rename user directory to directory server
This commit is contained in:
Girish Ramakrishnan
@@ -9,7 +9,7 @@ const fs = require('fs'),
|
||||
safe = require('safetydance'),
|
||||
server = require('./src/server.js'),
|
||||
settings = require('./src/settings.js'),
|
||||
userdirectory = require('./src/userdirectory.js');
|
||||
directoryServer = require('./src/directoryserver.js');
|
||||
|
||||
let logFd;
|
||||
|
||||
@@ -39,7 +39,7 @@ async function startServers() {
|
||||
await ldap.start();
|
||||
|
||||
const conf = await settings.getUserDirectoryConfig();
|
||||
if (conf.enabled) await userdirectory.start();
|
||||
if (conf.enabled) await directoryServer.start();
|
||||
}
|
||||
|
||||
async function main() {
|
||||
@@ -54,7 +54,7 @@ async function main() {
|
||||
|
||||
await proxyAuth.stop();
|
||||
await server.stop();
|
||||
await userdirectory.stop();
|
||||
await directoryServer.stop();
|
||||
await ldap.stop();
|
||||
setTimeout(process.exit.bind(process), 3000);
|
||||
});
|
||||
@@ -64,7 +64,7 @@ async function main() {
|
||||
|
||||
await proxyAuth.stop();
|
||||
await server.stop();
|
||||
await userdirectory.stop();
|
||||
await directoryServer.stop();
|
||||
await ldap.stop();
|
||||
setTimeout(process.exit.bind(process), 3000);
|
||||
});
|
||||
|
||||
+4
-4
@@ -25,6 +25,7 @@ const appHealthMonitor = require('./apphealthmonitor.js'),
|
||||
constants = require('./constants.js'),
|
||||
CronJob = require('cron').CronJob,
|
||||
debug = require('debug')('box:cron'),
|
||||
directoryServer = require('./directoryserver.js'),
|
||||
dyndns = require('./dyndns.js'),
|
||||
eventlog = require('./eventlog.js'),
|
||||
janitor = require('./janitor.js'),
|
||||
@@ -35,7 +36,6 @@ const appHealthMonitor = require('./apphealthmonitor.js'),
|
||||
system = require('./system.js'),
|
||||
updater = require('./updater.js'),
|
||||
updateChecker = require('./updatechecker.js'),
|
||||
userdirectory = require('./userdirectory.js'),
|
||||
_ = require('underscore');
|
||||
|
||||
const gJobs = {
|
||||
@@ -174,9 +174,9 @@ async function handleSettingsChanged(key, value) {
|
||||
await stopJobs();
|
||||
await startJobs();
|
||||
break;
|
||||
case settings.USER_DIRECTORY_KEY:
|
||||
if (value.enabled) await userdirectory.start();
|
||||
else await userdirectory.stop();
|
||||
case settings.DIRECTORY_SERVER_KEY:
|
||||
if (value.enabled) await directoryServer.start();
|
||||
else await directoryServer.stop();
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
||||
@@ -11,7 +11,7 @@ exports = module.exports = {
|
||||
const assert = require('assert'),
|
||||
BoxError = require('./boxerror.js'),
|
||||
constants = require('./constants.js'),
|
||||
debug = require('debug')('box:userdirectory'),
|
||||
debug = require('debug')('box:directoryserver'),
|
||||
dns = require('./dns.js'),
|
||||
domains = require('./domains.js'),
|
||||
eventlog = require('./eventlog.js'),
|
||||
@@ -304,12 +304,12 @@ async function start() {
|
||||
gServer.bind('ou=system,dc=cloudron', async function(req, res, next) {
|
||||
debug('system bind: %s (from %s)', req.dn.toString(), req.connection.ldap.id);
|
||||
|
||||
const tmp = await settings.getUserDirectoryConfig();
|
||||
const tmp = await settings.getDirectoryServerConfig();
|
||||
|
||||
if (!req.dn.equals(constants.USER_DIRECTORY_LDAP_DN)) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
|
||||
if (req.credentials !== tmp.secret) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
|
||||
|
||||
req.user = { user: 'userDirectoryAdmin' };
|
||||
req.user = { user: 'directoryServerAdmin' };
|
||||
|
||||
res.end();
|
||||
|
||||
@@ -322,7 +322,7 @@ async function start() {
|
||||
gServer.bind('ou=users,dc=cloudron', userAuth, async function (req, res) {
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
|
||||
await eventlog.upsertLoginEvent(req.user.ghost ? eventlog.ACTION_USER_LOGIN_GHOST : eventlog.ACTION_USER_LOGIN, { authType: 'userdirectory', id: req.connection.ldap.id }, { userId: req.user.id, user: users.removePrivateFields(req.user) });
|
||||
await eventlog.upsertLoginEvent(req.user.ghost ? eventlog.ACTION_USER_LOGIN_GHOST : eventlog.ACTION_USER_LOGIN, { authType: 'directoryserver', id: req.connection.ldap.id }, { userId: req.user.id, user: users.removePrivateFields(req.user) });
|
||||
|
||||
res.end();
|
||||
});
|
||||
@@ -139,21 +139,21 @@ async function setExternalLdapConfig(req, res, next) {
|
||||
next(new HttpSuccess(200, {}));
|
||||
}
|
||||
|
||||
async function getUserDirectoryConfig(req, res, next) {
|
||||
const [error, config] = await safe(settings.getUserDirectoryConfig());
|
||||
async function getDirectoryServerConfig(req, res, next) {
|
||||
const [error, config] = await safe(settings.getDirectoryServerConfig());
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, config));
|
||||
}
|
||||
|
||||
async function setUserDirectoryConfig(req, res, next) {
|
||||
async function setDirectoryServerConfig(req, res, next) {
|
||||
assert.strictEqual(typeof req.body, 'object');
|
||||
|
||||
if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled must be a boolean'));
|
||||
if (typeof req.body.secret !== 'string') return next(new HttpError(400, 'secret must be a string'));
|
||||
if ('allowlist' in req.body && typeof req.body.allowlist !== 'string') return next(new HttpError(400, 'allowlist must be a string'));
|
||||
|
||||
const [error] = await safe(settings.setUserDirectoryConfig(req.body));
|
||||
const [error] = await safe(settings.setDirectoryServerConfig(req.body));
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, {}));
|
||||
@@ -300,7 +300,7 @@ function get(req, res, next) {
|
||||
case settings.IPV6_CONFIG_KEY: return getIPv6Config(req, res, next);
|
||||
case settings.BACKUP_CONFIG_KEY: return getBackupConfig(req, res, next);
|
||||
case settings.EXTERNAL_LDAP_KEY: return getExternalLdapConfig(req, res, next);
|
||||
case settings.USER_DIRECTORY_KEY: return getUserDirectoryConfig(req, res, next);
|
||||
case settings.DIRECTORY_SERVER_KEY: return getDirectoryServerConfig(req, res, next);
|
||||
case settings.UNSTABLE_APPS_KEY: return getUnstableAppsConfig(req, res, next);
|
||||
case settings.REGISTRY_CONFIG_KEY: return getRegistryConfig(req, res, next);
|
||||
case settings.SYSINFO_CONFIG_KEY: return getSysinfoConfig(req, res, next);
|
||||
@@ -323,7 +323,7 @@ function set(req, res, next) {
|
||||
case settings.DYNAMIC_DNS_KEY: return setDynamicDnsConfig(req, res, next);
|
||||
case settings.IPV6_CONFIG_KEY: return setIPv6Config(req, res, next);
|
||||
case settings.EXTERNAL_LDAP_KEY: return setExternalLdapConfig(req, res, next);
|
||||
case settings.USER_DIRECTORY_KEY: return setUserDirectoryConfig(req, res, next);
|
||||
case settings.DIRECTORY_SERVER_KEY: return setDirectoryServerConfig(req, res, next);
|
||||
case settings.UNSTABLE_APPS_KEY: return setUnstableAppsConfig(req, res, next);
|
||||
case settings.REGISTRY_CONFIG_KEY: return setRegistryConfig(req, res, next);
|
||||
case settings.SYSINFO_CONFIG_KEY: return setSysinfoConfig(req, res, next);
|
||||
|
||||
+17
-17
@@ -34,8 +34,8 @@ exports = module.exports = {
|
||||
getExternalLdapConfig,
|
||||
setExternalLdapConfig,
|
||||
|
||||
getUserDirectoryConfig,
|
||||
setUserDirectoryConfig,
|
||||
getDirectoryServerConfig,
|
||||
setDirectoryServerConfig,
|
||||
|
||||
getRegistryConfig,
|
||||
setRegistryConfig,
|
||||
@@ -100,7 +100,7 @@ exports = module.exports = {
|
||||
BACKUP_CONFIG_KEY: 'backup_config',
|
||||
SERVICES_CONFIG_KEY: 'services_config',
|
||||
EXTERNAL_LDAP_KEY: 'external_ldap_config',
|
||||
USER_DIRECTORY_KEY: 'user_directory_config',
|
||||
DIRECTORY_SERVER_KEY: 'user_directory_config',
|
||||
REGISTRY_CONFIG_KEY: 'registry_config',
|
||||
SYSINFO_CONFIG_KEY: 'sysinfo_config', // misnomer: ipv4 config
|
||||
APPSTORE_LISTING_CONFIG_KEY: 'appstore_listing_config',
|
||||
@@ -148,6 +148,7 @@ const assert = require('assert'),
|
||||
CronJob = require('cron').CronJob,
|
||||
database = require('./database.js'),
|
||||
debug = require('debug')('box:settings'),
|
||||
directoryServer = require('./directoryserver.js'),
|
||||
docker = require('./docker.js'),
|
||||
externalLdap = require('./externalldap.js'),
|
||||
moment = require('moment-timezone'),
|
||||
@@ -157,7 +158,6 @@ const assert = require('assert'),
|
||||
sysinfo = require('./sysinfo.js'),
|
||||
tokens = require('./tokens.js'),
|
||||
translation = require('./translation.js'),
|
||||
userdirectory = require('./userdirectory.js'),
|
||||
users = require('./users.js'),
|
||||
_ = require('underscore');
|
||||
|
||||
@@ -194,7 +194,7 @@ const gDefaults = (function () {
|
||||
provider: 'noop',
|
||||
autoCreate: false
|
||||
};
|
||||
result[exports.USER_DIRECTORY_KEY] = {
|
||||
result[exports.DIRECTORY_SERVER_KEY] = {
|
||||
enabled: false,
|
||||
secret: '',
|
||||
allowlist: '' // empty means allow all
|
||||
@@ -528,29 +528,29 @@ async function setExternalLdapConfig(externalLdapConfig) {
|
||||
notifyChange(exports.EXTERNAL_LDAP_KEY, externalLdapConfig);
|
||||
}
|
||||
|
||||
async function getUserDirectoryConfig() {
|
||||
const value = await get(exports.USER_DIRECTORY_KEY);
|
||||
if (value === null) return gDefaults[exports.USER_DIRECTORY_KEY];
|
||||
async function getDirectoryServerConfig() {
|
||||
const value = await get(exports.DIRECTORY_SERVER_KEY);
|
||||
if (value === null) return gDefaults[exports.DIRECTORY_SERVER_KEY];
|
||||
return JSON.parse(value);
|
||||
}
|
||||
|
||||
async function setUserDirectoryConfig(userDirectoryConfig) {
|
||||
assert.strictEqual(typeof userDirectoryConfig, 'object');
|
||||
async function setDirectoryServerConfig(directoryServerConfig) {
|
||||
assert.strictEqual(typeof directoryServerConfig, 'object');
|
||||
|
||||
if (isDemo()) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
|
||||
|
||||
const config = {
|
||||
enabled: userDirectoryConfig.enabled,
|
||||
secret: userDirectoryConfig.secret,
|
||||
enabled: directoryServerConfig.enabled,
|
||||
secret: directoryServerConfig.secret,
|
||||
// if list is empty, we allow all IPs
|
||||
allowlist: userDirectoryConfig.allowlist || ''
|
||||
allowlist: directoryServerConfig.allowlist || ''
|
||||
};
|
||||
|
||||
await userdirectory.validateConfig(config);
|
||||
await set(exports.USER_DIRECTORY_KEY, JSON.stringify(config));
|
||||
await userdirectory.applyConfig(config);
|
||||
await directoryServer.validateConfig(config);
|
||||
await set(exports.DIRECTORY_SERVER_KEY, JSON.stringify(config));
|
||||
await directoryServer.applyConfig(config);
|
||||
|
||||
notifyChange(exports.USER_DIRECTORY_KEY, config);
|
||||
notifyChange(exports.DIRECTORY_SERVER_KEY, config);
|
||||
}
|
||||
|
||||
async function getRegistryConfig() {
|
||||
|
||||
@@ -9,12 +9,12 @@
|
||||
const async = require('async'),
|
||||
common = require('./common.js'),
|
||||
constants = require('../constants.js'),
|
||||
directoryServer = require('../directoryserver.js'),
|
||||
expect = require('expect.js'),
|
||||
groups = require('../groups.js'),
|
||||
ldap = require('ldapjs'),
|
||||
safe = require('safetydance'),
|
||||
settings = require('../settings.js'),
|
||||
userdirectory = require('../userdirectory.js');
|
||||
settings = require('../settings.js');
|
||||
|
||||
async function ldapBind(dn, password) {
|
||||
return new Promise((resolve, reject) => {
|
||||
@@ -80,8 +80,8 @@ describe('User Directory Ldap', function () {
|
||||
before(function (done) {
|
||||
async.series([
|
||||
setup,
|
||||
userdirectory.start.bind(null),
|
||||
settings.setUserDirectoryConfig.bind(null, { enabled: true, secret: auth.secret, allowlist: '127.0.0.1' }),
|
||||
directoryServer.start.bind(null),
|
||||
settings.setDirectoryServerConfig.bind(null, { enabled: true, secret: auth.secret, allowlist: '127.0.0.1' }),
|
||||
async () => {
|
||||
group = await groups.add({ name: 'ldap-test-1' });
|
||||
await groups.setMembers(group.id, [ admin.id, user.id ]);
|
||||
@@ -95,7 +95,7 @@ describe('User Directory Ldap', function () {
|
||||
|
||||
after(function (done) {
|
||||
async.series([
|
||||
userdirectory.stop,
|
||||
directoryServer.stop,
|
||||
cleanup
|
||||
], done);
|
||||
});
|
||||
Reference in New Issue
Block a user