9b7a26fc by Johannes Zellner

Send username/password in body and fix cli

1 parent 0af9051c
......@@ -22,12 +22,12 @@ var API = '/api/files/';
var gQuery = {};
function checkConfig() {
if (!config.server() || !config.username() || !config.password()) {
if (!config.server() || !config.accessToken()) {
console.log('You have run "login" first');
process.exit(1);
}
gQuery = { username: config.username(), password: config.password() };
gQuery = { access_token: config.accessToken() };
console.error('Using server %s', config.server().cyan);
}
......@@ -65,7 +65,7 @@ function login(uri) {
var username = readlineSync.question('Username: ');
var password = readlineSync.question('Password: ', { hideEchoBack: true, mask: '' });
superagent.get(server + API + '/').query({ username: username, password: password }).end(function (error, result) {
superagent.post(server + '/api/login').send({ username: username, password: password }).end(function (error, result) {
if (error && error.code === 'ENOTFOUND') {
console.log('Server %s not found.'.red, server.bold);
process.exit(1);
......@@ -74,18 +74,19 @@ function login(uri) {
console.log('Failed to connect to server %s'.red, server.bold, error.code);
process.exit(1);
}
if (result.status === 401) {
console.log('Login failed.'.red);
process.exit(1);
if (result.status !== 201) {
console.log('Login failed.\n'.red);
return login(uri);
}
config.set('server', server);
config.set('username', username);
// TODO remove at some point, this is just to clear the previous old version values
config.set('username', '');
config.set('password', '');
// TODO this is clearly bad and needs fixing
config.set('password', password);
config.set('server', server);
config.set('accessToken', result.body.accessToken);
gQuery = { username: username, password: password };
gQuery = { access_token: result.body.accessToken };
console.log('Login successful'.green);
});
......
......@@ -16,8 +16,7 @@ exports = module.exports = {
// convenience
server: function () { return get('server'); },
username: function () { return get('username'); },
password: function () { return get('password'); }
accessToken: function () { return get('accessToken'); }
};
var HOME = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;
......
......@@ -27,7 +27,7 @@ function login(username, password) {
app.busy = true;
superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) {
superagent.post('/api/login').send({ username: username, password: password }).end(function (error, result) {
app.busy = false;
if (error) return console.error(error);
......
......@@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
function (req, res, next) {
var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
if (!users) return res.send(401);
if (!users[req.query.username]) return res.send(401);
if (!users[req.body.username]) return res.send(401);
bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
if (error || !valid) return res.send(401);
req.user = {
username: req.query.username
username: req.body.username
};
next();
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!