Call authentication hooks before default basic authentication.
This allows authenticators to do any extra session setup for a given user, even if their username/password happens to match settings.json.
This commit is contained in:
parent
6ecc1c3895
commit
e0582797f2
|
@ -36,13 +36,16 @@ exports.basicAuth = function (req, res, next) {
|
|||
var userpass = new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString().split(":")
|
||||
var username = userpass.shift();
|
||||
var password = userpass.join(':');
|
||||
|
||||
if (settings.users[username] != undefined && settings.users[username].password == password) {
|
||||
settings.users[username].username = username;
|
||||
req.session.user = settings.users[username];
|
||||
return cb(true);
|
||||
}
|
||||
return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(cb));
|
||||
var fallback = function(success) {
|
||||
if (success) return cb(true);
|
||||
if (settings.users[username] != undefined && settings.users[username].password == password) {
|
||||
settings.users[username].username = username;
|
||||
req.session.user = settings.users[username];
|
||||
return cb(true);
|
||||
}
|
||||
return cb(false);
|
||||
};
|
||||
return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(fallback));
|
||||
}
|
||||
hooks.aCallFirst("authenticate", {req: req, res:res, next:next}, hookResultMangle(cb));
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue