|
|
@@ -48,57 +48,71 @@ class PassportService {
|
|
|
/*
|
|
|
* Asynchronous configuration retrieval
|
|
|
*/
|
|
|
- // setupLdapStrategy() {
|
|
|
- // var getLDAPConfiguration = function(req, callback) {
|
|
|
- // var loginForm = req.body.loginForm;
|
|
|
-
|
|
|
- // if (!req.form.isValid) {
|
|
|
- // // TODO handle error
|
|
|
- // }
|
|
|
-
|
|
|
- // var username = loginForm.username;
|
|
|
- // var password = loginForm.password;
|
|
|
-
|
|
|
- // process.nextTick(() => {
|
|
|
- // var opts = {
|
|
|
- // usernameField: PassportService.USERNAME_FIELD,
|
|
|
- // passwordField: PassportService.PASSWORD_FIELD,
|
|
|
- // server: {
|
|
|
- // url: 'ldaps://pike.weseek.co.jp',
|
|
|
- // bindDN: `uid=${username}`,
|
|
|
- // bindCredentials: password,
|
|
|
- // searchBase: 'ou=people',
|
|
|
- // searchFilter: '(uid={{username}})'
|
|
|
- // }
|
|
|
- // };
|
|
|
-
|
|
|
- // callback(null, opts);
|
|
|
- // });
|
|
|
- // };
|
|
|
-
|
|
|
- // passport.use(new LdapStrategy(getLDAPConfiguration,
|
|
|
- // (user, done) => {
|
|
|
- // debug("LDAP authentication has successed");
|
|
|
- // return done(null, user);
|
|
|
- // }
|
|
|
- // ));
|
|
|
- // }
|
|
|
-
|
|
|
setupLdapStrategy() {
|
|
|
- passport.use(new LdapStrategy(
|
|
|
- {
|
|
|
- usernameField: PassportService.USERNAME_FIELD,
|
|
|
- passwordField: PassportService.PASSWORD_FIELD,
|
|
|
- server: {
|
|
|
- url: 'ldaps://localhost',
|
|
|
- bindDN: `cn=...,dc=weseek,dc=co,dc=jp`,
|
|
|
- bindCredentials: 'secret',
|
|
|
- searchBase: 'ou=...,dc=weseek,dc=co,dc=jp',
|
|
|
- searchFilter: '(uid={{username}})'
|
|
|
- },
|
|
|
- },
|
|
|
+ debug('setup LdapStrategy');
|
|
|
+
|
|
|
+ const config = this.crowi.config;
|
|
|
+
|
|
|
+ // get configurations
|
|
|
+ const isUserBind = config.crowi['security:passport-ldap:isUserBind'];
|
|
|
+ const serverUrl = config.crowi['security:passport-ldap:serverUrl'];
|
|
|
+ let bindDN = config.crowi['security:passport-ldap:bindDN'];
|
|
|
+ let bindCredentials = config.crowi['security:passport-ldap:bindDNPassword'];
|
|
|
+ const searchFilter = config.crowi['security:passport-ldap:searchFilter'] || '(uid={{username}})';
|
|
|
+
|
|
|
+ // parse serverUrl
|
|
|
+ // see: https://regex101.com/r/0tuYBB/1
|
|
|
+ const match = serverUrl.match(/(ldaps?:\/\/[^\/]+)\/(.*)?/);
|
|
|
+ if (match == null || match.length < 1) {
|
|
|
+ debug('serverUrl is invalid');
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ const url = match[1];
|
|
|
+ const searchBase = match[2] || '';
|
|
|
+
|
|
|
+ debug(`LDAP url: ${url}`);
|
|
|
+ debug(`LDAP searchBase: ${searchBase}`);
|
|
|
+ debug(`LDAP isUserBind: ${isUserBind}`);
|
|
|
+ debug(`LDAP bindDN: ${bindDN}`);
|
|
|
+ debug(`LDAP bindCredentials: ${bindCredentials}`);
|
|
|
+ debug(`LDAP searchFilter: ${searchFilter}`);
|
|
|
+
|
|
|
+ // Asynchronous configuration retrieval
|
|
|
+ var getLDAPConfiguration = (req, callback) => {
|
|
|
+ // get credentials from form data
|
|
|
+ const loginForm = req.body.loginForm;
|
|
|
+ if (!req.form.isValid) {
|
|
|
+ return callback({ message: 'Incorrect credentials.' });
|
|
|
+ }
|
|
|
+ const username = loginForm.username;
|
|
|
+ const password = loginForm.password;
|
|
|
+
|
|
|
+ // user bind
|
|
|
+ if (isUserBind) {
|
|
|
+ bindDN = bindDN.replace(/{{username}}/, username);
|
|
|
+ bindCredentials = password;
|
|
|
+ }
|
|
|
+
|
|
|
+ process.nextTick(() => {
|
|
|
+ const opts = {
|
|
|
+ usernameField: PassportService.USERNAME_FIELD,
|
|
|
+ passwordField: PassportService.PASSWORD_FIELD,
|
|
|
+ server: {
|
|
|
+ url,
|
|
|
+ bindDN,
|
|
|
+ bindCredentials,
|
|
|
+ searchBase,
|
|
|
+ searchFilter,
|
|
|
+ }
|
|
|
+ };
|
|
|
+ debug('ldap configuration: ', opts);
|
|
|
+ callback(null, opts);
|
|
|
+ });
|
|
|
+ };
|
|
|
+
|
|
|
+ passport.use(new LdapStrategy(getLDAPConfiguration,
|
|
|
(user, done) => {
|
|
|
- debug("LDAP authentication has succeeded");
|
|
|
+ debug("LDAP authentication has successed");
|
|
|
return done(null, user);
|
|
|
}
|
|
|
));
|
|
|
@@ -123,6 +137,7 @@ class PassportService {
|
|
|
});
|
|
|
});
|
|
|
}
|
|
|
+
|
|
|
}
|
|
|
|
|
|
module.exports = PassportService;
|
Yuki Takei