4da68597f7
Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
91 lines
2.9 KiB
JavaScript
91 lines
2.9 KiB
JavaScript
'use strict'
|
|
|
|
const Router = require('express').Router
|
|
const passport = require('passport')
|
|
const LDAPStrategy = require('passport-ldapauth')
|
|
const config = require('../../../config')
|
|
const models = require('../../../models')
|
|
const logger = require('../../../logger')
|
|
const { setReturnToFromReferer } = require('../utils')
|
|
const { urlencodedParser } = require('../../utils')
|
|
const response = require('../../../response')
|
|
|
|
let ldapAuth = module.exports = Router()
|
|
|
|
passport.use(new LDAPStrategy({
|
|
server: {
|
|
url: config.ldap.url || null,
|
|
bindDN: config.ldap.bindDn || null,
|
|
bindCredentials: config.ldap.bindCredentials || null,
|
|
searchBase: config.ldap.searchBase || null,
|
|
searchFilter: config.ldap.searchFilter || null,
|
|
searchAttributes: config.ldap.searchAttributes || null,
|
|
tlsOptions: config.ldap.tlsOptions || null
|
|
}
|
|
}, function (user, done) {
|
|
var uuid = user.uidNumber || user.uid || user.sAMAccountName || undefined
|
|
if (config.ldap.useridField && user[config.ldap.useridField]) {
|
|
uuid = user[config.ldap.useridField]
|
|
}
|
|
|
|
if (typeof uuid === 'undefined') {
|
|
throw new Error('Could not determine UUID for LDAP user. Check that ' +
|
|
'either uidNumber, uid or sAMAccountName is set in your LDAP directory ' +
|
|
'or use another unique attribute and configure it using the ' +
|
|
'"useridField" option in ldap settings.')
|
|
}
|
|
|
|
var username = uuid
|
|
if (config.ldap.usernameField && user[config.ldap.usernameField]) {
|
|
username = user[config.ldap.usernameField]
|
|
}
|
|
|
|
var profile = {
|
|
id: 'LDAP-' + uuid,
|
|
username: username,
|
|
displayName: user.displayName,
|
|
emails: user.mail ? Array.isArray(user.mail) ? user.mail : [user.mail] : [],
|
|
avatarUrl: null,
|
|
profileUrl: null,
|
|
provider: 'ldap'
|
|
}
|
|
var stringifiedProfile = JSON.stringify(profile)
|
|
models.User.findOrCreate({
|
|
where: {
|
|
profileid: profile.id.toString()
|
|
},
|
|
defaults: {
|
|
profile: stringifiedProfile
|
|
}
|
|
}).spread(function (user, created) {
|
|
if (user) {
|
|
var needSave = false
|
|
if (user.profile !== stringifiedProfile) {
|
|
user.profile = stringifiedProfile
|
|
needSave = true
|
|
}
|
|
if (needSave) {
|
|
user.save().then(function () {
|
|
if (config.debug) { logger.debug('user login: ' + user.id) }
|
|
return done(null, user)
|
|
})
|
|
} else {
|
|
if (config.debug) { logger.debug('user login: ' + user.id) }
|
|
return done(null, user)
|
|
}
|
|
}
|
|
}).catch(function (err) {
|
|
logger.error('ldap auth failed: ' + err)
|
|
return done(err, null)
|
|
})
|
|
}))
|
|
|
|
ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) {
|
|
if (!req.body.username || !req.body.password) return response.errorBadRequest(res)
|
|
setReturnToFromReferer(req)
|
|
passport.authenticate('ldapauth', {
|
|
successReturnToOrRedirect: config.serverURL + '/',
|
|
failureRedirect: config.serverURL + '/',
|
|
failureFlash: true
|
|
})(req, res, next)
|
|
})
|