mirror of
https://github.com/laurent22/joplin.git
synced 2024-12-21 09:38:01 +02:00
Server: Allow self-signed certificate for ldap auth (#11531)
Co-authored-by: Laurent Cozic <laurent22@users.noreply.github.com>
This commit is contained in:
parent
3cba4ec82c
commit
28ff17a078
@ -125,6 +125,7 @@ function ldapConfigFromEnv(env: EnvVariables): LdapConfig[] {
|
||||
baseDN: env.LDAP_1_BASE_DN,
|
||||
bindDN: env.LDAP_1_BIND_DN,
|
||||
bindPW: env.LDAP_1_BIND_PW,
|
||||
tlsCaFile: env.LDAP_1_TLS_CA_FILE,
|
||||
});
|
||||
}
|
||||
|
||||
@ -138,6 +139,7 @@ function ldapConfigFromEnv(env: EnvVariables): LdapConfig[] {
|
||||
baseDN: env.LDAP_2_BASE_DN,
|
||||
bindDN: env.LDAP_2_BIND_DN,
|
||||
bindPW: env.LDAP_2_BIND_PW,
|
||||
tlsCaFile: env.LDAP_2_TLS_CA_FILE,
|
||||
});
|
||||
}
|
||||
return ldapConfig;
|
||||
|
@ -137,6 +137,7 @@ const defaultEnvValues: EnvVariables = {
|
||||
LDAP_1_BASE_DN: '',
|
||||
LDAP_1_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||
LDAP_1_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||
LDAP_1_TLS_CA_FILE: '', // used for self-signed certificate with ldaps - leave empty if using ldap or server uses CA-issued certificate
|
||||
|
||||
LDAP_2_ENABLED: false,
|
||||
LDAP_2_USER_AUTO_CREATION: true, // if set to true, users will be created on the fly after ldap authentication
|
||||
@ -146,6 +147,7 @@ const defaultEnvValues: EnvVariables = {
|
||||
LDAP_2_BASE_DN: '',
|
||||
LDAP_2_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||
LDAP_2_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||
LDAP_2_TLS_CA_FILE: '', // used for self-signed certificate with ldaps - leave empty if using ldap or server uses CA-issued certificate
|
||||
|
||||
};
|
||||
|
||||
@ -228,6 +230,7 @@ export interface EnvVariables {
|
||||
LDAP_1_BASE_DN: string;
|
||||
LDAP_1_BIND_DN: string;
|
||||
LDAP_1_BIND_PW: string;
|
||||
LDAP_1_TLS_CA_FILE: string;
|
||||
|
||||
LDAP_2_ENABLED: boolean;
|
||||
LDAP_2_USER_AUTO_CREATION: boolean;
|
||||
@ -237,6 +240,7 @@ export interface EnvVariables {
|
||||
LDAP_2_BASE_DN: string;
|
||||
LDAP_2_BIND_DN: string;
|
||||
LDAP_2_BIND_PW: string;
|
||||
LDAP_2_TLS_CA_FILE: string;
|
||||
}
|
||||
|
||||
const parseBoolean = (s: string): boolean => {
|
||||
|
@ -86,6 +86,7 @@ describe('api/sessions', () => {
|
||||
baseDN: '',
|
||||
bindDN: '',
|
||||
bindPW: '',
|
||||
tlsCaFile: '',
|
||||
};
|
||||
|
||||
{
|
||||
@ -123,6 +124,7 @@ describe('api/sessions', () => {
|
||||
baseDN: '',
|
||||
bindDN: '',
|
||||
bindPW: '',
|
||||
tlsCaFile: '',
|
||||
};
|
||||
|
||||
const context = await postSession(user.email, password);
|
||||
@ -151,6 +153,7 @@ describe('api/sessions', () => {
|
||||
baseDN: '',
|
||||
bindDN: '',
|
||||
bindPW: '',
|
||||
tlsCaFile: '',
|
||||
};
|
||||
|
||||
(ldapLogin as jest.Mock).mockResolvedValue(user);
|
||||
@ -179,6 +182,7 @@ describe('api/sessions', () => {
|
||||
baseDN: '',
|
||||
bindDN: '',
|
||||
bindPW: '',
|
||||
tlsCaFile: '',
|
||||
};
|
||||
|
||||
(ldapLogin as jest.Mock).mockImplementationOnce(() => {
|
||||
@ -203,6 +207,7 @@ describe('api/sessions', () => {
|
||||
baseDN: '',
|
||||
bindDN: '',
|
||||
bindPW: '',
|
||||
tlsCaFile: '',
|
||||
};
|
||||
|
||||
(ldapLogin as jest.Mock).mockImplementationOnce(() => {
|
||||
|
@ -3,6 +3,7 @@ import { User } from '../services/database/types';
|
||||
import Logger from '@joplin/utils/Logger';
|
||||
import { LdapConfig } from './types';
|
||||
import { ErrorForbidden } from './errors';
|
||||
import { readFile } from 'fs/promises';
|
||||
|
||||
const logger = Logger.create('LDAP');
|
||||
|
||||
@ -16,6 +17,7 @@ export default async function ldapLogin(email: string, password: string, user: U
|
||||
const baseDN = config.baseDN;
|
||||
const bindDN = config.bindDN;
|
||||
const bindPW = config.bindPW;
|
||||
const tlsCaFile = config.tlsCaFile;
|
||||
|
||||
logger.info(`Starting authentication with Server ${host}`);
|
||||
|
||||
@ -25,10 +27,19 @@ export default async function ldapLogin(email: string, password: string, user: U
|
||||
|
||||
if (enabled) {
|
||||
let searchResults;
|
||||
|
||||
let tlsOptions;
|
||||
if (tlsCaFile.length !== 0) {
|
||||
tlsOptions = {
|
||||
ca: [await readFile(tlsCaFile)],
|
||||
};
|
||||
}
|
||||
|
||||
const client = new Client({
|
||||
url: host,
|
||||
timeout: 5000,
|
||||
connectTimeout: 1000,
|
||||
tlsOptions: tlsOptions,
|
||||
});
|
||||
|
||||
if (bindDN.length !== 0) {
|
||||
|
@ -141,6 +141,7 @@ export interface LdapConfig {
|
||||
baseDN: string;
|
||||
bindDN: string;
|
||||
bindPW: string;
|
||||
tlsCaFile: string;
|
||||
}
|
||||
|
||||
export interface Config extends EnvVariables {
|
||||
|
@ -153,4 +153,5 @@ tablist
|
||||
Favorite
|
||||
tablist
|
||||
Edubirdie
|
||||
Useviral
|
||||
Useviral
|
||||
ldaps
|
||||
|
Loading…
Reference in New Issue
Block a user