jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Move autocreation logic into external ldap

Browse Source
This commit is contained in:
Johannes Zellner
2019-11-19 09:53:00 +01:00
parent 8fd0461c62
commit e3cee37527
2 changed files with 74 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/users.js
View File

@@ -241,44 +241,17 @@ function verify(userId, password, callback) {
});
}
// TODO should be a setting probably has to move to externalldap.js
let autocreate = true;
function createAndVerifyIfNotExist(identifier, password, callback) {
function createAndVerifyUserIfNotExist(identifier, password, callback) {
assert.strictEqual(typeof identifier, 'string');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof callback, 'function');
if (!autocreate) return callback(new BoxError(BoxError.NOT_FOUND));
externalLdap.search(identifier, function (error, users) {
externalLdap.createAndVerifyUserIfNotExist(identifier, password, function (error, result) {
if (error && error.reason === BoxError.BAD_STATE) return callback(new BoxError(BoxError.NOT_FOUND));
if (error && error.reason === BoxError.BAD_FIELD) return callback(new BoxError(BoxError.NOT_FOUND));
if (error) return callback(error);
if (users.length === 0) return callback(new BoxError(BoxError.NOT_FOUND));
if (users.length > 1) return callback(new BoxError(BoxError.CONFLICT));
const username = users[0].username;
const email = users[0].email;
const displayName = users[0].displayName;
if (!username || !email || !displayName) {
debug(`[LDAP user empty username/email/displayName] username=${username} email=${email} displayName=${displayName}`);
return callback(new BoxError(BoxError.BAD_FIELD));
}
// first validate to only create on first successful login
externalLdap.verifyPassword({ username: username }, password, function (error) {
if (error) return callback(error);
create(username, null /* password */, email, displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_AUTO_CREATE, function (error, user) {
if (error) {
console.error('Failed to auto create user', user.username, error);
return callback(new BoxError(BoxError.INTERNAL_ERROR));
}
callback(null, user);
});
});
callback(null, result);
});
}
@@ -288,7 +261,7 @@ function verifyWithUsername(username, password, callback) {
assert.strictEqual(typeof callback, 'function');
userdb.getByUsername(username.toLowerCase(), function (error, user) {
if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyIfNotExist(username.toLowerCase(), password, callback);
if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyUserIfNotExist(username.toLowerCase(), password, callback);
if (error) return callback(error);
verify(user.id, password, callback);
@@ -301,7 +274,7 @@ function verifyWithEmail(email, password, callback) {
assert.strictEqual(typeof callback, 'function');
userdb.getByEmail(email.toLowerCase(), function (error, user) {
if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyIfNotExist(email.toLowerCase(), password, callback);
if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyUserIfNotExist(email.toLowerCase(), password, callback);
if (error) return callback(error);
verify(user.id, password, callback);