feat: ldap module + deps upgrade

26c7d49a · Nick · db14239e · 26c7d49a · 26c7d49a · 26c7d49a
Commit 26c7d49a authored Apr 26, 2019 by Nick
9 changed files
--- a/client/components/admin/admin-general.vue
+++ b/client/components/admin/admin-general.vue
@@ -168,6 +168,7 @@ export default {
    return {
      analyticsServices: [
        { text: 'None', value: '' },
+        { text: 'Elasticsearch APM', value: 'elk' },
        { text: 'Google Analytics', value: 'ga' },
        { text: 'Google Tag Manager', value: 'gtm' }
      ],

--- a/client/components/login.vue
+++ b/client/components/login.vue
@@ -15,7 +15,7 @@
                v-toolbar(color='primary', flat, dense, dark)
                  v-spacer
                  .subheading(v-if='screen === "tfa"') {{ $t('auth:tfa.subtitle') }}
-                  .subheading(v-else-if='selectedStrategy.key !== "local"') {{ $t('auth:loginUsingStrategy', { strategy: selectedStrategy.title }) }}
+                  .subheading(v-else-if='selectedStrategy.key !== "local"') {{ $t('auth:loginUsingStrategy', { strategy: selectedStrategy.title, interpolation: { escapeValue: false } }) }}
                  .subheading(v-else) {{ $t('auth:loginRequired') }}
                  v-spacer
                v-card-text.text-xs-center

--- a/package.json
+++ b/package.json
--- a/server/controllers/auth.js
+++ b/server/controllers/auth.js
@@ -17,7 +17,6 @@ router.get('/login/:strategy', async (req, res, next) => {
    const authResult = await WIKI.models.users.login({
      strategy: req.params.strategy
    }, { req, res })
-    console.info(authResult)
  } catch (err) {
    next(err)
  }

--- a/server/helpers/page.js
+++ b/server/helpers/page.js
@@ -5,6 +5,8 @@ const crypto = require('crypto')
 const localeSegmentRegex = /^[A-Z]{2}(-[A-Z]{2})?$/gi
 const systemSegmentRegex = /^[A-Z]\//gi

+/* global WIKI */
+
 module.exports = {
  /**
   * Parse raw url path and make it safe
@@ -63,7 +65,10 @@ module.exports = {
  /**
   * Check if path is a reserved path
   */
-  isReservedPath(rawPath)  {
-    return _.some(WIKI.data.reservedPaths, p => _.startsWith(rawPath, p)) || systemSegmentRegex.test(rawPath)
+  isReservedPath(rawPath) {
+    const firstSection = _.head(rawPath.split('/'))
+    return _.some(WIKI.data.reservedPaths, p => {
+      return p === firstSection || systemSegmentRegex.test(rawPath)
+    })
  }
 }
--- a/server/modules/authentication/ldap/authentication.js
+++ b/server/modules/authentication/ldap/authentication.js
@@ -6,10 +6,11 @@

 const LdapStrategy = require('passport-ldapauth').Strategy
 const fs = require('fs')
+const _ = require('lodash')

 module.exports = {
  init (passport, conf) {
-    passport.use('ldapauth',
+    passport.use('ldap',
      new LdapStrategy({
        server: {
          url: conf.url,
@@ -17,7 +18,6 @@ module.exports = {
          bindCredentials: conf.bindCredentials,
          searchBase: conf.searchBase,
          searchFilter: conf.searchFilter,
-          searchAttributes: ['displayName', 'name', 'cn', 'mail'],
          tlsOptions: (conf.tlsEnabled) ? {
            ca: [
              fs.readFileSync(conf.tlsCertPath)
@@ -25,15 +25,28 @@ module.exports = {
          } : {}
        },
        usernameField: 'email',
+        passwordField: 'password',
        passReqToCallback: false
-      }, (profile, cb) => {
-        profile.provider = 'ldap'
-        profile.id = profile.dn
-        WIKI.models.users.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
+      }, async (profile, cb) => {
+        try {
+          const userId = _.get(profile, conf.mappingUID, null)
+          if (!userId) {
+            throw new Error('Invalid Unique ID field mapping!')
+          }
+
+          const user = await WIKI.models.users.processProfile({
+            profile: {
+              id: userId,
+              email: _.get(profile, conf.mappingEmail, ''),
+              displayName: _.get(profile, conf.mappingDisplayName, '???'),
+              picture: _.get(profile, conf.mappingPicture, '')
+            },
+            providerKey: 'ldap'
+          })
+          cb(null, user)
+        } catch (err) {
+          cb(err, null)
+        }
      }
      ))
  }

--- a/server/modules/authentication/ldap/definition.yml
+++ b/server/modules/authentication/ldap/definition.yml
@@ -5,33 +5,69 @@ author: requarks.io
 logo: https://static.requarks.io/logo/active-directory.svg
 color: blue darken-3
 website: https://www.microsoft.com/windowsserver
+isAvailable: true
 useForm: true
 props:
  url:
-    title: URL
+    title: LDAP URL
    type: String
    default: 'ldap://serverhost:389'
-    hint: (e.g. ldap://serverhost:389)
+    hint: (e.g. ldap://serverhost:389 or ldaps://serverhost:636)
+    order: 1
  bindDn:
-    title: Bind DN
+    title: Admin Bind DN
    type: String
    default: cn='root'
    hint: The dstinguished name (dn) of the account used for binding.
+    order: 2
  bindCredentials:
+    title: Admin Bind Credentials
    type: String
-    hint: The password of the account used for binding.
+    hint: The password of the account used above for binding.
+    order: 3
  searchBase:
+    title: Search Base
    type: String
    default: 'o=users,o=example.com'
+    hint: The base DN from which to search for users.
+    order: 4
  searchFilter:
+    title: Search Filter
    type: String
    default: '(uid={{username}})'
-    hint: The query to use to match username. {{username}} must be present.
+    hint: The query to use to match username. {{username}} must be present and will be interpolated with the user provided username when performing the LDAP search.
+    order: 5
  tlsEnabled:
    title: Use TLS
    type: Boolean
    default: false
+    order: 6
  tlsCertPath:
    title: TLS Certificate Path
    type: String
    hint: Absolute path to the TLS certificate on the server.
+    order: 7
+  mappingUID:
+    title: Unique ID Field Mapping
+    type: String
+    default: 'uid'
+    hint: The field storing the user unique identifier. Usually "uid" or "sAMAccountName".
+    order: 8
+  mappingEmail:
+    title: Email Field Mapping
+    type: String
+    default: 'mail'
+    hint: The field storing the user email. Usually "mail".
+    order: 9
+  mappingDisplayName:
+    title: Display Name Field Mapping
+    type: String
+    default: 'displayName'
+    hint: The field storing the user display name. Usually "displayName" or "cn".
+    order: 10
+  mappingPicture:
+    title: Avatar Picture Field Mapping
+    type: String
+    default: 'jpegPhoto'
+    hint: The field storing the user avatar picture. Usually "jpegPhoto" or "thumbnailPhoto".
+    order: 11
--- a/server/modules/authentication/microsoft/authentication.js
+++ b/server/modules/authentication/microsoft/authentication.js
@@ -4,7 +4,8 @@
 // Microsoft Account
 // ------------------------------------

-const WindowsLiveStrategy = require('passport-windowslive').Strategy
+const WindowsLiveStrategy = require('passport-microsoft').Strategy
+const _ = require('lodash')

 module.exports = {
  init (passport, conf) {
@@ -12,7 +13,8 @@ module.exports = {
      new WindowsLiveStrategy({
        clientID: conf.clientId,
        clientSecret: conf.clientSecret,
-        callbackURL: conf.callbackURL
+        callbackURL: conf.callbackURL,
+        scope: ['User.Read', 'email', 'openid', 'profile']
      }, async (accessToken, refreshToken, profile, cb) => {
        console.info(profile)
        try {

--- a/yarn.lock
+++ b/yarn.lock