@mashroom/mashroom-security-provider-ldap
Advanced tools
@mashroom/mashroom-security-provider-ldap - npm Package Compare versions
Comparing version 1.7.10 to 1.8.0
@@ -8,2 +8,4 @@ "use strict"; | ||
| var _tls_utils = require("@mashroom/mashroom-utils/lib/tls_utils"); | ||
| var _MashroomLdapSecurityProvider = _interopRequireDefault(require("./MashroomLdapSecurityProvider")); | ||
@@ -13,4 +15,2 @@ | ||
| var _fix_tls_options = _interopRequireDefault(require("./fix_tls_options")); | ||
| function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } | ||
@@ -43,3 +43,5 @@ | ||
| } = pluginContext; | ||
| const fixedTlsOptions = (0, _fix_tls_options.default)(tlsOptions, serverRootFolder, loggerFactory); | ||
| const logger = loggerFactory('mashroom.security.provider.ldap'); | ||
| const fixedTlsOptions = (0, _tls_utils.fixTlsOptions)(tlsOptions, serverRootFolder, logger); | ||
| logger.debug('Using TLS options for LDAPS:', fixedTlsOptions); | ||
| const ldapClient = new _LdapClientImpl.default(serverUrl, ldapConnectTimeout, ldapTimeout, baseDN, bindDN, bindCredentials, fixedTlsOptions, loggerFactory); | ||
@@ -46,0 +48,0 @@ pluginContext.services.core.pluginService.onUnloadOnce(pluginName, () => { |
@@ -189,3 +189,5 @@ "use strict"; | ||
| request.session[LDAP_AUTH_USER_SESSION_KEY] = mashroomUser; | ||
| request.session[LDAP_AUTH_EXPIRES_SESSION_KEY] = Date.now() + this._authenticationTimeoutSec * 1000; | ||
| request.session[LDAP_AUTH_EXPIRES_SESSION_KEY] = Date.now() + this._authenticationTimeoutSec * 1000; // Make sure the user is in the session when this method returns (file session store is async) | ||
| await new Promise(resolve => request.session.save(() => resolve())); | ||
| return { | ||
@@ -309,11 +311,14 @@ success: true | ||
| const securityService = request.pluginContext.services.security.service; | ||
| const existingRoles = (await securityService.getExistingRoles(request)).map(def => def.id); | ||
| const roles = []; | ||
| Object.values(mapping).forEach(mappingRoles => { | ||
| mappingRoles === null || mappingRoles === void 0 ? void 0 : mappingRoles.forEach(role => { | ||
| if (roles.indexOf(role) === -1) { | ||
| roles.push(role); | ||
| } | ||
| }); | ||
| if (Array.isArray(mappingRoles)) { | ||
| mappingRoles.forEach(role => { | ||
| if (existingRoles.indexOf(role) === -1 && roles.indexOf(role) === -1) { | ||
| roles.push(role); | ||
| } | ||
| }); | ||
| } | ||
| }); | ||
| logger.debug('Adding role definitions:', roles); | ||
| logger.debug('Adding new role definitions:', roles); | ||
@@ -320,0 +325,0 @@ for (const id of roles) { |
@@ -7,3 +7,3 @@ { | ||
| "license": "MIT", | ||
| "version": "1.7.10", | ||
| "version": "1.8.0", | ||
| "files": [ | ||
@@ -13,17 +13,17 @@ "dist/**" | ||
| "dependencies": { | ||
| "ldapjs": "^2.2.3" | ||
| "ldapjs": "^2.3.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@babel/cli": "^7.12.16", | ||
| "@mashroom/mashroom": "1.7.10", | ||
| "@mashroom/mashroom-security": "1.7.10", | ||
| "@mashroom/mashroom-utils": "1.7.10", | ||
| "@types/express": "^4.17.11", | ||
| "@types/jest": "^26.0.20", | ||
| "@types/ldapjs": "^1.0.9", | ||
| "@types/node": "14.14.28", | ||
| "eslint": "^7.19.0", | ||
| "@babel/cli": "^7.14.8", | ||
| "@mashroom/mashroom": "1.8.0", | ||
| "@mashroom/mashroom-security": "1.8.0", | ||
| "@mashroom/mashroom-utils": "1.8.0", | ||
| "@types/express": "^4.17.13", | ||
| "@types/jest": "^26.0.24", | ||
| "@types/ldapjs": "^2.2.0", | ||
| "@types/node": "14.17.7", | ||
| "eslint": "^7.32.0", | ||
| "express": "^4.17.1", | ||
| "jest": "^26.6.3", | ||
| "typescript": "^4.1.5" | ||
| "jest": "^27.0.6", | ||
| "typescript": "^4.3.5" | ||
| }, | ||
@@ -30,0 +30,0 @@ "jest": { |
@@ -54,8 +54,8 @@ | ||
| * _loginPage_: The login URL when user is not authenticated (must match the path of _Mashroom Security Default Login Webapp_) | ||
| * _loginPage_: The login URL to redirect to if the user is not authenticated (Default: /login) | ||
| * _serverUrl_: The LDAP server URL with protocol and port | ||
| * _ldapConnectTimeout_: Connect timeout in ms (default: 3000) | ||
| * _ldapTimeout_: Timeout in ms (default: 5000) | ||
| * _tlsOptions_: Optional TLS options if your LDAP server requires TLS. The options are passed to [Node TLS](https://nodejs.org/api/tls.html), | ||
| but the file paths (e.g. for "cert") are resolved relatively to _mashroom.json_. | ||
| * _ldapConnectTimeout_: Connect timeout in ms (Default: 3000) | ||
| * _ldapTimeout_: Timeout in ms (Default: 5000) | ||
| * _tlsOptions_: Optional TLS options if your LDAP server requires TLS. The options are passed to [Node TLS](https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener) | ||
| but the file paths (e.g. for "cert") are resolved relatively to the server config. | ||
| * _bindDN_: The bind user for searching | ||
@@ -66,7 +66,7 @@ * _bindCredentials_: The password for the bind user | ||
| * _groupSearchFilter_: The group search filter (can be empty if you don't want to fetch the user groups) | ||
| * _extraDataMapping_: Optionally map extra LDAP attributes to _user.extraData_. The key in the map is the extraData property, the value the LDAP attribute (default: null) | ||
| * _secretsMapping_: Optionally map extra LDAP attributes to _user.secrets_ (default: null) | ||
| * _groupToRoleMapping_: An optional JSON file that contains a user group to roles mapping | ||
| * _userToRoleMapping_: An optional JSON file that contains a user name to roles mapping | ||
| * _authenticationTimeoutSec_: The inactivity time after that the authentication expires. Since this plugin uses the session to store make sure the session _cookie.maxAge_ is greater than this value. | ||
| * _extraDataMapping_: Optionally map extra LDAP attributes to _user.extraData_. The key in the map is the extraData property, the value the LDAP attribute (Default: null) | ||
| * _secretsMapping_: Optionally map extra LDAP attributes to _user.secrets_ (Default: null) | ||
| * _groupToRoleMapping_: An optional JSON file that contains a user group to roles mapping (Default: /groupToRoleMapping.json) | ||
| * _userToRoleMapping_: An optional JSON file that contains a user name to roles mapping (Default: /userToRoleMapping.json) | ||
| * _authenticationTimeoutSec_: The inactivity time after that the authentication expires. Since this plugin uses the session to store make sure the session _cookie.maxAge_ is greater than this value (Default: 1200) | ||
@@ -99,2 +99,3 @@ For a server that requires TLS you have to provide a _tlsOptions_ object: | ||
| { | ||
| "$schema": "https://www.mashroom-server.com/schemas/mashroom-security-ldap-provider-group-to-role-mapping.json", | ||
| "LDAP_GROUP1": [ | ||
@@ -111,2 +112,3 @@ "ROLE1", | ||
| { | ||
| "$schema": "https://www.mashroom-server.com/schemas/mashroom-security-ldap-provider-user-to-role-mapping.json", | ||
| "username": [ | ||
@@ -113,0 +115,0 @@ "ROLE1", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Number of lines in readme file
- increased by1.75%
116
- Number of low supply chain risk alerts
- decreased by-20%
4
Worsened metrics
- Total package byte prevSize
- decreased by-2.93%
28188
- Number of package files
- decreased by-12.5%
7
- Lines of code
- decreased by-6.26%
554
Dependency changes
Updatedldapjs@^2.3.0