Add LDAPS-support to LDAP-Authcontroller (#7014)

* Add LDAPS-support to LDAP-Authcontroller * Add Testcase that failed with valid certificate but wrong credendtials to LDAP-Authcontroller * change scope of 'error' and remove 'case undefined', because it's not needed anymore
2020-11-19 01:20:59 +01:00
parent ccb045b68c
commit c958c46fa7
6 changed files with 220 additions and 13 deletions
--- a/spec/LdapAuth.spec.js
+++ b/spec/LdapAuth.spec.js
@@ -1,6 +1,8 @@
 const ldap = require('../lib/Adapters/Auth/ldap');
 const mockLdapServer = require('./MockLdapServer');
+const fs = require('fs');
 const port = 12345;
+const sslport = 12346;

 it('Should fail with missing options', done => {
  ldap
@@ -31,6 +33,86 @@ it('Should succeed with right credentials', done => {
  });
 });

+it('Should succeed with right credentials when LDAPS is used and certifcate is not checked', done => {
+  mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldaps://localhost:${sslport}`,
+      dn: 'uid={{id}}, o=example',
+      tlsOptions: { rejectUnauthorized: false }
+    };
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done)
+      .catch(done.fail)
+      .finally(() => server.close());
+  });
+});
+
+it('Should succeed when LDAPS is used and the presented certificate is the expected certificate', done => {
+  mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldaps://localhost:${sslport}`,
+      dn: 'uid={{id}}, o=example',
+      tlsOptions: {
+        ca: fs.readFileSync(__dirname + '/support/cert/cert.pem'),
+        rejectUnauthorized: true
+      }
+    };
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done)
+      .catch(done.fail)
+      .finally(() => server.close());
+  });
+});
+
+it('Should fail when LDAPS is used and the presented certificate is not the expected certificate', done => {
+  mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldaps://localhost:${sslport}`,
+      dn: 'uid={{id}}, o=example',
+      tlsOptions: {
+        ca: fs.readFileSync(__dirname + '/support/cert/anothercert.pem'),
+        rejectUnauthorized: true
+      }
+    };
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done.fail)
+      .catch(err => {
+        jequal(err.message, 'LDAPS: Certificate mismatch');
+        done();
+      })
+      .finally(() => server.close());
+  });
+});
+
+it('Should fail when LDAPS is used certifcate matches but credentials are wrong', done => {
+  mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldaps://localhost:${sslport}`,
+      dn: 'uid={{id}}, o=example',
+      tlsOptions: {
+        ca: fs.readFileSync(__dirname + '/support/cert/cert.pem'),
+        rejectUnauthorized: true
+      }
+    };
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'wrong!' }, options)
+      .then(done.fail)
+      .catch(err => {
+        jequal(err.message, 'LDAP: Wrong username or password');
+        done();
+      })
+      .finally(() => server.close());
+  });
+});
+
+
 it('Should fail with wrong credentials', done => {
  mockLdapServer(port, 'uid=testuser, o=example').then(server => {
    const options = {