Authenticate with IBM Domino via a Node.js Application to Extract a Session Cookie
This lesson will explain how we can authenticate with Domino via a NodeJS application.
We will use a standard html login page which will be posted to our NodeJS application which in turn will attempt to login with Domino.
If successful the Domino Session ID will be extracted from the Domino response and sent back to client application where it can be subsequently used for further requests.
If the login fails then a 401 HTTP status code is returned to the client.
It will also show how we deal with Domino's strange HTTP status codes when trying to login.
Instructor: [00:00] To access Domino Data as an authenticated user via node application, we need to first understand how Domino records the fact that the user is authenticated. If I attempt to log in to my Domino database, I get the standard login form. You hit Sign In.
[00:16] Now, if I look in my cookies, which you can see in Chrome under the Application tab, you can see there's a DomAuthSessID cookie being set. It's this value that we need to pass to node. Then it can pass to Domino.
[00:31] To get the Domino cookie, we're going to log in via the node server as a proxy and then intercept it. To do this, the first thing I've done is...It's all in the couple of extra packages. One is body-parser so we can easily get our form data from our login form. The other one is a cookie-parser. That's to decode Domino cookie which is sent back via the Domino code.
[00:53] We're going to create a new route in our node server which we can then post our credentials to, to attempt to log in to Domino server. This route will be a post. We're going to call it Log In. The first thing we're going to do is deconstruct the username and password from the body of the request.
[01:15] We're then going to create an options object which will be the settings we need for our request to the Domino server. We're going to do a post to the name's address book. We want the full response including the status code. The only values we need to post are the username and password.
[01:38] Importantly, for this library, you need to say simple is false. That's because it considers any status code which isn't in 200 range as an error. Unfortunately, Domino will return a 302, which is a redirect. Therefore, it will automatically go to error handler. We don't want that, so we need to say simple is false.
[02:00] Now, we've got our options object. Let's make our call to Domino. We'll use the request-promise. We would do a post, pass the options object, and then we will deal with the result. Also, we'll put error-handling just in case. Within our response, first thing we're going to do is grab the headers and body. We'll deconstruct those. Very handy, this ES6 deconstruction.
[02:29] We're also going to get and check to see if we've got a Domino authentication failure. Remember, we said this is a custom header, so we would deconstruct it from the headers. If Domino authentication failure has a value, that means we've got one from Domino. Therefore, we should just return.
[02:47] If we get past this point then we're good to go. The next thing we need to do is we need to get a hold of the Domino authentication cookie which is in the response headers. We're going to use the set the cookie passer library to deconstruct the cookies into objects for us. We'll set those to a new value.
[03:14] Now, Domino may return multiple cookies. We want to make sure we only got the Domino authentication cookie. We can do this using a filter method on an array. If the cookie name property is equal to DomAuthSessID, then we know this is the cookie we want.
[03:42] We're going to check to see if we've got the Domino authentication cookie by looking at the length of the filtered array. For now, in this test route, we're going to just send back the value of the cookie. If we can get a Domino authentication cookie, then we will just send back, for now, a blank object.
[04:07] Finally, in the error handling, we will trap any errors and send those back to the browser as well. We're starting with a basic HTML page. I'm using Bootstrap. I've got my fun, awesome stuff. I'm using the Ajax's library to do Ajax clause.
[04:27] We're diving straight down. I assume you've already got your own index login page set up. I've got some username and password input fields, a login button. I was to go to a success container and if there's an error container as well. If I come down to my login function, what I'm going to do is use the Ajax's library to do a post to my node server.
[04:48] I'm going to send through the contents of my form, which is my username and password. We do a post to the login route that we have just created. We're going to pass it the username and password field values.
[05:10] The Ajax's library presents a promise. If we successfully authenticate with Domino, we will get back a 200. In this case, we'll get passing back the DomSessID. We will display that in our success message box. In this instance, we're going to use ES6 templating language so that we can place the result directly inside our string.
[05:43] To display the success container, we need to change the Bootstrap class. If you have an authentication failure from Domino, our node server is going to return either a 401 or 403. That will appear as an error in the Ajax's library. We look for a status code of 401 or 403 to make sure that this is not a general error that we're picking up.
[06:15] We display whatever's been sent back to some Domino inside the error message display. Finally, we display it by changing the Bootstrap class. OK, that's our index page done. Let's far up the node server and test it. I fired up my node application. Open the browser and browse to localhost:8088/index.html, and we get our standard Bootstrap login form.
[06:42] Remember, we're authenticating the Domino nodes address book via our node server. I clicked Log In. We have an empty username and password. Domino's come back with a, "Please identify yourself." If we look at the network traffic, we can see that our node server has sent back a 401 unauthorized. It's given a response of, "Please identify yourself," which is the error message.
[07:05] Now, let's try entering an invalid username and an invalid password. Try again. This time, we got another message back from Domino, "You provided an invalid username or password." Finally, let's try it with a valid user. This time, we should be authenticated. We should get back a dom auth session ID, and we already have.
[07:33] Now, we got this value. We can go forward and store this value inside our client application and make sure it's code and used every time we want to code Domino Data.