6 files changed, 39 insertions, 9 deletions

diff --git a/lib/config/default.js b/lib/config/default.js
index 38dc21a4..7407ec60 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -18,7 +18,8 @@ module.exports = {
     directives: {
     },
     addDefaults: true,
-    upgradeInsecureRequests: 'auto'
+    upgradeInsecureRequests: 'auto',
+    reportURI: undefined
   },
   protocolusessl: false,
   usecdn: true,
@@ -110,11 +111,11 @@ module.exports = {
     url: undefined,
     bindDn: undefined,
     bindCredentials: undefined,
-    tokenSecret: undefined,
     searchBase: undefined,
     searchFilter: undefined,
     searchAttributes: undefined,
     usernameField: undefined,
+    useridField: undefined,
     tlsca: undefined
   },
   saml: {
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 640f9e07..ddc09e10 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -1,11 +1,11 @@
 'use strict'
 
-const {toBooleanConfig, toArrayConfig} = require('./utils')
+const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils')
 
 module.exports = {
   domain: process.env.HMD_DOMAIN,
   urlpath: process.env.HMD_URL_PATH,
-  port: process.env.HMD_PORT,
+  port: toIntegerConfig(process.env.HMD_PORT),
   urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT),
   usessl: toBooleanConfig(process.env.HMD_USESSL),
   hsts: {
@@ -15,7 +15,8 @@ module.exports = {
     preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
   },
   csp: {
-    enable: toBooleanConfig(process.env.HMD_CSP_ENABLE)
+    enable: toBooleanConfig(process.env.HMD_CSP_ENABLE),
+    reportURI: process.env.HMD_CSP_REPORTURI
   },
   protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
   alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
@@ -39,7 +40,7 @@ module.exports = {
     secretKey: process.env.HMD_MINIO_SECRET_KEY,
     endPoint: process.env.HMD_MINIO_ENDPOINT,
     secure: toBooleanConfig(process.env.HMD_MINIO_SECURE),
-    port: process.env.HMD_MINIO_PORT
+    port: toIntegerConfig(process.env.HMD_MINIO_PORT)
   },
   s3bucket: process.env.HMD_S3_BUCKET,
   facebook: {
@@ -79,11 +80,11 @@ module.exports = {
     url: process.env.HMD_LDAP_URL,
     bindDn: process.env.HMD_LDAP_BINDDN,
     bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS,
-    tokenSecret: process.env.HMD_LDAP_TOKENSECRET,
     searchBase: process.env.HMD_LDAP_SEARCHBASE,
     searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
     searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES),
     usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
+    useridField: process.env.HMD_LDAP_USERIDFIELD,
     tlsca: process.env.HMD_LDAP_TLS_CA
   },
   saml: {
diff --git a/lib/config/utils.js b/lib/config/utils.js
index 9ff2f96d..b2406cf1 100644
--- a/lib/config/utils.js
+++ b/lib/config/utils.js
@@ -13,3 +13,10 @@ exports.toArrayConfig = function toArrayConfig (configValue, separator = ',', fa
   }
   return fallback
 }
+
+exports.toIntegerConfig = function toIntegerConfig (configValue) {
+  if (configValue && typeof configValue === 'string') {
+    return parseInt(configValue)
+  }
+  return configValue
+}
diff --git a/lib/csp.js b/lib/csp.js
index 509bc530..b46ae8ef 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -30,6 +30,7 @@ CspStrategy.computeDirectives = function () {
     addInlineScriptExceptions(directives)
   }
   addUpgradeUnsafeRequestsOptionTo(directives)
+  addReportURI(directives)
   return directives
 }
 
@@ -72,6 +73,12 @@ function addUpgradeUnsafeRequestsOptionTo (directives) {
   }
 }
 
+function addReportURI (directives) {
+  if (config.csp.reportURI) {
+    directives.reportUri = config.csp.reportURI
+  }
+}
+
 CspStrategy.addNonceToLocals = function (req, res, next) {
   res.locals.nonce = uuid.v4()
   next()
diff --git a/lib/migrations/20180306150303-fix-enum.js b/lib/migrations/20180306150303-fix-enum.js
new file mode 100644
index 00000000..0ee58a94
--- /dev/null
+++ b/lib/migrations/20180306150303-fix-enum.js
@@ -0,0 +1,11 @@
+'use strict'
+
+module.exports = {
+  up: function (queryInterface, Sequelize) {
+    queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'limited', 'locked', 'protected', 'private')})
+  },
+
+  down: function (queryInterface, Sequelize) {
+    queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'locked', 'private')})
+  }
+}
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
index cc0d29ad..1a5c9938 100644
--- a/lib/web/auth/ldap/index.js
+++ b/lib/web/auth/ldap/index.js
@@ -24,8 +24,11 @@ passport.use(new LDAPStrategy({
   }
 }, function (user, done) {
   var uuid = user.uidNumber || user.uid || user.sAMAccountName
-  var username = uuid
+  if (config.ldap.useridField && user[config.ldap.useridField]) {
+    uuid = user[config.ldap.useridField]
+  }
 
+  var username = uuid
   if (config.ldap.usernameField && user[config.ldap.usernameField]) {
     username = user[config.ldap.usernameField]
   }
@@ -34,7 +37,7 @@ passport.use(new LDAPStrategy({
     id: 'LDAP-' + uuid,
     username: username,
     displayName: user.displayName,
-    emails: user.mail ? [user.mail] : [],
+    emails: user.mail ? Array.isArray(user.mail) ? user.mail : [user.mail] : [],
     avatarUrl: null,
     profileUrl: null,
     provider: 'ldap'