Reorganize auth plugins

2017-08-29 19:11:06 +02:00 · 2017-08-29 19:11:06 +02:00 · 12ba10f688
commit 12ba10f688
parent cfa6db10c7
5 changed files with 118 additions and 115 deletions
--- a/src/plugins/auth/_ldapCommon.js
+++ b/src/plugins/auth/_ldapCommon.js
@ -1,29 +0,0 @@
-"use strict";
-
-const Helper = require("../../helper");
-const ldap = require("ldapjs");
-
-function ldapAuthCommon(manager, client, user, bindDN, password, callback) {
-	const config = Helper.config;
-
-	let ldapclient = ldap.createClient({
-		url: config.ldap.url,
-		tlsOptions: config.ldap.tlsOptions
-	});
-
-	ldapclient.on("error", function(err) {
-		log.error("Unable to connect to LDAP server", err);
-		callback(!err);
-	});
-
-	ldapclient.bind(bindDN, password, function(err) {
-		if (!err && !client) {
-			manager.addUser(user, null);
-		}
-		ldapclient.unbind();
-		callback(!err);
-	});
-}
-
-module.exports = ldapAuthCommon;
-
--- a/src/plugins/auth/advancedLdap.js
+++ b/src/plugins/auth/advancedLdap.js
@ -1,72 +0,0 @@
-"use strict";
-
-const Helper = require("../../helper");
-const ldap = require("ldapjs");
-
-const _ldapAuthCommon = require("./_ldapCommon");
-
-/**
- * LDAP auth using initial DN search (see config comment for ldap.searchDN)
- */
-function advancedLdapAuth(manager, client, user, password, callback) {
-	if (!user) {
-		return callback(false);
-	}
-
-	const config = Helper.config;
-	const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
-
-	let ldapclient = ldap.createClient({
-		url: config.ldap.url,
-		tlsOptions: config.ldap.tlsOptions
-	});
-
-	const base = config.ldap.searchDN.base;
-	const searchOptions = {
-		scope: config.ldap.searchDN.scope,
-		filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.searchDN.filter + ")",
-		attributes: ["dn"]
-	};
-
-	ldapclient.on("error", function(err) {
-		log.error("Unable to connect to LDAP server", err);
-		callback(!err);
-	});
-
-	ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function(err) {
-		if (err) {
-			log.error("Invalid LDAP root credentials");
-			ldapclient.unbind();
-			callback(false);
-		} else {
-			ldapclient.search(base, searchOptions, function(err2, res) {
-				if (err2) {
-					log.warning("User not found: ", userDN);
-					ldapclient.unbind();
-					callback(false);
-				} else {
-					let found = false;
-					res.on("searchEntry", function(entry) {
-						found = true;
-						const bindDN = entry.objectName;
-						log.info("Auth against LDAP ", config.ldap.url, " with found bindDN ", bindDN);
-						ldapclient.unbind();
-
-						_ldapAuthCommon(manager, client, user, bindDN, password, callback);
-					});
-					res.on("error", function(err3) {
-						log.error("LDAP error: ", err3);
-						callback(false);
-					});
-					res.on("end", function() {
-						if (!found) {
-							callback(false);
-						}
-					});
-				}
-			});
-		}
-	});
-}
-
-module.exports = advancedLdapAuth;
--- a/src/plugins/auth/ldap.js
+++ b/src/plugins/auth/ldap.js
@ -1,9 +1,31 @@
 "use strict";

 const Helper = require("../../helper");
-const _ldapAuthCommon = require("./_ldapCommon");
+const ldap = require("ldapjs");

-function ldapAuth(manager, client, user, password, callback) {
+function ldapAuthCommon(manager, client, user, bindDN, password, callback) {
+	const config = Helper.config;
+
+	const ldapclient = ldap.createClient({
+		url: config.ldap.url,
+		tlsOptions: config.ldap.tlsOptions
+	});
+
+	ldapclient.on("error", function(err) {
+		log.error("Unable to connect to LDAP server", err);
+		callback(!err);
+	});
+
+	ldapclient.bind(bindDN, password, function(err) {
+		if (!err && !client) {
+			manager.addUser(user, null);
+		}
+		ldapclient.unbind();
+		callback(!err);
+	});
+}
+
+function simpleLdapAuth(manager, client, user, password, callback) {
 	if (!user) {
 		return callback(false);
 	}
@ -15,7 +37,88 @@ function ldapAuth(manager, client, user, password, callback) {

 	log.info("Auth against LDAP ", config.ldap.url, " with provided bindDN ", bindDN);

-	_ldapAuthCommon(manager, client, user, bindDN, password, callback);
+	ldapAuthCommon(manager, client, user, bindDN, password, callback);
 }

-module.exports = ldapAuth;
+/**
+ * LDAP auth using initial DN search (see config comment for ldap.searchDN)
+ */
+function advancedLdapAuth(manager, client, user, password, callback) {
+	if (!user) {
+		return callback(false);
+	}
+
+	const config = Helper.config;
+	const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
+
+	const ldapclient = ldap.createClient({
+		url: config.ldap.url,
+		tlsOptions: config.ldap.tlsOptions
+	});
+
+	const base = config.ldap.searchDN.base;
+	const searchOptions = {
+		scope: config.ldap.searchDN.scope,
+		filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.searchDN.filter + ")",
+		attributes: ["dn"]
+	};
+
+	ldapclient.on("error", function(err) {
+		log.error("Unable to connect to LDAP server", err);
+		callback(!err);
+	});
+
+	ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function(err) {
+		if (err) {
+			log.error("Invalid LDAP root credentials");
+			ldapclient.unbind();
+			callback(false);
+		} else {
+			ldapclient.search(base, searchOptions, function(err2, res) {
+				if (err2) {
+					log.warning("User not found: ", userDN);
+					ldapclient.unbind();
+					callback(false);
+				} else {
+					let found = false;
+					res.on("searchEntry", function(entry) {
+						found = true;
+						const bindDN = entry.objectName;
+						log.info("Auth against LDAP ", config.ldap.url, " with found bindDN ", bindDN);
+						ldapclient.unbind();
+
+						ldapAuthCommon(manager, client, user, bindDN, password, callback);
+					});
+					res.on("error", function(err3) {
+						log.error("LDAP error: ", err3);
+						callback(false);
+					});
+					res.on("end", function() {
+						if (!found) {
+							callback(false);
+						}
+					});
+				}
+			});
+		}
+	});
+}
+
+function ldapAuth(manager, client, user, password, callback) {
+	let auth = function() {};
+	if ("baseDN" in Helper.config.ldap) {
+		auth = simpleLdapAuth;
+	} else {
+		auth = advancedLdapAuth;
+	}
+	return auth(manager, client, user, password, callback);
+}
+
+function isLdapEnabled() {
+	return !Helper.config.public && Helper.config.ldap.enable;
+}
+
+module.exports = {
+	auth: ldapAuth,
+	isEnabled: isLdapEnabled
+};
--- a/src/plugins/auth/local.js
+++ b/src/plugins/auth/local.js
@ -35,4 +35,10 @@ function localAuth(manager, client, user, password, callback) {
 		});
 }

-module.exports = localAuth;
+module.exports = {
+	auth: localAuth,
+	isEnabled: function() {
+		return true;
+	}
+};
+
--- a/src/server.js
+++ b/src/server.js
@ -12,7 +12,6 @@ var io = require("socket.io");
 var dns = require("dns");
 var Helper = require("./helper");
 var ldapAuth = require("./plugins/auth/ldap");
-var advancedLdapAuth = require("./plugins/auth/advancedLdap");
 var localAuth = require("./plugins/auth/local");
 var colors = require("colors/safe");
 const net = require("net");
@ -438,14 +437,10 @@ function performAuthentication(data) {

 	// Perform password checking
 	let auth = function() {};
-	if (!Helper.config.public && Helper.config.ldap.enable) {
-		if ("baseDN" in Helper.config.ldap) {
-			auth = ldapAuth;
-		} else {
-			auth = advancedLdapAuth;
-		}
-	} else {
-		auth = localAuth;
+	if (ldapAuth.isEnabled()) {
+		auth = ldapAuth.auth;
+	} else if (localAuth.isEnabled()) {
+		auth = localAuth.auth;
 	}
 	auth(manager, client, data.user, data.password, authCallback);
 }