183 lines
3.8 KiB
JavaScript
Raw Normal View History

2020-04-27 10:13:59 +02:00
const LdapAuth = require('ldapauth-fork')
2020-04-30 10:14:51 +02:00
const store = {
weight: 100
}
async function register ({
registerIdAndPassAuth,
registerSetting,
settingsManager,
2020-04-27 10:13:59 +02:00
peertubeHelpers
}) {
2020-04-30 10:14:51 +02:00
registerSetting({
name: 'weight',
label: 'Auth weight',
type: 'input',
private: true,
default: 100
})
2020-04-27 10:13:59 +02:00
registerSetting({
name: 'url',
label: 'URL',
type: 'input',
private: true
})
registerSetting({
name: 'insecure-tls',
label: 'Insecure TLS',
type: 'input-checkbox',
private: true,
default: false
})
registerSetting({
name: 'bind-dn',
label: 'Bind DN',
type: 'input',
private: true
})
registerSetting({
name: 'bind-credentials',
label: 'Bind Password',
type: 'input',
private: true
})
registerSetting({
name: 'search-base',
label: 'Search base',
type: 'input',
private: true
})
registerSetting({
name: 'search-filter',
label: 'Search filter',
type: 'input',
private: true,
default: '(|(mail={{username}})(uid={{username}}))'
})
registerSetting({
name: 'mail-property',
label: 'Mail property',
type: 'input',
private: true,
default: 'mail'
})
registerSetting({
name: 'username-property',
label: 'Username property',
type: 'input',
private: true,
default: 'uid'
})
registerIdAndPassAuth({
authName: 'ldap',
2020-04-30 10:14:51 +02:00
getWeight: () => store.weight,
2020-04-27 10:13:59 +02:00
login: options => login(peertubeHelpers, settingsManager, options)
})
2020-04-30 10:14:51 +02:00
2020-04-30 10:22:59 +02:00
setWeight(await settingsManager.getSetting('weight'))
2020-04-30 10:14:51 +02:00
settingsManager.onSettingsChange(settings => {
2020-04-30 10:22:59 +02:00
if (settings && settings.weight) setWeight(settings.weight)
2020-04-30 10:14:51 +02:00
})
2020-04-27 10:13:59 +02:00
}
async function unregister () {
return
}
module.exports = {
register,
unregister
}
// ############################################################################
2020-04-30 10:22:59 +02:00
function setWeight (weight) {
store.weight = parseInt(weight + '', 10)
}
2020-04-27 10:13:59 +02:00
async function login (peertubeHelpers, settingsManager, options) {
const logger = peertubeHelpers.logger
const settings = await settingsManager.getSettings([
'url',
'insecure-tls',
'bind-dn',
'bind-credentials',
'search-base',
'search-filter',
'mail-property',
'username-property',
])
if (!settings['url']) {
logger.info('Do not login user %s because admin did not configure LDAP.', options.id)
return null
}
const ldapClient = new LdapAuth({
url: settings['url'],
bindDN: settings['bind-dn'],
bindCredentials: settings['bind-credentials'],
searchBase: settings['search-base'],
searchFilter: settings['search-filter'],
reconnect: true,
tlsOptions: {
rejectUnauthorized: settings['insecure-tls'] !== true
}
})
return new Promise(res => {
function onError (err) {
logger.warn('Cannot login %s in LDAP plugin.', options.id, { err })
return res(null)
}
ldapClient.on('error', onError)
ldapClient.authenticate(options.id, options.password, function (err, user) {
ldapClient.close(function () {
// We don't care about the closing
})
if (err) return onError(err)
if (!user) {
logger.warn('Cannot find user %s in LDAP plugin.', options.id)
return res(null)
}
const mailProperty = settings['mail-property']
const usernameProperty = settings['username-property']
if (!user[mailProperty]) {
logger.warn('Cannot find mail property in LDAP plugin.', { mailProperty, user })
return res(null)
}
if (!user[usernameProperty]) {
logger.warn('Cannot find username property in LDAP plugin.', { usernameProperty, user })
return res(null)
}
2020-04-30 15:19:04 +02:00
let username = user[usernameProperty] || ''
username = username.replace(/[^a-z0-9._]/g, '_')
2020-04-27 10:13:59 +02:00
return res({
2020-04-30 15:19:04 +02:00
username,
2020-04-27 10:13:59 +02:00
email: user[mailProperty]
})
})
})
2020-04-30 10:14:51 +02:00
}