Send username/password in body and fix cli

Johannes Zellner
Commit 9b7a26fc authored Feb 09, 2017 by Johannes Zellner
Showing with 17 additions and 17 deletions
cli/actions.js
cli/config.js
frontend/js/app.js
src/auth.js
--- a/cli/actions.js
+++ b/cli/actions.js
@@ -22,12 +22,12 @@ var API = '/api/files/';
 var gQuery = {};
 function checkConfig() {
-    if (!config.server() || !config.username() || !config.password()) {
+    if (!config.server() || !config.accessToken()) {
        console.log('You have run "login" first');
        process.exit(1);
    }
-    gQuery = { username: config.username(), password: config.password() };
+    gQuery = { access_token: config.accessToken() };
    console.error('Using server %s', config.server().cyan);
 }
@@ -65,7 +65,7 @@ function login(uri) {
    var username = readlineSync.question('Username: ');
    var password = readlineSync.question('Password: ', { hideEchoBack: true, mask: '' });
-    superagent.get(server + API + '/').query({ username: username, password: password }).end(function (error, result) {
+    superagent.post(server + '/api/login').send({ username: username, password: password }).end(function (error, result) {
        if (error && error.code === 'ENOTFOUND') {
            console.log('Server %s not found.'.red, server.bold);
            process.exit(1);
@@ -74,18 +74,19 @@ function login(uri) {
            console.log('Failed to connect to server %s'.red, server.bold, error.code);
            process.exit(1);
        }
-        if (result.status === 401) {
+        if (result.status !== 201) {
-            console.log('Login failed.'.red);
+            console.log('Login failed.\n'.red);
-            process.exit(1);
+            return login(uri);
        }
-        config.set('server', server);
+        // TODO remove at some point, this is just to clear the previous old version values
-        config.set('username', username);
+        config.set('username', '');
+        config.set('password', '');
-        // TODO this is clearly bad and needs fixing
+        config.set('server', server);
-        config.set('password', password);
+        config.set('accessToken', result.body.accessToken);
-        gQuery = { username: username, password: password };
+        gQuery = { access_token: result.body.accessToken };
        console.log('Login successful'.green);
    });

--- a/cli/config.js
+++ b/cli/config.js
@@ -16,8 +16,7 @@ exports = module.exports = {
    // convenience
    server: function () { return get('server'); },
-    username: function () { return get('username'); },
+    accessToken: function () { return get('accessToken'); }
-    password: function () { return get('password'); }
 };
 var HOME = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;

--- a/frontend/js/app.js
+++ b/frontend/js/app.js
@@ -27,7 +27,7 @@ function login(username, password) {
    app.busy = true;
-    superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) {
+    superagent.post('/api/login').send({ username: username, password: password }).end(function (error, result) {
        app.busy = false;
        if (error) return console.error(error);

--- a/src/auth.js
+++ b/src/auth.js
@@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
        function (req, res, next) {
            var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
            if (!users) return res.send(401);
-            if (!users[req.query.username]) return res.send(401);
+            if (!users[req.body.username]) return res.send(401);
-            bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
+            bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
                if (error || !valid) return res.send(401);
                req.user = {
-                    username: req.query.username
+                    username: req.body.username
                };
                next();