From bb80cdf5a6157ca1f3a276e12e9faae9a4739cb7 Mon Sep 17 00:00:00 2001
From: dh_ackergaul <dh_ackergaul@dh-software.de>
Date: Di, 23 Jun 2026 11:16:18 +0200
Subject: [PATCH] Update emvheya - 23.6.2026, 11:16:10 [JD]
---
manufacturer/_furnview/furnplan-web/api/services/OpusAuthenticationService.js | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 104 insertions(+), 0 deletions(-)
diff --git a/manufacturer/_furnview/furnplan-web/api/services/OpusAuthenticationService.js b/manufacturer/_furnview/furnplan-web/api/services/OpusAuthenticationService.js
new file mode 100644
index 0000000..1e99cb3
--- /dev/null
+++ b/manufacturer/_furnview/furnplan-web/api/services/OpusAuthenticationService.js
@@ -0,0 +1,104 @@
+const ProcessArguments = require("./ProcessArguments");
+const LocalFurnplan = require("./LocalFurnplan");
+
+const { BaseAuthenticationService } = require("./BaseAuthenticationService");
+
+module.exports.OpusAuthenticationService = class extends BaseAuthenticationService {
+ login(req, res) {
+ return res.view();
+ }
+
+ async login_form(req, res) {
+ req.body.customerNo = req.body.customerNo || "";
+ req.body.username = req.body.username || "";
+ req.body.password = req.body.password || "";
+
+ req.body.customerNo.trim();
+
+ if (req.body.customerNo.toLowerCase() == "admin" && req.body.username.toLowerCase() == "admin") {
+ return res.json({ url: "/nice-try-dude", sessionId: "1337" });
+ }
+
+ // use access manager for protection from brute force attacks
+ AccessManagerService.create(req.auth_cookie);
+
+ const accessManager = req.auth_cookie.accessManager;
+
+ accessManager.setMaxTries(3).setPause(30);
+
+ if (accessManager.canTry()) {
+ try {
+ let user;
+
+ if (ProcessArguments.isLocal()) {
+ const customerNoOrTenant = req.body.customerNo;
+
+ const credential = await FurncloudCredential.findOne({ customerNo: customerNoOrTenant });
+ const existsCustomerNo = !!credential;
+
+ if (existsCustomerNo) {
+ // use customer number as specified
+ user = await Opus.login(customerNoOrTenant, "offlineUser", "offlineUser");
+ }
+ else {
+ // customer number seems to be a tenant, so try to find the corresponding customer number
+ const projectPath = await LocalFurnplan.getCustomerProjectsPath(customerNoOrTenant);
+ const customerNo = await LocalFurnplan.getCustomerNo(projectPath);
+
+ user = await Opus.login(customerNo, "offlineUser", "offlineUser");
+ }
+ }
+ else {
+ user = await Opus.login(req.body.customerNo, req.body.username, req.body.password, Helper.isLocalRequest(req.connection.remoteAddress) || !sails.config.needsAuth);
+ }
+
+ const configuration = await UseCaseConfiguration.findOne({
+ customerNo: req.body.customerNo,
+ externalConf: true
+ });
+
+ if (configuration) user.data.config = configuration.id;
+
+ await Session.update({ _id: req.session._id }, { $addToSet: { users: user } });
+
+ Winston.info((new Date).toISOString(), "Login granted with provided credentials:", req.body.customerNo, "/", req.body.username, "/", "***CENSORED***");
+
+ // delete access manager if everything went fine
+ delete req.auth_cookie.accessManager;
+
+ if (req.query.oriReq) return res.json({ url: req.query.oriReq, sessionId: user.opusSessionId });
+
+ return res.json({ url: "/", sessionId: user.opusSessionId });
+ }
+ catch (e) {
+ Winston.error(e);
+ accessManager.failed();
+
+ // TODO: i18n
+ return res.json(422, { error: "Ungültige Zugangsdaten" });
+ }
+ }
+ else {
+ // TODO: i18n
+ return res.json(422, { error: "Zugang gesperrt" });
+ }
+ }
+
+ async logout(req, res) {
+ if (req.user) {
+ // close furnplan instance
+ FurnplanNodeManager.closeInstance(req.user.opusSessionId);
+
+ await Session.update({ _id: req.session._id }, { $pull: { users: { _id: req.user._id } } });
+ delete req.user;
+ }
+
+ let redirection = "/login";
+ if (req.headers && req.headers.referer) {
+ if (new RegExp("article-url-configurator").test(req.headers.referer)) {
+ redirection = "/article-url-configurator";
+ }
+ }
+ return res.json({ url: redirection });
+ }
+};
--
Gitblit v1.9.3