Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-23 19:00:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Update loginHandler.js

Browse source 
additional option to login in ldap server with user account
This commit is contained in:
Thiago Fernando 2019-05-10 14:58:19 -03:00 committed by GitHub
parent fd1af07e43
commit 36f148a7cb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

52
packages/wekan-ldap/server/loginHandler.js
View file

@ -41,28 +41,38 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
let ldapUser; let ldapUser;
try { try {
ldap.connectSync();
const users = ldap.searchUsersSync(loginRequest.username);
if (users.length !== 1) { ldap.connectSync();
log_info('Search returned', users.length, 'record(s) for', loginRequest.username);
throw new Error('User not Found'); if (!!LDAP.settings_get('LDAP_USER_AUTHENTICATION')) {
} ldap.bindUserIfNecessary(loginRequest.username, loginRequest.ldapPass);
ldapUser = ldap.searchUsersSync(loginRequest.username)[0];
} else {
const users = ldap.searchUsersSync(loginRequest.username);
if (users.length !== 1) {
log_info('Search returned', users.length, 'record(s) for', loginRequest.username);
throw new Error('User not Found');
}
if (ldap.authSync(users[0].dn, loginRequest.ldapPass) === true) {
if (ldap.isUserInGroup(loginRequest.username, users[0])) {
ldapUser = users[0];
} else {
throw new Error('User not in a valid group');
}
} else {
log_info('Wrong password for', loginRequest.username);
}
}
if (ldap.authSync(users[0].dn, loginRequest.ldapPass) === true) {
if (ldap.isUserInGroup(loginRequest.username, users[0])) {
ldapUser = users[0];
} else {
throw new Error('User not in a valid group');
}
} else {
log_info('Wrong password for', loginRequest.username);
}
} catch (error) { } catch (error) {
log_error(error); log_error(error);
} }
if (ldapUser === undefined) { if (!ldapUser) {
if (LDAP.settings_get('LDAP_LOGIN_FALLBACK') === true) { if (LDAP.settings_get('LDAP_LOGIN_FALLBACK') === true) {
return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass); return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass);
} }
@ -76,8 +86,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
const Unique_Identifier_Field = getLdapUserUniqueID(ldapUser); const Unique_Identifier_Field = getLdapUserUniqueID(ldapUser);
let user; let user;
// Attempt to find user by unique identifier
// Attempt to find user by unique identifier
if (Unique_Identifier_Field) { if (Unique_Identifier_Field) {
userQuery = { userQuery = {
@ -88,14 +97,14 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
log_debug('userQuery', userQuery); log_debug('userQuery', userQuery);
user = Meteor.users.findOne(userQuery); user = Meteor.users.findOne(userQuery);
} }
// Attempt to find user by username // Attempt to find user by username
let username; let username;
let email; let email;
if (LDAP.settings_get('LDAP_USERNAME_FIELD') !== '') { if (LDAP.settings_get('LDAP_USERNAME_FIELD') !== '') {
username = slug(getLdapUsername(ldapUser)); username = slug(getLdapUsername(ldapUser));
} else { } else {
username = slug(loginRequest.username); username = slug(loginRequest.username);
@ -105,6 +114,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
email = getLdapEmail(ldapUser); email = getLdapEmail(ldapUser);
} }
if (!user) { if (!user) {
if(email && LDAP.settings_get('LDAP_EMAIL_MATCH_REQUIRE') === true) { if(email && LDAP.settings_get('LDAP_EMAIL_MATCH_REQUIRE') === true) {
if(LDAP.settings_get('LDAP_EMAIL_MATCH_VERIFIED') === true) { if(LDAP.settings_get('LDAP_EMAIL_MATCH_VERIFIED') === true) {