Giters

jlguenego / node-expose-sspi

Expose Microsoft Windows SSPI to Node for SSO authentication.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Auth without middlewares support

gjovanov opened this issue · comments

commented

Describe the bug
This is more a question than a bug.

So far we have used this lib with Fastify and it works perfectly. Since recently we are evaluating to migrate our HTTP/WS app to uWebSockets.js, which doesn't support middleware functions out-of-the box

How to use this lib without middleware?

To Reproduce

Example tried:

const { sso } = require('node-expose-sspi')
const uWS = require('uWebSockets.js')
const port = 4001


const authPromise = (ctx) => {
  return new Promise((resolve, reject) => {
    const next = (err) => {
      err ? reject(err) : resolve()
    }
    try {
      const auth = sso.auth({ useGroups: false, useSession: false })
      auth(ctx.req, ctx.res, next)
    } catch (e) {
      console.log(e)
    }
  })
}

uWS.App()
  .get('/api/auth', async (res, req) => {
       res.onAborted(() => {
          res.aborted = true
       })
       const ctx = { req, res }
       await authPromise(ctx)
       if (!res.aborted) {
           res.end(req.sso) // YIELDS nothing
       }
   })
  .listen(port, (token) => {
    if (token) {
      console.log('Listening to port ' + port)
    } else {
      console.log('Failed to listen to port ' + port)
    }
  })
})

Trace
only this log:

node-expose-sspi:auth no authorization key in header +0ms

then the response is ended with these headers:

Content-Length: 0
uWebSockets: 18
WWW-Authenticate: Negotiate

It seems to me that these headers should have been sent to the AD, not as final response to the browser.

How to work around this?

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment version:

  • OS: Windows 10 Pro version 1909 x64
  • Browser version: Chrome 9.0.4389.90
  • Node version and architecture: v15.11.0 x64

Please indicates also:

  • Are you on a Windows domain ? yes
  • Can you reach the domain controller ? yes
  • Do your session have admin privileges ? yes
  • Which authentication protocol ? NTLM
  • Active Directory, or local window policies that could impact the authentication. N/A

Additional context
Add any other context about the problem here.
N/A

Is there a way to do the AD auth without middleware support... e.g. via sequential async calls?

(req, res) => {
    // connect
    // get token
    // get user info
}

Thanks in advance.

commented

Actually, after debugging it, I realized that req should have props (getters and setters) from the ExpressJS request API :

  • headers
  • cookies
  • statusCode
  • ...

after extending the req with getters/setters of those properties, it started to work.

Sorry for bothering u, but it seems like putting it on paper (this times as a github issue), allowed me to see what was wrong😄

Thanks for ur effort invested to provide this lib.