public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge b4d7c1bfcf into c3b968aa10

Browse source
This commit is contained in:
Iván Eixarch 2020-09-16 08:55:13 +02:00 committed by GitHub
commit d98e2e5b56
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 182 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

8
server/app-builder.js
View file

@ -324,6 +324,14 @@ async function createApp(appType) {
app.use('/rest', reportsRest);
}
install404Fallback('/rest');
if (config.cas && config.cas.enabled === true) {
app.get('/cas/login',
passport.authenticateCas,
function(req, res) {
res.redirect('/?cas-login-success');
});
app.get('/cas/logout', passport.logoutCas);
}
}
app.use('/', await index.getRouter(appType));

12
server/config/default.yaml
View file

@ -171,6 +171,18 @@ postfixBounce:
# allow connections from localhost only
host: 127.0.0.1
cas:
# enable to use CAS user backend
enabled: false
url: https://example.cas-server.com
# nameTag identifies the attribute to be used for user's full name
nameTag: username
# mailTag identifies the attribute to be used for user's email address
mailTag: mail
newUserRole: nobody
# Global namespace id
newUserNamespaceId: 1
# extra options for nodemailer
nodemailer:
#textEncoding: base64

67
server/lib/passport.js
View file

@ -175,8 +175,73 @@ module.exports.restLogin = (req, res, next) => {
});
})(req, res, next);
};
let CasStrategy;
if (config.cas && config.cas.enabled === true) {
try {
CasStrategy = require('passport-cas2').Strategy;
authMode = 'cas';
log.info('CAS', 'Found module "passport-cas2". It will be used for CAS auth.');
} catch (exc) {
log.info('CAS', 'Module passport-cas2 not installed.');
}
}
if (CasStrategy) {
log.info('Using CAS auth (passport-cas2)');
module.exports.authMethod = 'cas';
module.exports.isAuthMethodLocal = false;
if (LdapStrategy) {
const cas = new CasStrategy({
casURL: config.cas.url,
propertyMap: {
displayName: config.cas.nameTag,
emails: config.cas.mailTag
}
},
nodeifyFunction(async (username, profile) => {
try {
const user = await users.getByUsername(username);
log.info('CAS', 'Old User: '+JSON.stringify(profile));
return {
id: user.id,
username: username,
name: profile.displayName,
email: profile.emails[0].value,
role: user.role
};
} catch (err) {
if (err instanceof interoperableErrors.NotFoundError) {
const userId = await users.create(contextHelpers.getAdminContext(), {
username: username,
role: config.cas.newUserRole,
namespace: config.cas.newUserNamespaceId,
name: profile.displayName,
email: profile.emails[0].value
});
log.info('CAS', 'New User: '+JSON.stringify(profile));
return {
id: userId,
username: username,
name: profile.displayName,
email: profile.emails[0].value,
role: config.cas.newUserRole
};
} else {
throw err;
}
}
}));
passport.use(cas);
passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((user, done) => done(null, user));
module.exports.authenticateCas = passport.authenticate('cas', { failureRedirect: '/login?cas-login-error' });
module.exports.logoutCas = function (req, res) {
cas.logout(req, res, config.www.trustedUrlBase+'/?cas-logout-success');
};
} else if (LdapStrategy) {
log.info('Using LDAP auth (passport-' + authMode === 'ldap' ? 'ldapjs' : authMode + ')');
module.exports.authMethod = 'ldap';
module.exports.isAuthMethodLocal = false;

2
server/models/users.js
View file

@ -27,7 +27,7 @@ const namespaceHelpers = require('../lib/namespace-helpers');
const allowedKeys = new Set(['username', 'name', 'email', 'password', 'namespace', 'role']);
const ownAccountAllowedKeys = new Set(['name', 'email', 'password']);
const allowedKeysExternal = new Set(['username', 'namespace', 'role']);
const allowedKeysExternal = new Set(['username', 'namespace', 'role', 'name', 'email']);
const hashKeys = new Set(['username', 'name', 'email', 'namespace', 'role']);
const shares = require('./shares');
const contextHelpers = require('../lib/context-helpers');