Minimum viable NTLM auth implementation

Added env variable "VITE_NTLM_AUTH", if true, login page will attempt NTLM auth challenge instead of showing login page. If challenge is successful and an authenticate message is received, it will check for the existence of the user using the provided mail attribute, and create an account with a random, complex password, and then authenticate as the user.
2025-11-23 13:11:02 +10:00 · 2024-09-16 08:32:33 +10:00
parent 9d0331d04f
commit 6ad469a115
9 changed files with 138 additions and 25 deletions
--- a/apps/client/src/features/auth/hooks/use-auth.ts
+++ b/apps/client/src/features/auth/hooks/use-auth.ts
@ -1,5 +1,5 @@
 import { useState } from "react";
-import { login, setupWorkspace } from "@/features/auth/services/auth-service";
+import { login, ntlmLogin, setupWorkspace } from "@/features/auth/services/auth-service";
 import { useNavigate } from "react-router-dom";
 import { useAtom } from "jotai";
 import { authTokensAtom } from "@/features/auth/atoms/auth-tokens-atom";
@ -38,6 +38,25 @@ export default function useAuth() {
    }
  };

+  const handleNtlmSignIn = async () => {
+    setIsLoading(true);
+
+    try {
+      const res = await ntlmLogin();
+      setIsLoading(false);
+      setAuthToken(res.tokens);
+
+      navigate(APP_ROUTE.HOME);
+    } catch (err) {
+      console.log(err);
+      setIsLoading(false);
+      notifications.show({
+        message: err.response?.data.message,
+        color: "red",
+      });
+    }
+  };
+
  const handleInvitationSignUp = async (data: IAcceptInvite) => {
    setIsLoading(true);

@ -107,6 +126,7 @@ export default function useAuth() {

  return {
    signIn: handleSignIn,
+    ntlmSignIn: handleNtlmSignIn,
    invitationSignup: handleInvitationSignUp,
    setupWorkspace: handleSetupWorkspace,
    isAuthenticated: handleIsAuthenticated,
--- a/apps/client/src/features/auth/services/auth-service.ts
+++ b/apps/client/src/features/auth/services/auth-service.ts
@ -6,12 +6,19 @@ import {
  ISetupWorkspace,
  ITokenResponse,
 } from "@/features/auth/types/auth.types";
+import axios from "axios";

 export async function login(data: ILogin): Promise<ITokenResponse> {
  const req = await api.post<ITokenResponse>("/auth/login", data);
  return req.data;
 }

+export async function ntlmLogin(): Promise<ITokenResponse> {
+  // Use separate axios instance to avoid passing app auth headers to allow for NTLM authentication challenge
+  const req = await axios.post<ITokenResponse>("/api/auth/ntlm");
+  return req.data;
+}
+
 /*
 export async function register(data: IRegister): Promise<ITokenResponse> {
  const req = await api.post<ITokenResponse>("/auth/register", data);
--- a/apps/client/src/pages/auth/login.tsx
+++ b/apps/client/src/pages/auth/login.tsx
@ -1,13 +1,28 @@
 import { LoginForm } from "@/features/auth/components/login-form";
+import useAuth from "@/features/auth/hooks/use-auth";
+import { useEffect } from "react";
 import { Helmet } from "react-helmet-async";

+
+const ntlmAuth = import.meta.env.VITE_NTLM_AUTH;
+
 export default function LoginPage() {
+  
+  const { ntlmSignIn } = useAuth();
+
+  useEffect(() => {
+
+    if (ntlmAuth)
+      ntlmSignIn();
+
+  }, [])
+
  return (
    <>
      <Helmet>
        <title>Login</title>
      </Helmet>
-      <LoginForm />
+      {!ntlmAuth && <LoginForm />}
    </>
  );
 }