1
0
mirror of https://github.com/laurent22/joplin.git synced 2024-12-21 09:38:01 +02:00

Server: Allow self-signed certificate for ldap auth (#11531)

Co-authored-by: Laurent Cozic <laurent22@users.noreply.github.com>
This commit is contained in:
Ryan Crisanti 2024-12-19 08:44:37 -05:00 committed by GitHub
parent 3cba4ec82c
commit 28ff17a078
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 25 additions and 1 deletions

View File

@ -125,6 +125,7 @@ function ldapConfigFromEnv(env: EnvVariables): LdapConfig[] {
baseDN: env.LDAP_1_BASE_DN, baseDN: env.LDAP_1_BASE_DN,
bindDN: env.LDAP_1_BIND_DN, bindDN: env.LDAP_1_BIND_DN,
bindPW: env.LDAP_1_BIND_PW, bindPW: env.LDAP_1_BIND_PW,
tlsCaFile: env.LDAP_1_TLS_CA_FILE,
}); });
} }
@ -138,6 +139,7 @@ function ldapConfigFromEnv(env: EnvVariables): LdapConfig[] {
baseDN: env.LDAP_2_BASE_DN, baseDN: env.LDAP_2_BASE_DN,
bindDN: env.LDAP_2_BIND_DN, bindDN: env.LDAP_2_BIND_DN,
bindPW: env.LDAP_2_BIND_PW, bindPW: env.LDAP_2_BIND_PW,
tlsCaFile: env.LDAP_2_TLS_CA_FILE,
}); });
} }
return ldapConfig; return ldapConfig;

View File

@ -137,6 +137,7 @@ const defaultEnvValues: EnvVariables = {
LDAP_1_BASE_DN: '', LDAP_1_BASE_DN: '',
LDAP_1_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind LDAP_1_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
LDAP_1_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind LDAP_1_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
LDAP_1_TLS_CA_FILE: '', // used for self-signed certificate with ldaps - leave empty if using ldap or server uses CA-issued certificate
LDAP_2_ENABLED: false, LDAP_2_ENABLED: false,
LDAP_2_USER_AUTO_CREATION: true, // if set to true, users will be created on the fly after ldap authentication LDAP_2_USER_AUTO_CREATION: true, // if set to true, users will be created on the fly after ldap authentication
@ -146,6 +147,7 @@ const defaultEnvValues: EnvVariables = {
LDAP_2_BASE_DN: '', LDAP_2_BASE_DN: '',
LDAP_2_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind LDAP_2_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
LDAP_2_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind LDAP_2_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
LDAP_2_TLS_CA_FILE: '', // used for self-signed certificate with ldaps - leave empty if using ldap or server uses CA-issued certificate
}; };
@ -228,6 +230,7 @@ export interface EnvVariables {
LDAP_1_BASE_DN: string; LDAP_1_BASE_DN: string;
LDAP_1_BIND_DN: string; LDAP_1_BIND_DN: string;
LDAP_1_BIND_PW: string; LDAP_1_BIND_PW: string;
LDAP_1_TLS_CA_FILE: string;
LDAP_2_ENABLED: boolean; LDAP_2_ENABLED: boolean;
LDAP_2_USER_AUTO_CREATION: boolean; LDAP_2_USER_AUTO_CREATION: boolean;
@ -237,6 +240,7 @@ export interface EnvVariables {
LDAP_2_BASE_DN: string; LDAP_2_BASE_DN: string;
LDAP_2_BIND_DN: string; LDAP_2_BIND_DN: string;
LDAP_2_BIND_PW: string; LDAP_2_BIND_PW: string;
LDAP_2_TLS_CA_FILE: string;
} }
const parseBoolean = (s: string): boolean => { const parseBoolean = (s: string): boolean => {

View File

@ -86,6 +86,7 @@ describe('api/sessions', () => {
baseDN: '', baseDN: '',
bindDN: '', bindDN: '',
bindPW: '', bindPW: '',
tlsCaFile: '',
}; };
{ {
@ -123,6 +124,7 @@ describe('api/sessions', () => {
baseDN: '', baseDN: '',
bindDN: '', bindDN: '',
bindPW: '', bindPW: '',
tlsCaFile: '',
}; };
const context = await postSession(user.email, password); const context = await postSession(user.email, password);
@ -151,6 +153,7 @@ describe('api/sessions', () => {
baseDN: '', baseDN: '',
bindDN: '', bindDN: '',
bindPW: '', bindPW: '',
tlsCaFile: '',
}; };
(ldapLogin as jest.Mock).mockResolvedValue(user); (ldapLogin as jest.Mock).mockResolvedValue(user);
@ -179,6 +182,7 @@ describe('api/sessions', () => {
baseDN: '', baseDN: '',
bindDN: '', bindDN: '',
bindPW: '', bindPW: '',
tlsCaFile: '',
}; };
(ldapLogin as jest.Mock).mockImplementationOnce(() => { (ldapLogin as jest.Mock).mockImplementationOnce(() => {
@ -203,6 +207,7 @@ describe('api/sessions', () => {
baseDN: '', baseDN: '',
bindDN: '', bindDN: '',
bindPW: '', bindPW: '',
tlsCaFile: '',
}; };
(ldapLogin as jest.Mock).mockImplementationOnce(() => { (ldapLogin as jest.Mock).mockImplementationOnce(() => {

View File

@ -3,6 +3,7 @@ import { User } from '../services/database/types';
import Logger from '@joplin/utils/Logger'; import Logger from '@joplin/utils/Logger';
import { LdapConfig } from './types'; import { LdapConfig } from './types';
import { ErrorForbidden } from './errors'; import { ErrorForbidden } from './errors';
import { readFile } from 'fs/promises';
const logger = Logger.create('LDAP'); const logger = Logger.create('LDAP');
@ -16,6 +17,7 @@ export default async function ldapLogin(email: string, password: string, user: U
const baseDN = config.baseDN; const baseDN = config.baseDN;
const bindDN = config.bindDN; const bindDN = config.bindDN;
const bindPW = config.bindPW; const bindPW = config.bindPW;
const tlsCaFile = config.tlsCaFile;
logger.info(`Starting authentication with Server ${host}`); logger.info(`Starting authentication with Server ${host}`);
@ -25,10 +27,19 @@ export default async function ldapLogin(email: string, password: string, user: U
if (enabled) { if (enabled) {
let searchResults; let searchResults;
let tlsOptions;
if (tlsCaFile.length !== 0) {
tlsOptions = {
ca: [await readFile(tlsCaFile)],
};
}
const client = new Client({ const client = new Client({
url: host, url: host,
timeout: 5000, timeout: 5000,
connectTimeout: 1000, connectTimeout: 1000,
tlsOptions: tlsOptions,
}); });
if (bindDN.length !== 0) { if (bindDN.length !== 0) {

View File

@ -141,6 +141,7 @@ export interface LdapConfig {
baseDN: string; baseDN: string;
bindDN: string; bindDN: string;
bindPW: string; bindPW: string;
tlsCaFile: string;
} }
export interface Config extends EnvVariables { export interface Config extends EnvVariables {

View File

@ -154,3 +154,4 @@ Favorite
tablist tablist
Edubirdie Edubirdie
Useviral Useviral
ldaps