Merge pull request #2 from codingchili/master

Pulling changes

Author: codingchili

config.json

@@ -1,6 +1,6 @@
 {
   "authentication": {
-    "url": "ldap://localhost:10389",
+    "url": "ldap://localhost:10388",
     "admin": {
       "dn": "uid=admin,ou=system",
       "password": "secret"

public/script/app.js

@@ -32,7 +32,6 @@ app.controller('kbn-authentication-plugin', function ($scope, $http) {
   };
 
   $scope.init = function () {
-    console.log('init');
     $http.get('/groups').then(
       function success(request) {
         $scope.groups = request.data.groups;

src/filter.js

@@ -53,7 +53,7 @@ module.exports = {
    *
    * @param req the request to be inspected contains user groups and requested index.
    * @returns {*}
-     */
+   */
   handleSearch: function (req) {
     var query = getQueryList(req.bodyContent);
     var response = '';
@@ -64,19 +64,20 @@ module.exports = {
       for (var i = 0; i < query.length; i++) {
         var search = JSON.parse(query[i]);
 
-        if (search.index) {
-          if (!module.exports.authorizedIndex(search.index, token.groups)) {
-            authorized = false;
-          }
-        }
-        response += JSON.stringify(search) + '\n';
+        if (search.index && !authorizedIndex(search.index, token.groups))
+          authorized = false;
+
+        response += JSON.stringify(search);
+
+        if (i != query.length - 1)
+          response += '\n';
       }
     } catch (err) {
       authorized = false;
     }
 
     if (authorized) {
-      req.bodyContent = new Buffer(response, 'utf8')
+      req.bodyContent = new Buffer(response);
     } else {
       req.bodyContent = new Buffer('{}');
     }
@@ -90,24 +91,9 @@ module.exports = {
    * @param index the name of the index.
    * @param groups an array of groups to look in.
    * @returns {boolean}
-     */
+   */
   authorizedIndex: function (index, groups) {
-    var authorized = true;
-    index = (index instanceof Array) ? index : [index];
-
-    for (var i = 0; i < index.length; i++) {
-      var member = false;
-
-      for (var k = 0; k < groups.length; k++) {
-        if (index[i] === groups[k])
-          member = true;
-      }
-
-      if (!member)
-        authorized = false;
-    }
-
-    return authorized;
+    return authorizedIndex(index, groups);
   }
 };
 
@@ -124,7 +110,25 @@ function getQueryList(content) {
   if (list.length === 0)
     return [content.toString()];
   else {
-    list.splice(-1, 1);
     return list;
   }
 }
+
+function authorizedIndex(index, groups) {
+  var authorized = true;
+  index = (index instanceof Array) ? index : [index];
+
+  for (var i = 0; i < index.length; i++) {
+    var member = false;
+
+    for (var k = 0; k < groups.length; k++) {
+      if (index[i] === groups[k])
+        member = true;
+    }
+
+    if (!member)
+      authorized = false;
+  }
+
+  return authorized;
+}

src/twofactor.js

@@ -11,10 +11,19 @@
 const Speakeasy = require('speakeasy');
 const QR = require('qr-image');
 const Config = require('./config').load('two-factor');
-const User = require('./model/users');
+var User = require('./model/users');
 
 module.exports = {
 
+  /**
+   * Override the default data store.
+   * 
+   * @param store implements model/users.js
+     */
+  init: function (store) {
+    this.User = store;
+  },
+
   /**
    * Verifies a 2-FA key with the current timeframe and
    * the stored secret for the given user.

test/authentication.js

@@ -7,91 +7,39 @@
 
 const Assert = require('assert');
 const Authentication = require('../src/authentication');
-const LDAP = require('ldapjs');
-const Server = LDAP.createServer();
-
-const USERNAME = 'username';
-const PASSWORD = 'password';
-const PASSWORD_WRONG = 'pass-wrong';
-
+const Mock = require('./mock/LDAP');
 
 describe('LDAP Authentication', function () {
 
-  before(function () {
-    Server.listen(10388, '0.0.0.0');
-
-    Server.bind('uid=admin,ou=system', function (req, res, next) {
-      if (req.credentials === PASSWORD_WRONG) {
-        return next(new LDAP.InvalidCredentialsError());
-      } else {
-        res.end();
-        return next();
-      }
-    });
-
-    Server.search('ou=users,ou=system', function (req, res, next) {
-      var entry = {
-        dn: 'uid=admin, ou=system',
-        attributes: {
-          objectclass: ['top', 'organization'],
-          o: ['system'],
-          uid: USERNAME
-        }
-      };
-
-      // Returns an entry for all other searches, simulating a missing entry.
-      if (req.filter.json.value === 'missing') {
-        res.end();
-        return next();
-      } else {
-        res.send(entry);
-        res.end();
-        return next();
-      }
-    });
-  });
-
-
-  Server.search('ou=groups,ou=system', function (req, res, next) {
-    var entry = {
-      dn: 'ou=groups,ou=system',
-      attributes: {
-        objectClass: 'groupOfNames',
-        member: 'uid=' + USERNAME,
-        cn: 'group-name'
-      }
-    };
-
-    res.send(entry);
-    res.end();
-    return next();
-  });
+  before((function () {
+    Mock.init();
+  }));
 
   it('Should bind successfully with a client.', function (done) {
-    Authentication.ldap(USERNAME, PASSWORD, function (err, user) {
-      Assert.equal(user.uid, USERNAME);
+    Authentication.ldap(Mock.USERNAME, Mock.PASSWORD, function (err, user) {
+      Assert.equal(user.uid, Mock.USERNAME);
       Assert.equal(err, null);
       done();
     });
   });
 
   it('Should fail to bind with an user using wrong password.', function (done) {
-    Authentication.ldap(USERNAME, PASSWORD_WRONG, function (err, user) {
+    Authentication.ldap(Mock.USERNAME, Mock.PASSWORD_WRONG, function (err, user) {
       Assert.notEqual(err, null);
       done();
     });
   });
 
   it('Should fail to bind with a user that do not exist.', function (done) {
-    Authentication.ldap('missing', PASSWORD, function (err, user) {
+    Authentication.ldap('missing', Mock.PASSWORD, function (err, user) {
       Assert.equal(user, null);
       Assert.notEqual(err, null);
       done();
     });
   });
 
   it('Should retrieve all the groups an user is member of.', function (done) {
-    Authentication.ldap(USERNAME, PASSWORD, function (err, user) {
+    Authentication.ldap(Mock.USERNAME, Mock.PASSWORD, function (err, user) {
       Assert.equal(user.groups.length, 1);
       Assert.equal(err, null);
       done();

test/filter.js

@@ -15,14 +15,16 @@ describe('Filter - Route proxying and resource filtering', function () {
   });
 
   it('Should accept any searches that do not specify index.', function () {
+    var token = Authentication.signToken('uid', []);
+    var payload = new Buffer('{}\n{}');
     var request = Filter.handleSearch({
-      bodyContent: new Buffer("{}\n{}"),
+      bodyContent: payload,
       headers: {
-        cookie: ""
+        cookie: 'token=' + token
       }
     });
 
-    Assert.equal(new Buffer('{}').toString(), request.bodyContent.toString());
+    Assert.equal(request.bodyContent.toString(), payload.toString());
   });
 
   it('Should return empty request when token is invalid.', function () {
@@ -34,7 +36,7 @@ describe('Filter - Route proxying and resource filtering', function () {
       }
     });
 
-    Assert.equal(new Buffer('{}').toString(), request.bodyContent.toString());
+    Assert.equal(request.bodyContent.toString(), '{}');
   });
 
   it('Should return request when token is valid for given index', function () {
@@ -47,7 +49,7 @@ describe('Filter - Route proxying and resource filtering', function () {
       }
     });
 
-    Assert.equal(payload.toString() + '\n', request.bodyContent.toString());
+    Assert.equal(request.bodyContent.toString(), payload.toString());
   });
 
 });

test/mock/LDAP.js

@@ -0,0 +1,65 @@
+const LDAP = require('ldapjs');
+const Server = LDAP.createServer();
+
+const USERNAME = 'username';
+const PASSWORD = 'password';
+const PASSWORD_WRONG = 'pass-wrong';
+
+module.exports = {
+  USERNAME: USERNAME,
+  PASSWORD: PASSWORD,
+  PASSWORD_WRONG: PASSWORD_WRONG,
+
+  init: function () {
+    Server.listen(10388, '0.0.0.0');
+
+    Server.bind('uid=admin,ou=system', authenticateAdmin);
+    Server.search('ou=users,ou=system', findUser);
+    Server.search('ou=groups,ou=system', findGroups);
+  }
+};
+
+function authenticateAdmin (req, res, next) {
+  if (req.credentials === PASSWORD_WRONG) {
+    return next(new LDAP.InvalidCredentialsError());
+  } else {
+    res.end();
+    return next();
+  }
+}
+
+function findUser (req, res, next) {
+  var entry = {
+    dn: 'uid=admin, ou=system',
+    attributes: {
+      objectclass: ['top', 'organization'],
+      o: ['system'],
+      uid: USERNAME
+    }
+  };
+
+  // Returns an entry for all other searches, simulating a missing entry.
+  if (req.filter.json.value === 'missing') {
+    res.end();
+    return next();
+  } else {
+    res.send(entry);
+    res.end();
+    return next();
+  }
+}
+
+function findGroups (req, res, next) {
+  var entry = {
+    dn: 'ou=groups,ou=system',
+    attributes: {
+      objectClass: 'groupOfNames',
+      member: 'uid=' + USERNAME,
+      cn: 'group-name'
+    }
+  };
+
+  res.send(entry);
+  res.end();
+  return next();
+}

test/mock/MongoDB.js

@@ -0,0 +1,29 @@
+/**
+ * @author Robin Duda
+ *
+ * Mock implementation of users (MongoDB) for testing
+ * modules that depend on MongoDB.
+ *
+ * For documentation see users.js
+ */
+
+var users = {};
+
+module.exports = {
+
+  getSecret: function (username, token, callback) {
+    callback(users[username], users[username].secret);
+  },
+
+  setVerified: function (username, verified) {
+    users[username].verified = verified;
+  },
+
+  create: function (username, key) {
+    users[username].secret = {key: key, verified: false};
+  },
+
+  remove: function (username) {
+    users[username] = null;
+  }
+};

test/twofactor.js

@@ -11,6 +11,10 @@ const USERNAME = 'test-username';
 
 describe('Two-factor authentication', function () {
 
+  before((function () {
+    TwoFactor.init(require('./mock/mongodb'));
+  }));
+
   it('Should generate a qr-svg image.', function () {
     var svg = TwoFactor.create(USERNAME).svg;
     Assert.equal(svg.startsWith('<svg'), true);