Add ldap authentication

2016-08-11 13:21:48 +02:00 · 2016-08-11 13:21:48 +02:00 · 4f3b2e9dcb
commit 4f3b2e9dcb
parent 65c2e9db98
1 changed files with 61 additions and 13 deletions
--- a/lib/passport.js
+++ b/lib/passport.js
@ -1,8 +1,11 @@
 'use strict';

 let config = require('config');
+let log = require('npmlog');
+
 let passport = require('passport');
 let LocalStrategy = require('passport-local').Strategy;
+let LdapStrategy = require('passport-ldapjs').Strategy;
 let csrf = require('csurf');
 let bodyParser = require('body-parser');
 let users = require('./models/users');
@ -30,7 +33,7 @@ module.exports.logout = (req, res) => {
 };

 module.exports.login = (req, res, next) => {
-    passport.authenticate('local', (err, user, info) => {
+    passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {
        if (err) {
            req.flash('danger', err.message);
            return next(err);
@ -58,21 +61,66 @@ module.exports.login = (req, res, next) => {
    })(req, res, next);
 };

-passport.use(new LocalStrategy((username, password, done) => {
-    users.authenticate(username, password, (err, user) => {
-        if (err) {
-            return done(err);
-        }
+if (config.ldap.enabled) {
+    log.info('Using LDAP auth');

-        if (!user) {
-            return done(null, false, {
-                message: 'Incorrect username or password'
-            });
+    var opts = {
+        server: {
+            url: 'ldap://' + config.ldap.host + ':' + config.ldap.port,
+        },
+        base: config.ldap.baseDN,
+        search: {
+            filter: config.ldap.filter,
+            attributes: ['username', 'mail'],
+            scope: 'sub'
        }
+    };

-        return done(null, user);
-    });
-}));
+    passport.use(new LdapStrategy(opts, function (profile, done) {
+        users.findByUsername(profile.username, (err, user) => {
+            if (err) {
+                return done(err);
+            }
+
+            if (!user) {
+                // password is empty for ldap
+                users.add(profile.username, '', profile.mail, (err, id) => {
+                    if (err) {
+                        return done(err);
+                    }
+
+                    return done(null, {
+                        id: id,
+                        username: profile.username
+                    });
+                });
+            } else {
+                return done(null, {
+                    id: user.id,
+                    username: user.username
+                });
+            }
+        });
+    }));
+} else {
+    log.info('Using local auth');
+
+    passport.use(new LocalStrategy((username, password, done) => {
+        users.authenticate(username, password, (err, user) => {
+            if (err) {
+                return done(err);
+            }
+
+            if (!user) {
+                return done(null, false, {
+                    message: 'Incorrect username or password'
+                });
+            }
+
+            return done(null, user);
+        });
+    }));
+}

 passport.serializeUser((user, done) => {
    done(null, user.id);