diff --git a/ChangeLog.md b/ChangeLog.md index 6165bc04..0239d502 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -10,6 +10,7 @@ - added prettier 2.3.0, typescript modules, socket.io-client 4.1.1, airbnb linting tools ### Added - Lookup ip address for hostname in URL, fixes #199 thanks to @zwiy +- Ability to override `Authorization: Basic` header and replace with credentials specified in `config.json` fixes #243. New config.json option `user.overridebasic` ### CONTRIBUTING In this release, we're trying our best to conform to the [Airbnb Javascript Style Guide](https://airbnb.io/projects/javascript/). I'm hoping this will make contributions easier and keep the code readable. I love shortcuts more than anyone but I've found when making changes to code I've not looked at in a while, it can take me a few momements to deconstruct what was being done due to readbility issues. While I don't agree with every decision in the style guide (semi-colons, yuk), it is a good base to keep the code consistent. diff --git a/README.md b/README.md index 5d2fcdc2..395c89c8 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,8 @@ docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/conf * **user.password** - _string_ - Specify password to authenticate with. In normal cases this should be left to the default `null` setting. +* **user.overridebasic** - _boolean_ - When set to `true` ignores `Authorization: Basic` header sent from client and use credentials defined in `user.name` and `user.password` instead. Defaults to `false`. [issue 242](../../issues/242) for more information. + * **ssh.host** - _string_ - Specify host to connect to. May be either hostname or IP address. Defaults to `null`. * **ssh.port** - _integer_ - Specify SSH port to connect to, defaults to `22` diff --git a/app/config.json.sample b/app/config.json.sample index 18a7b6ee..b30f5696 100644 --- a/app/config.json.sample +++ b/app/config.json.sample @@ -10,6 +10,7 @@ "name": null, "password": null, "privatekey": null + "overridebasic": false }, "ssh": { "host": null, diff --git a/app/package-lock.json b/app/package-lock.json index 13b293fe..e064dd76 100644 --- a/app/package-lock.json +++ b/app/package-lock.json @@ -1,6 +1,6 @@ { "name": "webssh2", - "version": "0.4.0-testing-0", + "version": "0.4.0-testing-2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/app/server/app.js b/app/server/app.js index 54b4b123..16cddb8e 100644 --- a/app/server/app.js +++ b/app/server/app.js @@ -32,7 +32,12 @@ const appSocket = require('./socket'); const expressOptions = require('./expressOptions'); const myutil = require('./util'); -myutil.setDefaultCredentials(config.user.name, config.user.password, config.user.privatekey); +myutil.setDefaultCredentials( + config.user.name, + config.user.password, + config.user.privatekey, + config.user.overridebasic +); // safe shutdown let shutdownMode = false; diff --git a/app/server/config.js b/app/server/config.js index d7d13259..52d08b40 100644 --- a/app/server/config.js +++ b/app/server/config.js @@ -19,6 +19,7 @@ let config = { name: null, password: null, privatekey: null, + overridebasic: false, }, ssh: { host: null, diff --git a/app/server/util.js b/app/server/util.js index ff5ebf4e..e4016405 100644 --- a/app/server/util.js +++ b/app/server/util.js @@ -8,15 +8,24 @@ const Auth = require('basic-auth'); const defaultCredentials = { username: null, password: null, privatekey: null }; -exports.setDefaultCredentials = function setDefaultCredentials(username, password, privatekey) { +exports.setDefaultCredentials = function setDefaultCredentials( + username, + password, + privatekey, + overridebasic +) { defaultCredentials.username = username; defaultCredentials.password = password; defaultCredentials.privatekey = privatekey; + defaultCredentials.overridebasic = overridebasic; }; exports.basicAuth = function basicAuth(req, res, next) { const myAuth = Auth(req); - if (myAuth && myAuth.pass !== '') { + // If Authorize: Basic header exists and the password isn't blank + // AND config.user.overridebasic is false, extract basic credentials + // from client + if (myAuth && myAuth.pass !== '' && !defaultCredentials.overridebasic) { req.session.username = myAuth.name; req.session.userpassword = myAuth.pass; debug(