authelia/server/src/lib/ldap/Authenticator.ts

import BluebirdPromise = require("bluebird");
import exceptions = require("../Exceptions");
import ldapjs = require("ldapjs");
import { IClient } from "./IClient";
import { IClientFactory } from "./IClientFactory";
import { GroupsAndEmails } from "./IClient";

import { IAuthenticator } from "./IAuthenticator";
import { LdapConfiguration } from "../configuration/Configuration";
import { EmailsAndGroupsRetriever } from "./EmailsAndGroupsRetriever";


export class Authenticator implements IAuthenticator {
  private options: LdapConfiguration;
  private clientFactory: IClientFactory;

  constructor(options: LdapConfiguration, clientFactory: IClientFactory) {
    this.options = options;
    this.clientFactory = clientFactory;
  }

  authenticate(username: string, password: string): BluebirdPromise<GroupsAndEmails> {
    const that = this;
    let userClient: IClient;
    const adminClient = this.clientFactory.create(this.options.user, this.options.password);
    const emailsAndGroupsRetriever = new EmailsAndGroupsRetriever(this.options, this.clientFactory);

    return adminClient.open()
      .then(function () {
        return adminClient.searchUserDn(username);
      })
      .then(function (userDN: string) {
        userClient = that.clientFactory.create(userDN, password);
        return userClient.open();
      })
      .then(function () {
        return userClient.close();
      })
      .then(function () {
        return emailsAndGroupsRetriever.retrieve(username);
      })
      .then(function (groupsAndEmails: GroupsAndEmails) {
        return BluebirdPromise.resolve(groupsAndEmails);
      })
      .error(function (err: Error) {
        return BluebirdPromise.reject(new exceptions.LdapError(err.message));
      });
  }
}
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00			`import BluebirdPromise = require("bluebird");`
			`import exceptions = require("../Exceptions");`
			`import ldapjs = require("ldapjs");`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`import { IClient } from "./IClient";`
			`import { IClientFactory } from "./IClientFactory";`
			`import { GroupsAndEmails } from "./IClient";`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`import { IAuthenticator } from "./IAuthenticator";`
Add Mongo as scalable and resilient storage backend 2017-07-20 02:06:12 +07:00			`import { LdapConfiguration } from "../configuration/Configuration";`
Use username matcher instead of user dn in group filter Previously, string "{0}" was replaced by the user dn in the groups_filter attributes of the LDAP configuration. However, if the groups children only have a memberUid attribute, one would like to use the username instead of the user dn. Since the user dn can be built from the username, "{0}" is now replaced by the username instead of the user dn so that an LDAP relying on attribute 'memberUid' can be used. 2017-10-07 18:46:19 +07:00			`import { EmailsAndGroupsRetriever } from "./EmailsAndGroupsRetriever";`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00

Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`export class Authenticator implements IAuthenticator {`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00			`private options: LdapConfiguration;`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`private clientFactory: IClientFactory;`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`constructor(options: LdapConfiguration, clientFactory: IClientFactory) {`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00			`this.options = options;`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`this.clientFactory = clientFactory;`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00			`}`

Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`authenticate(username: string, password: string): BluebirdPromise<GroupsAndEmails> {`
			`const that = this;`
			`let userClient: IClient;`
			`const adminClient = this.clientFactory.create(this.options.user, this.options.password);`
Use username matcher instead of user dn in group filter Previously, string "{0}" was replaced by the user dn in the groups_filter attributes of the LDAP configuration. However, if the groups children only have a memberUid attribute, one would like to use the username instead of the user dn. Since the user dn can be built from the username, "{0}" is now replaced by the username instead of the user dn so that an LDAP relying on attribute 'memberUid' can be used. 2017-10-07 18:46:19 +07:00			`const emailsAndGroupsRetriever = new EmailsAndGroupsRetriever(this.options, this.clientFactory);`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`return adminClient.open()`
			`.then(function () {`
			`return adminClient.searchUserDn(username);`
			`})`
			`.then(function (userDN: string) {`
			`userClient = that.clientFactory.create(userDN, password);`
			`return userClient.open();`
			`})`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00			`.then(function () {`
			`return userClient.close();`
			`})`
			`.then(function () {`
Use username matcher instead of user dn in group filter Previously, string "{0}" was replaced by the user dn in the groups_filter attributes of the LDAP configuration. However, if the groups children only have a memberUid attribute, one would like to use the username instead of the user dn. Since the user dn can be built from the username, "{0}" is now replaced by the username instead of the user dn so that an LDAP relying on attribute 'memberUid' can be used. 2017-10-07 18:46:19 +07:00			`return emailsAndGroupsRetriever.retrieve(username);`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00			`})`
Use username matcher instead of user dn in group filter Previously, string "{0}" was replaced by the user dn in the groups_filter attributes of the LDAP configuration. However, if the groups children only have a memberUid attribute, one would like to use the username instead of the user dn. Since the user dn can be built from the username, "{0}" is now replaced by the username instead of the user dn so that an LDAP relying on attribute 'memberUid' can be used. 2017-10-07 18:46:19 +07:00			`.then(function (groupsAndEmails: GroupsAndEmails) {`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-03 03:38:26 +07:00			`return BluebirdPromise.resolve(groupsAndEmails);`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 22:37:13 +07:00			`})`
			`.error(function (err: Error) {`
			`return BluebirdPromise.reject(new exceptions.LdapError(err.message));`
			`});`
			`}`
			`}`