mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Added the ability for users to configure a CA when using ldaps
This commit is contained in:
Max Planck
Clément Michaud
parent
4979f2bd2d
commit
81e39b93b6
|
|
@ -1,4 +1,4 @@
|
|||
FROM node:8.7.0-alpine
|
||||
FROM node:10.16.0-alpine
|
||||
|
||||
WORKDIR /usr/src
|
||||
|
||||
|
|
|
|||
7528
client/package-lock.json
generated
7528
client/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
41
package-lock.json
generated
41
package-lock.json
generated
|
|
@ -2787,8 +2787,7 @@
|
|||
"ansi-regex": {
|
||||
"version": "2.1.1",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"aproba": {
|
||||
"version": "1.2.0",
|
||||
|
|
@ -2809,14 +2808,12 @@
|
|||
"balanced-match": {
|
||||
"version": "1.0.0",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"brace-expansion": {
|
||||
"version": "1.1.11",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"balanced-match": "^1.0.0",
|
||||
"concat-map": "0.0.1"
|
||||
|
|
@ -2831,20 +2828,17 @@
|
|||
"code-point-at": {
|
||||
"version": "1.1.0",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"concat-map": {
|
||||
"version": "0.0.1",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"console-control-strings": {
|
||||
"version": "1.1.0",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"core-util-is": {
|
||||
"version": "1.0.2",
|
||||
|
|
@ -2961,8 +2955,7 @@
|
|||
"inherits": {
|
||||
"version": "2.0.3",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"ini": {
|
||||
"version": "1.3.5",
|
||||
|
|
@ -2974,7 +2967,6 @@
|
|||
"version": "1.0.0",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"number-is-nan": "^1.0.0"
|
||||
}
|
||||
|
|
@ -2989,7 +2981,6 @@
|
|||
"version": "3.0.4",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"brace-expansion": "^1.1.7"
|
||||
}
|
||||
|
|
@ -2997,14 +2988,12 @@
|
|||
"minimist": {
|
||||
"version": "0.0.8",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"minipass": {
|
||||
"version": "2.3.5",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"safe-buffer": "^5.1.2",
|
||||
"yallist": "^3.0.0"
|
||||
|
|
@ -3023,7 +3012,6 @@
|
|||
"version": "0.5.1",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"minimist": "0.0.8"
|
||||
}
|
||||
|
|
@ -3111,8 +3099,7 @@
|
|||
"number-is-nan": {
|
||||
"version": "1.0.1",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"object-assign": {
|
||||
"version": "4.1.1",
|
||||
|
|
@ -3124,7 +3111,6 @@
|
|||
"version": "1.4.0",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"wrappy": "1"
|
||||
}
|
||||
|
|
@ -3210,8 +3196,7 @@
|
|||
"safe-buffer": {
|
||||
"version": "5.1.2",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"safer-buffer": {
|
||||
"version": "2.1.2",
|
||||
|
|
@ -3247,7 +3232,6 @@
|
|||
"version": "1.0.2",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"code-point-at": "^1.0.0",
|
||||
"is-fullwidth-code-point": "^1.0.0",
|
||||
|
|
@ -3267,7 +3251,6 @@
|
|||
"version": "3.0.1",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"ansi-regex": "^2.0.0"
|
||||
}
|
||||
|
|
@ -3311,14 +3294,12 @@
|
|||
"wrappy": {
|
||||
"version": "1.0.2",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
},
|
||||
"yallist": {
|
||||
"version": "3.0.3",
|
||||
"bundled": true,
|
||||
"dev": true,
|
||||
"optional": true
|
||||
"dev": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import Nodemailer = require("nodemailer");
|
||||
|
||||
|
|
@ -57,7 +56,7 @@ export class ServerVariablesInitializer {
|
|||
return new LdapUsersDatabase(
|
||||
new SessionFactory(
|
||||
ldapConfig,
|
||||
new ConnectorFactory(ldapConfig, deps.ldapjs),
|
||||
new ConnectorFactory(ldapConfig, deps.ldapjs, deps.winston),
|
||||
deps.winston
|
||||
),
|
||||
ldapConfig
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
import Ldapjs = require("ldapjs");
|
||||
import Winston = require("winston");
|
||||
|
||||
import { IConnectorFactory } from "./connector/IConnectorFactory";
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ import EventEmitter = require("events");
|
|||
import Bluebird = require("bluebird");
|
||||
import { IConnector } from "./IConnector";
|
||||
import Exceptions = require("../../../../Exceptions");
|
||||
import { Client, ClientOptions } from "ldapjs";
|
||||
|
||||
interface SearchEntry {
|
||||
object: any;
|
||||
|
|
@ -19,11 +20,8 @@ export interface ClientAsync {
|
|||
export class Connector implements IConnector {
|
||||
private client: ClientAsync;
|
||||
|
||||
constructor(url: string, ldapjs: typeof LdapJs) {
|
||||
const ldapClient = ldapjs.createClient({
|
||||
url: url,
|
||||
reconnect: true
|
||||
});
|
||||
constructor(clientOptions: ClientOptions, ldapjs: typeof LdapJs) {
|
||||
const ldapClient: Client = ldapjs.createClient(clientOptions);
|
||||
|
||||
/*const clientLogger = (ldapClient as any).log;
|
||||
if (clientLogger) {
|
||||
|
|
|
|||
|
|
@ -1,18 +1,36 @@
|
|||
import Winston = require("winston");
|
||||
import { IConnector } from "./IConnector";
|
||||
import { Connector } from "./Connector";
|
||||
import { LdapConfiguration } from "../../../../configuration/schema/LdapConfiguration";
|
||||
import { Ldapjs } from "Dependencies";
|
||||
import { ClientOptions } from "ldapjs";
|
||||
import * as fs from "fs";
|
||||
|
||||
export class ConnectorFactory {
|
||||
private configuration: LdapConfiguration;
|
||||
private ldapjs: Ldapjs;
|
||||
private logger: typeof Winston;
|
||||
|
||||
constructor(configuration: LdapConfiguration, ldapjs: Ldapjs) {
|
||||
constructor(configuration: LdapConfiguration, ldapjs: Ldapjs, logger: typeof Winston) {
|
||||
this.configuration = configuration;
|
||||
this.ldapjs = ldapjs;
|
||||
this.logger = logger;
|
||||
}
|
||||
|
||||
create(): IConnector {
|
||||
return new Connector(this.configuration.url, this.ldapjs);
|
||||
const options: ClientOptions = {
|
||||
url: this.configuration.url,
|
||||
reconnect: this.configuration.reconnect
|
||||
};
|
||||
|
||||
if (this.configuration.caCert && (this.configuration.url.toLowerCase().startsWith("ldaps"))) {
|
||||
this.logger.info("Reading CA certificate from: %s", this.configuration.caCert);
|
||||
options.tlsOptions = {
|
||||
ca: [ fs.readFileSync(this.configuration.caCert, "utf-8") ],
|
||||
};
|
||||
}
|
||||
|
||||
this.logger.debug("Using ldap client options: %s", JSON.stringify(options));
|
||||
return new Connector(options, this.ldapjs);
|
||||
}
|
||||
}
|
||||
|
|
@ -15,6 +15,13 @@ export interface LdapConfiguration {
|
|||
|
||||
user: string; // admin username
|
||||
password: string; // admin password
|
||||
|
||||
// The file name where node can find the ldap server CA certificate
|
||||
// for when the ldap server uses a self signed cert
|
||||
caCert?: string;
|
||||
|
||||
// Used to try to reconnect on an ldap connection failure, defaults to true
|
||||
reconnect?: boolean;
|
||||
}
|
||||
|
||||
export function complete(configuration: LdapConfiguration): LdapConfiguration {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user