@mashroom/mashroom-security-provider-ldap
Advanced tools
Comparing version 1.7.10 to 1.8.0
@@ -8,2 +8,4 @@ "use strict"; | ||
var _tls_utils = require("@mashroom/mashroom-utils/lib/tls_utils"); | ||
var _MashroomLdapSecurityProvider = _interopRequireDefault(require("./MashroomLdapSecurityProvider")); | ||
@@ -13,4 +15,2 @@ | ||
var _fix_tls_options = _interopRequireDefault(require("./fix_tls_options")); | ||
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } | ||
@@ -43,3 +43,5 @@ | ||
} = pluginContext; | ||
const fixedTlsOptions = (0, _fix_tls_options.default)(tlsOptions, serverRootFolder, loggerFactory); | ||
const logger = loggerFactory('mashroom.security.provider.ldap'); | ||
const fixedTlsOptions = (0, _tls_utils.fixTlsOptions)(tlsOptions, serverRootFolder, logger); | ||
logger.debug('Using TLS options for LDAPS:', fixedTlsOptions); | ||
const ldapClient = new _LdapClientImpl.default(serverUrl, ldapConnectTimeout, ldapTimeout, baseDN, bindDN, bindCredentials, fixedTlsOptions, loggerFactory); | ||
@@ -46,0 +48,0 @@ pluginContext.services.core.pluginService.onUnloadOnce(pluginName, () => { |
@@ -189,3 +189,5 @@ "use strict"; | ||
request.session[LDAP_AUTH_USER_SESSION_KEY] = mashroomUser; | ||
request.session[LDAP_AUTH_EXPIRES_SESSION_KEY] = Date.now() + this._authenticationTimeoutSec * 1000; | ||
request.session[LDAP_AUTH_EXPIRES_SESSION_KEY] = Date.now() + this._authenticationTimeoutSec * 1000; // Make sure the user is in the session when this method returns (file session store is async) | ||
await new Promise(resolve => request.session.save(() => resolve())); | ||
return { | ||
@@ -309,11 +311,14 @@ success: true | ||
const securityService = request.pluginContext.services.security.service; | ||
const existingRoles = (await securityService.getExistingRoles(request)).map(def => def.id); | ||
const roles = []; | ||
Object.values(mapping).forEach(mappingRoles => { | ||
mappingRoles === null || mappingRoles === void 0 ? void 0 : mappingRoles.forEach(role => { | ||
if (roles.indexOf(role) === -1) { | ||
roles.push(role); | ||
} | ||
}); | ||
if (Array.isArray(mappingRoles)) { | ||
mappingRoles.forEach(role => { | ||
if (existingRoles.indexOf(role) === -1 && roles.indexOf(role) === -1) { | ||
roles.push(role); | ||
} | ||
}); | ||
} | ||
}); | ||
logger.debug('Adding role definitions:', roles); | ||
logger.debug('Adding new role definitions:', roles); | ||
@@ -320,0 +325,0 @@ for (const id of roles) { |
@@ -7,3 +7,3 @@ { | ||
"license": "MIT", | ||
"version": "1.7.10", | ||
"version": "1.8.0", | ||
"files": [ | ||
@@ -13,17 +13,17 @@ "dist/**" | ||
"dependencies": { | ||
"ldapjs": "^2.2.3" | ||
"ldapjs": "^2.3.0" | ||
}, | ||
"devDependencies": { | ||
"@babel/cli": "^7.12.16", | ||
"@mashroom/mashroom": "1.7.10", | ||
"@mashroom/mashroom-security": "1.7.10", | ||
"@mashroom/mashroom-utils": "1.7.10", | ||
"@types/express": "^4.17.11", | ||
"@types/jest": "^26.0.20", | ||
"@types/ldapjs": "^1.0.9", | ||
"@types/node": "14.14.28", | ||
"eslint": "^7.19.0", | ||
"@babel/cli": "^7.14.8", | ||
"@mashroom/mashroom": "1.8.0", | ||
"@mashroom/mashroom-security": "1.8.0", | ||
"@mashroom/mashroom-utils": "1.8.0", | ||
"@types/express": "^4.17.13", | ||
"@types/jest": "^26.0.24", | ||
"@types/ldapjs": "^2.2.0", | ||
"@types/node": "14.17.7", | ||
"eslint": "^7.32.0", | ||
"express": "^4.17.1", | ||
"jest": "^26.6.3", | ||
"typescript": "^4.1.5" | ||
"jest": "^27.0.6", | ||
"typescript": "^4.3.5" | ||
}, | ||
@@ -30,0 +30,0 @@ "jest": { |
@@ -54,8 +54,8 @@ | ||
* _loginPage_: The login URL when user is not authenticated (must match the path of _Mashroom Security Default Login Webapp_) | ||
* _loginPage_: The login URL to redirect to if the user is not authenticated (Default: /login) | ||
* _serverUrl_: The LDAP server URL with protocol and port | ||
* _ldapConnectTimeout_: Connect timeout in ms (default: 3000) | ||
* _ldapTimeout_: Timeout in ms (default: 5000) | ||
* _tlsOptions_: Optional TLS options if your LDAP server requires TLS. The options are passed to [Node TLS](https://nodejs.org/api/tls.html), | ||
but the file paths (e.g. for "cert") are resolved relatively to _mashroom.json_. | ||
* _ldapConnectTimeout_: Connect timeout in ms (Default: 3000) | ||
* _ldapTimeout_: Timeout in ms (Default: 5000) | ||
* _tlsOptions_: Optional TLS options if your LDAP server requires TLS. The options are passed to [Node TLS](https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener) | ||
but the file paths (e.g. for "cert") are resolved relatively to the server config. | ||
* _bindDN_: The bind user for searching | ||
@@ -66,7 +66,7 @@ * _bindCredentials_: The password for the bind user | ||
* _groupSearchFilter_: The group search filter (can be empty if you don't want to fetch the user groups) | ||
* _extraDataMapping_: Optionally map extra LDAP attributes to _user.extraData_. The key in the map is the extraData property, the value the LDAP attribute (default: null) | ||
* _secretsMapping_: Optionally map extra LDAP attributes to _user.secrets_ (default: null) | ||
* _groupToRoleMapping_: An optional JSON file that contains a user group to roles mapping | ||
* _userToRoleMapping_: An optional JSON file that contains a user name to roles mapping | ||
* _authenticationTimeoutSec_: The inactivity time after that the authentication expires. Since this plugin uses the session to store make sure the session _cookie.maxAge_ is greater than this value. | ||
* _extraDataMapping_: Optionally map extra LDAP attributes to _user.extraData_. The key in the map is the extraData property, the value the LDAP attribute (Default: null) | ||
* _secretsMapping_: Optionally map extra LDAP attributes to _user.secrets_ (Default: null) | ||
* _groupToRoleMapping_: An optional JSON file that contains a user group to roles mapping (Default: /groupToRoleMapping.json) | ||
* _userToRoleMapping_: An optional JSON file that contains a user name to roles mapping (Default: /userToRoleMapping.json) | ||
* _authenticationTimeoutSec_: The inactivity time after that the authentication expires. Since this plugin uses the session to store make sure the session _cookie.maxAge_ is greater than this value (Default: 1200) | ||
@@ -99,2 +99,3 @@ For a server that requires TLS you have to provide a _tlsOptions_ object: | ||
{ | ||
"$schema": "https://www.mashroom-server.com/schemas/mashroom-security-ldap-provider-group-to-role-mapping.json", | ||
"LDAP_GROUP1": [ | ||
@@ -111,2 +112,3 @@ "ROLE1", | ||
{ | ||
"$schema": "https://www.mashroom-server.com/schemas/mashroom-security-ldap-provider-user-to-role-mapping.json", | ||
"username": [ | ||
@@ -113,0 +115,0 @@ "ROLE1", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
116
4
28188
7
554
Updatedldapjs@^2.3.0