kts of kettek(MindFire)
4ba6fde7c8
This seems stupid to not just bind then unbind, but it seems that the joyent ldap library does not support this, as a second call to bind, even after an unbind, just hangs.
62 lines
1.7 KiB
JavaScript
62 lines
1.7 KiB
JavaScript
var ldap = require('ldapjs');
|
|
var session = require('express-session');
|
|
var router = module.parent.router;
|
|
|
|
module.exports = function(plugin) {
|
|
plugin.defaults({
|
|
"session": {
|
|
secret: 'session-ldap',
|
|
resave: false,
|
|
saveUninitialized: true
|
|
},
|
|
// See https://github.com/joyent/node-ldapjs/blob/master/docs/client.md#create-a-client
|
|
"bind": {
|
|
dn: "cn=%u,ou=People,dc=domain",
|
|
password: "%u"
|
|
}
|
|
});
|
|
|
|
|
|
function requestAuth(res) {
|
|
res.set('WWW-Authenticate', 'Basic realm="Auth"');
|
|
res.status(401).send('Auth required.');
|
|
}
|
|
|
|
router.all('*', session(plugin.conf.session));
|
|
router.all('*', function(req, res, next) {
|
|
if (req.session.isValid) {
|
|
next();
|
|
return;
|
|
}
|
|
// parse login and password from headers
|
|
var b64auth = (req.headers.authorization || '').split(' ')[1] || '';
|
|
var strauth = new Buffer(b64auth, 'base64').toString();
|
|
var splitIndex = strauth.indexOf(':');
|
|
var login = strauth.substring(0, splitIndex);
|
|
var password = strauth.substring(splitIndex + 1);
|
|
|
|
if (!login || !password) {
|
|
requestAuth(res);
|
|
return;
|
|
}
|
|
|
|
// It seems stupid to create a client each time, but joyent's ldapjs cannot bind then unbind to the same client multiple times...
|
|
var client = ldap.createClient(plugin.conf.options)
|
|
|
|
client.bind(plugin.conf.bind.dn.replace('%u', login), plugin.conf.bind.password.replace('%p', password), function(err) {
|
|
if (err) {
|
|
console.log('E: ldap.bind: ', err)
|
|
requestAuth(res);
|
|
} else {
|
|
req.session.isValid = true;
|
|
client.unbind(function(err) {
|
|
if (err) {
|
|
console.log('E: ldap.unbind: ', err)
|
|
}
|
|
})
|
|
next();
|
|
}
|
|
})
|
|
});
|
|
};
|