diff options
| author | Thiago Fernando <thiagofernando@outlook.com> | 2019-05-10 14:58:19 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-10 14:58:19 -0300 |
| commit | 36f148a7cb2503ceff67c1b6d387a91bd2370f9f (patch) | |
| tree | 7f3442f29bf23d6472c1076766c5acfbbd83e1a1 /packages | |
| parent | fd1af07e43a8e6f0c6f7bb343eea5ad2458f8212 (diff) | |
| download | wekan-36f148a7cb2503ceff67c1b6d387a91bd2370f9f.tar.gz wekan-36f148a7cb2503ceff67c1b6d387a91bd2370f9f.tar.bz2 wekan-36f148a7cb2503ceff67c1b6d387a91bd2370f9f.zip | |
Update loginHandler.js
additional option to login in ldap server with user account
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/wekan-ldap/server/loginHandler.js | 52 |
1 files changed, 31 insertions, 21 deletions
diff --git a/packages/wekan-ldap/server/loginHandler.js b/packages/wekan-ldap/server/loginHandler.js index a8f013d7..0c1aa33f 100644 --- a/packages/wekan-ldap/server/loginHandler.js +++ b/packages/wekan-ldap/server/loginHandler.js @@ -41,28 +41,38 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { let ldapUser; try { - ldap.connectSync(); - const users = ldap.searchUsersSync(loginRequest.username); - if (users.length !== 1) { - log_info('Search returned', users.length, 'record(s) for', loginRequest.username); - throw new Error('User not Found'); - } + ldap.connectSync(); + + if (!!LDAP.settings_get('LDAP_USER_AUTHENTICATION')) { + ldap.bindUserIfNecessary(loginRequest.username, loginRequest.ldapPass); + ldapUser = ldap.searchUsersSync(loginRequest.username)[0]; + } else { + + const users = ldap.searchUsersSync(loginRequest.username); + + if (users.length !== 1) { + log_info('Search returned', users.length, 'record(s) for', loginRequest.username); + throw new Error('User not Found'); + } + + if (ldap.authSync(users[0].dn, loginRequest.ldapPass) === true) { + if (ldap.isUserInGroup(loginRequest.username, users[0])) { + ldapUser = users[0]; + } else { + throw new Error('User not in a valid group'); + } + } else { + log_info('Wrong password for', loginRequest.username); + } + } + - if (ldap.authSync(users[0].dn, loginRequest.ldapPass) === true) { - if (ldap.isUserInGroup(loginRequest.username, users[0])) { - ldapUser = users[0]; - } else { - throw new Error('User not in a valid group'); - } - } else { - log_info('Wrong password for', loginRequest.username); - } } catch (error) { - log_error(error); + log_error(error); } - if (ldapUser === undefined) { + if (!ldapUser) { if (LDAP.settings_get('LDAP_LOGIN_FALLBACK') === true) { return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass); } @@ -76,8 +86,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { const Unique_Identifier_Field = getLdapUserUniqueID(ldapUser); let user; - - // Attempt to find user by unique identifier + // Attempt to find user by unique identifier if (Unique_Identifier_Field) { userQuery = { @@ -88,14 +97,14 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { log_debug('userQuery', userQuery); user = Meteor.users.findOne(userQuery); - } + } // Attempt to find user by username let username; let email; - if (LDAP.settings_get('LDAP_USERNAME_FIELD') !== '') { + if (LDAP.settings_get('LDAP_USERNAME_FIELD') !== '') { username = slug(getLdapUsername(ldapUser)); } else { username = slug(loginRequest.username); @@ -105,6 +114,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { email = getLdapEmail(ldapUser); } + if (!user) { if(email && LDAP.settings_get('LDAP_EMAIL_MATCH_REQUIRE') === true) { if(LDAP.settings_get('LDAP_EMAIL_MATCH_VERIFIED') === true) { |