From 12ba10f6881c26a50f6cc3b1e1ef65d7d657c016 Mon Sep 17 00:00:00 2001 From: Elie Michel Date: Tue, 29 Aug 2017 19:11:06 +0200 Subject: [PATCH] Reorganize auth plugins --- src/plugins/auth/_ldapCommon.js | 29 -------- src/plugins/auth/advancedLdap.js | 72 -------------------- src/plugins/auth/ldap.js | 111 +++++++++++++++++++++++++++++-- src/plugins/auth/local.js | 8 ++- src/server.js | 13 ++-- 5 files changed, 118 insertions(+), 115 deletions(-) delete mode 100644 src/plugins/auth/_ldapCommon.js delete mode 100644 src/plugins/auth/advancedLdap.js diff --git a/src/plugins/auth/_ldapCommon.js b/src/plugins/auth/_ldapCommon.js deleted file mode 100644 index 77a0962b..00000000 --- a/src/plugins/auth/_ldapCommon.js +++ /dev/null @@ -1,29 +0,0 @@ -"use strict"; - -const Helper = require("../../helper"); -const ldap = require("ldapjs"); - -function ldapAuthCommon(manager, client, user, bindDN, password, callback) { - const config = Helper.config; - - let ldapclient = ldap.createClient({ - url: config.ldap.url, - tlsOptions: config.ldap.tlsOptions - }); - - ldapclient.on("error", function(err) { - log.error("Unable to connect to LDAP server", err); - callback(!err); - }); - - ldapclient.bind(bindDN, password, function(err) { - if (!err && !client) { - manager.addUser(user, null); - } - ldapclient.unbind(); - callback(!err); - }); -} - -module.exports = ldapAuthCommon; - diff --git a/src/plugins/auth/advancedLdap.js b/src/plugins/auth/advancedLdap.js deleted file mode 100644 index 6d128e68..00000000 --- a/src/plugins/auth/advancedLdap.js +++ /dev/null @@ -1,72 +0,0 @@ -"use strict"; - -const Helper = require("../../helper"); -const ldap = require("ldapjs"); - -const _ldapAuthCommon = require("./_ldapCommon"); - -/** - * LDAP auth using initial DN search (see config comment for ldap.searchDN) - */ -function advancedLdapAuth(manager, client, user, password, callback) { - if (!user) { - return callback(false); - } - - const config = Helper.config; - const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1"); - - let ldapclient = ldap.createClient({ - url: config.ldap.url, - tlsOptions: config.ldap.tlsOptions - }); - - const base = config.ldap.searchDN.base; - const searchOptions = { - scope: config.ldap.searchDN.scope, - filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.searchDN.filter + ")", - attributes: ["dn"] - }; - - ldapclient.on("error", function(err) { - log.error("Unable to connect to LDAP server", err); - callback(!err); - }); - - ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function(err) { - if (err) { - log.error("Invalid LDAP root credentials"); - ldapclient.unbind(); - callback(false); - } else { - ldapclient.search(base, searchOptions, function(err2, res) { - if (err2) { - log.warning("User not found: ", userDN); - ldapclient.unbind(); - callback(false); - } else { - let found = false; - res.on("searchEntry", function(entry) { - found = true; - const bindDN = entry.objectName; - log.info("Auth against LDAP ", config.ldap.url, " with found bindDN ", bindDN); - ldapclient.unbind(); - - _ldapAuthCommon(manager, client, user, bindDN, password, callback); - }); - res.on("error", function(err3) { - log.error("LDAP error: ", err3); - callback(false); - }); - res.on("end", function() { - if (!found) { - callback(false); - } - }); - } - }); - } - }); -} - -module.exports = advancedLdapAuth; diff --git a/src/plugins/auth/ldap.js b/src/plugins/auth/ldap.js index 3f81bf61..8506800e 100644 --- a/src/plugins/auth/ldap.js +++ b/src/plugins/auth/ldap.js @@ -1,9 +1,31 @@ "use strict"; const Helper = require("../../helper"); -const _ldapAuthCommon = require("./_ldapCommon"); +const ldap = require("ldapjs"); -function ldapAuth(manager, client, user, password, callback) { +function ldapAuthCommon(manager, client, user, bindDN, password, callback) { + const config = Helper.config; + + const ldapclient = ldap.createClient({ + url: config.ldap.url, + tlsOptions: config.ldap.tlsOptions + }); + + ldapclient.on("error", function(err) { + log.error("Unable to connect to LDAP server", err); + callback(!err); + }); + + ldapclient.bind(bindDN, password, function(err) { + if (!err && !client) { + manager.addUser(user, null); + } + ldapclient.unbind(); + callback(!err); + }); +} + +function simpleLdapAuth(manager, client, user, password, callback) { if (!user) { return callback(false); } @@ -15,7 +37,88 @@ function ldapAuth(manager, client, user, password, callback) { log.info("Auth against LDAP ", config.ldap.url, " with provided bindDN ", bindDN); - _ldapAuthCommon(manager, client, user, bindDN, password, callback); + ldapAuthCommon(manager, client, user, bindDN, password, callback); } -module.exports = ldapAuth; +/** + * LDAP auth using initial DN search (see config comment for ldap.searchDN) + */ +function advancedLdapAuth(manager, client, user, password, callback) { + if (!user) { + return callback(false); + } + + const config = Helper.config; + const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1"); + + const ldapclient = ldap.createClient({ + url: config.ldap.url, + tlsOptions: config.ldap.tlsOptions + }); + + const base = config.ldap.searchDN.base; + const searchOptions = { + scope: config.ldap.searchDN.scope, + filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.searchDN.filter + ")", + attributes: ["dn"] + }; + + ldapclient.on("error", function(err) { + log.error("Unable to connect to LDAP server", err); + callback(!err); + }); + + ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function(err) { + if (err) { + log.error("Invalid LDAP root credentials"); + ldapclient.unbind(); + callback(false); + } else { + ldapclient.search(base, searchOptions, function(err2, res) { + if (err2) { + log.warning("User not found: ", userDN); + ldapclient.unbind(); + callback(false); + } else { + let found = false; + res.on("searchEntry", function(entry) { + found = true; + const bindDN = entry.objectName; + log.info("Auth against LDAP ", config.ldap.url, " with found bindDN ", bindDN); + ldapclient.unbind(); + + ldapAuthCommon(manager, client, user, bindDN, password, callback); + }); + res.on("error", function(err3) { + log.error("LDAP error: ", err3); + callback(false); + }); + res.on("end", function() { + if (!found) { + callback(false); + } + }); + } + }); + } + }); +} + +function ldapAuth(manager, client, user, password, callback) { + let auth = function() {}; + if ("baseDN" in Helper.config.ldap) { + auth = simpleLdapAuth; + } else { + auth = advancedLdapAuth; + } + return auth(manager, client, user, password, callback); +} + +function isLdapEnabled() { + return !Helper.config.public && Helper.config.ldap.enable; +} + +module.exports = { + auth: ldapAuth, + isEnabled: isLdapEnabled +}; diff --git a/src/plugins/auth/local.js b/src/plugins/auth/local.js index ebb8b137..e8e0ff38 100644 --- a/src/plugins/auth/local.js +++ b/src/plugins/auth/local.js @@ -35,4 +35,10 @@ function localAuth(manager, client, user, password, callback) { }); } -module.exports = localAuth; +module.exports = { + auth: localAuth, + isEnabled: function() { + return true; + } +}; + diff --git a/src/server.js b/src/server.js index baefd7e5..c4e2b4d8 100644 --- a/src/server.js +++ b/src/server.js @@ -12,7 +12,6 @@ var io = require("socket.io"); var dns = require("dns"); var Helper = require("./helper"); var ldapAuth = require("./plugins/auth/ldap"); -var advancedLdapAuth = require("./plugins/auth/advancedLdap"); var localAuth = require("./plugins/auth/local"); var colors = require("colors/safe"); const net = require("net"); @@ -438,14 +437,10 @@ function performAuthentication(data) { // Perform password checking let auth = function() {}; - if (!Helper.config.public && Helper.config.ldap.enable) { - if ("baseDN" in Helper.config.ldap) { - auth = ldapAuth; - } else { - auth = advancedLdapAuth; - } - } else { - auth = localAuth; + if (ldapAuth.isEnabled()) { + auth = ldapAuth.auth; + } else if (localAuth.isEnabled()) { + auth = localAuth.auth; } auth(manager, client, data.user, data.password, authCallback); }