespeicherter Token gefunden');
// }
// try {
// const payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
// levelId = 0;
// message = `User verifiziert`;
// return { valid: true, payload, user, levelId: levelId, message: message }
// } catch {
// levelId = 4;
// message = `Ungültiger Token`;
// return { valid: false, payload, user, levelId: levelId, message: message }
// }
// }
// /**
// * Express Middleware prüft Token direkt aus DB anhand sAMAccountNamec
// */
// authenticate() {
// return async (req, res, next) => {
// try {
// const sAMAccountName = req.cookies?.sAMAccountName;
// const objectGUID = req.cookies?.ObjectGUID;
// if (!sAMAccountName || !objectGUID) {
// return res.redirect('/login');
// // return res.status(401).json({ message: 'Kein Benutzer-Cookie gefunden' });
// }
// const user = await this.Authentication.findOne({ where: { sAMAccountName } });
// if (!user || !user.refreshtoken) {
// return res.redirect('/login');
// // return res.status(401).json({ message: 'Benutzer oder Token nicht gefunden' });
// }
// if (user.active === false) {
// return res.redirect('/login');
// // return res.status(401).json({ message: 'Benutzer ist nicht aktiv' });
// }
// // Token aus DB prüfen
// const payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
// req.user = user;
// next();
// } catch (err) {
// console.error(err);
// return res.redirect('/login');
// // res.status(401).json({ message: 'Authentifizierung fehlgeschlagen' });
// }
// };
// }
// }
// module.exports = AuthenticationManager;