Reorganize auth plugins

This commit is contained in:
Elie Michel 2017-08-29 19:11:06 +02:00
parent cfa6db10c7
commit 12ba10f688
5 changed files with 118 additions and 115 deletions

View File

@ -1,29 +0,0 @@
"use strict";
const Helper = require("../../helper");
const ldap = require("ldapjs");
function ldapAuthCommon(manager, client, user, bindDN, password, callback) {
const config = Helper.config;
let ldapclient = ldap.createClient({
url: config.ldap.url,
tlsOptions: config.ldap.tlsOptions
});
ldapclient.on("error", function(err) {
log.error("Unable to connect to LDAP server", err);
callback(!err);
});
ldapclient.bind(bindDN, password, function(err) {
if (!err && !client) {
manager.addUser(user, null);
}
ldapclient.unbind();
callback(!err);
});
}
module.exports = ldapAuthCommon;

View File

@ -1,72 +0,0 @@
"use strict";
const Helper = require("../../helper");
const ldap = require("ldapjs");
const _ldapAuthCommon = require("./_ldapCommon");
/**
* LDAP auth using initial DN search (see config comment for ldap.searchDN)
*/
function advancedLdapAuth(manager, client, user, password, callback) {
if (!user) {
return callback(false);
}
const config = Helper.config;
const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
let ldapclient = ldap.createClient({
url: config.ldap.url,
tlsOptions: config.ldap.tlsOptions
});
const base = config.ldap.searchDN.base;
const searchOptions = {
scope: config.ldap.searchDN.scope,
filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.searchDN.filter + ")",
attributes: ["dn"]
};
ldapclient.on("error", function(err) {
log.error("Unable to connect to LDAP server", err);
callback(!err);
});
ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function(err) {
if (err) {
log.error("Invalid LDAP root credentials");
ldapclient.unbind();
callback(false);
} else {
ldapclient.search(base, searchOptions, function(err2, res) {
if (err2) {
log.warning("User not found: ", userDN);
ldapclient.unbind();
callback(false);
} else {
let found = false;
res.on("searchEntry", function(entry) {
found = true;
const bindDN = entry.objectName;
log.info("Auth against LDAP ", config.ldap.url, " with found bindDN ", bindDN);
ldapclient.unbind();
_ldapAuthCommon(manager, client, user, bindDN, password, callback);
});
res.on("error", function(err3) {
log.error("LDAP error: ", err3);
callback(false);
});
res.on("end", function() {
if (!found) {
callback(false);
}
});
}
});
}
});
}
module.exports = advancedLdapAuth;

View File

@ -1,9 +1,31 @@
"use strict";
const Helper = require("../../helper");
const _ldapAuthCommon = require("./_ldapCommon");
const ldap = require("ldapjs");
function ldapAuth(manager, client, user, password, callback) {
function ldapAuthCommon(manager, client, user, bindDN, password, callback) {
const config = Helper.config;
const ldapclient = ldap.createClient({
url: config.ldap.url,
tlsOptions: config.ldap.tlsOptions
});
ldapclient.on("error", function(err) {
log.error("Unable to connect to LDAP server", err);
callback(!err);
});
ldapclient.bind(bindDN, password, function(err) {
if (!err && !client) {
manager.addUser(user, null);
}
ldapclient.unbind();
callback(!err);
});
}
function simpleLdapAuth(manager, client, user, password, callback) {
if (!user) {
return callback(false);
}
@ -15,7 +37,88 @@ function ldapAuth(manager, client, user, password, callback) {
log.info("Auth against LDAP ", config.ldap.url, " with provided bindDN ", bindDN);
_ldapAuthCommon(manager, client, user, bindDN, password, callback);
ldapAuthCommon(manager, client, user, bindDN, password, callback);
}
module.exports = ldapAuth;
/**
* LDAP auth using initial DN search (see config comment for ldap.searchDN)
*/
function advancedLdapAuth(manager, client, user, password, callback) {
if (!user) {
return callback(false);
}
const config = Helper.config;
const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
const ldapclient = ldap.createClient({
url: config.ldap.url,
tlsOptions: config.ldap.tlsOptions
});
const base = config.ldap.searchDN.base;
const searchOptions = {
scope: config.ldap.searchDN.scope,
filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.searchDN.filter + ")",
attributes: ["dn"]
};
ldapclient.on("error", function(err) {
log.error("Unable to connect to LDAP server", err);
callback(!err);
});
ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function(err) {
if (err) {
log.error("Invalid LDAP root credentials");
ldapclient.unbind();
callback(false);
} else {
ldapclient.search(base, searchOptions, function(err2, res) {
if (err2) {
log.warning("User not found: ", userDN);
ldapclient.unbind();
callback(false);
} else {
let found = false;
res.on("searchEntry", function(entry) {
found = true;
const bindDN = entry.objectName;
log.info("Auth against LDAP ", config.ldap.url, " with found bindDN ", bindDN);
ldapclient.unbind();
ldapAuthCommon(manager, client, user, bindDN, password, callback);
});
res.on("error", function(err3) {
log.error("LDAP error: ", err3);
callback(false);
});
res.on("end", function() {
if (!found) {
callback(false);
}
});
}
});
}
});
}
function ldapAuth(manager, client, user, password, callback) {
let auth = function() {};
if ("baseDN" in Helper.config.ldap) {
auth = simpleLdapAuth;
} else {
auth = advancedLdapAuth;
}
return auth(manager, client, user, password, callback);
}
function isLdapEnabled() {
return !Helper.config.public && Helper.config.ldap.enable;
}
module.exports = {
auth: ldapAuth,
isEnabled: isLdapEnabled
};

View File

@ -35,4 +35,10 @@ function localAuth(manager, client, user, password, callback) {
});
}
module.exports = localAuth;
module.exports = {
auth: localAuth,
isEnabled: function() {
return true;
}
};

View File

@ -12,7 +12,6 @@ var io = require("socket.io");
var dns = require("dns");
var Helper = require("./helper");
var ldapAuth = require("./plugins/auth/ldap");
var advancedLdapAuth = require("./plugins/auth/advancedLdap");
var localAuth = require("./plugins/auth/local");
var colors = require("colors/safe");
const net = require("net");
@ -438,14 +437,10 @@ function performAuthentication(data) {
// Perform password checking
let auth = function() {};
if (!Helper.config.public && Helper.config.ldap.enable) {
if ("baseDN" in Helper.config.ldap) {
auth = ldapAuth;
} else {
auth = advancedLdapAuth;
}
} else {
auth = localAuth;
if (ldapAuth.isEnabled()) {
auth = ldapAuth.auth;
} else if (localAuth.isEnabled()) {
auth = localAuth.auth;
}
auth(manager, client, data.user, data.password, authCallback);
}