ldapauth-fork
Advanced tools
Comparing version 5.0.1 to 5.0.2
| # node-ldapauth-fork Changelog | ||
| ## 5.0.2 | ||
| - [pull request #97] Sanitize group search filters | ||
| ## 5.0.0 | ||
@@ -4,0 +8,0 @@ |
@@ -56,2 +56,21 @@ var assert = require('assert'); | ||
| /** | ||
| * Sanitize LDAP special characters from input | ||
| * | ||
| * {@link https://tools.ietf.org/search/rfc4515#section-3} | ||
| * | ||
| * @private | ||
| * @param {string} input - String to sanitize | ||
| * @returns {string} Sanitized string | ||
| */ | ||
| var sanitizeInput = function(input) { | ||
| return input | ||
| .replace(/\*/g, '\\2a') | ||
| .replace(/\(/g, '\\28') | ||
| .replace(/\)/g, '\\29') | ||
| .replace(/\\/g, '\\5c') | ||
| .replace(/\0/g, '\\00') | ||
| .replace(/\//g, '\\2f'); | ||
| }; | ||
| /** | ||
| * Create an LDAP auth class. Primary usage is the `.authenticate` method. | ||
@@ -143,4 +162,4 @@ * | ||
| return groupSearchFilter | ||
| .replace(/{{dn}}/g, user[opts.groupDnProperty]) | ||
| .replace(/{{username}}/g, user.uid); | ||
| .replace(/{{dn}}/g, sanitizeInput(user[opts.groupDnProperty] || '')) | ||
| .replace(/{{username}}/g, sanitizeInput(user.uid || '')); | ||
| }; | ||
@@ -290,21 +309,2 @@ } | ||
| /** | ||
| * Sanitize LDAP special characters from input | ||
| * | ||
| * {@link https://tools.ietf.org/search/rfc4515#section-3} | ||
| * | ||
| * @private | ||
| * @param {string} input - String to sanitize | ||
| * @returns {string} Sanitized string | ||
| */ | ||
| var sanitizeInput = function(input) { | ||
| return input | ||
| .replace(/\*/g, '\\2a') | ||
| .replace(/\(/g, '\\28') | ||
| .replace(/\)/g, '\\29') | ||
| .replace(/\\/g, '\\5c') | ||
| .replace(/\0/g, '\\00') | ||
| .replace(/\//g, '\\2f'); | ||
| }; | ||
| /** | ||
| * Find the user record for the given username. | ||
@@ -311,0 +311,0 @@ * |
| { | ||
| "name": "ldapauth-fork", | ||
| "version": "5.0.1", | ||
| "version": "5.0.2", | ||
| "main": "./lib/ldapauth.js", | ||
@@ -30,3 +30,3 @@ "types": "./lib/ldapauth.d.ts", | ||
| "dependencies": { | ||
| "@types/ldapjs": "^1.0.9", | ||
| "@types/ldapjs": "^2.2.2", | ||
| "bcryptjs": "^2.4.0", | ||
@@ -40,3 +40,3 @@ "ldapjs": "^2.2.1", | ||
| "bunyan": "^1.8.14", | ||
| "eslint": "^7.13.0", | ||
| "eslint": "^8.5.0", | ||
| "typescript": "^4.0.5", | ||
@@ -43,0 +43,0 @@ "watch": "^1.0.2" |
@@ -15,4 +15,2 @@ # ldapauth-fork | ||
| **Note:** `close` does not work on Node 10. See [joyent/node-ldapjs#483](https://github.com/joyent/node-ldapjs/issues/483) for more information. Pre-release version is available, and it works on Node 10. Install with `npm i ldapauth-fork@next`. | ||
| ```javascript | ||
@@ -44,3 +42,3 @@ var LdapAuth = require('ldapauth-fork'); | ||
| - `url` - LDAP server URL, eg. *ldaps://ldap.example.org:663* | ||
| - `url` - LDAP server URL, eg. *ldaps://ldap.example.org:636*, or a list of URLs, e.g. `["ldaps://ldap.example.org:636"]` | ||
@@ -47,0 +45,0 @@ ldapauth-fork options: |
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-0.25%
32864
- Number of lines in readme file
- decreased by-1.49%
132
Dependency changes
+ Added@types/ldapjs@2.2.5(transitive)
- Removed@types/ldapjs@1.0.11(transitive)
Updated@types/ldapjs@^2.2.2