Created
May 7, 2018 22:08
-
-
Save xfalcox/00bebea98c3805202a44c9aca4d4dc55 to your computer and use it in GitHub Desktop.
Wekan Ldap Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/lib/server.js b/lib/server.js | |
index 2a925dc..546566d 100644 | |
--- a/lib/server.js | |
+++ b/lib/server.js | |
@@ -160,6 +160,7 @@ AT.prototype._init = function() { | |
} | |
} | |
+ // console.log("Accounts", Accounts.findUserByEmail('[email protected]')); | |
// Marks AccountsTemplates as initialized | |
this._initialized = true; | |
}; | |
diff --git a/lib/server_methods.js b/lib/server_methods.js | |
index 500440d..92c7e57 100644 | |
--- a/lib/server_methods.js | |
+++ b/lib/server_methods.js | |
@@ -3,6 +3,9 @@ | |
*/ | |
"use strict"; | |
+const Future = Npm.require('fibers/future'); | |
+const ldap = Npm.require('ldap'); | |
+ | |
Meteor.methods({ | |
ATCreateUserServer: function(options) { | |
if (AccountsTemplates.options.forbidClientAccountCreation) { | |
@@ -18,6 +21,8 @@ Meteor.methods({ | |
profile = _.pick(profile, allFieldIds); | |
profile = _.omit(profile, "username", "email", "password"); | |
+ console.log("profile", profile); | |
+ | |
// Validates fields" value | |
var signupInfo = _.clone(profile); | |
if (options.username) { | |
@@ -60,6 +65,7 @@ Meteor.methods({ | |
return; | |
} | |
+ | |
var validationErr = field.validate(value, "strict"); | |
if (validationErr) { | |
validationErrors[fieldId] = validationErr; | |
@@ -99,6 +105,10 @@ Meteor.methods({ | |
delete options.profile; | |
} | |
+ if (_.isEmpty(options.password)) { | |
+ delete options.password; | |
+ } | |
+ | |
// Create user. result contains id and token. | |
var userId = Accounts.createUser(options); | |
// safety belt. createUser is supposed to throw on error. send 500 error | |
@@ -118,6 +128,140 @@ Meteor.methods({ | |
if (options.email && AccountsTemplates.options.sendVerificationEmail) { | |
Accounts.sendVerificationEmail(userId, options.email); | |
} | |
+ | |
+ return userId; | |
+ }, | |
+ | |
+ ATAuthenticateLdapUserServer: function (options) { | |
+ | |
+ check(options, Object); | |
+ | |
+ if (!options.username) return; | |
+ | |
+ const user = options.username; | |
+ const password = options.password; | |
+ let userId; | |
+ | |
+ | |
+ | |
+ const userData = logarLdap(user, password); | |
+ | |
+ | |
+ if (!userData) return; | |
+ | |
+ | |
+ const localUser = Accounts.findUserByUsername(user); | |
+ | |
+ if (!localUser) { | |
+ // createUser() does more checking. | |
+ | |
+ // Validates fields" value | |
+ var newUser = { | |
+ username: user, | |
+ email : userData.mail, | |
+ profile : { | |
+ fullname : userData.sn | |
+ } | |
+ }; | |
+ | |
+ | |
+ var signupInfo = {}; | |
+ if (newUser.username) { | |
+ signupInfo.username = newUser.username; | |
+ | |
+ if (AccountsTemplates.options.lowercaseUsername) { | |
+ signupInfo.username = signupInfo.username.trim().replace(/\s+/gm, ' '); | |
+ signupInfo.username = signupInfo.username.toLowerCase().replace(/\s+/gm, ''); | |
+ newUser.username = signupInfo.username; | |
+ } | |
+ } | |
+ | |
+ if (newUser.email) { | |
+ signupInfo.email = newUser.email; | |
+ | |
+ if (AccountsTemplates.options.lowercaseUsername) { | |
+ signupInfo.email = signupInfo.email.toLowerCase().replace(/\s+/gm, ''); | |
+ newUser.email = signupInfo.email; | |
+ } | |
+ } | |
+ | |
+ // if (options.password) { | |
+ // signupInfo.password = options.password; | |
+ // } | |
+ | |
+ var validationErrors = {}; | |
+ var someError = false; | |
+ | |
+ // Validates fields values | |
+ _.each(AccountsTemplates.getFields(), function (field) { | |
+ var fieldId = field._id; | |
+ var value = signupInfo[fieldId]; | |
+ | |
+ if (fieldId === "password") { | |
+ // Can"t Pick-up password here | |
+ // NOTE: at this stage the password is already encripted, | |
+ // so there is no way to validate it!!! | |
+ // check(value, Object); | |
+ return; | |
+ } | |
+ | |
+ | |
+ var validationErr = field.validate(value, "strict"); | |
+ if (validationErr) { | |
+ validationErrors[fieldId] = validationErr; | |
+ someError = true; | |
+ } | |
+ }); | |
+ | |
+ if (AccountsTemplates.options.showReCaptcha) { | |
+ var secretKey = null; | |
+ | |
+ if (AccountsTemplates.options.reCaptcha && AccountsTemplates.options.reCaptcha.secretKey) { | |
+ secretKey = AccountsTemplates.options.reCaptcha.secretKey; | |
+ } else { | |
+ secretKey = Meteor.settings.reCaptcha.secretKey; | |
+ } | |
+ | |
+ var apiResponse = HTTP.post("https://www.google.com/recaptcha/api/siteverify", { | |
+ params: { | |
+ secret : secretKey, | |
+ response: options.profile.reCaptchaResponse, | |
+ remoteip: this.connection.clientAddress, | |
+ } | |
+ }).data; | |
+ | |
+ if (!apiResponse.success) { | |
+ throw new Meteor.Error(403, AccountsTemplates.texts.errors.captchaVerification, | |
+ apiResponse['error-codes'] ? apiResponse['error-codes'].join(", ") : "Unknown Error."); | |
+ } | |
+ } | |
+ | |
+ | |
+ if (someError) { | |
+ throw new Meteor.Error(403, AccountsTemplates.texts.errors.validationErrors, validationErrors); | |
+ } | |
+ | |
+ // Create user. result contains id and token. | |
+ userId = Accounts.createUser(newUser); | |
+ | |
+ } else userId = localUser._id; | |
+ | |
+ | |
+ // safety belt. createUser is supposed to throw on error. send 500 error | |
+ // instead of sending a verification email with empty userid. | |
+ if (!userId) { | |
+ throw new Error("createUser failed to insert new user"); | |
+ } | |
+ | |
+ this.setUserId(userId); | |
+ | |
+ // Call postSignUpHook, if any... | |
+ var postSignUpHook = AccountsTemplates.options.postSignUpHook; | |
+ if (postSignUpHook) { | |
+ postSignUpHook(userId, options); | |
+ } | |
+ | |
+ return userId; | |
}, | |
// Resend a user's verification e-mail | |
@@ -139,4 +283,92 @@ Meteor.methods({ | |
throw new Meteor.Error(403, "Already verified"); | |
} | |
}, | |
+ | |
}); | |
+ | |
+function logarLdap(user, password) { | |
+ | |
+ // console.log("passei aqui", process.env.LDAP_search_attributes); | |
+ | |
+ // const ldap = AccountsTemplates.ldap2(); | |
+ | |
+ const baseDN = process.env.LDAP_base_dn; | |
+ const host = process.env.LDAP_host; | |
+ const port = process.env.LDAP_port; | |
+ const objectClass = process.env.LDAP_object_class; | |
+ const searchField = process.env.LDAP_search_field; | |
+ const searchFilter = user; | |
+ const searchScope = process.env.LDAP_search_scope; | |
+ // const searchAttributes = ['cn', 'sn', 'mail']; | |
+ const searchAttributes = process.env.LDAP_search_attributes.split(','); | |
+ const timeout = process.env.LDAP_timeout; | |
+ const connectTimeout = process.env.LDAP_connect_timeout; | |
+ const idleTimeout = process.env.LDAP_idle_timeout; | |
+ const tlsOptions = process.env.LDAP_tls_options; | |
+ const strictDN = process.env.LDAP_strict_dn; | |
+ | |
+ // const searchAttributes = ['*']; | |
+ | |
+ | |
+ const client = ldap.createClient({ | |
+ url: `${host}:${port}`, | |
+ timeout, | |
+ tlsOptions, | |
+ connectTimeout, | |
+ idleTimeout, | |
+ strictDN | |
+ }); | |
+ | |
+ client.bind(`uid=${user},${baseDN}`, password, (err => { | |
+ console.log("deu merda", err); | |
+ if (err) searchFuture.return(null); | |
+ //todo tratamento de erro (Credentials are not valid) | |
+ | |
+ })); | |
+ | |
+ const opts = { | |
+ filter : `(&(objectclass=${objectClass})(${searchField}=${searchFilter}))`, | |
+ scope : searchScope, | |
+ attributes: searchAttributes | |
+ }; | |
+ | |
+ | |
+ // for (let i = 0; i < 800000; i++) { | |
+ // | |
+ // } | |
+ | |
+ | |
+ var searchFuture = new Future(); | |
+ var result = false; | |
+ | |
+ client.search(baseDN, opts, (err, res) => { | |
+ let userData; | |
+ // console.log('status d: ', new Date().getTime()); | |
+ console.log("deu merda 2", err); | |
+ | |
+ res.on('searchEntry', function (entry) { | |
+ // console.log('entry: ' + JSON.stringify(entry.object)); | |
+ userData = entry.object; | |
+ }); | |
+ res.on('searchReference', function (referral) { | |
+ // console.log('referral: ' + referral.uris.join()); | |
+ }); | |
+ res.on('error', function (err) { | |
+ console.error('error 2365: ' + err.message); | |
+ // throw new Meteor.Error(403, err.message); | |
+ // cb (err.message); | |
+ }); | |
+ res.on('end', function (result) { | |
+ // console.log('status: ' + result); | |
+ // console.log('status 2: ' + result.status); | |
+ // console.log('status CS: ', new Date().getTime()); | |
+ searchFuture.return(userData); | |
+ }); | |
+ }); | |
+ | |
+ result = searchFuture.wait(); | |
+ | |
+ return result; | |
+ | |
+ | |
+} | |
diff --git a/lib/templates_helpers/at_pwd_form.js b/lib/templates_helpers/at_pwd_form.js | |
index 2f8d53c..8222e6b 100644 | |
--- a/lib/templates_helpers/at_pwd_form.js | |
+++ b/lib/templates_helpers/at_pwd_form.js | |
@@ -158,6 +158,7 @@ AT.prototype.atPwdFormEvents = { | |
username_and_email = toLowercaseUsername(username_and_email); | |
} | |
loginSelector = username_and_email; | |
+ if (!loginSelector.includes('@')) username = loginSelector; | |
} | |
else | |
userOk = false; | |
@@ -169,10 +170,27 @@ AT.prototype.atPwdFormEvents = { | |
return; | |
} | |
+ let options = { | |
+ username, | |
+ password : password | |
+ }; | |
- return Meteor.loginWithPassword(loginSelector, password, function(error) { | |
+ | |
+ Meteor.call("ATAuthenticateLdapUserServer", options, function(error, userId){ | |
+ | |
+ if (userId) { | |
+ Meteor.connection.setUserId(userId); | |
AccountsTemplates.submitCallback(error, state); | |
- }); | |
+ } else { | |
+ | |
+ return Meteor.loginWithPassword(loginSelector, password, function(error) { | |
+ AccountsTemplates.submitCallback(error, state); | |
+ }) | |
+ } | |
+ | |
+ }); | |
+ | |
+ | |
} | |
// ------- | |
@@ -206,15 +224,15 @@ AT.prototype.atPwdFormEvents = { | |
preSignUpHook(password, options); | |
} | |
- return Meteor.call("ATCreateUserServer", options, function(error){ | |
+ return Meteor.call("ATCreateUserServer", options, function(error, teste){ | |
if (error && error.reason === 'Email already exists.') { | |
if (AccountsTemplates.options.showReCaptcha) { | |
grecaptcha.reset(); | |
} | |
} | |
- AccountsTemplates.submitCallback(error, undefined, function(){ | |
+ AccountsTemplates.submitCallback(error, undefined, function() { | |
if (AccountsTemplates.options.sendVerificationEmail && AccountsTemplates.options.enforceEmailVerification){ | |
- AccountsTemplates.submitCallback(error, state, function () { | |
+ AccountsTemplates.submitCallback(error, state, function() { | |
AccountsTemplates.state.form.set("result", AccountsTemplates.texts.info.signUpVerifyEmail); | |
// Cleans up input fields' content | |
_.each(AccountsTemplates.getFields(), function(field){ | |
diff --git a/package.js b/package.js | |
index 079ab6e..d7081ea 100644 | |
--- a/package.js | |
+++ b/package.js | |
@@ -7,6 +7,8 @@ Package.describe({ | |
git: 'https://github.com/meteor-useraccounts/core.git', | |
}); | |
+Npm.depends({'ldap' : '0.7.1'}); | |
+ | |
Package.onUse(function(api) { | |
api.versionsFrom('[email protected]'); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment