AD auth supports basic auth

2026-04-22 22:46:01 +00:00 · 2024-07-26 09:57:27 +02:00
parent 05329951f9
commit 8db941dc06
2 changed files with 17 additions and 16 deletions
--- a/packages/api/src/auth/authProvider.js
+++ b/packages/api/src/auth/authProvider.js
@@ -49,10 +49,6 @@ class AuthProviderBase {
    return {};
  }

-  getBasicAuthLogins() {
-    return null;
-  }
-
  shouldAuthorizeApi() {
    return false;
  }
@@ -163,11 +159,11 @@ class ADProvider extends AuthProviderBase {
  }

  shouldAuthorizeApi() {
-    return true;
+    return !process.env.BASIC_AUTH;
  }

  isLoginForm() {
-    return true;
+    return !process.env.BASIC_AUTH;
  }
 }

@@ -186,13 +182,6 @@ class LoginsProvider extends AuthProviderBase {
    return { error: 'Invalid credentials' };
  }

-  getBasicAuthLogins() {
-    const logins = getEnvLogins();
-    if (logins && process.env.BASIC_AUTH) {
-      return _.fromPairs(logins.filter(x => x.password).map(x => [x.login, x.password]));
-    }
-  }
-
  shouldAuthorizeApi() {
    return !process.env.BASIC_AUTH;
  }
--- a/packages/api/src/main.js
+++ b/packages/api/src/main.js
@@ -45,11 +45,23 @@ function start() {

  const server = http.createServer(app);

-  const basicAuthLogins = createAuthProvider().getBasicAuthLogins();
-  if (basicAuthLogins) {
+  if (process.env.BASIC_AUTH) {
+    async function authorizer(username, password, cb) {
+      try {
+        const resp = await createAuthProvider().login(username, password);
+        if (resp.accessToken) {
+          cb(null, true);
+        } else {
+          cb(null, false);
+        }
+      } catch (err) {
+        cb(err, false);
+      }
+    }
    app.use(
      basicAuth({
-        users: basicAuthLogins,
+        authorizer,
+        authorizeAsync: true,
        challenge: true,
        realm: 'DbGate Web App',
      })