@mashroom/mashroom-security-provider-ldap
Advanced tools
Comparing version 1.0.92 to 1.0.93
@@ -26,3 +26,4 @@ "use strict"; | ||
bindDN, | ||
bindCredentials | ||
bindCredentials, | ||
authenticationTimeoutSec | ||
} = pluginConfig; | ||
@@ -38,3 +39,3 @@ const pluginContext = pluginContextHolder.getPluginContext(); | ||
const ldapClient = new _LdapClientImpl.default(serverUrl, baseDN, bindDN, bindCredentials, fixedTlsOptions, loggerFactory); | ||
return new _MashroomLdapSecurityProvider.default(loginPage, userSearchFilter, groupSearchFilter, groupToRoleMappingPath, ldapClient, serverRootFolder, loggerFactory); | ||
return new _MashroomLdapSecurityProvider.default(loginPage, userSearchFilter, groupSearchFilter, groupToRoleMappingPath, ldapClient, serverRootFolder, authenticationTimeoutSec, loggerFactory); | ||
}; | ||
@@ -41,0 +42,0 @@ |
@@ -14,6 +14,7 @@ "use strict"; | ||
const AUTHENTICATION_RESULT_SESSION_KEY = '__MASHROOM_SECURITY_AUTH'; | ||
const AUTHENTICATION_RESULT_SESSION_KEY = '__MASHROOM_SECURITY_AUTH_USER'; | ||
const AUTHENTICATION_EXPIRES_SESSION_KEY = '__MASHROOM_SECURITY_AUTH_EXPIRES'; | ||
class MashroomLdapSecurityProvider { | ||
constructor(loginPage, userSearchFilter, groupSearchFilter, groupToRoleMappingPath, ldapClient, serverRootFolder, loggerFactory) { | ||
constructor(loginPage, userSearchFilter, groupSearchFilter, groupToRoleMappingPath, ldapClient, serverRootFolder, authenticationTimeoutSec, loggerFactory) { | ||
this._logger = loggerFactory('mashroom.security.provider.ldap'); | ||
@@ -25,2 +26,3 @@ this._loginPage = loginPage; | ||
this._ldapClient = ldapClient; | ||
this._authenticationTimeoutSec = authenticationTimeoutSec; | ||
@@ -45,3 +47,3 @@ if (groupToRoleMappingPath) { | ||
async authenticate(request, response) { | ||
let buff = new Buffer(decodeURI(request.originalUrl)); | ||
let buff = Buffer.from(decodeURI(request.originalUrl)); | ||
const base64encodedReferrer = buff.toString('base64'); | ||
@@ -54,2 +56,13 @@ response.redirect(`${this._loginPage}?ref=${base64encodedReferrer}`); | ||
async refreshAuthentication(request) { | ||
request.session[AUTHENTICATION_EXPIRES_SESSION_KEY] = Date.now() + this._authenticationTimeoutSec * 1000; | ||
} | ||
getAuthenticationExpiration(request) { | ||
return request.session[AUTHENTICATION_EXPIRES_SESSION_KEY]; | ||
} | ||
async revokeAuthentication() {// Nothing to do, the session has been regenerated at this point | ||
} | ||
async login(request, username, password) { | ||
@@ -99,2 +112,3 @@ let user = null; | ||
request.session[AUTHENTICATION_RESULT_SESSION_KEY] = mashroomUser; | ||
request.session[AUTHENTICATION_EXPIRES_SESSION_KEY] = Date.now() + this._authenticationTimeoutSec * 1000; | ||
return { | ||
@@ -110,6 +124,14 @@ success: true | ||
async revokeAuthentication(request) {// Nothing to do, the session has been regenerated at this point | ||
} | ||
getUser(request) { | ||
const timeout = request.session[AUTHENTICATION_EXPIRES_SESSION_KEY]; | ||
getUser(request) { | ||
if (!timeout) { | ||
return null; | ||
} | ||
if (timeout < Date.now()) { | ||
delete request.session[AUTHENTICATION_RESULT_SESSION_KEY]; | ||
return null; | ||
} | ||
return request.session[AUTHENTICATION_RESULT_SESSION_KEY]; | ||
@@ -116,0 +138,0 @@ } |
@@ -7,3 +7,3 @@ { | ||
"license": "MIT", | ||
"version": "1.0.92", | ||
"version": "1.0.93", | ||
"files": [ | ||
@@ -17,5 +17,5 @@ "dist/**" | ||
"@babel/cli": "^7.4.4", | ||
"@mashroom/mashroom": "1.0.92", | ||
"@mashroom/mashroom-security": "1.0.92", | ||
"@mashroom/mashroom-utils": "1.0.92", | ||
"@mashroom/mashroom": "1.0.93", | ||
"@mashroom/mashroom-security": "1.0.93", | ||
"@mashroom/mashroom-utils": "1.0.93", | ||
"eslint": "^5.16.0", | ||
@@ -57,3 +57,4 @@ "express": "^4.17.1", | ||
"groupSearchFilter": "(objectClass=group)", | ||
"groupToRoleMapping": "./groupToRoleMapping.json" | ||
"groupToRoleMapping": "./groupToRoleMapping.json", | ||
"authenticationTimeoutSec": 1200 | ||
} | ||
@@ -60,0 +61,0 @@ } |
@@ -37,3 +37,4 @@ | ||
"groupSearchFilter": "(objectClass=group)", | ||
"groupToRoleMapping": "./groupToRoleMapping.json" | ||
"groupToRoleMapping": "./groupToRoleMapping.json", | ||
"authenticationTimeoutSec": 1200 | ||
} | ||
@@ -54,2 +55,3 @@ } | ||
* _groupToRoleMapping_: An optional JSON file that contains a user group to roles mapping | ||
* _authenticationTimeoutSec_: The inactivity time after that the authentication expires. Since this plugin uses the session to store make sure the session _cookie.maxAge_ is greater than this value. | ||
@@ -56,0 +58,0 @@ For a server that requires TLS you have to provide a _tlsOptions_ object: |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
17569
326
89