forked from ShiftLeftSecurity/shiftleft-js-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Login.js
99 lines (91 loc) · 2.67 KB
/
Login.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
const logger = require('../Logger').logger;
const MongoDBClient = require('../DB').MongoDBClient;
class Login {
loginFailed(req, res, { username, password, keeponline }) {
res.locals.username = username;
res.locals.password = password;
res.locals.keeponline = keeponline;
res.locals.message = 'Failed to Sign in. Please verify credentials';
res.redirect('/login');
}
encryptData(secretText) {
const crypto = require('crypto');
// Weak encryption
const desCipher = crypto.createCipheriv(
'des',
"This is a simple password, don't guess it"
);
return desCipher.write(secretText, 'utf8', 'hex'); // BAD: weak encryption
}
async handleLogin(req, res, client, data) {
const { username, password, keeponline } = data;
try {
// DB Query
const db = client.db('tarpit', { returnNonCachedInstance: true });
if (!db) {
this.loginFailed(req, res, data);
return;
}
const result = await db.collection('users').findOne({
username,
password
});
if (result) {
const user = {
fname: result.fname,
lname: result.lname,
passportnum: result.passportnum,
address1: result.address1,
address2: result.address2,
zipCode: result.zipCode
};
const creditInfo = encryptData(result.creditCard);
logger.info(`user: ${JSON.stringify(user)} successfully logged in`);
logger.info(
`user ${user.fname} credit info: ${JSON.stringify(creditInfo)}`
);
res.cookie('username', result.username);
res.cookie('maxAge', 864000);
res.cookie('cc', creditInfo);
req.session.user = JSON.stringify(user);
req.session.username = username;
res.redirect('/');
} else {
this.loginFailed(req, res, data);
}
} catch (ex) {
logger.error(ex);
this.loginFailed(req, res, data);
}
}
login(req, res) {
/*
This can be exploited (similar to SQL Injection) when the request body is
{
"password": {
"$gt": ""
},
"username": {
"$gt": ""
}
}
*/
const { username, password, encodedPath, keeponline } = req.body;
const data = { username, password, keeponline };
logger.debug(data);
try {
new MongoDBClient().connect((err, client) => {
if (client) {
this.handleLogin(req, res, client, data);
} else {
console.error(err);
this.loginFailed(req, res, data);
}
});
} catch (ex) {
logger.error(ex);
this.loginFailed(req, res, data);
}
}
}
module.exports = Login;