2024-05-29 14:46:20 -07:00
|
|
|
const LdapStrategy = require('passport-ldapauth');
|
2024-06-07 17:43:36 -04:00
|
|
|
const { findUser, createUser, updateUser } = require('~/models/userMethods');
|
2024-05-29 14:46:20 -07:00
|
|
|
const fs = require('fs');
|
|
|
|
|
|
|
|
|
|
const ldapOptions = {
|
|
|
|
|
server: {
|
|
|
|
|
url: process.env.LDAP_URL,
|
|
|
|
|
bindDN: process.env.LDAP_BIND_DN,
|
|
|
|
|
bindCredentials: process.env.LDAP_BIND_CREDENTIALS,
|
|
|
|
|
searchBase: process.env.LDAP_USER_SEARCH_BASE,
|
|
|
|
|
searchFilter: process.env.LDAP_SEARCH_FILTER || 'mail={{username}}',
|
|
|
|
|
searchAttributes: ['displayName', 'mail', 'uid', 'cn', 'name', 'commonname', 'givenName', 'sn'],
|
|
|
|
|
...(process.env.LDAP_CA_CERT_PATH && {
|
|
|
|
|
tlsOptions: { ca: [fs.readFileSync(process.env.LDAP_CA_CERT_PATH)] },
|
|
|
|
|
}),
|
|
|
|
|
},
|
|
|
|
|
usernameField: 'email',
|
|
|
|
|
passwordField: 'password',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const ldapLogin = new LdapStrategy(ldapOptions, async (userinfo, done) => {
|
|
|
|
|
if (!userinfo) {
|
|
|
|
|
return done(null, false, { message: 'Invalid credentials' });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
const firstName = userinfo.givenName;
|
|
|
|
|
const familyName = userinfo.surname || userinfo.sn;
|
|
|
|
|
const fullName =
|
|
|
|
|
firstName && familyName
|
|
|
|
|
? `${firstName} ${familyName}`
|
|
|
|
|
: userinfo.cn ||
|
|
|
|
|
userinfo.name ||
|
|
|
|
|
userinfo.commonname ||
|
|
|
|
|
userinfo.displayName ||
|
|
|
|
|
userinfo.mail;
|
|
|
|
|
|
|
|
|
|
const username = userinfo.givenName || userinfo.mail;
|
2024-06-07 21:06:47 +02:00
|
|
|
let user = await findUser({ email: userinfo.mail });
|
2024-05-29 14:46:20 -07:00
|
|
|
if (user && user.provider !== 'ldap') {
|
|
|
|
|
return done(null, false, { message: 'Invalid credentials' });
|
|
|
|
|
}
|
|
|
|
|
if (!user) {
|
2024-06-07 21:06:47 +02:00
|
|
|
user = {
|
2024-05-29 14:46:20 -07:00
|
|
|
provider: 'ldap',
|
|
|
|
|
ldapId: userinfo.uid,
|
|
|
|
|
username,
|
|
|
|
|
email: userinfo.mail || '',
|
|
|
|
|
emailVerified: true,
|
|
|
|
|
name: fullName,
|
2024-06-07 21:06:47 +02:00
|
|
|
};
|
2024-06-07 17:43:36 -04:00
|
|
|
const userId = await createUser(user);
|
|
|
|
|
user._id = userId;
|
2024-05-29 14:46:20 -07:00
|
|
|
} else {
|
|
|
|
|
user.provider = 'ldap';
|
|
|
|
|
user.ldapId = userinfo.uid;
|
|
|
|
|
user.username = username;
|
|
|
|
|
user.name = fullName;
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-07 17:43:36 -04:00
|
|
|
user = await updateUser(user._id, user);
|
2024-05-29 14:46:20 -07:00
|
|
|
|
|
|
|
|
done(null, user);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
module.exports = ldapLogin;
|
