mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-01-12 13:27:31 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add hash support in basic auth (#943)

Browse source
This commit is contained in:
Ahsan Virani 2020-09-10 17:49:44 +02:00 committed by GitHub
parent fccbd48937
commit 2a6f4ebf86
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
packages/cli/config/index.ts
View file

@ -319,6 +319,12 @@ const config = convict({
env: 'N8N_BASIC_AUTH_PASSWORD', env: 'N8N_BASIC_AUTH_PASSWORD',
doc: 'The password of the basic auth user' doc: 'The password of the basic auth user'
}, },
hash: {
format: 'Boolean',
default: false,
env: 'N8N_BASIC_AUTH_HASH',
doc: 'If password for basic auth is hashed'
}
}, },
jwtAuth: { jwtAuth: {
active: { active: {

6
packages/cli/package.json
View file

@ -54,6 +54,7 @@
"devDependencies": { "devDependencies": {
"@oclif/dev-cli": "^1.22.2", "@oclif/dev-cli": "^1.22.2",
"@types/basic-auth": "^1.1.2", "@types/basic-auth": "^1.1.2",
"@types/bcrypt": "^3.0.0",
"@types/compression": "1.0.1", "@types/compression": "1.0.1",
"@types/connect-history-api-fallback": "^1.3.1", "@types/connect-history-api-fallback": "^1.3.1",
"@types/convict": "^4.2.1", "@types/convict": "^4.2.1",
@ -72,15 +73,16 @@
"p-cancelable": "^2.0.0", "p-cancelable": "^2.0.0",
"run-script-os": "^1.0.7", "run-script-os": "^1.0.7",
"ts-jest": "^25.4.0", "ts-jest": "^25.4.0",
"ts-node": "^8.9.1",
"tslint": "^6.1.2", "tslint": "^6.1.2",
"typescript": "~3.7.4", "typescript": "~3.7.4"
"ts-node": "^8.9.1"
}, },
"dependencies": { "dependencies": {
"@oclif/command": "^1.5.18", "@oclif/command": "^1.5.18",
"@oclif/errors": "^1.2.2", "@oclif/errors": "^1.2.2",
"@types/jsonwebtoken": "^8.3.4", "@types/jsonwebtoken": "^8.3.4",
"basic-auth": "^2.0.1", "basic-auth": "^2.0.1",
"bcrypt": "^5.0.0",
"body-parser": "^1.18.3", "body-parser": "^1.18.3",
"body-parser-xml": "^1.1.0", "body-parser-xml": "^1.1.0",
"client-oauth2": "^4.2.5", "client-oauth2": "^4.2.5",

5
packages/cli/src/Server.ts
View file

@ -20,6 +20,7 @@ import { RequestOptions } from 'oauth-1.0a';
import * as csrf from 'csrf'; import * as csrf from 'csrf';
import * as requestPromise from 'request-promise-native'; import * as requestPromise from 'request-promise-native';
import { createHmac } from 'crypto'; import { createHmac } from 'crypto';
import { compareSync } from 'bcrypt';
import { import {
ActiveExecutions, ActiveExecutions,
@ -186,6 +187,8 @@ class App {
throw new Error('Basic auth is activated but no password got defined. Please set one!'); throw new Error('Basic auth is activated but no password got defined. Please set one!');
} }
const basicAuthHashEnabled = await GenericHelpers.getConfigValue('security.basicAuth.hash') as boolean;
this.app.use((req: express.Request, res: express.Response, next: express.NextFunction) => { this.app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
if (req.url.match(authIgnoreRegex)) { if (req.url.match(authIgnoreRegex)) {
return next(); return next();
@ -198,7 +201,7 @@ class App {
return ResponseHelper.basicAuthAuthorizationError(res, realm, 'Authorization is required!'); return ResponseHelper.basicAuthAuthorizationError(res, realm, 'Authorization is required!');
} }
if (basicAuthData.name !== basicAuthUser || basicAuthData.pass !== basicAuthPassword) { if (basicAuthData.name !== basicAuthUser || (!basicAuthHashEnabled && basicAuthData.pass !== basicAuthPassword) || (basicAuthHashEnabled && compareSync(basicAuthData.pass, basicAuthPassword) === false)) {
// Provided authentication data is wrong // Provided authentication data is wrong
return ResponseHelper.basicAuthAuthorizationError(res, realm, 'Authorization data is wrong!'); return ResponseHelper.basicAuthAuthorizationError(res, realm, 'Authorization data is wrong!');
} }