Skip to content

Commit

Permalink
fix(Auth): fix ldap cache by using a single instance of ldapauth
Browse files Browse the repository at this point in the history
  • Loading branch information
Alexandre-io committed Jul 25, 2018
1 parent e4ed38c commit 9e9be76
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 30 deletions.
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ auth:
# Else, if you don't (use one or the other):
# groupSearchFilter: '(memberUid={{dn}})'
#
# Optional, default false. If true, then up to 100 credentials at a time will be cached for 5 minutes.
# Optional, default false.
# If true, then up to 100 credentials at a time will be cached for 5 minutes.
cache: false
# Optional
reconnect: true
Expand Down
24 changes: 10 additions & 14 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,15 @@ function Auth(config, stuff) {
// TODO: Set more defaults
self._config.groupNameAttribute = self._config.groupNameAttribute || 'cn';

// ldap client
self._ldapClient = new LdapAuth(self._config.client_options);

self._ldapClient.on('error', (err) => {
self._logger.warn({
err: err,
}, `LDAP error ${err}`);
});

return self;
}

Expand All @@ -29,12 +38,8 @@ module.exports = Auth;
// Attempt to authenticate user against LDAP backend
//
Auth.prototype.authenticate = function (user, password, callback) {
const LdapClient = new LdapAuth(this._config.client_options);

// https://github.com/vesse/node-ldapauth-fork/issues/61
LdapClient.on('error', (err) => {});

LdapClient.authenticateAsync(user, password)
this._ldapClient.authenticateAsync(user, password)
.then((ldapUser) => {
if (!ldapUser) return [];

Expand All @@ -54,14 +59,5 @@ Auth.prototype.authenticate = function (user, password, callback) {

return false; // indicates failure
})
.finally((ldapUser) => {
LdapClient.closeAsync()
.catch((err) => {
this._logger.warn({
err: err
}, `LDAP error on close ${err}`);
});
return ldapUser;
})
.asCallback(callback);
};
32 changes: 17 additions & 15 deletions tests/integration/test.spec.js
Original file line number Diff line number Diff line change
@@ -1,29 +1,31 @@
const Auth = require('../../index');
const should = require('chai').should();
const bunyan = require('bunyan');
const log = bunyan.createLogger({ name: 'myapp' });
const log = bunyan.createLogger({ name: 'verdaccio-ldap' });


const auth = new Auth({
client_options: {
url: "ldap://localhost:4389",
searchBase: 'ou=users,dc=myorg,dc=com',
searchFilter: '(&(objectClass=posixAccount)(!(shadowExpire=0))(uid={{username}}))',
groupDnProperty: 'cn',
groupSearchBase: 'ou=groups,dc=myorg,dc=com',
// If you have memberOf:
searchAttributes: ['*', 'memberOf'],
// Else, if you don't:
// groupSearchFilter: '(memberUid={{dn}})',
}
}, { logger: log });

describe('ldap auth', function () {
it('should match user', function (done) {

const auth = new Auth({
client_options: {
url: "ldap://localhost:4389",
searchBase: 'ou=users,dc=myorg,dc=com',
searchFilter: '(&(objectClass=posixAccount)(!(shadowExpire=0))(uid={{username}}))',
groupDnProperty: 'cn',
groupSearchBase: 'ou=groups,dc=myorg,dc=com',
// If you have memberOf:
searchAttributes: ['*', 'memberOf'],
// Else, if you don't:
// groupSearchFilter: '(memberUid={{dn}})',
}
}, { logger: log });

auth.authenticate('user', 'password', function (err, results) {
(err === null).should.be.true;
results[0].should.equal('user');
done();
});

});
});

0 comments on commit 9e9be76

Please sign in to comment.