API Docs for: 2.6
Show:

authentication Class

Module: authentication

Provides the authentication functions by LDAP.

Methods

adBindCb

(
  • accessKeydId
  • err
  • result
  • cb
)
private

It is the callback of ldap bind operation done on Active Directory.

Parameters:

  • accessKeydId String

    The access key used for authentication

  • err Object

    The error response. If the bind is successfull it is null

  • result Object

    The result of the bind operation

  • cb Function

    The callback function

authByActiveDirectory

(
  • accessKeyId
  • password
  • cb
)

Authenticate the user by active directory bind operation.

Parameters:

  • accessKeyId String

    The access key used to authenticate, e.g. the username

  • password String

    The password of the account

  • cb Function

    The callback function

authByFile

(
  • accessKeyId
  • password
  • cb
)
private

Authenticate the user by the credentials read from the file.

Parameters:

  • accessKeyId String

    The access key used to authenticate, e.g. the username

  • password String

    The password of the account

  • cb Function

    The callback function

authByLDAP

(
  • accessKeyId
  • password
  • cb
)

Authenticate the user by LDAP bind operation.

Parameters:

  • accessKeyId String

    The access key used to authenticate, e.g. the username

  • password String

    The password of the account

  • cb Function

    The callback function

authenticate

(
  • accessKeyId
  • password
  • cb
)

Authenticate the user using the choosen method in the configuration step.

It can throw an exception.

Parameters:

  • accessKeyId String

    The access key used to authenticate, e.g. the username

  • password String

    The password of the account

  • cb Function

    The callback function

authenticateRemoteSite

(
  • accessKeyId
  • password
  • remoteIp
  • cb
)

Authenticate remote site using the credentials specified in the configuration file.

Parameters:

  • accessKeyId String

    The access key used to authenticate, e.g. the username

  • password String

    The password of the account

  • remoteIp String

    The remote ip address

  • cb Function

    The callback function

authRemoteSiteByFile

(
  • accessKeyId
  • password
  • remoteIp
  • cb
)
private

Authenticate the remote site user by the credentials read from the file.

Parameters:

  • accessKeyId String

    The access key used to authenticate, e.g. the username

  • password String

    The password of the account

  • remoteIp String

    The remote ip address

  • cb Function

    The callback function

calculateToken

(
  • accessKeyId
  • password
  • nonce
)

Calculates the HMAC-SHA1 token to be used in the authentication.

Parameters:

  • accessKeyId String

    The access key identifier, e.g. the username

  • password String

    The password of the account

  • nonce String

    It is used to create the HMAC-SHA1 token

config

(
  • path
)

It reads the authentication configuration file and call the appropriate function to configure authentication by LDAP or by file. The file must use the JSON syntax.

The method can throw an Exception.

Parameters:

  • path String

    The path of the configuration file

configActiveDirectory

(
  • json
)

Initialize the active directory client.

The method can throw an Exception.

Parameters:

  • json Object

    The object with the active directory parameters

configFile

(
  • json
)

Initialize the user credentials reading the file. The file must use the JSON format.

The method can throw an Exception.

Parameters:

  • json Object

    The object with the path of the file

    • path String

      The path of the credentials file

configLDAP

(
  • json
)

Initialize the LDAP client.

The method can throw an Exception.

Parameters:

  • json Object

    The object with the LDAP parameters

configRemoteAuthentications

(
  • path
)

It reads the authentication configuration file for remote sites. The file must use the JSON syntax.

The method can throw an Exception.

Parameters:

  • path String

    The path of the configuration file

getNonce

(
  • accessKeyId
  • password
  • isRemoteSite
)
String

Creates an SHA1 nonce to be used in the authentication.

Parameters:

  • accessKeyId String

    The access key identifier used to create the token.

  • password String

    The password of the account

  • isRemoteSite Boolean

    True if the request is for a remote site

Returns:

String:

The SHA1 nonce.

getRemoteSiteName

(
  • accessKeyId
  • token
)
String

Returns the remote site name.

Parameters:

  • accessKeyId String

    The access key identifier, e.g. the username

  • token String

    The authentication token

Returns:

String:

The name of the remote site

getTokenExpirationTimeout

() Number

Returns the token expiration timeout.

Returns:

Number:

The token expiration timeout in milliseconds.

isAutoUpdateTokenExpires

() Boolean

Check if the automatic update of token expiration is active for each authentication request.

Returns:

Boolean:

True if the automatic update is active.

isRemoteSiteAlreadyLoggedIn

(
  • accessKeyId
)
Boolean private

Checks if the remote username has already been logged in.

Parameters:

  • accessKeyId String

    The access key identifier, e.g. the username

Returns:

Boolean:

True if the remote username has been already logged in

isUnautheCallEnabled

() Boolean

Checks if the unauthenticated asterisk call has been enabled by the JSON configuration file.

Returns:

Boolean:

True if the unauthenticated asterisk call has been enabled.

ldapBindCb

(
  • accessKeydId
  • err
  • result
  • cb
)
private

It's the callback of ldap bind operation.

Parameters:

  • accessKeydId String

    The access key used for authentication

  • err Object

    The error response. If the bind is successfull it is null

  • result Object

    The result of the bind operation

  • cb Function

    The callback function

newToken

(
  • accessKeyId
  • password
  • nonce
  • isRemoteSite
)
private

Creates an HMAC-SHA1 token to be used in the authentication and store it into the private grants object.

Parameters:

  • accessKeyId String

    The access key identifier, e.g. the username

  • password String

    The password of the account

  • nonce String

    It is used to create the HMAC-SHA1 token

  • isRemoteSite Boolean

    True if the request is for a remote site

on

(
  • type
  • cb
)
Object

Subscribe a callback function to a custom event fired by this object. It's the same of nodejs events.EventEmitter.on.

Parameters:

  • type String

    The name of the event

  • cb Function

    The callback to execute in response to the event

Returns:

Object:

A subscription handle capable of detaching that subscription.

removeToken

(
  • accessKeyId
  • token
)
Boolean

Removes the grant for an access key.

Parameters:

  • accessKeyId String

    The access key

  • token String

    The token

Returns:

Boolean:

True if the grant removing has been successful.

setLogger

(
  • log
)
static

Set the logger to be used.

Parameters:

  • log Object

    The logger object. It must have at least three methods: info, warn and error as console object.

startIntervalRemoveExpiredTokens

() private

Starts the removing of expired authentication tokens each interval of time. The interval time is equal to the expiration time, because the tokens are updated each half of expiration time.

updateTokenExpires

(
  • accessKeyId
  • token
)

Update the expiration of the token relative to the access key.

Parameters:

  • accessKeyId String

    The access key relative to the token to be updated

  • token String

    The access token

verifyToken

(
  • accessKeyId
  • token
  • isRemote
)
Boolean

Authenticates the user through checking the token with the one that must be present in the grants object. The getNonce method must be used before this.

Parameters:

  • accessKeyId String

    The access key used to retrieve the token

  • token String

    The token to be checked

  • isRemote Boolean

    True if the token belongs to a remote site

Returns:

Boolean:

True if the user has been authenticated succesfully.

Properties

adDomain

String private

The active directory domain.

AUTH_TYPE

Object private

The types of the authentication that can be used.

Default: { "ldap": "ldap", "file": "file", "activeDirectory": "activeDirectory" };

authenticationType

String private

The type of authentication chosen. It can be one of the AUTH_TYPE properties. The authentication type is selected with the configuration file. It's used to choose the correct authentication method.

authFileCredentials

Object private

The user credentials used in the case of file authentication type.

Default: {}

authRemoteSites

Object private

The credentials used by remote sites.

Default: {}

autoUpdateTokenExpires

Boolean private

If true, every authentication request also causes the update of the token expiration value.

Default: true

baseDn

String private

The LDAP base DN.

client

Object private

The LDAP client.

emitter

Object private

The event emitter.

EVT_COMP_READY

String

The name of the component ready event.

Default: "ready"

expires

Number private

The token expiration expressed in milliseconds. It can be customized with the configuration file.

Default: 3600000 (1h)

grants

Object private

The temporary permissions assigned to the users. Associates each user with a list of tokens. Each permission has an expiration date of expires milliseconds. Each user can have more than one token because he can login from more than one place.

IDLOG

String private final

The module identifier used by the logger.

Default: [authentication]

ldapsSelfSigned

Boolean private

True if self-signed certificate for ldaps must be accepted.

Default: false

logger

Object private

The logger. It must have at least three methods: info, warn and error.

Default: console

ou

String private

The LDAP organizational unit.

port

String private

The authentication LDAP server port.

server

String private

The authentication LDAP server address.

unauthenticatedCall

String private

Asterisk call without user authentication and permissions. It is disabled by default but can be enabled by the JSON configuration file in the config method.

Default: "disabled"

Events

ready

Fired when the component is ready.