feat: overridebasic fixes #243 included for #242

billchurch · May 18, 2021 · 5999375 · 5999375
1 parent ad6b74c
commit 5999375
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 4 deletions.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -10,6 +10,7 @@
  - added prettier 2.3.0, typescript modules, socket.io-client 4.1.1, airbnb linting tools
 ### Added
 - Lookup ip address for hostname in URL, fixes #199 thanks to @zwiy
+- Ability to override `Authorization: Basic` header and replace with credentials specified in `config.json` fixes #243. New config.json option `user.overridebasic`
 ### CONTRIBUTING
 In this release, we're trying our best to conform to the [Airbnb Javascript Style Guide](https://airbnb.io/projects/javascript/). I'm hoping this will make contributions easier and keep the code readable. I love shortcuts more than anyone but I've found when making changes to code I've not looked at in a while, it can take me a few momements to deconstruct what was being done due to readbility issues. While I don't agree with every decision in the style guide (semi-colons, yuk), it is a good base to keep the code consistent.
 

diff --git a/README.md b/README.md
@@ -109,6 +109,8 @@ docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/conf
 
 * **user.password** - _string_ - Specify password to authenticate with. In normal cases this should be left to the default `null` setting.
 
+* **user.overridebasic** - _boolean_ - When set to `true` ignores `Authorization: Basic` header sent from client and use credentials defined in `user.name` and `user.password` instead. Defaults to `false`. [issue 242](../../issues/242) for more information.
+
 * **ssh.host** - _string_ - Specify host to connect to. May be either hostname or IP address. Defaults to `null`.
 
 * **ssh.port** - _integer_ - Specify SSH port to connect to, defaults to `22`

diff --git a/app/config.json.sample b/app/config.json.sample
@@ -10,6 +10,7 @@
  "name": null,
  "password": null,
  "privatekey": null
+ "overridebasic": false
  },
  "ssh": {
  "host": null,

diff --git a/app/package-lock.json b/app/package-lock.json
diff --git a/app/server/app.js b/app/server/app.js
@@ -32,7 +32,12 @@ const appSocket = require('./socket');
 const expressOptions = require('./expressOptions');
 const myutil = require('./util');
 
-myutil.setDefaultCredentials(config.user.name, config.user.password, config.user.privatekey);
+myutil.setDefaultCredentials(
+ config.user.name,
+ config.user.password,
+ config.user.privatekey,
+ config.user.overridebasic
+);
 
 // safe shutdown
 let shutdownMode = false;

diff --git a/app/server/config.js b/app/server/config.js
@@ -19,6 +19,7 @@ let config = {
  name: null,
  password: null,
  privatekey: null,
+ overridebasic: false,
  },
  ssh: {
  host: null,

diff --git a/app/server/util.js b/app/server/util.js
@@ -8,15 +8,24 @@ const Auth = require('basic-auth');
 
 const defaultCredentials = { username: null, password: null, privatekey: null };
 
-exports.setDefaultCredentials = function setDefaultCredentials(username, password, privatekey) {
+exports.setDefaultCredentials = function setDefaultCredentials(
+ username,
+ password,
+ privatekey,
+ overridebasic
+) {
  defaultCredentials.username = username;
  defaultCredentials.password = password;
  defaultCredentials.privatekey = privatekey;
+ defaultCredentials.overridebasic = overridebasic;
 };
 
 exports.basicAuth = function basicAuth(req, res, next) {
  const myAuth = Auth(req);
- if (myAuth && myAuth.pass !== '') {
+ // If Authorize: Basic header exists and the password isn't blank
+ // AND config.user.overridebasic is false, extract basic credentials
+ // from client
+ if (myAuth && myAuth.pass !== '' && !defaultCredentials.overridebasic) {
  req.session.username = myAuth.name;
  req.session.userpassword = myAuth.pass;
  debug(