|
@@ -80,7 +80,7 @@ module.exports = function(crowi, app) {
|
|
|
|
|
|
|
|
const providerId = 'ldap';
|
|
const providerId = 'ldap';
|
|
|
const strategyName = 'ldapauth';
|
|
const strategyName = 'ldapauth';
|
|
|
- const ldapAccountInfo = await promisifiedPassportAuthentication(req, res, next, providerId, strategyName);
|
|
|
|
|
|
|
+ const ldapAccountInfo = await promisifiedPassportAuthentication(req, res, next, strategyName);
|
|
|
|
|
|
|
|
/*
|
|
/*
|
|
|
* authentication success
|
|
* authentication success
|
|
@@ -210,7 +210,7 @@ module.exports = function(crowi, app) {
|
|
|
const loginPassportGoogleCallback = async(req, res, next) => {
|
|
const loginPassportGoogleCallback = async(req, res, next) => {
|
|
|
const providerId = 'google';
|
|
const providerId = 'google';
|
|
|
const strategyName = 'google';
|
|
const strategyName = 'google';
|
|
|
- const response = await promisifiedPassportAuthentication(req, res, next, providerId, strategyName);
|
|
|
|
|
|
|
+ const response = await promisifiedPassportAuthentication(req, res, next, strategyName);
|
|
|
const userInfo = {
|
|
const userInfo = {
|
|
|
'id': response.id,
|
|
'id': response.id,
|
|
|
'username': response.displayName,
|
|
'username': response.displayName,
|
|
@@ -226,37 +226,30 @@ module.exports = function(crowi, app) {
|
|
|
});
|
|
});
|
|
|
};
|
|
};
|
|
|
|
|
|
|
|
- const promisifiedPassportAuthentication = (req, res, next, providerId, strategyName) => {
|
|
|
|
|
|
|
+ const promisifiedPassportAuthentication = (req, res, next, strategyName) => {
|
|
|
return new Promise((resolve, reject) => {
|
|
return new Promise((resolve, reject) => {
|
|
|
passport.authenticate(strategyName, (err, response, info) => {
|
|
passport.authenticate(strategyName, (err, response, info) => {
|
|
|
- if (err) {
|
|
|
|
|
- if (providerId === 'ldap'){
|
|
|
|
|
- if (res.headersSent) { // dirty hack -- 2017.09.25
|
|
|
|
|
- return; // cz: somehow passport.authenticate called twice when ECONNREFUSED error occurred
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- debug('--- authenticate with LdapStrategy ---');
|
|
|
|
|
- debug('ldapAccountInfo', ldapAccountInfo);
|
|
|
|
|
- debug('info', info);
|
|
|
|
|
|
|
+ if (res.headersSent) { // dirty hack -- 2017.09.25
|
|
|
|
|
+ return; // cz: somehow passport.authenticate called twice when ECONNREFUSED error occurred
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- if (err) { // DB Error
|
|
|
|
|
- logger.error('LDAP Server Error: ', err);
|
|
|
|
|
- req.flash('warningMessage', 'LDAP Server Error occured.');
|
|
|
|
|
- return next(); // pass and the flash message is displayed when all of authentications are failed.
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ if (err) {
|
|
|
|
|
+ logger.error(`'${strategyName}' passport authentication error: `, err);
|
|
|
|
|
+ req.flash('warningMessage', `Error occured in '${strategyName}' passport authentication`);
|
|
|
|
|
+ return next(); // pass and the flash message is displayed when all of authentications are failed.
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- // authentication failure
|
|
|
|
|
- if (!ldapAccountInfo) { return next() }
|
|
|
|
|
- // check groups
|
|
|
|
|
- if (!isValidLdapUserByGroupFilter(ldapAccountInfo)) {
|
|
|
|
|
- return loginFailure(req, res, next);
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- reject(err);
|
|
|
|
|
|
|
+ // authentication failure
|
|
|
|
|
+ if (!response) {
|
|
|
|
|
+ return next();
|
|
|
}
|
|
}
|
|
|
- if (response) {
|
|
|
|
|
- resolve(response)
|
|
|
|
|
|
|
+
|
|
|
|
|
+ // check groups for LDAP user
|
|
|
|
|
+ if (!isValidLdapUserByGroupFilter(response)) {
|
|
|
|
|
+ return loginFailure(req, res, next);
|
|
|
}
|
|
}
|
|
|
|
|
+
|
|
|
|
|
+ resolve(response)
|
|
|
})(req, res, next);
|
|
})(req, res, next);
|
|
|
});
|
|
});
|
|
|
};
|
|
};
|
sou