mirror of https://github.com/laurent22/joplin.git
Server: Allow self-signed certificate for ldap auth (#11531)
Co-authored-by: Laurent Cozic <laurent22@users.noreply.github.com>pull/11540/head
parent
3cba4ec82c
commit
28ff17a078
|
@ -125,6 +125,7 @@ function ldapConfigFromEnv(env: EnvVariables): LdapConfig[] {
|
||||||
baseDN: env.LDAP_1_BASE_DN,
|
baseDN: env.LDAP_1_BASE_DN,
|
||||||
bindDN: env.LDAP_1_BIND_DN,
|
bindDN: env.LDAP_1_BIND_DN,
|
||||||
bindPW: env.LDAP_1_BIND_PW,
|
bindPW: env.LDAP_1_BIND_PW,
|
||||||
|
tlsCaFile: env.LDAP_1_TLS_CA_FILE,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -138,6 +139,7 @@ function ldapConfigFromEnv(env: EnvVariables): LdapConfig[] {
|
||||||
baseDN: env.LDAP_2_BASE_DN,
|
baseDN: env.LDAP_2_BASE_DN,
|
||||||
bindDN: env.LDAP_2_BIND_DN,
|
bindDN: env.LDAP_2_BIND_DN,
|
||||||
bindPW: env.LDAP_2_BIND_PW,
|
bindPW: env.LDAP_2_BIND_PW,
|
||||||
|
tlsCaFile: env.LDAP_2_TLS_CA_FILE,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
return ldapConfig;
|
return ldapConfig;
|
||||||
|
|
|
@ -137,6 +137,7 @@ const defaultEnvValues: EnvVariables = {
|
||||||
LDAP_1_BASE_DN: '',
|
LDAP_1_BASE_DN: '',
|
||||||
LDAP_1_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
|
LDAP_1_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||||
LDAP_1_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
|
LDAP_1_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||||
|
LDAP_1_TLS_CA_FILE: '', // used for self-signed certificate with ldaps - leave empty if using ldap or server uses CA-issued certificate
|
||||||
|
|
||||||
LDAP_2_ENABLED: false,
|
LDAP_2_ENABLED: false,
|
||||||
LDAP_2_USER_AUTO_CREATION: true, // if set to true, users will be created on the fly after ldap authentication
|
LDAP_2_USER_AUTO_CREATION: true, // if set to true, users will be created on the fly after ldap authentication
|
||||||
|
@ -146,6 +147,7 @@ const defaultEnvValues: EnvVariables = {
|
||||||
LDAP_2_BASE_DN: '',
|
LDAP_2_BASE_DN: '',
|
||||||
LDAP_2_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
|
LDAP_2_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||||
LDAP_2_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
|
LDAP_2_BIND_PW: '', // used for user search - leave empty if ldap server allows anonymous bind
|
||||||
|
LDAP_2_TLS_CA_FILE: '', // used for self-signed certificate with ldaps - leave empty if using ldap or server uses CA-issued certificate
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -228,6 +230,7 @@ export interface EnvVariables {
|
||||||
LDAP_1_BASE_DN: string;
|
LDAP_1_BASE_DN: string;
|
||||||
LDAP_1_BIND_DN: string;
|
LDAP_1_BIND_DN: string;
|
||||||
LDAP_1_BIND_PW: string;
|
LDAP_1_BIND_PW: string;
|
||||||
|
LDAP_1_TLS_CA_FILE: string;
|
||||||
|
|
||||||
LDAP_2_ENABLED: boolean;
|
LDAP_2_ENABLED: boolean;
|
||||||
LDAP_2_USER_AUTO_CREATION: boolean;
|
LDAP_2_USER_AUTO_CREATION: boolean;
|
||||||
|
@ -237,6 +240,7 @@ export interface EnvVariables {
|
||||||
LDAP_2_BASE_DN: string;
|
LDAP_2_BASE_DN: string;
|
||||||
LDAP_2_BIND_DN: string;
|
LDAP_2_BIND_DN: string;
|
||||||
LDAP_2_BIND_PW: string;
|
LDAP_2_BIND_PW: string;
|
||||||
|
LDAP_2_TLS_CA_FILE: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
const parseBoolean = (s: string): boolean => {
|
const parseBoolean = (s: string): boolean => {
|
||||||
|
|
|
@ -86,6 +86,7 @@ describe('api/sessions', () => {
|
||||||
baseDN: '',
|
baseDN: '',
|
||||||
bindDN: '',
|
bindDN: '',
|
||||||
bindPW: '',
|
bindPW: '',
|
||||||
|
tlsCaFile: '',
|
||||||
};
|
};
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -123,6 +124,7 @@ describe('api/sessions', () => {
|
||||||
baseDN: '',
|
baseDN: '',
|
||||||
bindDN: '',
|
bindDN: '',
|
||||||
bindPW: '',
|
bindPW: '',
|
||||||
|
tlsCaFile: '',
|
||||||
};
|
};
|
||||||
|
|
||||||
const context = await postSession(user.email, password);
|
const context = await postSession(user.email, password);
|
||||||
|
@ -151,6 +153,7 @@ describe('api/sessions', () => {
|
||||||
baseDN: '',
|
baseDN: '',
|
||||||
bindDN: '',
|
bindDN: '',
|
||||||
bindPW: '',
|
bindPW: '',
|
||||||
|
tlsCaFile: '',
|
||||||
};
|
};
|
||||||
|
|
||||||
(ldapLogin as jest.Mock).mockResolvedValue(user);
|
(ldapLogin as jest.Mock).mockResolvedValue(user);
|
||||||
|
@ -179,6 +182,7 @@ describe('api/sessions', () => {
|
||||||
baseDN: '',
|
baseDN: '',
|
||||||
bindDN: '',
|
bindDN: '',
|
||||||
bindPW: '',
|
bindPW: '',
|
||||||
|
tlsCaFile: '',
|
||||||
};
|
};
|
||||||
|
|
||||||
(ldapLogin as jest.Mock).mockImplementationOnce(() => {
|
(ldapLogin as jest.Mock).mockImplementationOnce(() => {
|
||||||
|
@ -203,6 +207,7 @@ describe('api/sessions', () => {
|
||||||
baseDN: '',
|
baseDN: '',
|
||||||
bindDN: '',
|
bindDN: '',
|
||||||
bindPW: '',
|
bindPW: '',
|
||||||
|
tlsCaFile: '',
|
||||||
};
|
};
|
||||||
|
|
||||||
(ldapLogin as jest.Mock).mockImplementationOnce(() => {
|
(ldapLogin as jest.Mock).mockImplementationOnce(() => {
|
||||||
|
|
|
@ -3,6 +3,7 @@ import { User } from '../services/database/types';
|
||||||
import Logger from '@joplin/utils/Logger';
|
import Logger from '@joplin/utils/Logger';
|
||||||
import { LdapConfig } from './types';
|
import { LdapConfig } from './types';
|
||||||
import { ErrorForbidden } from './errors';
|
import { ErrorForbidden } from './errors';
|
||||||
|
import { readFile } from 'fs/promises';
|
||||||
|
|
||||||
const logger = Logger.create('LDAP');
|
const logger = Logger.create('LDAP');
|
||||||
|
|
||||||
|
@ -16,6 +17,7 @@ export default async function ldapLogin(email: string, password: string, user: U
|
||||||
const baseDN = config.baseDN;
|
const baseDN = config.baseDN;
|
||||||
const bindDN = config.bindDN;
|
const bindDN = config.bindDN;
|
||||||
const bindPW = config.bindPW;
|
const bindPW = config.bindPW;
|
||||||
|
const tlsCaFile = config.tlsCaFile;
|
||||||
|
|
||||||
logger.info(`Starting authentication with Server ${host}`);
|
logger.info(`Starting authentication with Server ${host}`);
|
||||||
|
|
||||||
|
@ -25,10 +27,19 @@ export default async function ldapLogin(email: string, password: string, user: U
|
||||||
|
|
||||||
if (enabled) {
|
if (enabled) {
|
||||||
let searchResults;
|
let searchResults;
|
||||||
|
|
||||||
|
let tlsOptions;
|
||||||
|
if (tlsCaFile.length !== 0) {
|
||||||
|
tlsOptions = {
|
||||||
|
ca: [await readFile(tlsCaFile)],
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
const client = new Client({
|
const client = new Client({
|
||||||
url: host,
|
url: host,
|
||||||
timeout: 5000,
|
timeout: 5000,
|
||||||
connectTimeout: 1000,
|
connectTimeout: 1000,
|
||||||
|
tlsOptions: tlsOptions,
|
||||||
});
|
});
|
||||||
|
|
||||||
if (bindDN.length !== 0) {
|
if (bindDN.length !== 0) {
|
||||||
|
|
|
@ -141,6 +141,7 @@ export interface LdapConfig {
|
||||||
baseDN: string;
|
baseDN: string;
|
||||||
bindDN: string;
|
bindDN: string;
|
||||||
bindPW: string;
|
bindPW: string;
|
||||||
|
tlsCaFile: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
export interface Config extends EnvVariables {
|
export interface Config extends EnvVariables {
|
||||||
|
|
|
@ -153,4 +153,5 @@ tablist
|
||||||
Favorite
|
Favorite
|
||||||
tablist
|
tablist
|
||||||
Edubirdie
|
Edubirdie
|
||||||
Useviral
|
Useviral
|
||||||
|
ldaps
|
||||||
|
|
Loading…
Reference in New Issue