Dockery/Homarr
1
0
Fork 0
mirror of https://github.com/ajnart/homarr.git synced 2025-11-14 17:26:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: add ldap search scope (#1948)

Browse Source
This commit is contained in:
Meier Lukas
2024-03-09 16:37:36 +01:00
committed by GitHub
parent b51fcdb342
commit 9c81d34d66
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/env.js
View File

@@ -4,6 +4,8 @@ const { createEnv } = require('@t3-oss/env-nextjs');
const trueStrings = ['1', 't', 'T', 'TRUE', 'true', 'True']; const trueStrings = ['1', 't', 'T', 'TRUE', 'true', 'True'];
const falseStrings = ['0', 'f', 'F', 'FALSE', 'false', 'False']; const falseStrings = ['0', 'f', 'F', 'FALSE', 'false', 'False'];
const ldapSearchScope = z.enum(['base', 'one', 'sub']).default('base');
const zodParsedBoolean = () => const zodParsedBoolean = () =>
z z
.enum([...trueStrings, ...falseStrings]) .enum([...trueStrings, ...falseStrings])
@@ -52,6 +54,7 @@ const env = createEnv({
AUTH_LDAP_BIND_DN: z.string(), AUTH_LDAP_BIND_DN: z.string(),
AUTH_LDAP_BIND_PASSWORD: z.string(), AUTH_LDAP_BIND_PASSWORD: z.string(),
AUTH_LDAP_BASE: z.string(), AUTH_LDAP_BASE: z.string(),
AUTH_LDAP_SEARCH_SCOPE: z.enum(['base', 'one', 'sub']).default('base'),
AUTH_LDAP_USERNAME_ATTRIBUTE: z.string().default('uid'), AUTH_LDAP_USERNAME_ATTRIBUTE: z.string().default('uid'),
AUTH_LDAP_GROUP_CLASS: z.string().default('groupOfUniqueNames'), AUTH_LDAP_GROUP_CLASS: z.string().default('groupOfUniqueNames'),
AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: z.string().default('member'), AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: z.string().default('member'),
@@ -115,6 +118,7 @@ const env = createEnv({
AUTH_LDAP_BIND_DN: process.env.AUTH_LDAP_BIND_DN, AUTH_LDAP_BIND_DN: process.env.AUTH_LDAP_BIND_DN,
AUTH_LDAP_BIND_PASSWORD: process.env.AUTH_LDAP_BIND_PASSWORD, AUTH_LDAP_BIND_PASSWORD: process.env.AUTH_LDAP_BIND_PASSWORD,
AUTH_LDAP_BASE: process.env.AUTH_LDAP_BASE, AUTH_LDAP_BASE: process.env.AUTH_LDAP_BASE,
AUTH_LDAP_SEARCH_SCOPE: process.env.AUTH_LDAP_SEARCH_SCOPE?.toLowerCase(),
AUTH_LDAP_USERNAME_ATTRIBUTE: process.env.AUTH_LDAP_USERNAME_ATTRIBUTE, AUTH_LDAP_USERNAME_ATTRIBUTE: process.env.AUTH_LDAP_USERNAME_ATTRIBUTE,
AUTH_LDAP_GROUP_CLASS: process.env.AUTH_LDAP_GROUP_CLASS, AUTH_LDAP_GROUP_CLASS: process.env.AUTH_LDAP_GROUP_CLASS,
AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE, AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE,

8
src/utils/auth/ldap.ts
View File

@@ -20,8 +20,8 @@ type InferrableSearchOptions<
type SearchResultIndex<Attributes extends AttributeConstraint> = Attributes extends string type SearchResultIndex<Attributes extends AttributeConstraint> = Attributes extends string
? Attributes ? Attributes
: Attributes extends readonly string[] : Attributes extends readonly string[]
? Attributes[number] ? Attributes[number]
: string; : string;
type SearchResult< type SearchResult<
Attributes extends AttributeConstraint, Attributes extends AttributeConstraint,
@@ -101,11 +101,14 @@ export default Credentials({
const ldapUser = ( const ldapUser = (
await ldapSearch(client, env.AUTH_LDAP_BASE, { await ldapSearch(client, env.AUTH_LDAP_BASE, {
filter: `(uid=${data.name})`, filter: `(uid=${data.name})`,
scope: env.AUTH_LDAP_SEARCH_SCOPE,
// as const for inference // as const for inference
attributes: ['uid', 'mail'] as const, attributes: ['uid', 'mail'] as const,
}) })
)[0]; )[0];
if (!ldapUser) throw new Error('User not found in LDAP');
await ldapLogin(ldapUser.dn, data.password).then((client) => client.destroy()); await ldapLogin(ldapUser.dn, data.password).then((client) => client.destroy());
const userGroups = ( const userGroups = (
@@ -113,6 +116,7 @@ export default Credentials({
filter: `(&(objectclass=${env.AUTH_LDAP_GROUP_CLASS})(${ filter: `(&(objectclass=${env.AUTH_LDAP_GROUP_CLASS})(${
env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE
}=${ldapUser[env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE as 'dn' | 'uid']}))`, }=${ldapUser[env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE as 'dn' | 'uid']}))`,
scope: env.AUTH_LDAP_SEARCH_SCOPE,
// as const for inference // as const for inference
attributes: 'cn', attributes: 'cn',
}) })