jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

externalldap: add tests

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-01-07 22:01:57 +01:00
parent c842d02d6f
commit 053f81a53e
10 changed files with 93 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ldapserver.js
View File

@@ -68,7 +68,7 @@ async function userAuthInternal(appId, req, res, next) {
verifyFunc = users.verifyWithUsername;
}
const [error, user] = await safe(verifyFunc(commonName, req.credentials || '', appId || '', { relaxedTotpCheck: true, totpToken }));
const [error, user] = await safe(verifyFunc(commonName, req.credentials || '', appId || '', { skipTotpCheck: true, totpToken }));
if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(error.message));
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(error.message));
if (error) return next(new ldap.OperationsError(error.message));
@@ -470,13 +470,13 @@ async function verifyMailboxPassword(mailbox, password) {
assert.strictEqual(typeof password, 'string');
if (mailbox.ownerType === mail.OWNERTYPE_USER) {
return await users.verify(mailbox.ownerId, password, users.AP_MAIL /* identifier */, { relaxedTotpCheck: true });
return await users.verify(mailbox.ownerId, password, users.AP_MAIL /* identifier */, { skipTotpCheck: true });
} else if (mailbox.ownerType === mail.OWNERTYPE_GROUP) {
const userIds = await groups.getMembers(mailbox.ownerId);
let verifiedUser = null;
for (const userId of userIds) {
const [error, result] = await safe(users.verify(userId, password, users.AP_MAIL /* identifier */, { relaxedTotpCheck: true }));
const [error, result] = await safe(users.verify(userId, password, users.AP_MAIL /* identifier */, { skipTotpCheck: true }));
if (error) continue; // try the next user
verifiedUser = result;
break; // found a matching validated user
@@ -501,7 +501,7 @@ async function authenticateSftp(req, res, next) {
let [error, app] = await safe(apps.getByFqdn(parts[1]));
if (error || !app) return next(new ldap.InvalidCredentialsError());
[error] = await safe(users.verifyWithUsername(parts[0], req.credentials, app.id, { relaxedTotpCheck: true }));
[error] = await safe(users.verifyWithUsername(parts[0], req.credentials, app.id, { skipTotpCheck: true }));
if (error) return next(new ldap.InvalidCredentialsError(error.message));
debug('sftp auth: success');