From 02e99277146d8bd912f2f19af1d3e94a6181d90d Mon Sep 17 00:00:00 2001 From: alecdwm Date: Tue, 13 Dec 2016 22:31:35 +0100 Subject: Initial support for LDAP server authentication Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale --- app.js | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'app.js') diff --git a/app.js b/app.js index 0d78a153..44054961 100644 --- a/app.js +++ b/app.js @@ -380,6 +380,12 @@ if (config.google) { failureRedirect: config.serverurl + '/' })); } +// ldap auth +if (config.ldap) { + app.post('/auth/ldap', urlencodedParser, + passport.authenticate('ldapauth', { successRedirect: '/' }) + ); +} // email auth if (config.email) { app.post('/register', urlencodedParser, function (req, res, next) { -- cgit v1.2.3 From fc8d709afb8a0ff78f649c9ec3b405a68b56a3c0 Mon Sep 17 00:00:00 2001 From: alecdwm Date: Wed, 14 Dec 2016 12:40:54 +0100 Subject: LDAP login improvements - return bad request if no username or password given - return to referer url on auth success - flash error message on auth failure --- app.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'app.js') diff --git a/app.js b/app.js index 44054961..e3ce93de 100644 --- a/app.js +++ b/app.js @@ -382,9 +382,15 @@ if (config.google) { } // ldap auth if (config.ldap) { - app.post('/auth/ldap', urlencodedParser, - passport.authenticate('ldapauth', { successRedirect: '/' }) - ); + app.post('/auth/ldap', urlencodedParser, function (req, res, next) { + if (!req.body.username || !req.body.password) return response.errorBadRequest(res); + setReturnToFromReferer(req); + passport.authenticate('ldapauth', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/', + failureFlash: true + })(req, res, next); + }); } // email auth if (config.email) { -- cgit v1.2.3 From fc788e805e8896f3ae967270148939d37923c516 Mon Sep 17 00:00:00 2001 From: Wu Cheng-Han Date: Thu, 12 Jan 2017 17:17:01 +0800 Subject: Fix SIGINT checkClean should only log error instead throw error --- app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app.js') diff --git a/app.js b/app.js index a17d3a61..47448fe1 100644 --- a/app.js +++ b/app.js @@ -639,7 +639,7 @@ process.on('SIGINT', function () { var checkCleanTimer = setInterval(function () { if (history.isReady() && realtime.isReady()) { models.Revision.checkAllNotesRevision(function (err, notes) { - if (err) throw new Error(err); + if (err) return logger.error(err); if (!notes || notes.length <= 0) { clearInterval(checkCleanTimer); return process.exit(0); -- cgit v1.2.3 From 747629e549fb5c32e1acf18e24bfc6a7e1cd5b0c Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Thu, 12 Jan 2017 04:25:58 +0100 Subject: Add `allowemailregister` option --- app.js | 52 +++++++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 25 deletions(-) (limited to 'app.js') diff --git a/app.js b/app.js index a17d3a61..83b19e23 100644 --- a/app.js +++ b/app.js @@ -395,34 +395,36 @@ if (config.ldap) { } // email auth if (config.email) { - app.post('/register', urlencodedParser, function (req, res, next) { - if (!req.body.email || !req.body.password) return response.errorBadRequest(res); - if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res); - models.User.findOrCreate({ - where: { - email: req.body.email - }, - defaults: { - password: req.body.password - } - }).spread(function (user, created) { - if (user) { - if (created) { - if (config.debug) logger.info('user registered: ' + user.id); - req.flash('info', "You've successfully registered, please signin."); - } else { - if (config.debug) logger.info('user found: ' + user.id); - req.flash('error', "This email has been used, please try another one."); + if (config.allowemailregister) + app.post('/register', urlencodedParser, function (req, res, next) { + if (!req.body.email || !req.body.password) return response.errorBadRequest(res); + if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res); + models.User.findOrCreate({ + where: { + email: req.body.email + }, + defaults: { + password: req.body.password + } + }).spread(function (user, created) { + if (user) { + if (created) { + if (config.debug) logger.info('user registered: ' + user.id); + req.flash('info', "You've successfully registered, please signin."); + } else { + if (config.debug) logger.info('user found: ' + user.id); + req.flash('error', "This email has been used, please try another one."); + } + return res.redirect(config.serverurl + '/'); } + req.flash('error', "Failed to register your account, please try again."); return res.redirect(config.serverurl + '/'); - } - req.flash('error', "Failed to register your account, please try again."); - return res.redirect(config.serverurl + '/'); - }).catch(function (err) { - logger.error('auth callback failed: ' + err); - return response.errorInternalError(res); + }).catch(function (err) { + logger.error('auth callback failed: ' + err); + return response.errorInternalError(res); + }); }); - }); + app.post('/login', urlencodedParser, function (req, res, next) { if (!req.body.email || !req.body.password) return response.errorBadRequest(res); if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res); -- cgit v1.2.3