mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-29 06:24:21 -05:00
fix: ldap auth config
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
98db69448c
commit
6181e586bf
3 changed files with 53 additions and 31 deletions
|
@ -4,6 +4,7 @@
|
||||||
* SPDX-License-Identifier: AGPL-3.0-only
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
*/
|
*/
|
||||||
import { registerAs } from '@nestjs/config';
|
import { registerAs } from '@nestjs/config';
|
||||||
|
import * as fs from 'fs';
|
||||||
import * as Joi from 'joi';
|
import * as Joi from 'joi';
|
||||||
|
|
||||||
import { GitlabScope, GitlabVersion } from './gitlab.enum';
|
import { GitlabScope, GitlabVersion } from './gitlab.enum';
|
||||||
|
@ -14,6 +15,21 @@ import {
|
||||||
toArrayConfig,
|
toArrayConfig,
|
||||||
} from './utils';
|
} from './utils';
|
||||||
|
|
||||||
|
export interface LDAPConfig {
|
||||||
|
identifier: string;
|
||||||
|
providerName: string;
|
||||||
|
url: string;
|
||||||
|
bindDn?: string;
|
||||||
|
bindCredentials?: string;
|
||||||
|
searchBase: string;
|
||||||
|
searchFilter: string;
|
||||||
|
searchAttributes: string[];
|
||||||
|
userIdField: string;
|
||||||
|
displayNameField: string;
|
||||||
|
profilePictureField: string;
|
||||||
|
tlsCaCerts?: string[];
|
||||||
|
}
|
||||||
|
|
||||||
export interface AuthConfig {
|
export interface AuthConfig {
|
||||||
session: {
|
session: {
|
||||||
secret: string;
|
secret: string;
|
||||||
|
@ -55,19 +71,7 @@ export interface AuthConfig {
|
||||||
version: GitlabVersion;
|
version: GitlabVersion;
|
||||||
}[];
|
}[];
|
||||||
// ToDo: tlsOptions exist in config.json.example. See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback
|
// ToDo: tlsOptions exist in config.json.example. See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback
|
||||||
ldap: {
|
ldap: LDAPConfig[];
|
||||||
identifier: string;
|
|
||||||
providerName: string;
|
|
||||||
url: string;
|
|
||||||
bindDn: string;
|
|
||||||
bindCredentials: string;
|
|
||||||
searchBase: string;
|
|
||||||
searchFilter: string;
|
|
||||||
searchAttributes: string[];
|
|
||||||
usernameField: string;
|
|
||||||
useridField: string;
|
|
||||||
tlsCa?: string[];
|
|
||||||
}[];
|
|
||||||
saml: {
|
saml: {
|
||||||
identifier: string;
|
identifier: string;
|
||||||
providerName: string;
|
providerName: string;
|
||||||
|
@ -181,13 +185,11 @@ const authSchema = Joi.object({
|
||||||
bindCredentials: Joi.string().optional(),
|
bindCredentials: Joi.string().optional(),
|
||||||
searchBase: Joi.string(),
|
searchBase: Joi.string(),
|
||||||
searchFilter: Joi.string().default('(uid={{username}})').optional(),
|
searchFilter: Joi.string().default('(uid={{username}})').optional(),
|
||||||
searchAttributes: Joi.array()
|
searchAttributes: Joi.array().items(Joi.string()).optional(),
|
||||||
.items(Joi.string())
|
userIdField: Joi.string().default('uid').optional(),
|
||||||
.default(['displayName', 'mail'])
|
displayNameField: Joi.string().default('displayName').optional(),
|
||||||
.optional(),
|
profilePictureField: Joi.string().default('jpegPhoto').optional(),
|
||||||
usernameField: Joi.string().optional(),
|
tlsCaCerts: Joi.array().items(Joi.string()).optional(),
|
||||||
useridField: Joi.string(),
|
|
||||||
tlsCa: Joi.array().items(Joi.string()).optional(),
|
|
||||||
}).optional(),
|
}).optional(),
|
||||||
)
|
)
|
||||||
.optional(),
|
.optional(),
|
||||||
|
@ -267,6 +269,18 @@ export default registerAs('authConfig', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
const ldaps = ldapNames.map((ldapName) => {
|
const ldaps = ldapNames.map((ldapName) => {
|
||||||
|
const caFiles = toArrayConfig(
|
||||||
|
process.env[`HD_AUTH_LDAP_${ldapName}_TLS_CERT_PATHS`],
|
||||||
|
',',
|
||||||
|
);
|
||||||
|
let tlsCaCerts = undefined;
|
||||||
|
if (caFiles) {
|
||||||
|
tlsCaCerts = caFiles.map((fileName) => {
|
||||||
|
if (fs.existsSync(fileName)) {
|
||||||
|
return fs.readFileSync(fileName, 'utf8');
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
return {
|
return {
|
||||||
identifier: ldapName,
|
identifier: ldapName,
|
||||||
providerName: process.env[`HD_AUTH_LDAP_${ldapName}_PROVIDER_NAME`],
|
providerName: process.env[`HD_AUTH_LDAP_${ldapName}_PROVIDER_NAME`],
|
||||||
|
@ -279,9 +293,12 @@ export default registerAs('authConfig', () => {
|
||||||
process.env[`HD_AUTH_LDAP_${ldapName}_SEARCH_ATTRIBUTES`],
|
process.env[`HD_AUTH_LDAP_${ldapName}_SEARCH_ATTRIBUTES`],
|
||||||
',',
|
',',
|
||||||
),
|
),
|
||||||
usernameField: process.env[`HD_AUTH_LDAP_${ldapName}_USERNAME_FIELD`],
|
userIdField: process.env[`HD_AUTH_LDAP_${ldapName}_USER_ID_FIELD`],
|
||||||
useridField: process.env[`HD_AUTH_LDAP_${ldapName}_USERID_FIELD`],
|
displayNameField:
|
||||||
tlsCa: toArrayConfig(process.env[`HD_AUTH_LDAP_${ldapName}_TLS_CA`], ','),
|
process.env[`HD_AUTH_LDAP_${ldapName}_DISPLAY_NAME_FIELD`],
|
||||||
|
profilePictureField:
|
||||||
|
process.env[`HD_AUTH_LDAP_${ldapName}_PROFILE_PICTURE_FIELD`],
|
||||||
|
tlsCaCerts: tlsCaCerts,
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -309,7 +326,7 @@ export default registerAs('authConfig', () => {
|
||||||
attribute: {
|
attribute: {
|
||||||
id: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_ID`],
|
id: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_ID`],
|
||||||
username: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_USERNAME`],
|
username: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_USERNAME`],
|
||||||
local: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_USERNAME`],
|
local: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_LOCAL`],
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
|
@ -54,9 +54,13 @@ export function replaceAuthErrorsWithEnvironmentVariables(
|
||||||
newMessage = newMessage.replace('.searchBase', '_SEARCH_BASE');
|
newMessage = newMessage.replace('.searchBase', '_SEARCH_BASE');
|
||||||
newMessage = newMessage.replace('.searchFilter', '_SEARCH_FILTER');
|
newMessage = newMessage.replace('.searchFilter', '_SEARCH_FILTER');
|
||||||
newMessage = newMessage.replace('.searchAttributes', '_SEARCH_ATTRIBUTES');
|
newMessage = newMessage.replace('.searchAttributes', '_SEARCH_ATTRIBUTES');
|
||||||
newMessage = newMessage.replace('.usernameField', '_USERNAME_FIELD');
|
newMessage = newMessage.replace('.userIdField', '_USER_ID_FIELD');
|
||||||
newMessage = newMessage.replace('.useridField', '_USERID_FIELD');
|
newMessage = newMessage.replace('.displayNameField', '_DISPLAY_NAME_FIELD');
|
||||||
newMessage = newMessage.replace('.tlsCa', '_TLS_CA');
|
newMessage = newMessage.replace(
|
||||||
|
'.profilePictureField',
|
||||||
|
'_PROFILE_PICTURE_FIELD',
|
||||||
|
);
|
||||||
|
newMessage = newMessage.replace('.tlsCaCerts', '_TLS_CERT_PATHS');
|
||||||
newMessage = newMessage.replace('.idpSsoUrl', '_IDP_SSO_URL');
|
newMessage = newMessage.replace('.idpSsoUrl', '_IDP_SSO_URL');
|
||||||
newMessage = newMessage.replace('.idpCert', '_IDP_CERT');
|
newMessage = newMessage.replace('.idpCert', '_IDP_CERT');
|
||||||
newMessage = newMessage.replace('.clientCert', '_CLIENT_CERT');
|
newMessage = newMessage.replace('.clientCert', '_CLIENT_CERT');
|
||||||
|
@ -74,7 +78,7 @@ export function replaceAuthErrorsWithEnvironmentVariables(
|
||||||
'.attribute.username',
|
'.attribute.username',
|
||||||
'_ATTRIBUTE_USERNAME',
|
'_ATTRIBUTE_USERNAME',
|
||||||
);
|
);
|
||||||
newMessage = newMessage.replace('.attribute.email', '_ATTRIBUTE_USERNAME');
|
newMessage = newMessage.replace('.attribute.local', '_ATTRIBUTE_LOCAL');
|
||||||
newMessage = newMessage.replace('.userProfileURL', '_USER_PROFILE_URL');
|
newMessage = newMessage.replace('.userProfileURL', '_USER_PROFILE_URL');
|
||||||
newMessage = newMessage.replace(
|
newMessage = newMessage.replace(
|
||||||
'.userProfileIdAttr',
|
'.userProfileIdAttr',
|
||||||
|
|
|
@ -104,9 +104,10 @@ describe('FrontendConfigService', () => {
|
||||||
searchBase: 'ldapTestSearchBase',
|
searchBase: 'ldapTestSearchBase',
|
||||||
searchFilter: 'ldapTestSearchFilter',
|
searchFilter: 'ldapTestSearchFilter',
|
||||||
searchAttributes: ['ldapTestSearchAttribute'],
|
searchAttributes: ['ldapTestSearchAttribute'],
|
||||||
usernameField: 'ldapTestUsername',
|
userIdField: 'ldapTestUserId',
|
||||||
useridField: 'ldapTestUserId',
|
displayNameField: 'ldapTestDisplayName',
|
||||||
tlsCa: ['ldapTestTlsCa'],
|
profilePictureField: 'ldapTestProfilePicture',
|
||||||
|
tlsCaCerts: ['ldapTestTlsCa'],
|
||||||
},
|
},
|
||||||
];
|
];
|
||||||
const saml: AuthConfig['saml'] = [
|
const saml: AuthConfig['saml'] = [
|
||||||
|
|
Loading…
Reference in a new issue