jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Only create external ldap users for oauth logins

Browse Source
This commit is contained in:
Johannes Zellner
2019-11-20 19:48:40 +01:00
parent 808753ad3a
commit c53b54bda3
2 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/routes/accesscontrol.js
View File

@@ -15,6 +15,7 @@ var accesscontrol = require('../accesscontrol.js'),
BoxError = require('../boxerror.js'),
clients = require('../clients.js'),
ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
externalLdap = require('../externalldap.js'),
HttpError = require('connect-lastmile').HttpError,
LocalStrategy = require('passport-local').Strategy,
passport = require('passport'),
@@ -37,11 +38,30 @@ function initialize(callback) {
});
});
// used when username/password is sent in request body. used in CLI tool login route
passport.use(new LocalStrategy(function (username, password, callback) {
// TODO we should only do this for dashboard logins
function createAndVerifyUserIfNotExist(identifier, password, callback) {
assert.strictEqual(typeof identifier, 'string');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof callback, 'function');
externalLdap.createAndVerifyUserIfNotExist(identifier.toLowerCase(), password, function (error, result) {
if (error && error.reason === BoxError.BAD_STATE) return callback(null, false);
if (error && error.reason === BoxError.BAD_FIELD) return callback(null, false);
if (error && error.reason === BoxError.CONFLICT) return callback(null, false);
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
if (error) return callback(error);
callback(null, result);
});
}
if (username.indexOf('@') === -1) {
users.verifyWithUsername(username, password, function (error, result) {
if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyUserIfNotExist(username, password, callback);
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
if (error) return callback(error);
if (!result) return callback(null, false);
@@ -49,7 +69,7 @@ function initialize(callback) {
});
} else {
users.verifyWithEmail(username, password, function (error, result) {
if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyUserIfNotExist(username, password, callback);
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
if (error) return callback(error);
if (!result) return callback(null, false);