passport-ldapauth - npm Package Compare versions

Comparing version 1.0.0 to 2.0.0

CHANGES.md

 ## Changes
 
-# v1.0.0
+* v2.0.0
+    * `ldapauth-fork` major version update now uses Bunyan logger
+    * Added TypeScript type definitions
+* v1.0.0
     * `ldapauth-fork` is now an event emitter. Emitted errors will cause authentication error.
@@ -5,0 +8,0 @@ * [#38](https://github.com/vesse/passport-ldapauth/pull/38) Added option to handle erros as failures with `handleErrorsAsFailures`. Additionally a *synchronous* `failureErrorCallback` function that receives the error as argument can be provided.

lib/passport-ldapauth/strategy.js

@@ -1,2 +0,5 @@
-"use strict";
+'use strict';
+var passport = require('passport-strategy');
+var LdapAuth = require('ldapauth-fork');
+var util     = require('util');
 
@@ -6,11 +9,89 @@ /**
  */
-var passport = require('passport-strategy'),
-    LdapAuth = require('ldapauth-fork'),
-    util     = require('util');
 
+
 /**
+ * Options callback callback (ie. the callback given if giving a callback
+ * for options instead of an object)
+ *
+ * @callback optionsCallbackCallback
+ * @param {(Error|undefined)} err - Possible error
+ * @param {Object} options - Options object
+ */
+/**
+ * Options callback
+ *
+ * @callback optionsCallback
+ * @param {Object} req - HTTP request
+ * @param {optionsCallbackCallback} callback - The callback returning the options
+ */
+/**
+* Verify done callback
+*
+* @callback verifyDoneCallback
+* @param {(Error|undefined)} err - Possible error
+* @param {(Object|boolean)} user - The verified user or false if not allowed
+* @param {Object} [info] info - Additional info message
+*/
+/**
+* Found LDAP user verify callback
+*
+* @callback verifyCallback
+* @param {Object} user - The user object from LDAP
+* @param {verifyDoneCallback} callback - The verify callback
+*/
+/**
+* Found LDAP user verify callback with request
+*
+* @callback verifyReqCallback
+* @param {Object} req - The HTTP request
+* @param {Object} user - The user object from LDAP
+* @param {verifyDoneCallback} callback - The verify callback
+*/
+/**
+ * @typedef credentialsLookupResult
+ * @type {object}
+ * @property {string} username - Username to use
+ * @property {string} password - Password to use
+ */
+/**
+ * @typedef credentialsLookupResultAlt
+ * @type {object}
+ * @property {string} user - Username to use
+ * @property {string} pass - Password to use
+ */
+/**
+ * Credentials lookup function
+ *
+ * @callback credentialsLookup
+ * @param {Object} req - The HTTP request
+ * @return {(credentialsLookupResult|credentialsLookupResultAlt)} - Found credentials
+ */
+/**
+ * Synchronous function for doing something with an error if handling
+ * errors as failures
+ *
+ * @callback failureErrorCallback
+ * @param {Error} err - The error occurred
+ */
+
+/**
+ * Add default values to options
+ *
+ * @private
+ * @param {Object} options - Options object
+ * @returns {Object} The given options with defaults filled
+ */
+var setDefaults = function(options) {
+  options.usernameField || (options.usernameField = 'username');
+  options.passwordField || (options.passwordField = 'password');
+  return options;
+};
+
+/**
  * Strategy constructor
+ * <br>
  *
  * The LDAP authentication strategy authenticates requests based on the
  * credentials submitted through an HTML-based login form.
+ * <br>
  *
@@ -21,30 +102,37 @@ * Applications may supply a `verify` callback which accepts `user` object
  * `err` should be set.
+ * <br>
  *
- * Options:
- * - `server`  options for ldapauth, see https://github.com/trentm/node-ldapauth
- * - `usernameField`  field name where the username is found, defaults to _username_
- * - `passwordField`  field name where the password is found, defaults to _password_
- * - `passReqToCallback`  when `true`, `req` is the first argument to the verify callback (default: `false`)
- *
  * Options can be also given as function that accepts a callback end calls it
  * with error and options arguments. Notice that the callback is executed on
  * every authenticate call.
+ * <br>
  *
  * Example:
- *
- *     var LdapStrategy = require('passport-ldapauth').Strategy;
- *     passport.use(new LdapStrategy({
- *         server: {
- *           url: 'ldap://localhost:389',
- *           bindDn: 'cn=root',
- *           bindCredentials: 'secret',
- *           searchBase: 'ou=passport-ldapauth',
- *           searchFilter: '(uid={{username}})',
- *           reconnect: true
- *         }
- *       },
- *       function(user, done) {
- *         return cb(null, user);
- *       }
- *     ));
+ * <pre>
+ * var LdapStrategy = require('passport-ldapauth').Strategy;
+ * passport.use(new LdapStrategy({
+ *     server: {
+ *       url: 'ldap://localhost:389',
+ *       bindDN: 'cn=root',
+ *       bindCredentials: 'secret',
+ *       searchBase: 'ou=passport-ldapauth',
+ *       searchFilter: '(uid={{username}})',
+ *       reconnect: true
+ *     }
+ *   },
+ *   function(user, done) {
+ *     return cb(null, user);
+ *   }
+ * ));
+ * </pre>
+ * @constructor
+ * @param {(Object|optionsCallback)} options - Configuration options or options returning function
+ * @param {Object} options.server - [ldapauth-fork options]{@link https://github.com/vesse/node-ldapauth-fork}
+ * @param {string} [options.usernameField=username] - Form field name for username
+ * @param {string} [options.passwordField=password] - Form field name for password
+ * @param {boolean} [options.passReqToCallback=false] - If true, request is passed to verify callback
+ * @param {credentialsLookup} [options.credentialsLookup] - Credentials lookup function to use instead of default
+ * @param {boolean} [options.handleErrorAsFailures=false] - Set to true to handle errors as login failures
+ * @param {failureErrorCallback} [options.failureErrorCallback] - Function receives the occurred error when errors handled as failures
+ * @param {(verifyCallback|verifyReqCallback|undefined)} [verify] - User verify callback
  */
@@ -76,19 +164,13 @@ var Strategy = function(options, verify) {
 
+/* eslint-disable */
 /**
- * Add default values to options
- *
- * @param options
- * @returns {*}
- */
-var setDefaults = function(options) {
-  options.usernameField || (options.usernameField = 'username');
-  options.passwordField || (options.passwordField = 'password');
-  return options;
-};
-
-/**
  * Get value for given field from given object. Taken from passport-local,
  * copyright 2011-2013 Jared Hanson
+ *
+ * @private
+ * @param {Object} obj - The HTTP request object
+ * @param {string} field - The field name to look for
+ * @returns {string|null} - Found value for the field or null
  */
-var lookup = function (obj, field) {
+var lookup = function(obj, field) {
   var i, len, chain, prop;
@@ -105,2 +187,3 @@ if (!obj) { return null; }
 };
+/* eslint-enable */
 
@@ -112,2 +195,5 @@ /**
  * for a valid user.
+ *
+ * @private
+ * @returns {undefined}
  */
@@ -117,4 +203,8 @@ var verify = function() {
   return function(err, user, info) {
-    if (err)   return this.error(err);
-    if (!user) return this.fail(info);
+    if (err) {
+      return this.error(err);
+    }
+    if (!user) {
+      return this.fail(info);
+    }
     return this.success(user, info);
@@ -126,2 +216,6 @@ }.bind(this);
  * Execute failureErrorCallback if provided
+ *
+ * @private
+ * @param {Error} err - The error occurred
+ * @returns {undefined}
  */
@@ -136,16 +230,15 @@ var handleErrorAsFailure = function(err) {
 /**
- * Options (passed when calling `passport.authenticate()`):
- * - `badRequestMessage`  flash message for missing username/password
- *                        (default: 'Missing credentials')
- * - `invalidCredentials`  flash message for InvalidCredentialsError, NoSuchObjectError,
- *                         and /no such user/ LDAP errors
- *                         (default: 'Invalid username/password')
- * - `userNotFound`  flash message when LDAP returns no error but also no user
- *                   (default: 'Invalid username/password')
- * - `constraintViolation`  flash message when user account is locked
- *                          (default: 'Exceeded password retry limit, account locked')
+ * The actual authenticate implementation
+ *
+ * @private
+ * @param {Object} req - The HTTP request
+ * @param {Object} [options] - Flash messages
+ * @returns {undefined}
  */
 var handleAuthentication = function(req, options) {
-  var username, password, ldap, errorHandler;
-  options || (options = {});
+  var username;
+  var password;
+  var ldap;
+  var errorHandler;
+  options || (options = {}); // eslint-disable-line no-param-reassign
 
@@ -166,3 +259,3 @@ if (typeof this.options.credentialsLookup === 'function') {
   if (!username || !password) {
-    return this.fail({message: options.badRequestMessage || 'Missing credentials'}, 400);
+    return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);
   }
@@ -191,3 +284,5 @@
   ldap.authenticate(username, password, function(err, user) {
-    ldap.close(function(){}); // We don't care about the closing
+    ldap.close(function(){
+      // We don't care about the closing
+    });
 
@@ -199,12 +294,12 @@ if (err) {
 
-        if(err.message) {
+        if (err.message) {
           var ldapComment = err.message.match(/data ([0-9a-fA-F]*), v[0-9a-fA-F]*/);
-          if(ldapComment && ldapComment[1]){
+          if (ldapComment && ldapComment[1]){
             message = messages[ldapComment[1]] || messages['default'];
           }
         }
-        return this.fail({message: message}, 401);
+        return this.fail({ message: message }, 401);
       }
       if (err.name === 'ConstraintViolationError'){
-        return this.fail({message: options.constraintViolation || 'Exceeded password retry limit, account locked'}, 401);
+        return this.fail({ message: options.constraintViolation || 'Exceeded password retry limit, account locked' }, 401);
       }
@@ -216,3 +311,5 @@
 
-    if (!user) return this.fail({message: options.userNotFound || 'Invalid username/password'}, 401);
+    if (!user) {
+      return this.fail({ message: options.userNotFound || 'Invalid username/password' }, 401);
+    }
 
@@ -234,2 +331,17 @@ // Execute given verify function
  * Authenticate the request coming from a form or such.
+ *
+ * @param {Object} req - The HTTP request
+ * @param {Object} [options] - Authentication options (flash messages). All messages have default values.
+ * @param {string} [options.badRequestMessage] - Message for missing username/password
+ * @param {string} [options.invalidCredentials] - Message for InvalidCredentialsError, NoSuchObjectError, and /no such user/ LDAP errors
+ * @param {string} [options.userNotFound] - Message for user not found
+ * @param {string} [options.constraintViolation] - Message when account is locked (or other constraint violation)
+ * @param {string} [options.invalidLogonHours] - Message for Windows AD invalidLogonHours error
+ * @param {string} [options.invalidWorkstation] - Message for Windows AD invalidWorkstation error
+ * @param {string} [options.passwordExpired] - Message for Windows AD passwordExpired error
+ * @param {string} [options.accountDisabled] - Message for Windows AD accountDisabled error
+ * @param {string} [options.accountExpired] - Message for Windows AD accountExpired error
+ * @param {string} [options.passwordMustChange] - Message for Windows AD passwordMustChange error
+ * @param {string} [options.accountLockedOut] - Message for Windows AD accountLockedOut error
+ * @returns {undefined}
  */
@@ -242,3 +354,5 @@ Strategy.prototype.authenticate = function(req, options) {
   var callback = function(err, configuration) {
-    if (err) return this.fail(err);
+    if (err) {
+      return this.fail(err);
+    }
 
@@ -250,3 +364,3 @@ this.options = setDefaults(configuration);
   // Added functionality: getOptions can accept now up to 2 parameters
-  if (this.getOptions.length ===1) { // Accepts 1 parameter, backwards compatibility
+  if (this.getOptions.length === 1) { // Accepts 1 parameter, backwards compatibility
     this.getOptions(callback.bind(this));
@@ -253,0 +367,0 @@ } else { // Accepts 2 parameters, pass request as well

package.json

@@ -10,3 +10,4 @@ {
     "arumi <arumi@wge7033.secheron.net>",
-    "Anthony Hernandez <anthony.hernandez@clownphobia.com>"
+    "Anthony Hernandez <anthony.hernandez@clownphobia.com>",
+    "Chris Harwood <harwood@teralogics.com>"
   ],
@@ -19,5 +20,6 @@ "keywords": [
   ],
-  "version": "1.0.0",
+  "version": "2.0.0",
   "license": "MIT",
   "main": "./lib/passport-ldapauth",
+  "types": "./lib/passport-ldapauth/strategy.d.ts",
   "engines": {
@@ -34,18 +36,31 @@ "node": ">=0.8.0"
   "dependencies": {
-    "passport-strategy": "1.x.x",
-    "ldapauth-fork": "~3.0.0"
+    "@types/node": "^7.0.23",
+    "@types/passport": "^0.3.3",
+    "ldapauth-fork": "^4.0.1",
+    "passport-strategy": "^1.0.0"
   },
   "devDependencies": {
-    "basic-auth": "1.1.x",
-    "body-parser": "1.15.x",
-    "chai": "3.5.x",
-    "express": "4.14.x",
-    "ldapjs": "1.0.x",
-    "mocha": "3.2.x",
-    "passport": "0.3.x",
-    "supertest": "2.0.x"
+    "@types/basic-auth": "^1.1.1",
+    "@types/bunyan": "^1.8.0",
+    "@types/express": "^4.0.35",
+    "basic-auth": "^1.1.0",
+    "body-parser": "^1.17.2",
+    "bunyan": "^1.8.10",
+    "chai": "^4.0.1",
+    "eslint": "^4.0.0",
+    "express": "^4.15.3",
+    "ldapjs": "^1.0.1",
+    "mocha": "^3.4.2",
+    "passport": "^0.3.2",
+    "supertest": "^3.0.0",
+    "typescript": "^2.3.4",
+    "watch": "^1.0.2"
   },
   "scripts": {
-    "test": "NODE_PATH=lib mocha --reporter spec test/*-test.js"
+    "prepublish": "npm run lint",
+    "lint": "eslint ./lib",
+    "lint:watch": "watch 'npm run lint' ./lib --wait 0.5",
+    "test": "NODE_PATH=lib mocha --reporter spec test/*-test.js",
+    "test:typescript": "cd test/typescript && tsc"
   }
 }

README.md

@@ -6,5 +6,4 @@ # passport-ldapauth
 [![npm](https://img.shields.io/npm/dm/passport-ldapauth.svg)](http://npmjs.com/package/passport-ldapauth)
+[![Sponsored by Leonidas](https://img.shields.io/badge/sponsored%20by-leonidas-389fc1.svg)](https://leonidasoy.fi/open-source)
 
-
-
 [Passport](http://passportjs.org/) authentication strategy against LDAP / AD server. This module is a Passport strategy wrapper for [ldapauth-fork](https://github.com/vesse/node-ldapauth-fork).
@@ -37,4 +36,4 @@
     * `url`: e.g. `ldap://localhost:389`
-    * `bindDn`: e.g. `cn='root'`
-    * `bindCredentials`: Password for bindDn
+    * `bindDN`: e.g. `cn='root'`
+    * `bindCredentials`: Password for bindDN
     * `searchBase`: e.g. `o=users,o=example.com`
@@ -46,3 +45,3 @@ * `searchFilter`:  LDAP search filter, e.g. `(uid={{username}})`. Use literal `{{username}}` to have the given username used in the search.
 * `passwordField`: Field name where the password is found, defaults to _password_
-* `creadentialsLookup`: Optional, synchronous function that provides the login credentials from `req`. See [below](#credentials-lookup) for more.
+* `credentialsLookup`: Optional, synchronous function that provides the login credentials from `req`. See [below](#credentialslookup) for more.
 * `handleErrorsAsFailures`: When `true`, unknown errors and ldapjs emitted errors are handled as authentication failures instead of errors (default: `false`).
@@ -58,3 +57,3 @@ * `failureErrorCallback`: Optional, synchronous function that is called with the received error when `handleErrorsAsFailures` is enabled.
 
-Note: you can pass a function instead of an object as `options`, see the [example below](#options-as-function)
+Note: you can pass a function instead of an object as `options`, see the [example below](#asynchronous-configuration-retrieval)
 
@@ -95,3 +94,3 @@ ### Authenticate requests
     url: 'ldap://localhost:389',
-    bindDn: 'cn=root',
+    bindDN: 'cn=root',
     bindCredentials: 'secret',
@@ -128,3 +127,3 @@ searchBase: 'ou=passport-ldapauth',
     url: 'ldaps://ad.corporate.com:636',
-    bindDn: 'cn=non-person,ou=system,dc=corp,dc=corporate,dc=com',
+    bindDN: 'cn=non-person,ou=system,dc=corp,dc=corporate,dc=com',
     bindCredentials: 'secret',
@@ -143,3 +142,3 @@ searchBase: 'dc=corp,dc=corporate,dc=com',
 ```
-<a name="credentials-lookup">
+
 ## `credentialsLookup`
@@ -157,3 +156,2 @@
 
-<a name="options-as-function"></a>
 ## Asynchronous configuration retrieval
@@ -170,3 +168,3 @@
         url: 'ldap://localhost:389',
-        bindDn: 'cn=root',
+        bindDN: 'cn=root',
         bindCredentials: 'secret',
@@ -211,1 +209,3 @@ searchBase: 'ou=passport-ldapauth',
 MIT
+
+`passport-ldapauth` has been partially sponsored by [Leonidas Ltd](https://leonidasoy.fi/open-source).

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 10 instances in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1121624

increased by2893.07%

Number of package files

46

increased by283.33%

Lines of code

1750

increased by152.89%

Worsened metrics

Dependency count

4

increased by100%

Dev dependency count

15

increased by87.5%

Number of low license alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

11

increased byInfinity%

Dependency changes

• + Added@types/node@^7.0.23

• + Added@types/passport@^0.3.3

• + Added@types/body-parser@1.19.5(transitive)

• + Added@types/connect@3.4.38(transitive)

• + Added@types/express@5.0.0(transitive)

• + Added@types/express-serve-static-core@5.0.1(transitive)

• + Added@types/http-errors@2.0.4(transitive)

• + Added@types/ldapjs@1.0.11(transitive)

• + Added@types/mime@1.3.5(transitive)

• + Added@types/node@7.10.14(transitive)

• + Added@types/passport@0.3.5(transitive)

• + Added@types/qs@6.9.17(transitive)

• + Added@types/range-parser@1.2.7(transitive)

• + Added@types/send@0.17.4(transitive)

• + Added@types/serve-static@1.15.7(transitive)

• + Addedbcryptjs@2.4.3(transitive)

• + Addedldapauth-fork@4.3.3(transitive)

• + Addedlru-cache@5.1.1(transitive)

• + Addedyallist@3.1.1(transitive)

• - Removedbcryptjs@2.4.0(transitive)

• - Removedldapauth-fork@3.0.1(transitive)

• - Removedlru-cache@4.0.2(transitive)

• - Removedpseudomap@1.0.2(transitive)

• - Removedyallist@2.1.2(transitive)

• Updatedldapauth-fork@^4.0.1

• Updatedpassport-strategy@^1.0.0