joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add LDAPS-support to LDAP-Authcontroller (#7014)

Browse Source 
* Add LDAPS-support to LDAP-Authcontroller

* Add Testcase that failed with valid certificate but wrong credendtials to LDAP-Authcontroller

* change scope of 'error' and remove 'case undefined', because it's not needed anymore
This commit is contained in:
Fabian Strachanski
2020-11-19 01:20:59 +01:00
committed by GitHub
parent ccb045b68c
commit c958c46fa7
6 changed files with 220 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Adapters/Auth/ldap.js
View File

@@ -12,23 +12,32 @@ function validateAuthData(authData, options) {
);
});
}
const clientOptions = (options.url.startsWith("ldaps://")) ?
{ url: options.url, tlsOptions: options.tlsOptions } : { url: options.url };
const client = ldapjs.createClient({ url: options.url });
const client = ldapjs.createClient(clientOptions);
const userCn =
typeof options.dn === 'string'
? options.dn.replace('{{id}}', authData.id)
: `uid=${authData.id},${options.suffix}`;
return new Promise((resolve, reject) => {
client.bind(userCn, authData.password, err => {
if (err) {
client.destroy(err);
return reject(
new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
'LDAP: Wrong username or password'
)
);
client.bind(userCn, authData.password, ldapError => {
if (ldapError) {
let error;
switch (ldapError.code) {
case 49:
error = new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'LDAP: Wrong username or password');
break;
case "DEPTH_ZERO_SELF_SIGNED_CERT":
error = new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'LDAPS: Certificate mismatch');
break;
default:
error = new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'LDAP: Somthing went wrong (' + ldapError.code + ')');
}
reject(error);
client.destroy(ldapError);
return;
}
if (
@@ -50,7 +59,8 @@ function optionsAreValid(options) {
typeof options === 'object' &&
typeof options.suffix === 'string' &&
typeof options.url === 'string' &&
options.url.startsWith('ldap://')
(options.url.startsWith('ldap://') ||
options.url.startsWith('ldaps://') && typeof options.tlsOptions === 'object')
);
}