mikedevita · October 27, 2017 18:35
diff --git a/AuthController.js b/AuthController.js
 "use strict";

 /**
 * AuthController
 * @description :: Server-side logic for manage users' authorization
 */

 const _ = require('lodash');
 const passport = require('passport');

 module.exports = {
  /**
   * Sign in by email\password
   * @param req
   * @param res
   */
  login(req, res) {
    passport.authenticate('ActiveDirectory', _.partial(sails.config.passport.onPassportAuth, req, res))(req, res);
  },

  /**
   * Accept JSON Web Token and updates with new one
   * @param req
   * @param res
   */
  refresh_token(req, res) {
    if (!req.param('token')) return res.badRequest(null, {message: 'You must provide token parameter'});

    const oldDecoded = CipherService.jwt.decodeSync(req.param('token'));

    res.ok({
      token: CipherService.jwt.encodeSync({id: oldDecoded.id})
    });
  }
 };
diff --git a/passport.js b/passport.js
 "use strict";

 /**
 * Passport configuration file where you should configure all your strategies
 * @description :: Configuration file where you configure your passport authentication
 */

 const _ = require('lodash');
 const passport = require('passport');
 const LocalStrategy = require('passport-local').Strategy;
 const JwtStrategy = require('passport-jwt').Strategy;
 const ExtractJwt = require('passport-jwt').ExtractJwt;
 const ADStrategy = require('passport-activedirectory')

 /**
 * Configuration object for local strategy
 * @type {Object}
 * @private
 */
 const LOCAL_STRATEGY_CONFIG = {
  usernameField: 'email',
  passwordField: 'password',
  session: false,
  passReqToCallback: true
 };

 /**
 * Configuration object for JWT strategy
 * @type {Object}
 * @private
 */
 const JWT_STRATEGY_CONFIG = {
  secretOrKey: 'DEFAULT_SECRET_KEY',
  jwtFromRequest: ExtractJwt.versionOneCompatibility({authScheme: 'Bearer', tokenBodyField: 'access_token'}),
  tokenQueryParameterName: 'access_token',
  session: false,
  passReqToCallback: true
 };

 /**
 * Configuration object for social strategies
 * @type {Object}
 * @private
 */
 const AD_STRATEGY_CONFIG = {
  integrated: false,
  passReqToCallback: true,
  allowedGroup: 'LinuxAdmins',
  ldap: {
    url: 'ldap://example.com',
    baseDN: 'DC=example,DC=com',
    username: '[email protected]',
    password: 'password1234'
  }
 };

 /**
 * Triggers when user authenticates via local strategy
 * @param {Object} req Request object
 * @param {String} username Username from body field in request
 * @param {String} password Password from body field in request
 * @param {Function} next Callback
 * @private
 */
 const _onLocalStrategyAuth = (req, username, password, next) => {
  User
    .findOne({[LOCAL_STRATEGY_CONFIG.usernameField]: username})
    .then(user => {
      if (!user) return next(null, null, sails.config.errors.USER_NOT_FOUND);
      if (!HashService.bcrypt.compareSync(password, user.password)) return next(null, null, sails.config.errors.USER_NOT_FOUND);
      return next(null, user, {});
    })
    .catch(next);
 };

 /**
 * Triggers when user authenticates via JWT strategy
 * @param {Object} req Request object
 * @param {Object} payload Decoded payload from JWT
 * @param {Function} next Callback
 * @private
 */
 const _onJwtStrategyAuth = (req, payload, next) => {
  User
    .findOne({id: payload.id})
    .then(user => {
      if (!user) return next(null, null, sails.config.errors.USER_NOT_FOUND);
      return next(null, user, {});
    })
    .catch(next);
 };

 const _onADStrategyAuth = (req, profile, ad, next) => {
  
  ad.isUserMemberOf(profile._json.dn, AD_STRATEGY_CONFIG.allowedGroup, function (err, isMember) {
    if (err) return next(err)

    User.findOrCreate({
      username: profile._json.sAMAccountName
    }, {
      username: profile._json.sAMAccountName,
      email: profile._json.mail,
      firstName: profile.name.givenName,
      lastName: profile.name.familyName
    })
    .then((user) => {
      return next(null, user)
    })
    .catch(next)
    
  })
 };

 module.exports = {
  passport: {
    /**
     * Triggers when all Passport steps is done and user profile is parsed
     * @param {Object} req Request object
     * @param {Object} res Response object
     * @param {Object} error Object with error info
     * @param {Object} user User object
     * @param {Object} info Information object
     * @returns {*}
     * @private
     */
    onPassportAuth(req, res, error, user, info) {
      if (error || !user) return res.negotiate(error || info);

      return res.ok({
        token: CipherService.jwt.encodeSync({id: user.id}),
        user: user
      });
    }
  }
 };

 passport.use(new LocalStrategy(_.assign({}, LOCAL_STRATEGY_CONFIG), _onLocalStrategyAuth));
 passport.use(new JwtStrategy(_.assign({}, JWT_STRATEGY_CONFIG), _onJwtStrategyAuth));
 passport.use(new ADStrategy(_.assign({}, AD_STRATEGY_CONFIG), _onADStrategyAuth));
	"use strict";

	/**
	* AuthController
	* @description :: Server-side logic for manage users' authorization
	*/

	const _ = require('lodash');
	const passport = require('passport');

	module.exports = {
	/**
	* Sign in by email\password
	* @param req
	* @param res
	*/
	login(req, res) {
	passport.authenticate('ActiveDirectory', _.partial(sails.config.passport.onPassportAuth, req, res))(req, res);
	},

	/**
	* Accept JSON Web Token and updates with new one
	* @param req
	* @param res
	*/
	refresh_token(req, res) {
	if (!req.param('token')) return res.badRequest(null, {message: 'You must provide token parameter'});

	const oldDecoded = CipherService.jwt.decodeSync(req.param('token'));

	res.ok({
	token: CipherService.jwt.encodeSync({id: oldDecoded.id})
	});
	}
	};
	"use strict";

	/**
	* Passport configuration file where you should configure all your strategies
	* @description :: Configuration file where you configure your passport authentication
	*/

	const _ = require('lodash');
	const passport = require('passport');
	const LocalStrategy = require('passport-local').Strategy;
	const JwtStrategy = require('passport-jwt').Strategy;
	const ExtractJwt = require('passport-jwt').ExtractJwt;
	const ADStrategy = require('passport-activedirectory')

	/**
	* Configuration object for local strategy
	* @type {Object}
	* @private
	*/
	const LOCAL_STRATEGY_CONFIG = {
	usernameField: 'email',
	passwordField: 'password',
	session: false,
	passReqToCallback: true
	};

	/**
	* Configuration object for JWT strategy
	* @type {Object}
	* @private
	*/
	const JWT_STRATEGY_CONFIG = {
	secretOrKey: 'DEFAULT_SECRET_KEY',
	jwtFromRequest: ExtractJwt.versionOneCompatibility({authScheme: 'Bearer', tokenBodyField: 'access_token'}),
	tokenQueryParameterName: 'access_token',
	session: false,
	passReqToCallback: true
	};

	/**
	* Configuration object for social strategies
	* @type {Object}
	* @private
	*/
	const AD_STRATEGY_CONFIG = {
	integrated: false,
	passReqToCallback: true,
	allowedGroup: 'LinuxAdmins',
	ldap: {
	url: 'ldap://example.com',
	baseDN: 'DC=example,DC=com',
	username: '[email protected]',
	password: 'password1234'
	}
	};

	/**
	* Triggers when user authenticates via local strategy
	* @param {Object} req Request object
	* @param {String} username Username from body field in request
	* @param {String} password Password from body field in request
	* @param {Function} next Callback
	* @private
	*/
	const _onLocalStrategyAuth = (req, username, password, next) => {
	User
	.findOne({[LOCAL_STRATEGY_CONFIG.usernameField]: username})
	.then(user => {
	if (!user) return next(null, null, sails.config.errors.USER_NOT_FOUND);
	if (!HashService.bcrypt.compareSync(password, user.password)) return next(null, null, sails.config.errors.USER_NOT_FOUND);
	return next(null, user, {});
	})
	.catch(next);
	};

	/**
	* Triggers when user authenticates via JWT strategy
	* @param {Object} req Request object
	* @param {Object} payload Decoded payload from JWT
	* @param {Function} next Callback
	* @private
	*/
	const _onJwtStrategyAuth = (req, payload, next) => {
	User
	.findOne({id: payload.id})
	.then(user => {
	if (!user) return next(null, null, sails.config.errors.USER_NOT_FOUND);
	return next(null, user, {});
	})
	.catch(next);
	};

	const _onADStrategyAuth = (req, profile, ad, next) => {

	ad.isUserMemberOf(profile._json.dn, AD_STRATEGY_CONFIG.allowedGroup, function (err, isMember) {
	if (err) return next(err)

	User.findOrCreate({
	username: profile._json.sAMAccountName
	}, {
	username: profile._json.sAMAccountName,
	email: profile._json.mail,
	firstName: profile.name.givenName,
	lastName: profile.name.familyName
	})
	.then((user) => {
	return next(null, user)
	})
	.catch(next)

	})
	};

	module.exports = {
	passport: {
	/**
	* Triggers when all Passport steps is done and user profile is parsed
	* @param {Object} req Request object
	* @param {Object} res Response object
	* @param {Object} error Object with error info
	* @param {Object} user User object
	* @param {Object} info Information object
	* @returns {*}
	* @private
	*/
	onPassportAuth(req, res, error, user, info) {
	if (error \|\| !user) return res.negotiate(error \|\| info);

	return res.ok({
	token: CipherService.jwt.encodeSync({id: user.id}),
	user: user
	});
	}
	}
	};

	passport.use(new LocalStrategy(_.assign({}, LOCAL_STRATEGY_CONFIG), _onLocalStrategyAuth));
	passport.use(new JwtStrategy(_.assign({}, JWT_STRATEGY_CONFIG), _onJwtStrategyAuth));
	passport.use(new ADStrategy(_.assign({}, AD_STRATEGY_CONFIG), _onADStrategyAuth));