jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

boxerror: always pass second error string

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-10-30 16:21:21 +01:00
parent a32b567eb1
commit 61341b8380
8 changed files with 65 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/externalldap.js
+16 -16
View File
@@ -104,8 +104,8 @@ async function getClient(config, options) {
assert.strictEqual(typeof options, 'object');
// basic validation to not crash
try { ldap.parseDN(config.baseDn); } catch (e) { throw new BoxError(BoxError.BAD_FIELD, 'invalid baseDn'); }
try { ldap.parseFilter(config.filter); } catch (e) { throw new BoxError(BoxError.BAD_FIELD, 'invalid filter'); }
try { ldap.parseDN(config.baseDn); } catch (e) { throw new BoxError(BoxError.BAD_FIELD, `invalid baseDn ${config.baseDn}: ${e.message}`); }
try { ldap.parseFilter(config.filter); } catch (e) { throw new BoxError(BoxError.BAD_FIELD, `invalid filter ${config.filter}: ${e.mssage}`); }
let client;
try {
@@ -135,7 +135,7 @@ async function getClient(config, options) {
if (!config.bindDn || !options.bind) return resolve(client);
client.bind(config.bindDn, config.bindPassword, function (error) {
if (error instanceof ldap.InvalidCredentialsError) return reject(new BoxError(BoxError.INVALID_CREDENTIALS));
if (error instanceof ldap.InvalidCredentialsError) return reject(new BoxError(BoxError.INVALID_CREDENTIALS, 'Incorrect bind password'));
if (error) return reject(new BoxError(BoxError.EXTERNAL_ERROR, error));
resolve(client);
@@ -149,11 +149,11 @@ async function clientSearch(client, dn, searchOptions) {
assert.strictEqual(typeof searchOptions, 'object');
// basic validation to not crash
try { ldap.parseDN(dn); } catch (e) { throw new BoxError(BoxError.BAD_FIELD, 'invalid DN'); }
try { ldap.parseDN(dn); } catch (e) { throw new BoxError(BoxError.BAD_FIELD, `invalid dn ${dn}: ${e.message}`); }
return await new Promise((resolve, reject) => {
client.search(dn, searchOptions, function (error, result) {
if (error instanceof ldap.NoSuchObjectError) return reject(new BoxError(BoxError.NOT_FOUND));
if (error instanceof ldap.NoSuchObjectError) return reject(new BoxError(BoxError.NOT_FOUND, `dn not found ${dn}`));
if (error) return reject(new BoxError(BoxError.EXTERNAL_ERROR, error));
const ldapObjects = [];
@@ -184,7 +184,7 @@ async function ldapGetByDN(config, dn) {
const client = await getClient(config, { bind: true });
const result = await clientSearch(client, dn, searchOptions);
client.unbind();
if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND);
if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, `dn ${dn} not found`);
return result[0];
}
@@ -243,20 +243,20 @@ async function testConfig(config) {
// bindDn may not be a dn!
if (!config.baseDn) return new BoxError(BoxError.BAD_FIELD, 'basedn must not be empty');
try { ldap.parseDN(config.baseDn); } catch (e) { return new BoxError(BoxError.BAD_FIELD, 'invalid baseDn'); }
try { ldap.parseDN(config.baseDn); } catch (e) { throw new BoxError(BoxError.BAD_FIELD, `invalid base ${config.baseDn}: ${e.message}`); }
if (!config.filter) return new BoxError(BoxError.BAD_FIELD, 'filter must not be empty');
try { ldap.parseFilter(config.filter); } catch (e) { return new BoxError(BoxError.BAD_FIELD, 'invalid filter'); }
try { ldap.parseFilter(config.filter); } catch (e) { return new BoxError(BoxError.BAD_FIELD, `invalid filter ${config.filter}: ${e.message}`); }
if ('syncGroups' in config && typeof config.syncGroups !== 'boolean') return new BoxError(BoxError.BAD_FIELD, 'syncGroups must be a boolean');
if ('acceptSelfSignedCerts' in config && typeof config.acceptSelfSignedCerts !== 'boolean') return new BoxError(BoxError.BAD_FIELD, 'acceptSelfSignedCerts must be a boolean');
if (config.syncGroups) {
if (!config.groupBaseDn) return new BoxError(BoxError.BAD_FIELD, 'groupBaseDn must not be empty');
try { ldap.parseDN(config.groupBaseDn); } catch (e) { return new BoxError(BoxError.BAD_FIELD, 'invalid groupBaseDn'); }
try { ldap.parseDN(config.groupBaseDn); } catch (e) { return new BoxError(BoxError.BAD_FIELD, `invalid groupBaseDn ${config.groupBaseDn}: ${e.message}`); }
if (!config.groupFilter) return new BoxError(BoxError.BAD_FIELD, 'groupFilter must not be empty');
try { ldap.parseFilter(config.groupFilter); } catch (e) { return new BoxError(BoxError.BAD_FIELD, 'invalid groupFilter'); }
try { ldap.parseFilter(config.groupFilter); } catch (e) { return new BoxError(BoxError.BAD_FIELD, `invalid groupFilter ${config.groupFilter}: ${e.message}`); }
if (!config.groupnameField || typeof config.groupnameField !== 'string') return new BoxError(BoxError.BAD_FIELD, 'groupFilter must not be empty');
}
@@ -284,11 +284,11 @@ async function maybeCreateUser(identifier) {
if (!config.autoCreate) throw new BoxError(BoxError.BAD_STATE, 'auto create not enabled');
const ldapUsers = await ldapUserSearch(config, { filter: `${config.usernameField}=${identifier}` });
if (ldapUsers.length === 0) throw new BoxError(BoxError.NOT_FOUND);
if (ldapUsers.length > 1) throw new BoxError(BoxError.CONFLICT);
if (ldapUsers.length === 0) throw new BoxError(BoxError.NOT_FOUND, `no users found for filter ${config.usernameField}=${identifier}`);
if (ldapUsers.length > 1) throw new BoxError(BoxError.CONFLICT, `more than 1 user matches filter ${config.usernameField}=${identifier}`);
const user = translateUser(config, ldapUsers[0]);
if (!user) throw new BoxError(BoxError.BAD_FIELD);
if (!user) throw new BoxError(BoxError.BAD_FIELD, 'Failed to translate user');
return await users.add(user.email, { username: user.username, password: null, displayName: user.displayName, source: 'ldap' }, AuditSource.EXTERNAL_LDAP);
}
@@ -302,8 +302,8 @@ async function verifyPassword(username, password, options) {
if (config.provider === 'noop') throw new BoxError(BoxError.BAD_STATE, 'not enabled');
const ldapUsers = await ldapUserSearch(config, { filter: `${config.usernameField}=${username}` });
if (ldapUsers.length === 0) throw new BoxError(BoxError.NOT_FOUND);
if (ldapUsers.length > 1) throw new BoxError(BoxError.CONFLICT);
if (ldapUsers.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'no such user');
if (ldapUsers.length > 1) throw new BoxError(BoxError.CONFLICT, 'multiple users found');
const client = await getClient(config, { bind: false });
@@ -322,7 +322,7 @@ async function verifyPassword(username, password, options) {
if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error);
const user = translateUser(config, ldapUsers[0]);
if (!user) throw new BoxError(BoxError.BAD_FIELD);
if (!user) throw new BoxError(BoxError.BAD_FIELD, 'could not translate user');
return user;
}