Send username/password in body and fix cli

cli/actions.js

@@ -22,12 +22,12 @@ var API = '/api/files/';
 var gQuery = {};
 
 function checkConfig() {
-    if (!config.server() || !config.username() || !config.password()) {
+    if (!config.server() || !config.accessToken()) {
         console.log('You have run "login" first');
         process.exit(1);
     }
 
-    gQuery = { username: config.username(), password: config.password() };
+    gQuery = { access_token: config.accessToken() };
 
     console.error('Using server %s', config.server().cyan);
 }
@@ -65,7 +65,7 @@ function login(uri) {
     var username = readlineSync.question('Username: ');
     var password = readlineSync.question('Password: ', { hideEchoBack: true, mask: '' });
 
-    superagent.get(server + API + '/').query({ username: username, password: password }).end(function (error, result) {
+    superagent.post(server + '/api/login').send({ username: username, password: password }).end(function (error, result) {
         if (error && error.code === 'ENOTFOUND') {
             console.log('Server %s not found.'.red, server.bold);
             process.exit(1);
@@ -74,18 +74,19 @@ function login(uri) {
             console.log('Failed to connect to server %s'.red, server.bold, error.code);
             process.exit(1);
         }
-        if (result.status === 401) {
-            console.log('Login failed.'.red);
-            process.exit(1);
+        if (result.status !== 201) {
+            console.log('Login failed.\n'.red);
+            return login(uri);
         }
 
-        config.set('server', server);
-        config.set('username', username);
+        // TODO remove at some point, this is just to clear the previous old version values
+        config.set('username', '');
+        config.set('password', '');
 
-        // TODO this is clearly bad and needs fixing
-        config.set('password', password);
+        config.set('server', server);
+        config.set('accessToken', result.body.accessToken);
 
-        gQuery = { username: username, password: password };
+        gQuery = { access_token: result.body.accessToken };
 
         console.log('Login successful'.green);
     });

cli/config.js

@@ -16,8 +16,7 @@ exports = module.exports = {
 
     // convenience
     server: function () { return get('server'); },
-    username: function () { return get('username'); },
-    password: function () { return get('password'); }
+    accessToken: function () { return get('accessToken'); }
 };
 
 var HOME = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;

frontend/js/app.js

@@ -27,7 +27,7 @@ function login(username, password) {
 
     app.busy = true;
 
-    superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) {
+    superagent.post('/api/login').send({ username: username, password: password }).end(function (error, result) {
         app.busy = false;
 
         if (error) return console.error(error);

src/auth.js

@@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
         function (req, res, next) {
             var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
             if (!users) return res.send(401);
-            if (!users[req.query.username]) return res.send(401);
+            if (!users[req.body.username]) return res.send(401);
 
-            bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
+            bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
                 if (error || !valid) return res.send(401);
 
                 req.user = {
-                    username: req.query.username
+                    username: req.body.username
                 };
 
                 next();