jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Also auth against mailPasswords in ldapserver.js

Browse Source
This commit is contained in:
Johannes Zellner
2026-02-17 19:37:38 +01:00
parent bfbcbb686d
commit cb5ccd8166
3 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/users.js
+19
View File
@@ -11,6 +11,7 @@ import externalLdap from './externalldap.js';
import hat from './hat.js';
import mail from './mail.js';
import mailer from './mailer.js';
import mailPasswords from './mailpasswords.js';
import mysql from 'mysql2';
import notifications from './notifications.js';
import oidcClients from './oidcclients.js';
@@ -572,6 +573,17 @@ async function verifyAppPassword(userId, password, identifier) {
throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Password is not valid');
}
async function verifyMailPassword(userId, password) {
assert.strictEqual(typeof userId, 'string');
assert.strictEqual(typeof password, 'string');
const result = await mailPasswords.getByUserId(userId);
if (result.find(r => r.password === password)) return;
throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Password is not valid');
}
// identifier is only used to check if password is valid for a specific app
async function verify(user, password, identifier, options) {
assert.strictEqual(typeof user, 'object');
@@ -602,6 +614,13 @@ async function verify(user, password, identifier, options) {
return user;
}
const [mailPasswordError] = await safe(verifyMailPassword(user.id, password));
if (!mailPasswordError) { // matched app password
debug(`verify: ${user.username || user.id} matched mail password`);
user.mailPassword = true;
return user;
}
let localTotpCheck; // does 2fa need to be verified with local database 2fa creds
if (user.source === 'ldap') {
await externalLdap.verifyPassword(user.username, password, options);