can't set cookie on 401, so remove session and add a connection-id - …

…better anyway
einfallstoll · Dec 19, 2014 · 50d9ac4 · 50d9ac4
1 parent 8ca29f9
commit 50d9ac4
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 54 deletions.
diff --git a/lib/express-ntlm.js b/lib/express-ntlm.js
@@ -139,7 +139,7 @@ module.exports = function(options) {
     }
 
     function handle_type1(request, response, next, ntlm_message, callback) {
-        cache.remove(request.sessionID);
+        cache.remove(request.connection.id);
         cache.clean();
 
         connect_to_proxy(ntlm_message, function(error, proxy, challenge) {
@@ -149,14 +149,14 @@ module.exports = function(options) {
             response.setHeader('WWW-Authenticate', 'NTLM ' + challenge.toString('base64'));
             response.end();
 
-            cache.add(request.sessionID, proxy);
+            cache.add(request.connection.id, proxy);
 
             return callback();
         });
     }
 
     function handle_type3(request, response, next, ntlm_message, callback) {
-        var proxy = cache.get_proxy(request.sessionID);
+        var proxy = cache.get_proxy(request.connection.id);
 
         var userDomainWorkstation = parse_ntlm_authenticate(ntlm_message),
             user = userDomainWorkstation[0],
@@ -170,7 +170,7 @@ module.exports = function(options) {
             if (error) return callback(error);
 
             if (!result) {
-                cache.remove(request.sessionID);
+                cache.remove(request.connection.id);
                 options.debug(options.prefix, 'User ' + domain + '/' + user + ' authentication for URI ' + request.protocol + '://' + request.get('host') + request.originalUrl);
                 return options.forbidden(request, response, next);
             } else {
@@ -182,72 +182,77 @@ module.exports = function(options) {
 
                 request.ntlm = userData;
                 response.locals.ntlm = userData;
+                request.connection.ntlm = userData;
 
                 return next();
             }
         });
     }
 
     return function(request, response, next) {
-        if (!request.session) {
-            options.debug(options.prefix, 'Initialized session not available');
-            return options.internalservererror(request, response, next);
-        } else {
-            var auth_headers = request.headers.authorization;
-            
-            var user = request.session.ntlm ? request.session.ntlm.user : false;
-            if (user) {
-                if (auth_headers) {
-                    if (request.method != 'POST') {
-                        return next();
-                    }
-                } else {
+        if (!request.connection.id) {
+            request.connection.id = utils.uuidv4();
+        }
+
+        var auth_headers = request.headers.authorization;
+
+        var user = request.connection.ntlm;
+        if (user) {
+            options.debug(options.prefix, 'Connection already authenticated ' + user.DomainName + '/' + user.UserName);
+            if (auth_headers) {
+                if (request.method != 'POST') {
+                    request.ntlm = user;
+                    response.locals.ntlm = user;
                     return next();
                 }
+            } else {
+                request.ntlm = user;
+                response.locals.ntlm = user;
+                return next();
             }
-
-            if (!auth_headers) {
-                options.debug(options.prefix, 'No Authorization header present');
-                return handle_unauthorized(request, response, next);
-            }
-
-            var ah_data = decode_http_authorization_header(auth_headers);
-
-            if (!ah_data) {
-                options.debug(options.prefix, 'Error when parsing Authorization header for URI ' + request.protocol + '://' + request.get('host') + request.originalUrl);
-                return options.badrequest(request, response, next);
-            }
-
-            var ntlm_version = ntlm_message_type(ah_data[1]);
-
-            if (ntlm_version instanceof Error) {
-                options.debug(options.prefix, ntlm_version.stack);
-                return options.badrequest(request, response, next);
-            }
-
-            if (ntlm_version === 1) {
-                return handle_type1(request, response, next, ah_data[1], function(error) {
+        }
+
+        if (!auth_headers) {
+            options.debug(options.prefix, 'No Authorization header present');
+            return handle_unauthorized(request, response, next);
+        }
+
+        var ah_data = decode_http_authorization_header(auth_headers);
+
+        if (!ah_data) {
+            options.debug(options.prefix, 'Error when parsing Authorization header for URI ' + request.protocol + '://' + request.get('host') + request.originalUrl);
+            return options.badrequest(request, response, next);
+        }
+
+        var ntlm_version = ntlm_message_type(ah_data[1]);
+
+        if (ntlm_version instanceof Error) {
+            options.debug(options.prefix, ntlm_version.stack);
+            return options.badrequest(request, response, next);
+        }
+
+        if (ntlm_version === 1) {
+            return handle_type1(request, response, next, ah_data[1], function(error) {
+                if (error) {
+                    options.debug(options.prefix, error.stack);
+                    return options.internalservererror(request, response, next);
+                }
+            });
+        }
+
+        if (ntlm_version === 3) {
+            if (typeof cache.get_proxy(request.connection.id) !== 'undefined') {
+                return handle_type3(request, response, next, ah_data[1], function(error) {
                     if (error) {
                         options.debug(options.prefix, error.stack);
                         return options.internalservererror(request, response, next);
                     }
                 });
             }
-
-            if (ntlm_version === 3) {
-                if (typeof cache.get_proxy(request.sessionID) !== 'undefined') {
-                    return handle_type3(request, response, next, ah_data[1], function(error) {
-                        if (error) {
-                            options.debug(options.prefix, error.stack);
-                            return options.internalservererror(request, response, next);
-                        }
-                    });
-                }
-                options.debug(options.prefix, 'Unexpected NTLM message Type 3 in new connection for URI ' + request.protocol + '://' + request.get('host') + request.originalUrl);
-                return options.internalservererror(request, response, next);
-            }
-            options.debug(options.prefix, 'Type 2 message in client request');
-            return options.badrequest(request, response, next);
+            options.debug(options.prefix, 'Unexpected NTLM message Type 3 in new connection for URI ' + request.protocol + '://' + request.get('host') + request.originalUrl);
+            return options.internalservererror(request, response, next);
         }
+        options.debug(options.prefix, 'Type 2 message in client request');
+        return options.badrequest(request, response, next);
     };
 };
diff --git a/lib/utils.js b/lib/utils.js
@@ -26,6 +26,12 @@ var utils = {
     },
     toBinary: function(int) {
         return parseInt(int, 2);
+    },
+    uuidv4: function() {
+        return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
+            var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
+            return v.toString(16);
+        });
     }
 };