diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js index a4bea36ced..3d4aea512a 100644 --- a/server-ce/config/settings.js +++ b/server-ce/config/settings.js @@ -421,246 +421,6 @@ if (parse(process.env.SHARELATEX_IS_SERVER_PRO) === true) { settings.apis.references = { url: 'http://localhost:3040' } } -// LDAP - SERVER PRO ONLY -// ---------- - -if (process.env.SHARELATEX_LDAP_HOST) { - console.error(`\ -# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # -# -# WARNING: The LDAP configuration format has changed in version 0.5.1 -# See https://github.com/sharelatex/sharelatex/wiki/Server-Pro:-LDAP-Config -# -# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #\ -`) -} - -if (process.env.SHARELATEX_LDAP_URL) { - let _ldap_connect_timeout, - _ldap_group_search_attribs, - _ldap_search_attribs, - _ldap_timeout - settings.externalAuth = true - settings.ldap = { - emailAtt: process.env.SHARELATEX_LDAP_EMAIL_ATT, - nameAtt: process.env.SHARELATEX_LDAP_NAME_ATT, - lastNameAtt: process.env.SHARELATEX_LDAP_LAST_NAME_ATT, - updateUserDetailsOnLogin: - process.env.SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN === 'true', - placeholder: process.env.SHARELATEX_LDAP_PLACEHOLDER, - server: { - url: process.env.SHARELATEX_LDAP_URL, - bindDn: process.env.SHARELATEX_LDAP_BIND_DN, - bindCredentials: process.env.SHARELATEX_LDAP_BIND_CREDENTIALS, - bindProperty: process.env.SHARELATEX_LDAP_BIND_PROPERTY, - searchBase: process.env.SHARELATEX_LDAP_SEARCH_BASE, - searchScope: process.env.SHARELATEX_LDAP_SEARCH_SCOPE, - searchFilter: process.env.SHARELATEX_LDAP_SEARCH_FILTER, - searchAttributes: (_ldap_search_attribs = - process.env.SHARELATEX_LDAP_SEARCH_ATTRIBUTES) - ? (() => { - try { - return JSON.parse(_ldap_search_attribs) - } catch (error3) { - e = error3 - return console.error( - 'could not parse SHARELATEX_LDAP_SEARCH_ATTRIBUTES' - ) - } - })() - : undefined, - groupDnProperty: process.env.SHARELATEX_LDAP_GROUP_DN_PROPERTY, - groupSearchBase: process.env.SHARELATEX_LDAP_GROUP_SEARCH_BASE, - groupSearchScope: process.env.SHARELATEX_LDAP_GROUP_SEARCH_SCOPE, - groupSearchFilter: process.env.SHARELATEX_LDAP_GROUP_SEARCH_FILTER, - groupSearchAttributes: (_ldap_group_search_attribs = - process.env.SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES) - ? (() => { - try { - return JSON.parse(_ldap_group_search_attribs) - } catch (error4) { - e = error4 - return console.error( - 'could not parse SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES' - ) - } - })() - : undefined, - cache: process.env.SHARELATEX_LDAP_CACHE === 'true', - timeout: (_ldap_timeout = process.env.SHARELATEX_LDAP_TIMEOUT) - ? (() => { - try { - return parseIntOrFail(_ldap_timeout) - } catch (error5) { - e = error5 - return console.error('Cannot parse SHARELATEX_LDAP_TIMEOUT') - } - })() - : undefined, - connectTimeout: (_ldap_connect_timeout = - process.env.SHARELATEX_LDAP_CONNECT_TIMEOUT) - ? (() => { - try { - return parseIntOrFail(_ldap_connect_timeout) - } catch (error6) { - e = error6 - return console.error( - 'Cannot parse SHARELATEX_LDAP_CONNECT_TIMEOUT' - ) - } - })() - : undefined, - }, - } - - if (process.env.SHARELATEX_LDAP_TLS_OPTS_CA_PATH) { - let ca, ca_paths - try { - ca = JSON.parse(process.env.SHARELATEX_LDAP_TLS_OPTS_CA_PATH) - } catch (error7) { - e = error7 - console.error( - 'could not parse SHARELATEX_LDAP_TLS_OPTS_CA_PATH, invalid JSON' - ) - } - - if (typeof ca === 'string') { - ca_paths = [ca] - } else if ( - typeof ca === 'object' && - (ca != null ? ca.length : undefined) != null - ) { - ca_paths = ca - } else { - console.error('problem parsing SHARELATEX_LDAP_TLS_OPTS_CA_PATH') - } - - settings.ldap.server.tlsOptions = { - rejectUnauthorized: - process.env.SHARELATEX_LDAP_TLS_OPTS_REJECT_UNAUTH === 'true', - ca: ca_paths, // e.g.'/etc/ldap/ca_certs.pem' - } - } -} - -if (process.env.SHARELATEX_SAML_ENTRYPOINT) { - // NOTE: see https://github.com/node-saml/passport-saml/blob/master/README.md for docs of `server` options - let _saml_additionalAuthorizeParams, - _saml_additionalLogoutParams, - _saml_additionalParams, - _saml_expiration, - _saml_skew - settings.externalAuth = true - settings.saml = { - updateUserDetailsOnLogin: - process.env.SHARELATEX_SAML_UPDATE_USER_DETAILS_ON_LOGIN === 'true', - identityServiceName: process.env.SHARELATEX_SAML_IDENTITY_SERVICE_NAME, - emailField: - process.env.SHARELATEX_SAML_EMAIL_FIELD || - process.env.SHARELATEX_SAML_EMAIL_FIELD_NAME, - firstNameField: process.env.SHARELATEX_SAML_FIRST_NAME_FIELD, - lastNameField: process.env.SHARELATEX_SAML_LAST_NAME_FIELD, - server: { - // strings - entryPoint: process.env.SHARELATEX_SAML_ENTRYPOINT, - callbackUrl: process.env.SHARELATEX_SAML_CALLBACK_URL, - issuer: process.env.SHARELATEX_SAML_ISSUER, - decryptionPvk: process.env.SHARELATEX_SAML_DECRYPTION_PVK, - decryptionCert: process.env.SHARELATEX_SAML_DECRYPTION_CERT, - signingCert: process.env.SHARELATEX_SAML_SIGNING_CERT, - signatureAlgorithm: process.env.SHARELATEX_SAML_SIGNATURE_ALGORITHM, - identifierFormat: process.env.SHARELATEX_SAML_IDENTIFIER_FORMAT, - attributeConsumingServiceIndex: - process.env.SHARELATEX_SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX, - authnContext: - process.env.SHARELATEX_SAML_AUTHN_CONTEXT && - process.env.SHARELATEX_SAML_AUTHN_CONTEXT.split(','), - authnRequestBinding: process.env.SHARELATEX_SAML_AUTHN_REQUEST_BINDING, - validateInResponseTo: process.env.SHARELATEX_SAML_VALIDATE_IN_RESPONSE_TO, - cacheProvider: process.env.SHARELATEX_SAML_CACHE_PROVIDER, - logoutUrl: process.env.SHARELATEX_SAML_LOGOUT_URL, - logoutCallbackUrl: process.env.SHARELATEX_SAML_LOGOUT_CALLBACK_URL, - disableRequestedAuthnContext: - process.env.SHARELATEX_SAML_DISABLE_REQUESTED_AUTHN_CONTEXT === 'true', - forceAuthn: process.env.SHARELATEX_SAML_FORCE_AUTHN === 'true', - skipRequestCompression: - process.env.SHARELATEX_SAML_SKIP_REQUEST_COMPRESSION === 'true', - acceptedClockSkewMs: (_saml_skew = - process.env.SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS) - ? (() => { - try { - return parseIntOrFail(_saml_skew) - } catch (error8) { - e = error8 - return console.error( - 'Cannot parse SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS' - ) - } - })() - : undefined, - requestIdExpirationPeriodMs: (_saml_expiration = - process.env.SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS) - ? (() => { - try { - return parseIntOrFail(_saml_expiration) - } catch (error9) { - e = error9 - return console.error( - 'Cannot parse SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS' - ) - } - })() - : undefined, - additionalParams: (_saml_additionalParams = - process.env.SHARELATEX_SAML_ADDITIONAL_PARAMS) - ? (() => { - try { - return JSON.parse(_saml_additionalParams) - } catch (error10) { - e = error10 - return console.error( - 'Cannot parse SHARELATEX_SAML_ADDITIONAL_PARAMS' - ) - } - })() - : undefined, - additionalAuthorizeParams: (_saml_additionalAuthorizeParams = - process.env.SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS) - ? (() => { - try { - return JSON.parse(_saml_additionalAuthorizeParams) - } catch (error11) { - e = error11 - return console.error( - 'Cannot parse SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS' - ) - } - })() - : undefined, - additionalLogoutParams: (_saml_additionalLogoutParams = - process.env.SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS) - ? (() => { - try { - return JSON.parse(_saml_additionalLogoutParams) - } catch (error12) { - e = error12 - return console.error( - 'Cannot parse SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS' - ) - } - })() - : undefined, - }, - } - - // SHARELATEX_SAML_CERT cannot be empty - // https://github.com/node-saml/passport-saml/commit/f6b1c885c0717f1083c664345556b535f217c102 - if (process.env.SHARELATEX_SAML_CERT) { - settings.saml.server.cert = process.env.SHARELATEX_SAML_CERT - settings.saml.server.privateKey = process.env.SHARELATEX_SAML_PRIVATE_CERT - } -} - // Compiler // -------- if (process.env.SANDBOXED_COMPILES === 'true') {