View passport-windowsauth on Snyk Open Source Advisor

Package Health Score

46 / 100

security
Security review needed
popularity
Limited
maintenance
Inactive
community
Sustainable

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
3.0.1	\|	06/2018	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.0.1	\|	12/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.0.0	\|	12/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.5.0	\|	03/2015		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.4.1	\|	11/2014		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (508)

GitHub Stars: 177
Forks: 54
Contributors: 20

Direct Usage Popularity

The npm package passport-windowsauth receives a total of 508 downloads a week. As such, we scored passport-windowsauth popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package passport-windowsauth, we found that it has been starred 177 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 20
Funding: No

With more than 10 contributors for the passport-windowsauth repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like passport-windowsauth is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

Commit Frequency

No Recent Commits

Open Issues: 28
Open PR: 10
Last Release: 6 years ago
Last Commit: 1 year ago

Further analysis of the maintenance status of passport-windowsauth based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for passport-windowsauth is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 11 years
Dependencies: 2 Direct
Versions: 26
Install Size: 21.3 kB
Dist-tags: 1
# of Files: 9
Maintainers: 2
TS Typings: Yes

passport-windowsauth has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Windows Authentication strategy for Passport.js.

Install

npm install passport-windowsauth

Introduction

This module authenticate user with a LDAP directory. It works in two modes Integrated Authentication (often refer as NTLM) or Form Authentication.

Integrated Authentication (IIS)

In this mode, this strategy reads an special server variable from IIS (more info about this here) and then generate a profile. You can optionally pass LDAP credentials to fetch the profile from Active Directory.

In your IIS application authentication settings, disable Anonymous and enable Windows Authentication.

Configure iisnode to pass the special variable LOGON_USER from IIS to node

If you want to use it with LDAP:

var passport = require('passport');
var WindowsStrategy = require('passport-windowsauth');

passport.use(new WindowsStrategy({
  ldap: {
    url:             'ldap://wellscordoba.wellscordobabank.com/DC=wellscordobabank,DC=com',
    base:            'DC=wellscordobabank,DC=com',
    bindDN:          'someAccount',
    bindCredentials: 'andItsPass'
  }
}, function(profile, done){
  User.findOrCreate({ waId: profile.id }, function (err, user) {
    done(err, user);
  });
}));

If you want to use without LDAP:

var passport = require('passport');
var WindowsStrategy = require('passport-windowsauth');

passport.use(function(profile, done){
  User.findOrCreate({ waId: profile.id }, function (err, user) {
    done(err, user);
  });
});

NOTE: in this case profile only has displayName and id, both containing just the logon name.

Then use the strategy in a route as follows:

app.get('/express-passport',
  passport.authenticate('WindowsAuthentication'),
  function (req, res){
    res.json(req.user);
  });

Integrated Authentication with Apache and mod_auth_kerb

You can take advantage of mod_auth_kerb in linux by using apache as a reverse proxy to your node application. The configuration is not a walk in the park but after you have everything configured it just works.

####1-Generate a keytab in windows

ktpass
-princ service/server.CONTOSO.COM@CONTOSO.COM
-mapuser user@CONTOSO.COM
-crypto RC4-HMAC-NT
-ptype KRB5_NT_PRINCIPAL
-pass passssswwword
-out FILE.keytab

####2-Check your /etc/krb5.conf

kinit user@CONTOSO.COM

You should be able to login from the linux machine.

####3-Check your keytab is okay

kinit -V -kt FILE.keytab service/server.CONTOSO.COM@CONTOSO.COM

####4-Install apache with the modules

The modules you need are mod-auth-kerb, proxy, proxy_http, headers, rewrite.

####5-Configure your apache


  ServerAdmin webmaster@localhost

  ProxyPassInterpolateEnv On
  ProxyPass / https://localhost:3000/          # this is the node.js app
  ProxyPassReverse / https://localhost:3000/   # this is the node.js app
  RewriteEngine On
  RewriteCond %{LA-U:REMOTE_USER} (.+)
  RewriteRule . - [E=RU:%1]
  RequestHeader set X-Forwarded-User %{RU}e

  
      Order deny,allow
      Allow from all
  

  
      AuthName "Kerberos Login"
      AuthType Kerberos
      Krb5Keytab /path/to/your/FILE.keytab    # VERY IMPORTANT
      KrbAuthRealm CONTOSO.COM
      KrbMethodNegotiate on
      KrbSaveCredentials off
      KrbVerifyKDC off
      KrbServiceName SERVICE/server.CONTOSO.COM
      Require valid-user
  

  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
  

  ErrorLog ${APACHE_LOG_DIR}/error.log

  CustomLog ${APACHE_LOG_DIR}/access.log combined

####6-Configure Passport.js

var passport = require('passport');
var WindowsStrategy = require('passport-windowsauth');

passport.use(new WindowsStrategy({
  ldap: {
    url:             'ldap://wellscordoba.wellscordobabank.com/DC=wellscordobabank,DC=com',
    base:            'DC=wellscordobabank,DC=com',
    bindDN:          'someAccount',
    bindCredentials: 'andItsPass'
  },
  getUserNameFromHeader: function (req) {
    //in the above apache config we set the x-forwarded-user header.
    //mod_auth_kerb uses user@domain
    return req.headers['x-forwarded-user'].split('@')[0];
  }
}, function(profile, done){
  User.findOrCreate({ waId: profile.id }, function (err, user) {
    done(err, user);
  });
}));

Non-integrated authentication

You can use this module to authenticate users against a LDAP server without integrated authentication. You will prompt the user for his username and password in a form like this:

<form method="post" action="/login">
    <div>
        <label>Username:</label>
        <input name="username" type="text">
    </div>
    <div>
        <label>Password:</label>
        <input name="password" type="password">
    </div>
    <div>
        <input value="Log In" type="submit">
    </div>
</form>

and then have a route like this:

app.post('/login',
  passport.authenticate('WindowsAuthentication', {
                                  successRedirect: '/',
                                  failureRedirect: '/login',
                                  failureFlash:    true })
);

The same configuration as explained above is required with the integrated option in false:

var passport = require('passport');
var WindowsStrategy = require('passport-windowsauth');

passport.use(new WindowsStrategy({
  ldap: {
    url:             'ldap://wellscordoba.wellscordobabank.com/DC=wellscordobabank,DC=com',
    base:            'DC=wellscordobabank,DC=com',
    bindDN:          'someAccount',
    bindCredentials: 'andItsPass'
  },
  integrated:      false
}, function(profile, done){
  User.findOrCreate({ waId: profile.id }, function (err, user) {
    done(err, user);
  });
}));

Example profile from LDAP

When you use the LDAP integration the profile follows the Passport.js user profile convention and you have also a _json property with all the profile.

Example:

{
  "id": "fe59e96-4d82-431e-816a-5a688e4ab547",
  "displayName": "Jose Romaniello",
  "name": {
    "familyName": "Romaniello",
    "givenName": "Jose"
  },
  "emails": [
    {
      "value": "jromaniello@wellscordoba.com"
    }
  ],
  "_json": {
    "dn": "CN=Jose Romaniello,CN=Users,DC=wellscordobabank,DC=com",
    "controls": [],
    "objectClass": [
      "top",
      "person",
      "organizationalPerson",
      "user"
    ],
    "cn": "Jose Romaniello",
    "sn": "Romaniello",
    "title": "cantante desafinado - programador",
    "physicalDeliveryOfficeName": "Chief Architect",
    "telephoneNumber": "+543519998822",
    "givenName": "Jose",
    "distinguishedName": "CN=Jose Romaniello,CN=Users,DC=wellscordobabank,DC=com",
    "instanceType": "4",
    "whenCreated": "20130220172116.0Z",
    "whenChanged": "20130220183149.0Z",
    "displayName": "Jose Romaniello",
    "uSNCreated": "12717",
    "uSNChanged": "12792",
    "company": "Wells Cordoba Bank",
    "name": "Jose Romaniello",
    "objectGUID": "fe59e96-4d82-431e-816a-5a688e4ab547",
    "userAccountControl": "66048",
    "badPwdCount": "0",
    "codePage": "0",
    "countryCode": "0",
    "badPasswordTime": "0",
    "lastLogoff": "0",
    "lastLogon": "0",
    "pwdLastSet": "130058544776047558",
    "primaryGroupID": "513",
    "objectSid": "\u0001\u0005\u0000\u0000\u0000\u0000\u0000\u0005\u0015\u0000\u0000\u0000��=��\u001d��uQ��O\u0004\u0000\u0000",
    "accountExpires": "9223372036854775807",
    "logonCount": "0",
    "sAMAccountName": "jromaniello",
    "sAMAccountType": "805306368",
    "userPrincipalName": "jromaniello@wellscordobabank.com",
    "objectCategory": "CN=Person,CN=Schema,CN=Configuration,DC=wellscordobabank,DC=com",
    "dSCorePropagationData": [
      "20130220172118.0Z",
      "16010101000000.0Z"
    ],
    "lastLogonTimestamp": "130058572786126285",
    "mail": "jromaniello@wellscordobabank.com"
  }
}

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.

passport-windowsauth dependencies

passport ldapjs

passport-windowsauth development dependencies

chai mocha

FAQs

What is passport-windowsauth?

Passport strategy for Windows Integrated Authentication (NTLM). Visit Snyk Advisor to see a full health score report for passport-windowsauth, including popularity, security, maintenance & community analysis.

Is passport-windowsauth popular?

The npm package passport-windowsauth receives a total of 508 weekly downloads. As such, passport-windowsauth popularity was classified as limited. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is passport-windowsauth well maintained?

We found indications that passport-windowsauth is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is passport-windowsauth safe to use?

While scanning the latest version of passport-windowsauth, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 22 April-2024, at 22:19 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (508)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Readme

Install

Introduction

Integrated Authentication (IIS)

Integrated Authentication with Apache and mod_auth_kerb

Non-integrated authentication

Example profile from LDAP

Issue Reporting

Author

License

passport-windowsauth dependencies

passport-windowsauth development dependencies

FAQs

What is passport-windowsauth?

Is passport-windowsauth popular?

Is passport-windowsauth well maintained?

Is passport-windowsauth safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues