HackMD/lib/web/auth/ldap/index.js

'use strict'

const Router = require('express').Router
const passport = require('passport')
const LDAPStrategy = require('passport-ldapauth')
const config = require('../../../config')
const models = require('../../../models')
const logger = require('../../../logger')
const {setReturnToFromReferer} = require('../utils')
const {urlencodedParser} = require('../../utils')
const response = require('../../../response')

let ldapAuth = module.exports = Router()

passport.use(new LDAPStrategy({
  server: {
    url: config.ldap.url || null,
    bindDn: config.ldap.bindDn || null,
    bindCredentials: config.ldap.bindCredentials || null,
    searchBase: config.ldap.searchBase || null,
    searchFilter: config.ldap.searchFilter || null,
    searchAttributes: config.ldap.searchAttributes || null,
    tlsOptions: config.ldap.tlsOptions || null
  }
}, function (user, done) {
  var uuid = user.uidNumber || user.uid || user.sAMAccountName
  var username = uuid

  if (config.ldap.usernameField && user[config.ldap.usernameField]) {
    username = user[config.ldap.usernameField]
  }

  var profile = {
    id: 'LDAP-' + uuid,
    username: username,
    displayName: user.displayName,
    emails: user.mail ? [user.mail] : [],
    avatarUrl: null,
    profileUrl: null,
    provider: 'ldap'
  }
  var stringifiedProfile = JSON.stringify(profile)
  models.User.findOrCreate({
    where: {
      profileid: profile.id.toString()
    },
    defaults: {
      profile: stringifiedProfile
    }
  }).spread(function (user, created) {
    if (user) {
      var needSave = false
      if (user.profile !== stringifiedProfile) {
        user.profile = stringifiedProfile
        needSave = true
      }
      if (needSave) {
        user.save().then(function () {
          if (config.debug) { logger.debug('user login: ' + user.id) }
          return done(null, user)
        })
      } else {
        if (config.debug) { logger.debug('user login: ' + user.id) }
        return done(null, user)
      }
    }
  }).catch(function (err) {
    logger.error('ldap auth failed: ' + err)
    return done(err, null)
  })
}))

ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) {
  if (!req.body.username || !req.body.password) return response.errorBadRequest(res)
  setReturnToFromReferer(req)
  passport.authenticate('ldapauth', {
    successReturnToOrRedirect: config.serverurl + '/',
    failureRedirect: config.serverurl + '/',
    failureFlash: true
  })(req, res, next)
})
refactor(app.js, auth.js): Extract all auth method to individual modules 2017-04-11 21:41:14 +00:00			`'use strict'`

			`const Router = require('express').Router`
			`const passport = require('passport')`
			`const LDAPStrategy = require('passport-ldapauth')`
			`const config = require('../../../config')`
			`const models = require('../../../models')`
			`const logger = require('../../../logger')`
			`const {setReturnToFromReferer} = require('../utils')`
			`const {urlencodedParser} = require('../../utils')`
			`const response = require('../../../response')`

			`let ldapAuth = module.exports = Router()`

			`passport.use(new LDAPStrategy({`
			`server: {`
			`url: config.ldap.url \|\| null,`
			`bindDn: config.ldap.bindDn \|\| null,`
			`bindCredentials: config.ldap.bindCredentials \|\| null,`
			`searchBase: config.ldap.searchBase \|\| null,`
			`searchFilter: config.ldap.searchFilter \|\| null,`
			`searchAttributes: config.ldap.searchAttributes \|\| null,`
			`tlsOptions: config.ldap.tlsOptions \|\| null`
			`}`
			`}, function (user, done) {`
Fix LDAP problem about missing uidNumber Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2017-10-06 23:49:43 +00:00			`var uuid = user.uidNumber \|\| user.uid \|\| user.sAMAccountName`
Add setting `ldap.usernameField` This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead. 2017-12-09 10:17:06 +00:00			`var username = uuid`

			`if (config.ldap.usernameField && user[config.ldap.usernameField]) {`
			`username = user[config.ldap.usernameField]`
			`}`

refactor(app.js, auth.js): Extract all auth method to individual modules 2017-04-11 21:41:14 +00:00			`var profile = {`
Fix LDAP problem about missing uidNumber Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2017-10-06 23:49:43 +00:00			`id: 'LDAP-' + uuid,`
Add setting `ldap.usernameField` This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead. 2017-12-09 10:17:06 +00:00			`username: username,`
refactor(app.js, auth.js): Extract all auth method to individual modules 2017-04-11 21:41:14 +00:00			`displayName: user.displayName,`
			`emails: user.mail ? [user.mail] : [],`
			`avatarUrl: null,`
			`profileUrl: null,`
			`provider: 'ldap'`
			`}`
			`var stringifiedProfile = JSON.stringify(profile)`
			`models.User.findOrCreate({`
			`where: {`
			`profileid: profile.id.toString()`
			`},`
			`defaults: {`
			`profile: stringifiedProfile`
			`}`
			`}).spread(function (user, created) {`
			`if (user) {`
			`var needSave = false`
			`if (user.profile !== stringifiedProfile) {`
			`user.profile = stringifiedProfile`
			`needSave = true`
			`}`
			`if (needSave) {`
			`user.save().then(function () {`
			`if (config.debug) { logger.debug('user login: ' + user.id) }`
			`return done(null, user)`
			`})`
			`} else {`
			`if (config.debug) { logger.debug('user login: ' + user.id) }`
			`return done(null, user)`
			`}`
			`}`
			`}).catch(function (err) {`
			`logger.error('ldap auth failed: ' + err)`
			`return done(err, null)`
			`})`
			`}))`

			`ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) {`
			`if (!req.body.username \|\| !req.body.password) return response.errorBadRequest(res)`
			`setReturnToFromReferer(req)`
			`passport.authenticate('ldapauth', {`
			`successReturnToOrRedirect: config.serverurl + '/',`
			`failureRedirect: config.serverurl + '/',`
			`failureFlash: true`
			`})(req, res, next)`
			`})`