137 lines
3.5 KiB
JavaScript
137 lines
3.5 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const bcrypt = require('bcryptjs');
|
|
|
|
class AuthenticationManager {
|
|
|
|
constructor(model, secretKey) {
|
|
this.Authentication = model;
|
|
this.SECRET_KEY = secretKey;
|
|
}
|
|
|
|
// =========================================================
|
|
// USER
|
|
// =========================================================
|
|
|
|
async findUser(sAMAccountName) {
|
|
return this.Authentication.findOne({
|
|
where: { sAMAccountName }
|
|
});
|
|
}
|
|
|
|
// =========================================================
|
|
// PASSWORD
|
|
// =========================================================
|
|
|
|
async setPassword(sAMAccountName, password) {
|
|
const user = await this.findUser(sAMAccountName);
|
|
|
|
if (!user) {
|
|
return { token: null, levelId: 2, message: 'Unbekannter User' };
|
|
}
|
|
|
|
user.password = await bcrypt.hash(password, 10);
|
|
await user.save();
|
|
|
|
return { token: null, levelId: 0, message: 'Passwort gesetzt' };
|
|
}
|
|
|
|
// =========================================================
|
|
// LOGIN
|
|
// =========================================================
|
|
|
|
async login(sAMAccountName, password) {
|
|
const user = await this.findUser(sAMAccountName);
|
|
|
|
if (!user) {
|
|
return { token: null, levelId: 2, message: 'Unbekannter Benutzer' };
|
|
}
|
|
|
|
if (!user.password) {
|
|
await this.setPassword(sAMAccountName, password);
|
|
return { token: null, levelId: 1, message: 'Benutzer nicht registriert' };
|
|
}
|
|
|
|
const ok = await bcrypt.compare(password, user.password);
|
|
|
|
if (!ok) {
|
|
return { token: null, levelId: 2, message: 'Falsches Passwort' };
|
|
}
|
|
|
|
if(!user.active) {
|
|
return { token: null, levelId: 2, message: 'Benutzer nicht aktiv' };
|
|
}
|
|
|
|
const token = jwt.sign(
|
|
{
|
|
ObjectGUID: user.ObjectGUID,
|
|
sAMAccountName: user.sAMAccountName
|
|
},
|
|
this.SECRET_KEY,
|
|
{ expiresIn: '1y' }
|
|
);
|
|
|
|
user.refreshtoken = token;
|
|
await this.setOnline(sAMAccountName);
|
|
await user.save();
|
|
|
|
return { token, levelId: 0, message: 'Erfolgreich angemeldet' };
|
|
}
|
|
|
|
|
|
async setOnline(sAMAccountName) {
|
|
const user = await this.findUser(sAMAccountName);
|
|
user.online = true;
|
|
await user.save();
|
|
}
|
|
|
|
async setOffline(sAMAccountName) {
|
|
const user = await this.findUser(sAMAccountName);
|
|
user.online = false;
|
|
await user.save();
|
|
}
|
|
|
|
|
|
// =========================================================
|
|
// LOGOUT
|
|
// =========================================================
|
|
|
|
async logout(sAMAccountName) {
|
|
const user = await this.findUser(sAMAccountName);
|
|
|
|
if (!user) {
|
|
return { token: null, levelId: 2, message: 'User nicht gefunden' };
|
|
}
|
|
|
|
user.refreshtoken = null;
|
|
await user.save();
|
|
await this.setOffline();
|
|
|
|
return { token: null, levelId: 0, message: 'Erfolgreich abgemeldet' };
|
|
}
|
|
|
|
// =========================================================
|
|
// VERIFY TOKEN
|
|
// =========================================================
|
|
|
|
async verifyUserToken(sAMAccountName) {
|
|
const user = await this.findUser(sAMAccountName);
|
|
|
|
if (!user || !user.refreshtoken) {
|
|
return { valid: false, levelId: 1 };
|
|
}
|
|
|
|
try {
|
|
const payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
|
|
|
|
return {
|
|
valid: true,
|
|
user,
|
|
payload
|
|
};
|
|
} catch {
|
|
return { valid: false, levelId: 4 };
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = AuthenticationManager; |