ldapauth-fork
Advanced tools
Comparing version 5.0.1 to 5.0.2
# node-ldapauth-fork Changelog | ||
## 5.0.2 | ||
- [pull request #97] Sanitize group search filters | ||
## 5.0.0 | ||
@@ -4,0 +8,0 @@ |
@@ -56,2 +56,21 @@ var assert = require('assert'); | ||
/** | ||
* Sanitize LDAP special characters from input | ||
* | ||
* {@link https://tools.ietf.org/search/rfc4515#section-3} | ||
* | ||
* @private | ||
* @param {string} input - String to sanitize | ||
* @returns {string} Sanitized string | ||
*/ | ||
var sanitizeInput = function(input) { | ||
return input | ||
.replace(/\*/g, '\\2a') | ||
.replace(/\(/g, '\\28') | ||
.replace(/\)/g, '\\29') | ||
.replace(/\\/g, '\\5c') | ||
.replace(/\0/g, '\\00') | ||
.replace(/\//g, '\\2f'); | ||
}; | ||
/** | ||
* Create an LDAP auth class. Primary usage is the `.authenticate` method. | ||
@@ -143,4 +162,4 @@ * | ||
return groupSearchFilter | ||
.replace(/{{dn}}/g, user[opts.groupDnProperty]) | ||
.replace(/{{username}}/g, user.uid); | ||
.replace(/{{dn}}/g, sanitizeInput(user[opts.groupDnProperty] || '')) | ||
.replace(/{{username}}/g, sanitizeInput(user.uid || '')); | ||
}; | ||
@@ -290,21 +309,2 @@ } | ||
/** | ||
* Sanitize LDAP special characters from input | ||
* | ||
* {@link https://tools.ietf.org/search/rfc4515#section-3} | ||
* | ||
* @private | ||
* @param {string} input - String to sanitize | ||
* @returns {string} Sanitized string | ||
*/ | ||
var sanitizeInput = function(input) { | ||
return input | ||
.replace(/\*/g, '\\2a') | ||
.replace(/\(/g, '\\28') | ||
.replace(/\)/g, '\\29') | ||
.replace(/\\/g, '\\5c') | ||
.replace(/\0/g, '\\00') | ||
.replace(/\//g, '\\2f'); | ||
}; | ||
/** | ||
* Find the user record for the given username. | ||
@@ -311,0 +311,0 @@ * |
{ | ||
"name": "ldapauth-fork", | ||
"version": "5.0.1", | ||
"version": "5.0.2", | ||
"main": "./lib/ldapauth.js", | ||
@@ -30,3 +30,3 @@ "types": "./lib/ldapauth.d.ts", | ||
"dependencies": { | ||
"@types/ldapjs": "^1.0.9", | ||
"@types/ldapjs": "^2.2.2", | ||
"bcryptjs": "^2.4.0", | ||
@@ -40,3 +40,3 @@ "ldapjs": "^2.2.1", | ||
"bunyan": "^1.8.14", | ||
"eslint": "^7.13.0", | ||
"eslint": "^8.5.0", | ||
"typescript": "^4.0.5", | ||
@@ -43,0 +43,0 @@ "watch": "^1.0.2" |
@@ -15,4 +15,2 @@ # ldapauth-fork | ||
**Note:** `close` does not work on Node 10. See [joyent/node-ldapjs#483](https://github.com/joyent/node-ldapjs/issues/483) for more information. Pre-release version is available, and it works on Node 10. Install with `npm i ldapauth-fork@next`. | ||
```javascript | ||
@@ -44,3 +42,3 @@ var LdapAuth = require('ldapauth-fork'); | ||
- `url` - LDAP server URL, eg. *ldaps://ldap.example.org:663* | ||
- `url` - LDAP server URL, eg. *ldaps://ldap.example.org:636*, or a list of URLs, e.g. `["ldaps://ldap.example.org:636"]` | ||
@@ -47,0 +45,0 @@ ldapauth-fork options: |
32864
132
+ Added@types/ldapjs@2.2.5(transitive)
- Removed@types/ldapjs@1.0.11(transitive)
Updated@types/ldapjs@^2.2.2