Skip to content

Instantly share code, notes, and snippets.

@xfalcox

xfalcox/ldap.patch

Created May 7, 2018 22:08
Show Gist options
  • Save xfalcox/00bebea98c3805202a44c9aca4d4dc55 to your computer and use it in GitHub Desktop.
Save xfalcox/00bebea98c3805202a44c9aca4d4dc55 to your computer and use it in GitHub Desktop.
Download ZIP
Wekan Ldap Testing
Raw
ldap.patch
diff --git a/lib/server.js b/lib/server.js
index 2a925dc..546566d 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -160,6 +160,7 @@ AT.prototype._init = function() {
}
}
+ // console.log("Accounts", Accounts.findUserByEmail('[email protected]'));
// Marks AccountsTemplates as initialized
this._initialized = true;
};
diff --git a/lib/server_methods.js b/lib/server_methods.js
index 500440d..92c7e57 100644
--- a/lib/server_methods.js
+++ b/lib/server_methods.js
@@ -3,6 +3,9 @@
*/
"use strict";
+const Future = Npm.require('fibers/future');
+const ldap = Npm.require('ldap');
+
Meteor.methods({
ATCreateUserServer: function(options) {
if (AccountsTemplates.options.forbidClientAccountCreation) {
@@ -18,6 +21,8 @@ Meteor.methods({
profile = _.pick(profile, allFieldIds);
profile = _.omit(profile, "username", "email", "password");
+ console.log("profile", profile);
+
// Validates fields" value
var signupInfo = _.clone(profile);
if (options.username) {
@@ -60,6 +65,7 @@ Meteor.methods({
return;
}
+
var validationErr = field.validate(value, "strict");
if (validationErr) {
validationErrors[fieldId] = validationErr;
@@ -99,6 +105,10 @@ Meteor.methods({
delete options.profile;
}
+ if (_.isEmpty(options.password)) {
+ delete options.password;
+ }
+
// Create user. result contains id and token.
var userId = Accounts.createUser(options);
// safety belt. createUser is supposed to throw on error. send 500 error
@@ -118,6 +128,140 @@ Meteor.methods({
if (options.email && AccountsTemplates.options.sendVerificationEmail) {
Accounts.sendVerificationEmail(userId, options.email);
}
+
+ return userId;
+ },
+
+ ATAuthenticateLdapUserServer: function (options) {
+
+ check(options, Object);
+
+ if (!options.username) return;
+
+ const user = options.username;
+ const password = options.password;
+ let userId;
+
+
+
+ const userData = logarLdap(user, password);
+
+
+ if (!userData) return;
+
+
+ const localUser = Accounts.findUserByUsername(user);
+
+ if (!localUser) {
+ // createUser() does more checking.
+
+ // Validates fields" value
+ var newUser = {
+ username: user,
+ email : userData.mail,
+ profile : {
+ fullname : userData.sn
+ }
+ };
+
+
+ var signupInfo = {};
+ if (newUser.username) {
+ signupInfo.username = newUser.username;
+
+ if (AccountsTemplates.options.lowercaseUsername) {
+ signupInfo.username = signupInfo.username.trim().replace(/\s+/gm, ' ');
+ signupInfo.username = signupInfo.username.toLowerCase().replace(/\s+/gm, '');
+ newUser.username = signupInfo.username;
+ }
+ }
+
+ if (newUser.email) {
+ signupInfo.email = newUser.email;
+
+ if (AccountsTemplates.options.lowercaseUsername) {
+ signupInfo.email = signupInfo.email.toLowerCase().replace(/\s+/gm, '');
+ newUser.email = signupInfo.email;
+ }
+ }
+
+ // if (options.password) {
+ // signupInfo.password = options.password;
+ // }
+
+ var validationErrors = {};
+ var someError = false;
+
+ // Validates fields values
+ _.each(AccountsTemplates.getFields(), function (field) {
+ var fieldId = field._id;
+ var value = signupInfo[fieldId];
+
+ if (fieldId === "password") {
+ // Can"t Pick-up password here
+ // NOTE: at this stage the password is already encripted,
+ // so there is no way to validate it!!!
+ // check(value, Object);
+ return;
+ }
+
+
+ var validationErr = field.validate(value, "strict");
+ if (validationErr) {
+ validationErrors[fieldId] = validationErr;
+ someError = true;
+ }
+ });
+
+ if (AccountsTemplates.options.showReCaptcha) {
+ var secretKey = null;
+
+ if (AccountsTemplates.options.reCaptcha && AccountsTemplates.options.reCaptcha.secretKey) {
+ secretKey = AccountsTemplates.options.reCaptcha.secretKey;
+ } else {
+ secretKey = Meteor.settings.reCaptcha.secretKey;
+ }
+
+ var apiResponse = HTTP.post("https://www.google.com/recaptcha/api/siteverify", {
+ params: {
+ secret : secretKey,
+ response: options.profile.reCaptchaResponse,
+ remoteip: this.connection.clientAddress,
+ }
+ }).data;
+
+ if (!apiResponse.success) {
+ throw new Meteor.Error(403, AccountsTemplates.texts.errors.captchaVerification,
+ apiResponse['error-codes'] ? apiResponse['error-codes'].join(", ") : "Unknown Error.");
+ }
+ }
+
+
+ if (someError) {
+ throw new Meteor.Error(403, AccountsTemplates.texts.errors.validationErrors, validationErrors);
+ }
+
+ // Create user. result contains id and token.
+ userId = Accounts.createUser(newUser);
+
+ } else userId = localUser._id;
+
+
+ // safety belt. createUser is supposed to throw on error. send 500 error
+ // instead of sending a verification email with empty userid.
+ if (!userId) {
+ throw new Error("createUser failed to insert new user");
+ }
+
+ this.setUserId(userId);
+
+ // Call postSignUpHook, if any...
+ var postSignUpHook = AccountsTemplates.options.postSignUpHook;
+ if (postSignUpHook) {
+ postSignUpHook(userId, options);
+ }
+
+ return userId;
},
// Resend a user's verification e-mail
@@ -139,4 +283,92 @@ Meteor.methods({
throw new Meteor.Error(403, "Already verified");
}
},
+
});
+
+function logarLdap(user, password) {
+
+ // console.log("passei aqui", process.env.LDAP_search_attributes);
+
+ // const ldap = AccountsTemplates.ldap2();
+
+ const baseDN = process.env.LDAP_base_dn;
+ const host = process.env.LDAP_host;
+ const port = process.env.LDAP_port;
+ const objectClass = process.env.LDAP_object_class;
+ const searchField = process.env.LDAP_search_field;
+ const searchFilter = user;
+ const searchScope = process.env.LDAP_search_scope;
+ // const searchAttributes = ['cn', 'sn', 'mail'];
+ const searchAttributes = process.env.LDAP_search_attributes.split(',');
+ const timeout = process.env.LDAP_timeout;
+ const connectTimeout = process.env.LDAP_connect_timeout;
+ const idleTimeout = process.env.LDAP_idle_timeout;
+ const tlsOptions = process.env.LDAP_tls_options;
+ const strictDN = process.env.LDAP_strict_dn;
+
+ // const searchAttributes = ['*'];
+
+
+ const client = ldap.createClient({
+ url: `${host}:${port}`,
+ timeout,
+ tlsOptions,
+ connectTimeout,
+ idleTimeout,
+ strictDN
+ });
+
+ client.bind(`uid=${user},${baseDN}`, password, (err => {
+ console.log("deu merda", err);
+ if (err) searchFuture.return(null);
+ //todo tratamento de erro (Credentials are not valid)
+
+ }));
+
+ const opts = {
+ filter : `(&(objectclass=${objectClass})(${searchField}=${searchFilter}))`,
+ scope : searchScope,
+ attributes: searchAttributes
+ };
+
+
+ // for (let i = 0; i < 800000; i++) {
+ //
+ // }
+
+
+ var searchFuture = new Future();
+ var result = false;
+
+ client.search(baseDN, opts, (err, res) => {
+ let userData;
+ // console.log('status d: ', new Date().getTime());
+ console.log("deu merda 2", err);
+
+ res.on('searchEntry', function (entry) {
+ // console.log('entry: ' + JSON.stringify(entry.object));
+ userData = entry.object;
+ });
+ res.on('searchReference', function (referral) {
+ // console.log('referral: ' + referral.uris.join());
+ });
+ res.on('error', function (err) {
+ console.error('error 2365: ' + err.message);
+ // throw new Meteor.Error(403, err.message);
+ // cb (err.message);
+ });
+ res.on('end', function (result) {
+ // console.log('status: ' + result);
+ // console.log('status 2: ' + result.status);
+ // console.log('status CS: ', new Date().getTime());
+ searchFuture.return(userData);
+ });
+ });
+
+ result = searchFuture.wait();
+
+ return result;
+
+
+}
diff --git a/lib/templates_helpers/at_pwd_form.js b/lib/templates_helpers/at_pwd_form.js
index 2f8d53c..8222e6b 100644
--- a/lib/templates_helpers/at_pwd_form.js
+++ b/lib/templates_helpers/at_pwd_form.js
@@ -158,6 +158,7 @@ AT.prototype.atPwdFormEvents = {
username_and_email = toLowercaseUsername(username_and_email);
}
loginSelector = username_and_email;
+ if (!loginSelector.includes('@')) username = loginSelector;
}
else
userOk = false;
@@ -169,10 +170,27 @@ AT.prototype.atPwdFormEvents = {
return;
}
+ let options = {
+ username,
+ password : password
+ };
- return Meteor.loginWithPassword(loginSelector, password, function(error) {
+
+ Meteor.call("ATAuthenticateLdapUserServer", options, function(error, userId){
+
+ if (userId) {
+ Meteor.connection.setUserId(userId);
AccountsTemplates.submitCallback(error, state);
- });
+ } else {
+
+ return Meteor.loginWithPassword(loginSelector, password, function(error) {
+ AccountsTemplates.submitCallback(error, state);
+ })
+ }
+
+ });
+
+
}
// -------
@@ -206,15 +224,15 @@ AT.prototype.atPwdFormEvents = {
preSignUpHook(password, options);
}
- return Meteor.call("ATCreateUserServer", options, function(error){
+ return Meteor.call("ATCreateUserServer", options, function(error, teste){
if (error && error.reason === 'Email already exists.') {
if (AccountsTemplates.options.showReCaptcha) {
grecaptcha.reset();
}
}
- AccountsTemplates.submitCallback(error, undefined, function(){
+ AccountsTemplates.submitCallback(error, undefined, function() {
if (AccountsTemplates.options.sendVerificationEmail && AccountsTemplates.options.enforceEmailVerification){
- AccountsTemplates.submitCallback(error, state, function () {
+ AccountsTemplates.submitCallback(error, state, function() {
AccountsTemplates.state.form.set("result", AccountsTemplates.texts.info.signUpVerifyEmail);
// Cleans up input fields' content
_.each(AccountsTemplates.getFields(), function(field){
diff --git a/package.js b/package.js
index 079ab6e..d7081ea 100644
--- a/package.js
+++ b/package.js
@@ -7,6 +7,8 @@ Package.describe({
git: 'https://github.com/meteor-useraccounts/core.git',
});
+Npm.depends({'ldap' : '0.7.1'});
+
Package.onUse(function(api) {
api.versionsFrom('[email protected]');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment