mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-28 12:11:00 -05:00
Fix crash in LDAP authentication
Since https://github.com/vesse/node-ldapauth-fork/commit /741a648df98d789856b3301d65103b74872fdeea, ldapauth-fork calls `push` on the attributes array. Since we deep-freeze our config object in https://github .com/hedgedoc/hedgedoc/blob/master/lib/config/index.js#L200, this causes a crash. This commit fixes the crash by creating a mutable clone of the LDAP config and passing that to the LDAP strategy. Fixes https://github.com/hedgedoc/hedgedoc/issues/2561 Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
parent
58f321ce29
commit
9ab8bf3cac
2 changed files with 12 additions and 8 deletions
|
@ -8,18 +8,22 @@ const models = require('../../../models')
|
|||
const logger = require('../../../logger')
|
||||
const { urlencodedParser } = require('../../utils')
|
||||
const errors = require('../../../errors')
|
||||
const { cloneDeep } = require('lodash')
|
||||
|
||||
const ldapAuth = module.exports = Router()
|
||||
|
||||
// ldapauth-fork mutates the config object, so we need to make a clone of our deep-frozen config
|
||||
const mutableLdapConfig = cloneDeep(config.ldap)
|
||||
|
||||
passport.use(new LDAPStrategy({
|
||||
server: {
|
||||
url: config.ldap.url || null,
|
||||
bindDN: config.ldap.bindDn || null,
|
||||
bindCredentials: config.ldap.bindCredentials || null,
|
||||
searchBase: config.ldap.searchBase || null,
|
||||
searchFilter: config.ldap.searchFilter || null,
|
||||
searchAttributes: config.ldap.searchAttributes || null,
|
||||
tlsOptions: config.ldap.tlsOptions || null
|
||||
url: mutableLdapConfig.url || null,
|
||||
bindDN: mutableLdapConfig.bindDn || null,
|
||||
bindCredentials: mutableLdapConfig.bindCredentials || null,
|
||||
searchBase: mutableLdapConfig.searchBase || null,
|
||||
searchFilter: mutableLdapConfig.searchFilter || null,
|
||||
searchAttributes: mutableLdapConfig.searchAttributes || null,
|
||||
tlsOptions: mutableLdapConfig.tlsOptions || null
|
||||
}
|
||||
}, function (user, done) {
|
||||
let uuid = user.uidNumber || user.uid || user.sAMAccountName || undefined
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
- Add dark mode toggle in mobile view
|
||||
|
||||
### Bugfixes
|
||||
|
||||
- Fix a crash when using LDAP authentication with custom search attributes (thanks to [@aboettger-tuhh](https://github.com/aboettger-tuhh) for reporting)
|
||||
|
||||
## <i class="fa fa-tag"></i> 1.9.4 <i class="fa fa-calendar-o"></i> 2022-07-10
|
||||
|
||||
|
|
Loading…
Reference in a new issue