ldapauth
Advanced tools
Comparing version 1.0.2 to 2.0.0
@@ -7,8 +7,8 @@ /* | ||
* Usage: | ||
* var Cache = require("amon-common").Cache; | ||
* var Cache = require('amon-common').Cache; | ||
* // size, expiry, log, name | ||
* this.accountCache = new Cache( 100, 300, log, "account"); | ||
* this.accountCache.set("hamish", {...}); | ||
* this.accountCache = new Cache( 100, 300, log, 'account'); | ||
* this.accountCache.set('hamish', {...}); | ||
* ... | ||
* this.accountCache.get("hamish") // -> {...} | ||
* this.accountCache.get('hamish') // -> {...} | ||
*/ | ||
@@ -36,3 +36,3 @@ | ||
this.log = log; | ||
this.name = (name ? name + " " : ""); | ||
this.name = (name ? name + ' ' : ''); | ||
this.items = LRU(this.size); | ||
@@ -48,3 +48,3 @@ } | ||
if (this.log) { | ||
this.log.trace("%scache reset", this.name); | ||
this.log.trace('%scache reset', this.name); | ||
} | ||
@@ -60,3 +60,3 @@ this.items.reset(); | ||
if (this.log) { | ||
this.log.trace("%scache hit: key='%s': %o", this.name, key, cached); | ||
this.log.trace('%scache hit: key="%s": %o', this.name, key, cached); | ||
} | ||
@@ -67,3 +67,3 @@ return cached.value; | ||
if (this.log) { | ||
this.log.trace("%scache miss: key='%s'", this.name, key); | ||
this.log.trace('%scache miss: key="%s"', this.name, key); | ||
} | ||
@@ -80,3 +80,3 @@ return null; | ||
if (this.log) { | ||
this.log.trace("%scache set: key='%s': %o", this.name, key, item); | ||
this.log.trace('%scache set: key="%s": %o', this.name, key, item); | ||
} | ||
@@ -89,3 +89,3 @@ this.items.set(key, item); | ||
if (this.log) { | ||
this.log.trace("%scache del: key='%s'", this.name, key); | ||
this.log.trace('%scache del: key="%s"', this.name, key); | ||
} | ||
@@ -97,2 +97,1 @@ this.items.del(key); | ||
module.exports = Cache; | ||
@@ -1,2 +0,3 @@ | ||
/* Copyright 2011 (c) Trent Mick. | ||
/** | ||
* Copyright 2011 (c) Trent Mick. | ||
* | ||
@@ -9,10 +10,5 @@ * LDAP auth. | ||
* ... | ||
* auth.authenticate(username, password, function(err, user) { ... }); | ||
* auth.authenticate(username, password, function (err, user) { ... }); | ||
* ... | ||
* auth.close(function(err) { ... }) | ||
* | ||
* npm Dependencies: | ||
* ldapjs | ||
* lru-cache | ||
* log4js (optional) | ||
* auth.close(function (err) { ... }) | ||
*/ | ||
@@ -22,4 +18,5 @@ | ||
var bcrypt = require('bcrypt'); | ||
var ldap = require("ldapjs"); | ||
var ldap = require('ldapjs'); | ||
var debug = console.warn; | ||
var format = require('util').format; | ||
@@ -31,10 +28,11 @@ | ||
* | ||
* @param opts {Object} Config options. Keys (required, unless says otherwise) are: | ||
* url {String} E.g. "ldaps://ldap.example.com:663" | ||
* adminDn {String} E.g. "uid=myapp,ou=users,o=example.com" | ||
* @param opts {Object} Config options. Keys (required, unless says | ||
* otherwise) are: | ||
* url {String} E.g. 'ldaps://ldap.example.com:663' | ||
* adminDn {String} E.g. 'uid=myapp,ou=users,o=example.com' | ||
* adminPassword {String} Password for adminDn. | ||
* searchBase {String} The base DN from which to search for users by | ||
* username. E.g. "ou=users,o=example.com" | ||
* username. E.g. 'ou=users,o=example.com' | ||
* searchFilter {String} LDAP search filter with which to find a user by | ||
* username, e.g. "(uid={{username}})". Use the literal "{{username}}" | ||
* username, e.g. '(uid={{username}})'. Use the literal '{{username}}' | ||
* to have the given username be interpolated in for the LDAP | ||
@@ -57,8 +55,8 @@ * search. | ||
assert.ok(opts.searchFilter); | ||
this.log = opts.log4js && opts.log4js.getLogger("ldapauth"); | ||
this.log = opts.log4js && opts.log4js.getLogger('ldapauth'); | ||
if (opts.cache) { | ||
var Cache = require("./cache"); | ||
this.userCache = new Cache(100, 300, this.log, "user"); | ||
var Cache = require('./cache'); | ||
this.userCache = new Cache(100, 300, this.log, 'user'); | ||
} | ||
@@ -74,3 +72,3 @@ | ||
this._salt = bcrypt.gen_salt_sync(); | ||
this._salt = bcrypt.genSaltSync(); | ||
} | ||
@@ -83,3 +81,3 @@ | ||
} else { | ||
this._adminClient.unbind(function(err) { | ||
this._adminClient.unbind(function (err) { | ||
callback(err); | ||
@@ -99,5 +97,6 @@ }); | ||
var self = this; | ||
this._adminClient.bind(this.opts.adminDn, this.opts.adminPassword, function (err) { | ||
this._adminClient.bind(this.opts.adminDn, this.opts.adminPassword, | ||
function (err) { | ||
if (err) { | ||
self.log && self.log.trace("ldap authenticate: bind error: %s", err); | ||
self.log && self.log.trace('ldap authenticate: bind error: %s', err); | ||
return callback(err); | ||
@@ -121,23 +120,26 @@ } | ||
self._adminBind(function (err) { | ||
if (err) return callback(err); | ||
var searchFilter = self.opts.searchFilter.replace("{{username}}", username); | ||
var opts = {filter: searchFilter, scope: "sub"}; | ||
self._adminClient.search(self.opts.searchBase, opts, function (err, result) { | ||
if (err) | ||
return callback(err); | ||
var searchFilter = self.opts.searchFilter.replace('{{username}}', username); | ||
var opts = {filter: searchFilter, scope: 'sub'}; | ||
self._adminClient.search(self.opts.searchBase, opts, | ||
function (err, result) { | ||
if (err) { | ||
self.log && self.log.trace("ldap authenticate: search error: %s", err); | ||
self.log && self.log.trace('ldap authenticate: search error: %s', err); | ||
return callback(err); | ||
} | ||
var items = []; | ||
result.on('searchEntry', function(entry) { | ||
result.on('searchEntry', function (entry) { | ||
items.push(entry.object); | ||
}); | ||
result.on('error', function(err) { | ||
self.log && self.log.trace("ldap authenticate: search error event: %s", err); | ||
result.on('error', function (err) { | ||
self.log && self.log.trace( | ||
'ldap authenticate: search error event: %s', err); | ||
return callback(err); | ||
}); | ||
result.on('end', function(result) { | ||
result.on('end', function (result) { | ||
if (result.status !== 0) { | ||
var err = "non-zero status from LDAP search: " + result.status; | ||
self.log && self.log.trace("ldap authenticate: %s", err); | ||
var err = 'non-zero status from LDAP search: ' + result.status; | ||
self.log && self.log.trace('ldap authenticate: %s', err); | ||
return callback(err); | ||
@@ -151,4 +153,5 @@ } | ||
default: | ||
return callback("unexpected number of matches (" + items.length | ||
+ ") for '" + username + "' username"); | ||
return callback(format( | ||
'unexpected number of matches (%s) for "%s" username', | ||
items.length, username)); | ||
} | ||
@@ -166,23 +169,25 @@ }); | ||
var self = this; | ||
if (self.opts.cache) { | ||
// Check cache. "cached" is `{password: <hashed-password>, user: <user>}`. | ||
// Check cache. 'cached' is `{password: <hashed-password>, user: <user>}`. | ||
var cached = self.userCache.get(username); | ||
if (cached && bcrypt.compare_sync(password, cached.password)) { | ||
if (cached && bcrypt.compareSync(password, cached.password)) { | ||
return callback(null, cached.user) | ||
} | ||
} | ||
// 1. Find the user DN in question. | ||
self._findUser(username, function (err, user) { | ||
if (err) return callback(err); | ||
if (!user) return callback("no such user: '" + username + "'"); | ||
if (err) | ||
return callback(err); | ||
if (!user) | ||
return callback(format('no such user: "%s"', username)); | ||
// 2. Attempt to bind as that user to check password. | ||
self._userClient.bind(user.dn, password, function (err) { | ||
if (err) { | ||
self.log && self.log.trace("ldap authenticate: bind error: %s", err); | ||
self.log && self.log.trace('ldap authenticate: bind error: %s', err); | ||
return callback(err); | ||
} | ||
if (self.opts.cache) { | ||
bcrypt.encrypt(password, self._salt, function(err, hash) { | ||
bcrypt.hash(password, self._salt, function (err, hash) { | ||
self.userCache.set(username, {password: hash, user: user}); | ||
@@ -189,0 +194,0 @@ return callback(null, user); |
{ | ||
"name": "ldapauth", | ||
"version": "1.0.2", | ||
"version": "2.0.0", | ||
"main": "./lib/ldapauth.js", | ||
@@ -11,3 +11,3 @@ "description": "Authenticate against an LDAP server", | ||
}, | ||
"keywords": ["authenticate", "ldap"], | ||
"keywords": ["authenticate", "ldap", "authentication", "auth"], | ||
"repository": { | ||
@@ -19,5 +19,5 @@ "type": "git", | ||
"ldapjs": "0.3", | ||
"bcrypt": "0.4", | ||
"bcrypt": "0.5", | ||
"lru-cache": "1.0.5" | ||
} | ||
} |
@@ -31,1 +31,50 @@ A simple node.js lib to authenticate against an LDAP server. | ||
[Use the source Luke](https://github.com/trentm/node-ldapauth/blob/master/lib/ldapauth.js#L25-45) | ||
# express/connect basicAuth example | ||
var connect = require('connect'); | ||
var LdapAuth = require('ldapauth'); | ||
// Config from a .json or .ini file or whatever. | ||
var config = { | ||
ldap: { | ||
url: "ldaps://ldap.example.com:663", | ||
adminDn: "uid=myadminusername,ou=users,o=example.com", | ||
adminPassword: "mypassword", | ||
searchBase: "ou=users,o=example.com", | ||
searchFilter: "(uid={{username}})" | ||
} | ||
}; | ||
var ldap = new LdapAuth({ | ||
url: config.ldap.url, | ||
adminDn: config.ldap.adminDn, | ||
adminPassword: config.ldap.adminPassword, | ||
searchBase: config.ldap.searchBase, | ||
searchFilter: config.ldap.searchFilter, | ||
//log4js: require('log4js'), | ||
cache: true | ||
}); | ||
var basicAuthMiddleware = connect.basicAuth(function (username, password, callback) { | ||
ldap.authenticate(username, password, function (err, user) { | ||
if (err) { | ||
console.log("LDAP auth error: %s", err); | ||
} | ||
callback(err, user) | ||
}); | ||
}); | ||
# Development | ||
Check coding style before commit: | ||
make check | ||
To cut a release (tagging, npm publish, etc., see | ||
<https://github.com/trentm/cutarelease> for details): | ||
make cutarelease | ||
57811
11
252
80
+ Addedbcrypt@0.5.0(transitive)
- Removedbcrypt@0.4.1(transitive)
Updatedbcrypt@0.5