diff --git a/src/externalldap.js b/src/externalldap.js index 5fc6d6cbc..684573cd5 100644 --- a/src/externalldap.js +++ b/src/externalldap.js @@ -51,6 +51,11 @@ ExternalLdapError.NOT_FOUND = 'not found'; function getClient(externalLdapConfig, callback) { assert.strictEqual(typeof callback, 'function'); + // basic validation to not crash + try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid baseDn')); } + try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid filter')); } + if (externalLdapConfig.bindDn) try { ldap.parseFilter(externalLdapConfig.bindDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS)); } + var client; try { client = ldap.createClient({ url: externalLdapConfig.url }); @@ -79,11 +84,6 @@ function testConfig(config, callback) { if (!config.baseDn) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'basedn must not be empty')); if (!config.filter) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'filter must not be empty')); - // basic validation - try { ldap.parseDN(config.baseDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid baseDn')); } - try { ldap.parseFilter(config.filter); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid filter')); } - if (config.bindDn) try { ldap.parseFilter(config.bindDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS)); } - getClient(config, function (error, client) { if (error) return callback(error); @@ -111,11 +111,6 @@ function verifyPassword(user, password, callback) { if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error)); if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled')); - // basic validation to not crash - try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid baseDn')); } - try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid filter')); } - if (externalLdapConfig.bindDn) try { ldap.parseFilter(externalLdapConfig.bindDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS)); } - getClient(externalLdapConfig, function (error, client) { if (error) return callback(error); @@ -158,17 +153,12 @@ function sync(progressCallback, callback) { if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error)); if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled')); - // basic validation to not crash - try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid baseDn')); } - try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid filter')); } - if (externalLdapConfig.bindDn) try { ldap.parseFilter(externalLdapConfig.bindDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS)); } - getClient(externalLdapConfig, function (error, client) { if (error) return callback(error); var opts = { filter: externalLdapConfig.filter, - scope: 'sub' + scope: 'sub' // We may have to make this configurable }; // TODO this needs pagination!