Inicio Explorar Ayuda
Registro Iniciar sesión
isundil
/
craftlab-auth
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: f79686f138
Ramas Etiquetas
craftlab-auth
/
src
/
ldapAuthenticationHandler.ts

ldapAuthenticationHandler.ts 2.5 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. import { Client } from "ldapts";
    2. 

  2. import { IAuthenticationHandler } from "./index.js";
    3. 

  3. import { TotpChecker } from "./totpChecker.js";
    4. 

  4. 

  5. export interface LdapAuthenticationConfiguration {
    6. 

  6.     ldapUrl: string;
    7. 

  7.     bindDnField: string;
    8. 

  8.     bindBase: string;
    9. 

  9.     usernameField: string;
    10. 

  10.     totpField?: string|null;
    11. 

  11. }
    12. 

  12. 

  13. interface AccountInformations {
    14. 

  14.     username: string;
    15. 

  15.     totp: string|null;
    16. 

  16. }
    17. 

  17. 

  18. export class LdapAuthenticationHandler implements IAuthenticationHandler {
    19. 

  19.     private configuration: LdapAuthenticationConfiguration;
    20. 

  20. 

  21.     public constructor(configuration: LdapAuthenticationConfiguration) {
    22. 

  22.         this.configuration = configuration;
    23. 

  23.     }
    24. 

  24. 

  25.     private async tryBind(username: string, password: string): Promise<AccountInformations|null> {
    26. 

  26.         if (!username || !password)
    27. 

  27.             return null;
    28. 

  28.         const client = new Client({
    29. 

  29.             url: this.configuration.ldapUrl,
    30. 

  30.             timeout: 0,
    31. 

  31.             connectTimeout: 0,
    32. 

  32.             tlsOptions: {
    33. 

  33.                 minVersion: 'TLSv1.2',
    34. 

  34.             },
    35. 

  35.             strictDN: true,
    36. 

  36.         });
    37. 

  37.         const bindDn = `${this.configuration.bindDnField}=${username},${this.configuration.bindBase}`;
    38. 

  38.         let totp: string|null = null;
    39. 

  39. 

  40.         try {
    41. 

  41.             await client.bind(bindDn, password);
    42. 

  42.             if (this.configuration.totpField) {
    43. 

  43.                 const data = await client.search(bindDn);
    44. 

  44.                 let totpData = data.searchEntries[0]?.[this.configuration.totpField];
    45. 

  45.                 if (typeof totpData === "string")
    46. 

  46.                     totp = totpData;
    47. 

  47.                 if (Array.isArray(totpData))
    48. 

  48.                     totp = totpData.join("");
    49. 

  49.                 else
    50. 

  50.                     totp = totpData.toString("utf8");
    51. 

  51.             }
    52. 

  52.         }
    53. 

  53.         catch (ex) {
    54. 

  54.             console.error(ex);
    55. 

  55.             return null;
    56. 

  56.         }
    57. 

  57.         finally {
    58. 

  58.             client.unbind();
    59. 

  59.         }
    60. 

  60.         return <AccountInformations> {
    61. 

  61.             username: username,
    62. 

  62.             totp: totp
    63. 

  63.         };
    64. 

  64.     }
    65. 

  65. 

  66.     public async tryLogin(username: string, password: string, totp?: string): Promise<boolean | null> {
    67. 

  67.         const account = await this.tryBind(username, password);
    68. 

  68.         if (!account)
    69. 

  69.             return null;
    70. 

  70.         return TotpChecker.ValidateTotp(account.totp, totp);
    71. 

  71.     }
    72. 

  72.     public async needTotp(username: string, password: string): Promise<boolean | null> {
    73. 

  73.         const account = await this.tryBind(username, password);
    74. 

  74.         if (!account)
    75. 

  75.             return null;
    76. 

  76.         return !!account.totp;
    77. 

  77.     }
    78. 

  78. }
    79.