Skip to content
This repository was archived by the owner on Dec 12, 2024. It is now read-only.

Allow password login #20

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Allow password login #20

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dfd8915
Reindent authentication logic
plumdog Jun 25, 2018
3eeee21
Fix rejection methodsLeft
plumdog Jun 25, 2018
5413ca1
Allow password login
plumdog Jun 25, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 71 additions & 21 deletions lib/node-sftp-s3.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ class SFTPS3Server extends EventEmitter {
super();
this.s3 = s3Instance;
this.publicKeys = [];
this.passwordLogins = [];
this.hostKeys = [];
this.loggingEnabled = false;
}
Expand Down Expand Up @@ -60,6 +61,19 @@ class SFTPS3Server extends EventEmitter {
this._log(util.format('Added public key for username %s, path %s', username, path));
}

addPasswordLogin(password, username, ns) {
var path = _path.normalize(username);
if(ns) {
path = _path.join(_path.normalize(ns), path);
}

while (path.indexOf('\\') >= 0)
path = path.replace('\\', '/');

this.passwordLogins.push({ password: password, username: username, path: path });
this._log(util.format('Added password login for username %s, path %s', username, path));
}

/**
* Remove the public key for a username
*
Expand All @@ -73,6 +87,14 @@ class SFTPS3Server extends EventEmitter {
});
}

removePasswordLogin(username) {
const self = this;
_.remove(this.passwordLogins, (p) => {
self._log(util.format('Removed password login for username %s', username));
Copy link
Owner

@cmrigney cmrigney Jul 4, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please move this log message outside of this function. It will be called for each user in the passwordLogins. It would also be useful to check that the length changed to ensure the user was actually removed.

return p.username === username;
});
}

/**
* Remove all public keys
*/
Expand All @@ -81,6 +103,11 @@ class SFTPS3Server extends EventEmitter {
this.publicKeys = [];
}

removeAllPasswordLogins() {
this._log(util.format('Removed all password logins'));
this.passwordLogins = [];
}

/**
* Add a host key. You need at least one host key before you can start the server.
*
Expand All @@ -106,36 +133,48 @@ class SFTPS3Server extends EventEmitter {
hostKeys: this.hostKeys
}, (client) => {
var pubKey;
var remainingMethods = ['publickey', 'password'];
client.on('error', (err) => {
this.emit('client-error', { client: client, error: err });
});
client.on('authentication', (ctx) => {
if(ctx.method !== 'publickey') {
this._log('rejecting non-public-key authentication');
return ctx.reject(['publickey']);
}

pubKey = this._findKey(ctx.username, ctx.key);
if(!pubKey) {
this._log('public key not found');
return ctx.reject(['publickey not found']);
}
var supportedMethods = ['publickey', 'password'];

if(ctx.method === 'publickey') {
remainingMethods = ['password']
pubKey = this._findKey(ctx.username, ctx.key);
if(!pubKey) {
this._log('public key not found');
return ctx.reject(remainingMethods);
}

if(ctx.signature) {
var verifier = crypto.createVerify(ctx.sigAlgo);
verifier.update(ctx.blob);
if(verifier.verify(pubKey.key.publicOrig, ctx.signature)) {
this._log('signature verified');
return ctx.accept();
if(ctx.signature) {
var verifier = crypto.createVerify(ctx.sigAlgo);
verifier.update(ctx.blob);
if(verifier.verify(pubKey.key.publicOrig, ctx.signature)) {
this._log('signature verified');
return ctx.accept();
}
else {
this._log('signature rejected');
return ctx.reject(remainingMethods);
}
}
else {
this._log('signature rejected');
return ctx.reject();
this._log('no signature present');
return ctx.accept();
}
} else if(ctx.method === 'password') {
remainingMethods = [];
pubKey = this._findPassword(ctx.username, ctx.password);
if (!pubKey) {
this._log('password not found');
return ctx.reject(remainingMethods);
}
}
else {
this._log('no signature present');
return ctx.accept();
} else {
this._log('unsupported method ' + ctx.method);
return ctx.reject(remainingMethods);
}
})
.on('ready', () => {
Expand Down Expand Up @@ -679,6 +718,17 @@ class SFTPS3Server extends EventEmitter {
}
}

_findPassword(username, password) {
for (var idx = 0; idx < this.passwordLogins.length; idx++) {
if (this.passwordLogins[idx]['username'] == username) {
var passwd = this.passwordLogins[idx];
if (passwd.password === password) {
return passwd;
}
}
}
}

_mapKey(path, filename) {
var p = filename;
p = p.replace('\\\\', '/');
Expand Down