From 36f148a7cb2503ceff67c1b6d387a91bd2370f9f Mon Sep 17 00:00:00 2001 From: Thiago Fernando Date: Fri, 10 May 2019 14:58:19 -0300 Subject: Update loginHandler.js additional option to login in ldap server with user account --- packages/wekan-ldap/server/loginHandler.js | 52 ++++++++++++++++++------------ 1 file changed, 31 insertions(+), 21 deletions(-) (limited to 'packages') diff --git a/packages/wekan-ldap/server/loginHandler.js b/packages/wekan-ldap/server/loginHandler.js index a8f013d7..0c1aa33f 100644 --- a/packages/wekan-ldap/server/loginHandler.js +++ b/packages/wekan-ldap/server/loginHandler.js @@ -41,28 +41,38 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { let ldapUser; try { - ldap.connectSync(); - const users = ldap.searchUsersSync(loginRequest.username); - if (users.length !== 1) { - log_info('Search returned', users.length, 'record(s) for', loginRequest.username); - throw new Error('User not Found'); - } + ldap.connectSync(); + + if (!!LDAP.settings_get('LDAP_USER_AUTHENTICATION')) { + ldap.bindUserIfNecessary(loginRequest.username, loginRequest.ldapPass); + ldapUser = ldap.searchUsersSync(loginRequest.username)[0]; + } else { + + const users = ldap.searchUsersSync(loginRequest.username); + + if (users.length !== 1) { + log_info('Search returned', users.length, 'record(s) for', loginRequest.username); + throw new Error('User not Found'); + } + + if (ldap.authSync(users[0].dn, loginRequest.ldapPass) === true) { + if (ldap.isUserInGroup(loginRequest.username, users[0])) { + ldapUser = users[0]; + } else { + throw new Error('User not in a valid group'); + } + } else { + log_info('Wrong password for', loginRequest.username); + } + } + - if (ldap.authSync(users[0].dn, loginRequest.ldapPass) === true) { - if (ldap.isUserInGroup(loginRequest.username, users[0])) { - ldapUser = users[0]; - } else { - throw new Error('User not in a valid group'); - } - } else { - log_info('Wrong password for', loginRequest.username); - } } catch (error) { - log_error(error); + log_error(error); } - if (ldapUser === undefined) { + if (!ldapUser) { if (LDAP.settings_get('LDAP_LOGIN_FALLBACK') === true) { return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass); } @@ -76,8 +86,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { const Unique_Identifier_Field = getLdapUserUniqueID(ldapUser); let user; - - // Attempt to find user by unique identifier + // Attempt to find user by unique identifier if (Unique_Identifier_Field) { userQuery = { @@ -88,14 +97,14 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { log_debug('userQuery', userQuery); user = Meteor.users.findOne(userQuery); - } + } // Attempt to find user by username let username; let email; - if (LDAP.settings_get('LDAP_USERNAME_FIELD') !== '') { + if (LDAP.settings_get('LDAP_USERNAME_FIELD') !== '') { username = slug(getLdapUsername(ldapUser)); } else { username = slug(loginRequest.username); @@ -105,6 +114,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { email = getLdapEmail(ldapUser); } + if (!user) { if(email && LDAP.settings_get('LDAP_EMAIL_MATCH_REQUIRE') === true) { if(LDAP.settings_get('LDAP_EMAIL_MATCH_VERIFIED') === true) { -- cgit v1.2.3-1-g7c22