Merge remote-tracking branch 'upstream/master' into development

2018-02-24 23:05:01 +01:00 · 2018-02-24 23:05:01 +01:00 · 7750232716
commit 7750232716
parent ba75623f86 ca145edaef
18 changed files with 558 additions and 344 deletions
--- a/lib/passport.js
+++ b/lib/passport.js
@ -17,11 +17,22 @@ const interoperableErrors = require('../shared/interoperable-errors');
 const contextHelpers = require('./context-helpers');

 let LdapStrategy;
-try {
-    LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require
-} catch (E) {
-    if (config.ldap.enabled) {
-        log.info('LDAP', 'Module "passport-ldapjs" not installed. LDAP auth will fail.');
+let authMode = 'local';
+if (config.ldap.enabled) {
+    if (config.ldap.method == 'ldapjs') {
+        try {
+            LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require
+            authMode = 'ldapjs';
+        } catch (exc) {
+            log.info('LDAP', 'Module "passport-ldapjs" not installed. It will not be used for LDAP auth.');
+        }
+    } else if (config.ldap.method == 'ldapauth') {
+        try {
+            LdapStrategy = require('passport-ldapauth').Strategy; // eslint-disable-line global-require
+            authMode = 'ldapauth';
+        } catch (exc) {
+            log.info('LDAP', 'Module "passport-ldapauth" not installed. It will not be used for LDAP auth.');
+        }
    }
 }

@ -85,7 +96,7 @@ module.exports.restLogout = (req, res) => {
 };

 module.exports.restLogin = (req, res, next) => {
-    passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {
+    passport.authenticate(authMode, (err, user, info) => {
        if (err) {
            return next(err);
        }
@ -112,22 +123,40 @@ module.exports.restLogin = (req, res, next) => {
    })(req, res, next);
 };

-if (config.ldap.enabled && LdapStrategy) {
-    log.info('Using LDAP auth');
+if (authMode === 'ldapjs' || authMode === 'ldapauth') {
+    log.info('Using LDAP auth (passport-' + authMode + ')');
    module.exports.authMethod = 'ldap';
    module.exports.isAuthMethodLocal = false;

-    let opts = {
-        server: {
-            url: 'ldap://' + config.ldap.host + ':' + config.ldap.port
-        },
-        base: config.ldap.baseDN,
-        search: {
-            filter: config.ldap.filter,
-            attributes: [config.ldap.uidTag, config.ldap.nameTag, 'mail'],
-            scope: 'sub'
-        }
-    };
+    let opts;
+    if (authMode === 'ldapjs') {
+        opts = {
+            server: {
+                url: 'ldap://' + config.ldap.host + ':' + config.ldap.port
+            },
+            base: config.ldap.baseDN,
+            search: {
+                filter: config.ldap.filter,
+                attributes: [config.ldap.uidTag, config.ldap.nameTag, 'mail'],
+                scope: 'sub'
+            },
+            uidTag: config.ldap.uidTag,
+            bindUser: config.ldap.bindUser,
+            bindPassword: config.ldap.bindPassword
+        };
+
+    } else if (authMode = 'ldapauth') {
+        opts = {
+            server: {
+                url: 'ldap://' + config.ldap.host + ':' + config.ldap.port,
+                searchBase: config.ldap.baseDN,
+                searchFilter: config.ldap.filter,
+                searchAttributes: [config.ldap.uidTag, config.ldap.nameTag, 'mail'],
+                bindDN: config.ldap.bindUser,
+                bindCredentials: config.ldap.bindPassword
+            },
+        };
+    }

    passport.use(new LdapStrategy(opts, nodeifyFunction(async (profile) => {
        try {
@ -159,7 +188,6 @@ if (config.ldap.enabled && LdapStrategy) {
            } else {
                throw err;
            }
-
        }
    })));