supernets/hardlounge
supernets/hardlounge
5
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
878ac0d192
hardlounge/src/plugins/auth.js
Jonathan Sambrook 878ac0d192 Filter user loading at startup for "advanced" LDAP 
Users are loaded at startup. Currently when using "advanced" LDAP
authentication this is true even if they no longer have a
valid entry in the LDAP server.

This commit uses the existing LDAP filter (specified in config.js's searchDN
used by the "advanced" LDAP mechanism) to weed out any users that no
longer have the relevant LDAP entry.

Local and "simple" LDAP auth mechanisms continue to use the existing
load all users approach. In the "simple" LDAP case this is because we
only have access to the hashed password, and so can't bind to LDAP.
2020-04-23 15:54:09 +01:00

51 lines
1.4 KiB
JavaScript
Raw Blame History

"use strict";
const log = require("../log");
const colors = require("chalk");
// The order defines priority: the first available plugin is used.
// Always keep 'local' auth plugin at the end of the list; it should always be enabled.
const plugins = [require("./auth/ldap"), require("./auth/local")];
function unimplemented(funcName) {
log.debug(
`Auth module ${colors.bold(
module.exports.moduleName
)} doesn't implement function ${colors.bold(funcName)}`
);
}
// Default API implementations
module.exports = {
moduleName: "<module with no name>",
// Must override: implements authentication mechanism
auth: () => unimplemented("auth"),
// Optional to override: implements filter for loading users at start up
// This allows an auth plugin to check if a user is still acceptable, if the plugin
// can do so without access to the user's unhashed password.
// Returning 'false' triggers fallback to default behaviour of loading all users
loadUsers: () => false,
};
// local auth should always be enabled, but check here to verify
let somethingEnabled = false;
// Override default API stubs with exports from first enabled plugin found
for (const plugin of plugins) {
if (plugin.isEnabled()) {
somethingEnabled = true;
for (const name in plugin) {
module.exports[name] = plugin[name];
}
break;
}
}
if (!somethingEnabled) {
log.error("None of the auth plugins is enabled");
}
Reference in New Issue View Git Blame Copy Permalink