@mashroom/mashroom-security-provider-ldap
Advanced tools
Comparing version 1.6.3 to 1.6.4
@@ -106,2 +106,4 @@ "use strict"; | ||
} catch (error) { | ||
this.logger.warn(`Binding with user ${ldapEntry.dn} failed`, error); | ||
if (client) { | ||
@@ -111,3 +113,3 @@ await this.disconnect(client); | ||
throw new Error(error); | ||
throw error; | ||
} | ||
@@ -135,2 +137,3 @@ } | ||
} catch (error) { | ||
this.logger.error(`Binding with user ${this.bindDN} failed`, error); | ||
await this.disconnect(searchClient); | ||
@@ -212,3 +215,2 @@ this.searchClient = null; | ||
if (error) { | ||
this.logger.error(`Binding with user ${user} failed`, error); | ||
reject(error); | ||
@@ -215,0 +217,0 @@ } else { |
@@ -24,2 +24,3 @@ "use strict"; | ||
groupToRoleMapping: groupToRoleMappingPath, | ||
userToRoleMapping: userToRoleMappingPath, | ||
serverUrl, | ||
@@ -46,3 +47,3 @@ ldapConnectTimeout, | ||
}); | ||
return new _MashroomLdapSecurityProvider.default(loginPage, userSearchFilter, groupSearchFilter, extraDataMapping, secretsMapping, groupToRoleMappingPath, ldapClient, serverRootFolder, authenticationTimeoutSec, loggerFactory); | ||
return new _MashroomLdapSecurityProvider.default(loginPage, userSearchFilter, groupSearchFilter, extraDataMapping, secretsMapping, groupToRoleMappingPath, userToRoleMappingPath, ldapClient, serverRootFolder, authenticationTimeoutSec, loggerFactory); | ||
}; | ||
@@ -49,0 +50,0 @@ |
@@ -14,2 +14,4 @@ "use strict"; | ||
var _login_failure_reason = _interopRequireDefault(require("./login_failure_reason")); | ||
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } | ||
@@ -21,3 +23,3 @@ | ||
class MashroomLdapSecurityProvider { | ||
constructor(loginPage, userSearchFilter, groupSearchFilter, extraDataMapping, secretsMapping, groupToRoleMappingPath, ldapClient, serverRootFolder, authenticationTimeoutSec, loggerFactory) { | ||
constructor(loginPage, userSearchFilter, groupSearchFilter, extraDataMapping, secretsMapping, groupToRoleMappingPath, userToRoleMappingPath, ldapClient, serverRootFolder, authenticationTimeoutSec, loggerFactory) { | ||
this.loginPage = loginPage; | ||
@@ -31,7 +33,6 @@ this.userSearchFilter = userSearchFilter; | ||
this.authenticationTimeoutSec = authenticationTimeoutSec; | ||
this.logger = loggerFactory('mashroom.security.provider.ldap'); | ||
this.groupToRoleMappingPath = groupToRoleMappingPath; | ||
const logger = loggerFactory('mashroom.security.provider.ldap'); | ||
if (groupToRoleMappingPath) { | ||
const logger = loggerFactory('mashroom.security.provider.ldap'); | ||
this.groupToRoleMappingPath = groupToRoleMappingPath; | ||
@@ -43,3 +44,3 @@ if (!_path.default.isAbsolute(groupToRoleMappingPath)) { | ||
if (this.groupToRoleMappingPath && _fs.default.existsSync(this.groupToRoleMappingPath)) { | ||
logger.info(`Using user to role mapping: ${this.groupToRoleMappingPath}`); | ||
logger.info(`Using group to role mapping: ${this.groupToRoleMappingPath}`); | ||
} else { | ||
@@ -51,3 +52,16 @@ logger.warn(`Group to role mapping file not found: ${groupToRoleMappingPath}`); | ||
this.groupToRoleMapping = null; | ||
if (userToRoleMappingPath) { | ||
this.userToRoleMappingPath = userToRoleMappingPath; | ||
if (!_path.default.isAbsolute(userToRoleMappingPath)) { | ||
this.userToRoleMappingPath = _path.default.resolve(serverRootFolder, userToRoleMappingPath); | ||
} | ||
if (this.userToRoleMappingPath && _fs.default.existsSync(this.userToRoleMappingPath)) { | ||
logger.info(`Using user to role mapping: ${this.userToRoleMappingPath}`); | ||
} else { | ||
logger.warn(`Using to role mapping file not found: ${userToRoleMappingPath}`); | ||
this.userToRoleMappingPath = null; | ||
} | ||
} | ||
} | ||
@@ -99,3 +113,4 @@ | ||
return { | ||
success: false | ||
success: false, | ||
failureReason: 'User not found' | ||
}; | ||
@@ -106,3 +121,4 @@ } | ||
return { | ||
success: false | ||
success: false, | ||
failureReason: 'User not found' | ||
}; | ||
@@ -116,3 +132,5 @@ } | ||
return { | ||
success: false | ||
success: false, | ||
failureReason: (0, _login_failure_reason.default)(e.message), | ||
failureReasonDetails: e.message | ||
}; | ||
@@ -154,3 +172,3 @@ } | ||
const groups = await this.getUserGroups(user, logger); | ||
const roles = this.getRolesForUserGroups(groups, logger); | ||
const roles = this.getRoles(username, groups, logger); | ||
const mashroomUser = { | ||
@@ -175,3 +193,4 @@ username, | ||
return { | ||
success: false | ||
success: false, | ||
failureReason: 'User not found' | ||
}; | ||
@@ -206,23 +225,32 @@ } | ||
getRolesForUserGroups(groups, logger) { | ||
if (!groups || groups.length === 0) { | ||
return []; | ||
} | ||
getRoles(username, groups, logger) { | ||
const roles = []; | ||
const groupToRoles = this.getGroupToRoleMapping(logger); | ||
if (groupToRoles) { | ||
groups.forEach(group => { | ||
if (groupToRoles.hasOwnProperty(group)) { | ||
const groupRoles = groupToRoles[group]; | ||
if (groups && groups.length > 0) { | ||
const groupToRoles = this.getGroupToRoleMapping(logger); | ||
if (groupRoles && Array.isArray(groupRoles)) { | ||
groupToRoles[group].forEach(role => roles.push(role)); | ||
if (groupToRoles) { | ||
groups.forEach(group => { | ||
if (groupToRoles.hasOwnProperty(group)) { | ||
const groupRoles = groupToRoles[group]; | ||
if (groupRoles && Array.isArray(groupRoles)) { | ||
groupToRoles[group].forEach(role => roles.push(role)); | ||
} | ||
} | ||
}); | ||
} else { | ||
// If no mapping defined treat groups as roles | ||
groups.forEach(g => roles.push(g)); | ||
} | ||
} | ||
const userToRoles = this.getUserToRoleMapping(logger); | ||
if (userToRoles && userToRoles.hasOwnProperty(username)) { | ||
userToRoles[username].forEach(role => { | ||
if (roles.indexOf(role) === -1) { | ||
roles.push(role); | ||
} | ||
}); | ||
} else { | ||
// If no mapping defined treat groups as roles | ||
groups.forEach(g => roles.push(g)); | ||
} | ||
@@ -252,4 +280,23 @@ | ||
getUserToRoleMapping(logger) { | ||
if (!this.userToRoleMappingPath) { | ||
return null; | ||
} | ||
if (this.userToRoleMapping) { | ||
return this.userToRoleMapping; | ||
} | ||
if (_fs.default.existsSync(this.userToRoleMappingPath)) { | ||
this.userToRoleMapping = require(this.userToRoleMappingPath); | ||
} else { | ||
logger.warn(`No user to roles definition found: ${this.userToRoleMappingPath || '-'}.`); | ||
this.userToRoleMapping = null; | ||
} | ||
return this.userToRoleMapping; | ||
} | ||
} | ||
exports.default = MashroomLdapSecurityProvider; |
@@ -7,3 +7,3 @@ { | ||
"license": "MIT", | ||
"version": "1.6.3", | ||
"version": "1.6.4", | ||
"files": [ | ||
@@ -17,5 +17,5 @@ "dist/**" | ||
"@babel/cli": "^7.12.1", | ||
"@mashroom/mashroom": "1.6.3", | ||
"@mashroom/mashroom-security": "1.6.3", | ||
"@mashroom/mashroom-utils": "1.6.3", | ||
"@mashroom/mashroom": "1.6.4", | ||
"@mashroom/mashroom-security": "1.6.4", | ||
"@mashroom/mashroom-utils": "1.6.4", | ||
"@types/express": "^4.17.8", | ||
@@ -68,2 +68,3 @@ "@types/jest": "^26.0.15", | ||
"groupToRoleMapping": "./groupToRoleMapping.json", | ||
"userToRoleMapping": "./userToRoleMapping.json", | ||
"authenticationTimeoutSec": 1200 | ||
@@ -70,0 +71,0 @@ } |
@@ -47,2 +47,3 @@ | ||
"groupToRoleMapping": "./groupToRoleMapping.json", | ||
"userToRoleMapping": "./userToRoleMapping.json", | ||
"authenticationTimeoutSec": 1200 | ||
@@ -68,2 +69,3 @@ } | ||
* _groupToRoleMapping_: An optional JSON file that contains a user group to roles mapping | ||
* _userToRoleMapping_: An optional JSON file that contains a user name to roles mapping | ||
* _authenticationTimeoutSec_: The inactivity time after that the authentication expires. Since this plugin uses the session to store make sure the session _cookie.maxAge_ is greater than this value. | ||
@@ -104,1 +106,11 @@ | ||
And the _userToRoleMapping_ file: | ||
```json | ||
{ | ||
"username": [ | ||
"ROLE1", | ||
"ROLE2" | ||
] | ||
} | ||
``` |
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
27626
8
565
114
5