github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 11:16:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

fix: ldap auth config

Browse source 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2022-03-30 23:55:09 +02:00
parent 98db69448c
commit 6181e586bf
3 changed files with 53 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
src/config/auth.config.ts
View file

@ -4,6 +4,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
import { registerAs } from '@nestjs/config'; import { registerAs } from '@nestjs/config';
import * as fs from 'fs';
import * as Joi from 'joi'; import * as Joi from 'joi';
import { GitlabScope, GitlabVersion } from './gitlab.enum'; import { GitlabScope, GitlabVersion } from './gitlab.enum';
@ -14,6 +15,21 @@ import {
toArrayConfig, toArrayConfig,
} from './utils'; } from './utils';
export interface LDAPConfig {
identifier: string;
providerName: string;
url: string;
bindDn?: string;
bindCredentials?: string;
searchBase: string;
searchFilter: string;
searchAttributes: string[];
userIdField: string;
displayNameField: string;
profilePictureField: string;
tlsCaCerts?: string[];
}
export interface AuthConfig { export interface AuthConfig {
session: { session: {
secret: string; secret: string;
@ -55,19 +71,7 @@ export interface AuthConfig {
version: GitlabVersion; version: GitlabVersion;
}[]; }[];
// ToDo: tlsOptions exist in config.json.example. See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback // ToDo: tlsOptions exist in config.json.example. See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback
ldap: { ldap: LDAPConfig[];
identifier: string;
providerName: string;
url: string;
bindDn: string;
bindCredentials: string;
searchBase: string;
searchFilter: string;
searchAttributes: string[];
usernameField: string;
useridField: string;
tlsCa?: string[];
}[];
saml: { saml: {
identifier: string; identifier: string;
providerName: string; providerName: string;
@ -181,13 +185,11 @@ const authSchema = Joi.object({
bindCredentials: Joi.string().optional(), bindCredentials: Joi.string().optional(),
searchBase: Joi.string(), searchBase: Joi.string(),
searchFilter: Joi.string().default('(uid={{username}})').optional(), searchFilter: Joi.string().default('(uid={{username}})').optional(),
searchAttributes: Joi.array() searchAttributes: Joi.array().items(Joi.string()).optional(),
.items(Joi.string()) userIdField: Joi.string().default('uid').optional(),
.default(['displayName', 'mail']) displayNameField: Joi.string().default('displayName').optional(),
.optional(), profilePictureField: Joi.string().default('jpegPhoto').optional(),
usernameField: Joi.string().optional(), tlsCaCerts: Joi.array().items(Joi.string()).optional(),
useridField: Joi.string(),
tlsCa: Joi.array().items(Joi.string()).optional(),
}).optional(), }).optional(),
) )
.optional(), .optional(),
@ -267,6 +269,18 @@ export default registerAs('authConfig', () => {
}); });
const ldaps = ldapNames.map((ldapName) => { const ldaps = ldapNames.map((ldapName) => {
const caFiles = toArrayConfig(
process.env[`HD_AUTH_LDAP_${ldapName}_TLS_CERT_PATHS`],
',',
);
let tlsCaCerts = undefined;
if (caFiles) {
tlsCaCerts = caFiles.map((fileName) => {
if (fs.existsSync(fileName)) {
return fs.readFileSync(fileName, 'utf8');
}
});
}
return { return {
identifier: ldapName, identifier: ldapName,
providerName: process.env[`HD_AUTH_LDAP_${ldapName}_PROVIDER_NAME`], providerName: process.env[`HD_AUTH_LDAP_${ldapName}_PROVIDER_NAME`],
@ -279,9 +293,12 @@ export default registerAs('authConfig', () => {
process.env[`HD_AUTH_LDAP_${ldapName}_SEARCH_ATTRIBUTES`], process.env[`HD_AUTH_LDAP_${ldapName}_SEARCH_ATTRIBUTES`],
',', ',',
), ),
usernameField: process.env[`HD_AUTH_LDAP_${ldapName}_USERNAME_FIELD`], userIdField: process.env[`HD_AUTH_LDAP_${ldapName}_USER_ID_FIELD`],
useridField: process.env[`HD_AUTH_LDAP_${ldapName}_USERID_FIELD`], displayNameField:
tlsCa: toArrayConfig(process.env[`HD_AUTH_LDAP_${ldapName}_TLS_CA`], ','), process.env[`HD_AUTH_LDAP_${ldapName}_DISPLAY_NAME_FIELD`],
profilePictureField:
process.env[`HD_AUTH_LDAP_${ldapName}_PROFILE_PICTURE_FIELD`],
tlsCaCerts: tlsCaCerts,
}; };
}); });
@ -309,7 +326,7 @@ export default registerAs('authConfig', () => {
attribute: { attribute: {
id: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_ID`], id: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_ID`],
username: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_USERNAME`], username: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_USERNAME`],
local: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_USERNAME`], local: process.env[`HD_AUTH_SAML_${samlName}_ATTRIBUTE_LOCAL`],
}, },
}; };
}); });

12
src/config/utils.ts
View file

@ -54,9 +54,13 @@ export function replaceAuthErrorsWithEnvironmentVariables(
newMessage = newMessage.replace('.searchBase', '_SEARCH_BASE'); newMessage = newMessage.replace('.searchBase', '_SEARCH_BASE');
newMessage = newMessage.replace('.searchFilter', '_SEARCH_FILTER'); newMessage = newMessage.replace('.searchFilter', '_SEARCH_FILTER');
newMessage = newMessage.replace('.searchAttributes', '_SEARCH_ATTRIBUTES'); newMessage = newMessage.replace('.searchAttributes', '_SEARCH_ATTRIBUTES');
newMessage = newMessage.replace('.usernameField', '_USERNAME_FIELD'); newMessage = newMessage.replace('.userIdField', '_USER_ID_FIELD');
newMessage = newMessage.replace('.useridField', '_USERID_FIELD'); newMessage = newMessage.replace('.displayNameField', '_DISPLAY_NAME_FIELD');
newMessage = newMessage.replace('.tlsCa', '_TLS_CA'); newMessage = newMessage.replace(
'.profilePictureField',
'_PROFILE_PICTURE_FIELD',
);
newMessage = newMessage.replace('.tlsCaCerts', '_TLS_CERT_PATHS');
newMessage = newMessage.replace('.idpSsoUrl', '_IDP_SSO_URL'); newMessage = newMessage.replace('.idpSsoUrl', '_IDP_SSO_URL');
newMessage = newMessage.replace('.idpCert', '_IDP_CERT'); newMessage = newMessage.replace('.idpCert', '_IDP_CERT');
newMessage = newMessage.replace('.clientCert', '_CLIENT_CERT'); newMessage = newMessage.replace('.clientCert', '_CLIENT_CERT');
@ -74,7 +78,7 @@ export function replaceAuthErrorsWithEnvironmentVariables(
'.attribute.username', '.attribute.username',
'_ATTRIBUTE_USERNAME', '_ATTRIBUTE_USERNAME',
); );
newMessage = newMessage.replace('.attribute.email', '_ATTRIBUTE_USERNAME'); newMessage = newMessage.replace('.attribute.local', '_ATTRIBUTE_LOCAL');
newMessage = newMessage.replace('.userProfileURL', '_USER_PROFILE_URL'); newMessage = newMessage.replace('.userProfileURL', '_USER_PROFILE_URL');
newMessage = newMessage.replace( newMessage = newMessage.replace(
'.userProfileIdAttr', '.userProfileIdAttr',

7
src/frontend-config/frontend-config.service.spec.ts
View file

@ -104,9 +104,10 @@ describe('FrontendConfigService', () => {
searchBase: 'ldapTestSearchBase', searchBase: 'ldapTestSearchBase',
searchFilter: 'ldapTestSearchFilter', searchFilter: 'ldapTestSearchFilter',
searchAttributes: ['ldapTestSearchAttribute'], searchAttributes: ['ldapTestSearchAttribute'],
usernameField: 'ldapTestUsername', userIdField: 'ldapTestUserId',
useridField: 'ldapTestUserId', displayNameField: 'ldapTestDisplayName',
tlsCa: ['ldapTestTlsCa'], profilePictureField: 'ldapTestProfilePicture',
tlsCaCerts: ['ldapTestTlsCa'],
}, },
]; ];
const saml: AuthConfig['saml'] = [ const saml: AuthConfig['saml'] = [