plugin-auth-ldap/index.js

var ldap = require('ldapjs');
var session = require('express-session');
var router = module.parent.router;

module.exports = function(plugin) {
  plugin.defaults({
    "session": {
      secret: 'session-ldap',
      resave: false,
      saveUninitialized: true
    },
    // See https://github.com/joyent/node-ldapjs/blob/master/docs/client.md#create-a-client
    "bind": {
      dn: "cn=%u,ou=People,dc=domain",
      password: "%u"
    }
  });


  function requestAuth(res) {
    res.set('WWW-Authenticate', 'Basic realm="Auth"');
    res.status(401).send('Auth required.');
  }

  router.all('*', session(plugin.conf.session));
  router.all('*', function(req, res, next) {
    if (req.session.isValid) {
      next();
      return;
    }
    // parse login and password from headers
    var b64auth = (req.headers.authorization || '').split(' ')[1] || '';
    var strauth = new Buffer(b64auth, 'base64').toString();
    var splitIndex = strauth.indexOf(':');
    var login = strauth.substring(0, splitIndex);
    var password = strauth.substring(splitIndex + 1);

    if (!login || !password) {
      requestAuth(res);
      return;
    }

    // It seems stupid to create a client each time, but joyent's ldapjs cannot bind then unbind to the same client multiple times...
    var client = ldap.createClient(plugin.conf.options)

    client.bind(plugin.conf.bind.dn.replace('%u', login), plugin.conf.bind.password.replace('%p', password), function(err) {
      if (err) {
        console.log('E: ldap.bind: ', err)
        requestAuth(res);
      } else {
        req.session.isValid = true;
        client.unbind(function(err) {
          if (err) {
            console.log('E: ldap.unbind: ', err)
          }
        })
        next();
      }
    })
  });
};
Switch to joyent's ldapjs lib 2020-07-10 18:51:45 -07:00			`var ldap = require('ldapjs');`
Add code for 2.0.0 1.0.0 shall never see the light of day due to it relying on some cowboy coder's abandoned ldap client. 2019-01-15 19:15:20 -08:00			`var session = require('express-session');`
			`var router = module.parent.router;`

			`module.exports = function(plugin) {`
			`plugin.defaults({`
			`"session": {`
			`secret: 'session-ldap',`
			`resave: false,`
			`saveUninitialized: true`
			`},`
			`// See https://github.com/joyent/node-ldapjs/blob/master/docs/client.md#create-a-client`
			`"bind": {`
			`dn: "cn=%u,ou=People,dc=domain",`
			`password: "%u"`
			`}`
			`});`


			`function requestAuth(res) {`
			`res.set('WWW-Authenticate', 'Basic realm="Auth"');`
			`res.status(401).send('Auth required.');`
			`}`

			`router.all('*', session(plugin.conf.session));`
			`router.all('*', function(req, res, next) {`
			`if (req.session.isValid) {`
			`next();`
			`return;`
			`}`
			`// parse login and password from headers`
			`var b64auth = (req.headers.authorization \|\| '').split(' ')[1] \|\| '';`
			`var strauth = new Buffer(b64auth, 'base64').toString();`
			`var splitIndex = strauth.indexOf(':');`
			`var login = strauth.substring(0, splitIndex);`
			`var password = strauth.substring(splitIndex + 1);`

			`if (!login \|\| !password) {`
			`requestAuth(res);`
			`return;`
			`}`

Create ldap client per login attempt This seems stupid to not just bind then unbind, but it seems that the joyent ldap library does not support this, as a second call to bind, even after an unbind, just hangs. 2020-07-10 19:05:06 -07:00			`// It seems stupid to create a client each time, but joyent's ldapjs cannot bind then unbind to the same client multiple times...`
			`var client = ldap.createClient(plugin.conf.options)`

Switch to joyent's ldapjs lib 2020-07-10 18:51:45 -07:00			`client.bind(plugin.conf.bind.dn.replace('%u', login), plugin.conf.bind.password.replace('%p', password), function(err) {`
			`if (err) {`
			`console.log('E: ldap.bind: ', err)`
			`requestAuth(res);`
			`} else {`
			`req.session.isValid = true;`
			`client.unbind(function(err) {`
			`if (err) {`
			`console.log('E: ldap.unbind: ', err)`
			`}`
			`})`
Create ldap client per login attempt This seems stupid to not just bind then unbind, but it seems that the joyent ldap library does not support this, as a second call to bind, even after an unbind, just hangs. 2020-07-10 19:05:06 -07:00			`next();`
Switch to joyent's ldapjs lib 2020-07-10 18:51:45 -07:00			`}`
Add code for 2.0.0 1.0.0 shall never see the light of day due to it relying on some cowboy coder's abandoned ldap client. 2019-01-15 19:15:20 -08:00			`})`
			`});`
			`};`