From 02e99277146d8bd912f2f19af1d3e94a6181d90d Mon Sep 17 00:00:00 2001 From: alecdwm Date: Tue, 13 Dec 2016 22:31:35 +0100 Subject: Initial support for LDAP server authentication Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale --- lib/config.js | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'lib/config.js') diff --git a/lib/config.js b/lib/config.js index 669fcaa8..a44c279b 100644 --- a/lib/config.js +++ b/lib/config.js @@ -93,6 +93,31 @@ var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSE clientID: process.env.HMD_GOOGLE_CLIENTID, clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET } : config.google || false; +var ldap = config.ldap || ( + process.env.HMD_LDAP_URL || + process.env.HMD_LDAP_BINDDN || + process.env.HMD_LDAP_BINDCREDENTIALS || + process.env.HMD_LDAP_TOKENSECRET || + process.env.HMD_LDAP_SEARCHBASE || + process.env.HMD_LDAP_SEARCHFILTER || + process.env.HMD_LDAP_SEARCHATTRIBUTES +) || false; +if (ldap == true) + ldap = {}; +if (process.env.HMD_LDAP_URL) + ldap.url = process.env.HMD_LDAP_URL; +if (process.env.HMD_LDAP_BINDDN) + ldap.bindDn = process.env.HMD_LDAP_BINDDN; +if (process.env.HMD_LDAP_BINDCREDENTIALS) + ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS; +if (process.env.HMD_LDAP_TOKENSECRET) + ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET; +if (process.env.HMD_LDAP_SEARCHBASE) + ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE; +if (process.env.HMD_LDAP_SEARCHFILTER) + ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER; +if (process.env.HMD_LDAP_SEARCHATTRIBUTES) + ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES; var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false; var email = process.env.HMD_EMAIL || config.email || false; @@ -151,6 +176,7 @@ module.exports = { gitlab: gitlab, dropbox: dropbox, google: google, + ldap: ldap, imgur: imgur, email: email, imageUploadType: imageUploadType, -- cgit v1.2.3 From 6ba9a2f039fe9c4d7495d30ae4f255b96d7f7530 Mon Sep 17 00:00:00 2001 From: alecdwm Date: Wed, 14 Dec 2016 11:49:33 +0100 Subject: Added HMD_LDAP_TLS_CA env variable --- lib/config.js | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/config.js') diff --git a/lib/config.js b/lib/config.js index a44c279b..053d083b 100644 --- a/lib/config.js +++ b/lib/config.js @@ -118,6 +118,12 @@ if (process.env.HMD_LDAP_SEARCHFILTER) ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER; if (process.env.HMD_LDAP_SEARCHATTRIBUTES) ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES; +if (process.env.HMD_LDAP_TLS_CA) { + var ca = { + ca: process.env.HMD_LDAP_TLS_CA + } + ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca +} var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false; var email = process.env.HMD_EMAIL || config.email || false; -- cgit v1.2.3 From ff545b268871be7b6552638427a59a9a6eac5dd1 Mon Sep 17 00:00:00 2001 From: neopostmodern Date: Mon, 9 Jan 2017 12:49:23 +0100 Subject: Allow displaying LDAP provider name on sign-in modal --- lib/config.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib/config.js') diff --git a/lib/config.js b/lib/config.js index 2f6792b7..6b2ba0b6 100644 --- a/lib/config.js +++ b/lib/config.js @@ -102,7 +102,8 @@ var ldap = config.ldap || ( process.env.HMD_LDAP_TOKENSECRET || process.env.HMD_LDAP_SEARCHBASE || process.env.HMD_LDAP_SEARCHFILTER || - process.env.HMD_LDAP_SEARCHATTRIBUTES + process.env.HMD_LDAP_SEARCHATTRIBUTES || + process.env.HMD_LDAP_PROVIDERNAME ) || false; if (ldap == true) ldap = {}; @@ -126,6 +127,9 @@ if (process.env.HMD_LDAP_TLS_CA) { } ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca } +if (process.env.HMD_LDAP_PROVIDERNAME) { + ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME; +} var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false; var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email; -- cgit v1.2.3 From 747629e549fb5c32e1acf18e24bfc6a7e1cd5b0c Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Thu, 12 Jan 2017 04:25:58 +0100 Subject: Add `allowemailregister` option --- lib/config.js | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/config.js') diff --git a/lib/config.js b/lib/config.js index 6b2ba0b6..031c6741 100644 --- a/lib/config.js +++ b/lib/config.js @@ -132,6 +132,7 @@ if (process.env.HMD_LDAP_PROVIDERNAME) { } var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false; var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email; +var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_HMD_ALLOW_EMAIL_REGISTER === 'true') : !!config.allowemailregister; function getserverurl() { var url = ''; @@ -194,6 +195,7 @@ module.exports = { ldap: ldap, imgur: imgur, email: email, + allowemailregister: allowemailregister, imageUploadType: imageUploadType, s3: s3, s3bucket: s3bucket -- cgit v1.2.3 From 6be875263a3c0ee849b023983032d8f55e28a2e0 Mon Sep 17 00:00:00 2001 From: Wu Cheng-Han Date: Thu, 12 Jan 2017 23:53:22 +0800 Subject: Fix allowemailregister config typo and default should be true --- lib/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/config.js') diff --git a/lib/config.js b/lib/config.js index 031c6741..f6e7f2c4 100644 --- a/lib/config.js +++ b/lib/config.js @@ -132,7 +132,7 @@ if (process.env.HMD_LDAP_PROVIDERNAME) { } var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false; var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email; -var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_HMD_ALLOW_EMAIL_REGISTER === 'true') : !!config.allowemailregister; +var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true); function getserverurl() { var url = ''; -- cgit v1.2.3