wikijs-fork/server/modules/authentication/ldap/authentication.js

/* global WIKI */

// ------------------------------------
// LDAP Account
// ------------------------------------

const LdapStrategy = require('passport-ldapauth').Strategy
const fs = require('fs')
const _ = require('lodash')

module.exports = {
  init (passport, conf) {
    passport.use('ldap',
      new LdapStrategy({
        server: {
          url: conf.url,
          bindDn: conf.bindDn,
          bindCredentials: conf.bindCredentials,
          searchBase: conf.searchBase,
          searchFilter: conf.searchFilter,
          tlsOptions: (conf.tlsEnabled) ? {
            rejectUnauthorized: conf.verifyTLSCertificate,
            ca: [
              fs.readFileSync(conf.tlsCertPath)
            ]
          } : {}
        },
        usernameField: 'email',
        passwordField: 'password',
        passReqToCallback: false
      }, async (req, profile, cb) => {
        try {
          const userId = _.get(profile, conf.mappingUID, null)
          if (!userId) {
            throw new Error('Invalid Unique ID field mapping!')
          }

          const user = await WIKI.models.users.processProfile({
            providerKey: req.params.strategy,
            profile: {
              id: userId,
              email: String(_.get(profile, conf.mappingEmail, '')).split(',')[0],
              displayName: _.get(profile, conf.mappingDisplayName, '???'),
              picture: _.get(profile, conf.mappingPicture, '')
            }
          })
          cb(null, user)
        } catch (err) {
          if (WIKI.config.flags.ldapdebug) {
            WIKI.logger.warn('LDAP LOGIN ERROR (c2): ', err)
          }
          cb(err, null)
        }
      }
      ))
  }
}
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`/* global WIKI */`
feat: modular auth + queue tasks 2017-07-29 21:33:08 +00:00
			`// ------------------------------------`
			`// LDAP Account`
			`// ------------------------------------`

			`const LdapStrategy = require('passport-ldapauth').Strategy`
feat: modular auth + logging changes 2017-07-30 04:04:57 +00:00			`const fs = require('fs')`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`const _ = require('lodash')`
feat: modular auth + queue tasks 2017-07-29 21:33:08 +00:00
feat: self-contained auth modules + login UI + icons 2017-09-11 03:00:03 +00:00			`module.exports = {`
			`init (passport, conf) {`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`passport.use('ldap',`
feat: self-contained auth modules + login UI + icons 2017-09-11 03:00:03 +00:00			`new LdapStrategy({`
			`server: {`
			`url: conf.url,`
			`bindDn: conf.bindDn,`
			`bindCredentials: conf.bindCredentials,`
			`searchBase: conf.searchBase,`
			`searchFilter: conf.searchFilter,`
			`tlsOptions: (conf.tlsEnabled) ? {`
fix: ldap allow disable cert check + icon 2020-04-24 04:29:49 +00:00			`rejectUnauthorized: conf.verifyTLSCertificate,`
feat: self-contained auth modules + login UI + icons 2017-09-11 03:00:03 +00:00			`ca: [`
			`fs.readFileSync(conf.tlsCertPath)`
			`]`
			`} : {}`
			`},`
			`usernameField: 'email',`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`passwordField: 'password',`
feat: self-contained auth modules + login UI + icons 2017-09-11 03:00:03 +00:00			`passReqToCallback: false`
feat: social login providers with dynamic instances 2020-08-30 05:36:17 +00:00			`}, async (req, profile, cb) => {`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`try {`
			`const userId = _.get(profile, conf.mappingUID, null)`
			`if (!userId) {`
			`throw new Error('Invalid Unique ID field mapping!')`
			`}`

			`const user = await WIKI.models.users.processProfile({`
feat: social login providers with dynamic instances 2020-08-30 05:36:17 +00:00			`providerKey: req.params.strategy,`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`profile: {`
			`id: userId,`
fix: use first email address when retrieving multiple from LDAP (#2051) Signed-off-by: Jonas Jöst <jonas@gpplanet.de> 2020-06-16 04:11:38 +00:00			`email: String(_.get(profile, conf.mappingEmail, '')).split(',')[0],`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`displayName: _.get(profile, conf.mappingDisplayName, '???'),`
			`picture: _.get(profile, conf.mappingPicture, '')`
feat: social login providers with dynamic instances 2020-08-30 05:36:17 +00:00			`}`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`})`
			`cb(null, user)`
			`} catch (err) {`
feat: LDAP debug flag 2019-06-05 02:23:32 +00:00			`if (WIKI.config.flags.ldapdebug) {`
			`WIKI.logger.warn('LDAP LOGIN ERROR (c2): ', err)`
			`}`
feat: ldap module + deps upgrade 2019-04-27 03:59:35 +00:00			`cb(err, null)`
			`}`
feat: self-contained auth modules + login UI + icons 2017-09-11 03:00:03 +00:00			`}`
			`))`
			`}`
feat: modular auth + queue tasks 2017-07-29 21:33:08 +00:00			`}`