techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity

Added the ability for users to configure a CA when using ldaps

Browse Source
This commit is contained in:
Max Planck 2019-06-24 19:52:32 -06:00 committed by Clément Michaud
parent 4979f2bd2d
commit 81e39b93b6
8 changed files with 3807 additions and 3805 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM node:8.7.0-alpine FROM node:10.16.0-alpine
WORKDIR /usr/src WORKDIR /usr/src

7528
client/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

41
package-lock.json generated
View File

@ -2787,8 +2787,7 @@
"ansi-regex": { "ansi-regex": {
"version": "2.1.1", "version": "2.1.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"aproba": { "aproba": {
"version": "1.2.0", "version": "1.2.0",
@ -2809,14 +2808,12 @@
"balanced-match": { "balanced-match": {
"version": "1.0.0", "version": "1.0.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"brace-expansion": { "brace-expansion": {
"version": "1.1.11", "version": "1.1.11",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"balanced-match": "^1.0.0", "balanced-match": "^1.0.0",
"concat-map": "0.0.1" "concat-map": "0.0.1"
@ -2831,20 +2828,17 @@
"code-point-at": { "code-point-at": {
"version": "1.1.0", "version": "1.1.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"concat-map": { "concat-map": {
"version": "0.0.1", "version": "0.0.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"console-control-strings": { "console-control-strings": {
"version": "1.1.0", "version": "1.1.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"core-util-is": { "core-util-is": {
"version": "1.0.2", "version": "1.0.2",
@ -2961,8 +2955,7 @@
"inherits": { "inherits": {
"version": "2.0.3", "version": "2.0.3",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"ini": { "ini": {
"version": "1.3.5", "version": "1.3.5",
@ -2974,7 +2967,6 @@
"version": "1.0.0", "version": "1.0.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"number-is-nan": "^1.0.0" "number-is-nan": "^1.0.0"
} }
@ -2989,7 +2981,6 @@
"version": "3.0.4", "version": "3.0.4",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"brace-expansion": "^1.1.7" "brace-expansion": "^1.1.7"
} }
@ -2997,14 +2988,12 @@
"minimist": { "minimist": {
"version": "0.0.8", "version": "0.0.8",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"minipass": { "minipass": {
"version": "2.3.5", "version": "2.3.5",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"safe-buffer": "^5.1.2", "safe-buffer": "^5.1.2",
"yallist": "^3.0.0" "yallist": "^3.0.0"
@ -3023,7 +3012,6 @@
"version": "0.5.1", "version": "0.5.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"minimist": "0.0.8" "minimist": "0.0.8"
} }
@ -3111,8 +3099,7 @@
"number-is-nan": { "number-is-nan": {
"version": "1.0.1", "version": "1.0.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"object-assign": { "object-assign": {
"version": "4.1.1", "version": "4.1.1",
@ -3124,7 +3111,6 @@
"version": "1.4.0", "version": "1.4.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"wrappy": "1" "wrappy": "1"
} }
@ -3210,8 +3196,7 @@
"safe-buffer": { "safe-buffer": {
"version": "5.1.2", "version": "5.1.2",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"safer-buffer": { "safer-buffer": {
"version": "2.1.2", "version": "2.1.2",
@ -3247,7 +3232,6 @@
"version": "1.0.2", "version": "1.0.2",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"code-point-at": "^1.0.0", "code-point-at": "^1.0.0",
"is-fullwidth-code-point": "^1.0.0", "is-fullwidth-code-point": "^1.0.0",
@ -3267,7 +3251,6 @@
"version": "3.0.1", "version": "3.0.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"ansi-regex": "^2.0.0" "ansi-regex": "^2.0.0"
} }
@ -3311,14 +3294,12 @@
"wrappy": { "wrappy": {
"version": "1.0.2", "version": "1.0.2",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"yallist": { "yallist": {
"version": "3.0.3", "version": "3.0.3",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
} }
} }
}, },

3
server/src/lib/ServerVariablesInitializer.ts
View File

@ -1,4 +1,3 @@
import BluebirdPromise = require("bluebird"); import BluebirdPromise = require("bluebird");
import Nodemailer = require("nodemailer"); import Nodemailer = require("nodemailer");
@ -57,7 +56,7 @@ export class ServerVariablesInitializer {
return new LdapUsersDatabase( return new LdapUsersDatabase(
new SessionFactory( new SessionFactory(
ldapConfig, ldapConfig,
new ConnectorFactory(ldapConfig, deps.ldapjs), new ConnectorFactory(ldapConfig, deps.ldapjs, deps.winston),
deps.winston deps.winston
), ),
ldapConfig ldapConfig

1
server/src/lib/authentication/backends/ldap/SessionFactory.ts
View File

@ -1,4 +1,3 @@
import Ldapjs = require("ldapjs");
import Winston = require("winston"); import Winston = require("winston");
import { IConnectorFactory } from "./connector/IConnectorFactory"; import { IConnectorFactory } from "./connector/IConnectorFactory";

8
server/src/lib/authentication/backends/ldap/connector/Connector.ts
View File

@ -3,6 +3,7 @@ import EventEmitter = require("events");
import Bluebird = require("bluebird"); import Bluebird = require("bluebird");
import { IConnector } from "./IConnector"; import { IConnector } from "./IConnector";
import Exceptions = require("../../../../Exceptions"); import Exceptions = require("../../../../Exceptions");
import { Client, ClientOptions } from "ldapjs";
interface SearchEntry { interface SearchEntry {
object: any; object: any;
@ -19,11 +20,8 @@ export interface ClientAsync {
export class Connector implements IConnector { export class Connector implements IConnector {
private client: ClientAsync; private client: ClientAsync;
constructor(url: string, ldapjs: typeof LdapJs) { constructor(clientOptions: ClientOptions, ldapjs: typeof LdapJs) {
const ldapClient = ldapjs.createClient({ const ldapClient: Client = ldapjs.createClient(clientOptions);
url: url,
reconnect: true
});
/*const clientLogger = (ldapClient as any).log; /*const clientLogger = (ldapClient as any).log;
if (clientLogger) { if (clientLogger) {

22
server/src/lib/authentication/backends/ldap/connector/ConnectorFactory.ts
View File

@ -1,18 +1,36 @@
import Winston = require("winston");
import { IConnector } from "./IConnector"; import { IConnector } from "./IConnector";
import { Connector } from "./Connector"; import { Connector } from "./Connector";
import { LdapConfiguration } from "../../../../configuration/schema/LdapConfiguration"; import { LdapConfiguration } from "../../../../configuration/schema/LdapConfiguration";
import { Ldapjs } from "Dependencies"; import { Ldapjs } from "Dependencies";
import { ClientOptions } from "ldapjs";
import * as fs from "fs";
export class ConnectorFactory { export class ConnectorFactory {
private configuration: LdapConfiguration; private configuration: LdapConfiguration;
private ldapjs: Ldapjs; private ldapjs: Ldapjs;
private logger: typeof Winston;
constructor(configuration: LdapConfiguration, ldapjs: Ldapjs) { constructor(configuration: LdapConfiguration, ldapjs: Ldapjs, logger: typeof Winston) {
this.configuration = configuration; this.configuration = configuration;
this.ldapjs = ldapjs; this.ldapjs = ldapjs;
this.logger = logger;
} }
create(): IConnector { create(): IConnector {
return new Connector(this.configuration.url, this.ldapjs); const options: ClientOptions = {
url: this.configuration.url,
reconnect: this.configuration.reconnect
};
if (this.configuration.caCert && (this.configuration.url.toLowerCase().startsWith("ldaps"))) {
this.logger.info("Reading CA certificate from: %s", this.configuration.caCert);
options.tlsOptions = {
ca: [ fs.readFileSync(this.configuration.caCert, "utf-8") ],
};
}
this.logger.debug("Using ldap client options: %s", JSON.stringify(options));
return new Connector(options, this.ldapjs);
} }
} }

7
server/src/lib/configuration/schema/LdapConfiguration.ts
View File

@ -15,6 +15,13 @@ export interface LdapConfiguration {
user: string; // admin username user: string; // admin username
password: string; // admin password password: string; // admin password
// The file name where node can find the ldap server CA certificate
// for when the ldap server uses a self signed cert
caCert?: string;
// Used to try to reconnect on an ldap connection failure, defaults to true
reconnect?: boolean;
} }
export function complete(configuration: LdapConfiguration): LdapConfiguration { export function complete(configuration: LdapConfiguration): LdapConfiguration {