carta-controller 4.1.1 → 5.0.0-beta.1c
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config_schema.json +59 -1
- package/config/example_config.json +4 -4
- package/config/example_nginx.conf.stub +5 -8
- package/config/example_sudoers_conf.stub +1 -1
- package/dist/auth/external.js +38 -6
- package/dist/auth/external.js.map +1 -1
- package/dist/auth/google.js +80 -25
- package/dist/auth/google.js.map +1 -1
- package/dist/auth/index.js +20 -11
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/ldap.js +7 -5
- package/dist/auth/ldap.js.map +1 -1
- package/dist/auth/local.js +47 -11
- package/dist/auth/local.js.map +1 -1
- package/dist/auth/oidc.js +48 -13
- package/dist/auth/oidc.js.map +1 -1
- package/dist/auth/oidcRefreshManager.js +10 -11
- package/dist/auth/oidcRefreshManager.js.map +1 -1
- package/dist/auth/pam.js +1 -2
- package/dist/auth/pam.js.map +1 -1
- package/dist/config.js +51 -15
- package/dist/controllerTests.js +60 -20
- package/dist/database.js +21 -18
- package/dist/index.js +69 -32
- package/dist/serverHandlers.js +57 -15
- package/dist/types.js +1 -1
- package/dist/util.js +6 -7
- package/docs/requirements.txt +1 -0
- package/docs/src/conf.py +1 -0
- package/docs/src/configuration.rst +12 -6
- package/docs/src/index.rst +10 -10
- package/docs/src/installation.rst +180 -8
- package/docs/src/introduction.rst +5 -4
- package/docs/src/step_by_step.rst +576 -0
- package/package.json +23 -21
- package/public/dashboard.js +17 -68
- package/public/templated.css +6 -3
- package/views/templated.pug +3 -6
- package/docs/src/almalinux8_instructions.rst +0 -281
- package/docs/src/ubuntu_focal_instructions.rst +0 -127
|
@@ -31,7 +31,10 @@
|
|
|
31
31
|
"additionalProperties": false,
|
|
32
32
|
"required": [
|
|
33
33
|
"clientId",
|
|
34
|
-
"userLookupTable"
|
|
34
|
+
"userLookupTable",
|
|
35
|
+
"publicKeyLocation",
|
|
36
|
+
"privateKeyLocation",
|
|
37
|
+
"issuer"
|
|
35
38
|
],
|
|
36
39
|
"properties": {
|
|
37
40
|
"clientId": {
|
|
@@ -66,6 +69,61 @@
|
|
|
66
69
|
"examples": [
|
|
67
70
|
"/etc/carta/userlookup.txt"
|
|
68
71
|
]
|
|
72
|
+
},
|
|
73
|
+
"publicKeyLocation": {
|
|
74
|
+
"description": "Path to public key (in PEM format) used for verifying JWTs",
|
|
75
|
+
"type": "string",
|
|
76
|
+
"examples": [
|
|
77
|
+
"/etc/carta/carta_public.pem"
|
|
78
|
+
]
|
|
79
|
+
},
|
|
80
|
+
"privateKeyLocation": {
|
|
81
|
+
"description": "Path to private key (in PEM format) used for signing JWTs",
|
|
82
|
+
"type": "string",
|
|
83
|
+
"examples": [
|
|
84
|
+
"/etc/carta/carta_private.pem"
|
|
85
|
+
]
|
|
86
|
+
},
|
|
87
|
+
"keyAlgorithm": {
|
|
88
|
+
"$ref": "#/definitions/keyAlgorithm",
|
|
89
|
+
"default": "RS256"
|
|
90
|
+
},
|
|
91
|
+
"issuer": {
|
|
92
|
+
"description": "Issuer field for JWT",
|
|
93
|
+
"type": "string",
|
|
94
|
+
"examples": [
|
|
95
|
+
"my-carta-server"
|
|
96
|
+
]
|
|
97
|
+
},
|
|
98
|
+
"refreshTokenAge": {
|
|
99
|
+
"description": "Lifetime of refresh tokens",
|
|
100
|
+
"type": "string",
|
|
101
|
+
"default": "1w",
|
|
102
|
+
"examples": [
|
|
103
|
+
"1w",
|
|
104
|
+
"15h",
|
|
105
|
+
"2d"
|
|
106
|
+
]
|
|
107
|
+
},
|
|
108
|
+
"accessTokenAge": {
|
|
109
|
+
"description": "Lifetime of access tokens",
|
|
110
|
+
"type": "string",
|
|
111
|
+
"default": "15m",
|
|
112
|
+
"examples": [
|
|
113
|
+
"90s",
|
|
114
|
+
"1h",
|
|
115
|
+
"15m"
|
|
116
|
+
]
|
|
117
|
+
},
|
|
118
|
+
"scriptingTokenAge": {
|
|
119
|
+
"description": "Lifetime of scripting tokens",
|
|
120
|
+
"type": "string",
|
|
121
|
+
"default": "1w",
|
|
122
|
+
"examples": [
|
|
123
|
+
"1w",
|
|
124
|
+
"5d",
|
|
125
|
+
"10h"
|
|
126
|
+
]
|
|
69
127
|
}
|
|
70
128
|
}
|
|
71
129
|
},
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"pam": {
|
|
5
5
|
"publicKeyLocation": "/etc/carta/carta_public.pem",
|
|
6
6
|
"privateKeyLocation": "/etc/carta/carta_private.pem",
|
|
7
|
-
"issuer": "
|
|
7
|
+
"issuer": "carta.example.com"
|
|
8
8
|
}
|
|
9
9
|
},
|
|
10
10
|
"database": {
|
|
@@ -14,15 +14,15 @@
|
|
|
14
14
|
"serverPort": 8000,
|
|
15
15
|
"serverInterface": "localhost",
|
|
16
16
|
"processCommand": "/usr/bin/carta_backend",
|
|
17
|
-
"killCommand": "/usr/
|
|
17
|
+
"killCommand": "/usr/bin/carta-kill-script",
|
|
18
18
|
"rootFolderTemplate": "/home/{username}",
|
|
19
19
|
"baseFolderTemplate": "/home/{username}",
|
|
20
20
|
"dashboard": {
|
|
21
21
|
"bannerColor": "#d2dce5",
|
|
22
22
|
"backgroundColor": "#f6f8fa",
|
|
23
|
-
"bannerImage": "/
|
|
23
|
+
"bannerImage": "/usr/lib/node_modules/carta-controller/public/images/carta_logo.svg",
|
|
24
24
|
"infoText": "Welcome to the CARTA server.",
|
|
25
25
|
"loginText": "<span>Please enter your login credentials:</span>",
|
|
26
|
-
"footerText": "<span>If you have any problems, comments or suggestions, please <a href='mailto:
|
|
26
|
+
"footerText": "<span>If you have any problems, comments or suggestions, please <a href='mailto:admin@carta.example.com'>contact us.</a></span>"
|
|
27
27
|
}
|
|
28
28
|
}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
server {
|
|
2
2
|
listen 443 ssl;
|
|
3
3
|
ssl on;
|
|
4
|
-
server_name
|
|
5
|
-
ssl_certificate /etc/
|
|
6
|
-
ssl_certificate_key /etc/
|
|
4
|
+
server_name carta.example.com;
|
|
5
|
+
ssl_certificate /etc/letsencrypt/live/carta.example.com/fullchain.pem;
|
|
6
|
+
ssl_certificate_key /etc/letsencrypt/live/carta.example.com/privkey.pem;
|
|
7
7
|
location / {
|
|
8
8
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
9
9
|
proxy_pass http://localhost:8000/;
|
|
@@ -16,11 +16,8 @@ server {
|
|
|
16
16
|
}
|
|
17
17
|
|
|
18
18
|
server {
|
|
19
|
-
server_name
|
|
20
|
-
if ($host = my-carta-server.com) {
|
|
21
|
-
return 301 https://$host$request_uri;
|
|
22
|
-
}
|
|
19
|
+
server_name carta.example.com;
|
|
23
20
|
listen 80 ;
|
|
24
21
|
listen [::]:80 ;
|
|
25
|
-
return
|
|
22
|
+
return 301 https://$host$request_uri;
|
|
26
23
|
}
|
|
@@ -4,4 +4,4 @@
|
|
|
4
4
|
carta ALL=(%carta-users) NOPASSWD:SETENV: /usr/bin/carta_backend
|
|
5
5
|
|
|
6
6
|
# carta user can run the kill script as any user in the carta-users group without entering password
|
|
7
|
-
carta ALL=(%carta-users) NOPASSWD: /usr/
|
|
7
|
+
carta ALL=(%carta-users) NOPASSWD: /usr/bin/carta-kill-script
|
package/dist/auth/external.js
CHANGED
|
@@ -1,7 +1,41 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
|
|
36
|
+
exports.watchUserTable = watchUserTable;
|
|
37
|
+
exports.generateExternalVerifiers = generateExternalVerifiers;
|
|
38
|
+
const fs = __importStar(require("fs"));
|
|
5
39
|
const jwt = require("jsonwebtoken");
|
|
6
40
|
function populateUserMap(userMaps, issuer, filename) {
|
|
7
41
|
const userMap = new Map();
|
|
@@ -10,8 +44,8 @@ function populateUserMap(userMaps, issuer, filename) {
|
|
|
10
44
|
const lines = contents.split("\n");
|
|
11
45
|
for (let line of lines) {
|
|
12
46
|
line = line.trim();
|
|
13
|
-
// Skip comments
|
|
14
|
-
if (line.startsWith("#")) {
|
|
47
|
+
// Skip comments and empty lines
|
|
48
|
+
if (line.startsWith("#") || !/\S/.test(line)) {
|
|
15
49
|
continue;
|
|
16
50
|
}
|
|
17
51
|
// Ensure line is in format <username1> <username2>
|
|
@@ -40,7 +74,6 @@ function watchUserTable(userMaps, issuers, filename) {
|
|
|
40
74
|
populateUserMap(userMaps, issuers, filename);
|
|
41
75
|
fs.watchFile(filename, () => populateUserMap(userMaps, issuers, filename));
|
|
42
76
|
}
|
|
43
|
-
exports.watchUserTable = watchUserTable;
|
|
44
77
|
function generateExternalVerifiers(verifierMap, authConf) {
|
|
45
78
|
const publicKey = fs.readFileSync(authConf.publicKeyLocation);
|
|
46
79
|
const verifier = (cookieString) => {
|
|
@@ -60,5 +93,4 @@ function generateExternalVerifiers(verifierMap, authConf) {
|
|
|
60
93
|
verifierMap.set(iss, verifier);
|
|
61
94
|
}
|
|
62
95
|
}
|
|
63
|
-
exports.generateExternalVerifiers = generateExternalVerifiers;
|
|
64
96
|
//# sourceMappingURL=external.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external.js","sourceRoot":"","sources":["../../src/auth/external.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"external.js","sourceRoot":"","sources":["../../src/auth/external.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCA,wCAGC;AAED,8DAkBC;AA/DD,uCAAyB;AAEzB,oCAAqC;AAGrC,SAAS,eAAe,CAAC,QAA8B,EAAE,MAAyB,EAAE,QAAgB;IAChG,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,KAAK,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;YACrB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAEnB,gCAAgC;YAChC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,SAAS;YACb,CAAC;YAED,mDAAmD;YACnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,oCAAoC,IAAI,EAAE,CAAC,CAAC;gBACxD,SAAS;YACb,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,wBAAwB,OAAO,CAAC,IAAI,UAAU,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACvB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC/B,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;AACL,CAAC;AAED,SAAgB,cAAc,CAAC,QAA8B,EAAE,OAA0B,EAAE,QAAgB;IACvG,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7C,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,SAAgB,yBAAyB,CAAC,WAAkC,EAAE,QAAiC;IAC3G,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,CAAC,YAAoB,EAAE,EAAE;QACtC,MAAM,OAAO,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE,EAAC,SAAS,EAAE,QAAQ,CAAC,YAAY,EAAkB,CAAC,CAAC;QAC9G,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACnE,0CAA0C;YAC1C,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACvB,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,OAAO,CAAC;QACnB,CAAC;aAAM,CAAC;YACJ,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACjC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;AACL,CAAC"}
|
package/dist/auth/google.js
CHANGED
|
@@ -8,35 +8,90 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
15
|
+
exports.googleCallbackHandler = googleCallbackHandler;
|
|
16
|
+
exports.generateGoogleRefreshHandler = generateGoogleRefreshHandler;
|
|
17
|
+
const config_1 = require("../config");
|
|
18
|
+
const types_1 = require("../types");
|
|
13
19
|
const google_auth_library_1 = require("google-auth-library");
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
const
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
20
|
+
const local_1 = require("./local");
|
|
21
|
+
const index_1 = require("./index");
|
|
22
|
+
const ms_1 = __importDefault(require("ms"));
|
|
23
|
+
function googleCallbackHandler(req, res, authConf) {
|
|
24
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
25
|
+
var _a;
|
|
26
|
+
// Check for g_csrf_token match between cookie and body
|
|
27
|
+
if (!req.cookies["g_csrf_token"] || !req.body["g_csrf_token"] || req.cookies["g_csrf_token"] !== req.body["g_csrf_token"]) {
|
|
28
|
+
return res.status(400).json({ "error": "Missing or non-matching CSRF token" });
|
|
29
|
+
}
|
|
30
|
+
const oAuth2Client = new google_auth_library_1.OAuth2Client();
|
|
31
|
+
try {
|
|
32
|
+
const result = yield oAuth2Client.verifyIdToken({ idToken: (_a = req === null || req === void 0 ? void 0 : req.body) === null || _a === void 0 ? void 0 : _a.credential, audience: authConf.clientId });
|
|
33
|
+
const payload = result.getPayload();
|
|
34
|
+
// Do the mapping
|
|
35
|
+
const username = authConf.useEmailAsId ? payload === null || payload === void 0 ? void 0 : payload.email : payload === null || payload === void 0 ? void 0 : payload.sub;
|
|
36
|
+
// check that username exists and email is verified
|
|
37
|
+
if (!username || !(payload === null || payload === void 0 ? void 0 : payload.email_verified)) {
|
|
38
|
+
console.log("Google auth rejected due to lack of unique ID or email verification");
|
|
39
|
+
return res.status(500).json({ "error": "An error occured processing your login" });
|
|
40
|
+
}
|
|
41
|
+
// check that domain is valid
|
|
42
|
+
if (authConf.validDomain && authConf.validDomain !== payload.hd) {
|
|
43
|
+
console.log(`Google auth rejected due to incorrect domain: ${payload.hd}`);
|
|
44
|
+
return res.status(500).json({ "error": "An error occured processing your login" });
|
|
45
|
+
}
|
|
46
|
+
// create initial refresh token
|
|
47
|
+
const refreshToken = (0, local_1.generateToken)(authConf, username, local_1.TokenType.Refresh);
|
|
48
|
+
res.cookie("Refresh-Token", refreshToken, {
|
|
49
|
+
path: config_1.RuntimeConfig.authPath,
|
|
50
|
+
maxAge: (0, ms_1.default)(authConf.refreshTokenAge),
|
|
51
|
+
httpOnly: true,
|
|
52
|
+
secure: !config_1.ServerConfig.httpOnly,
|
|
53
|
+
sameSite: "strict"
|
|
54
|
+
});
|
|
55
|
+
return res.redirect(`${config_1.RuntimeConfig.dashboardAddress}?googleuser=${username}`);
|
|
56
|
+
}
|
|
57
|
+
catch (e) {
|
|
58
|
+
console.debug(e);
|
|
59
|
+
return res.status(500).json({ "error": "An error occured processing your login" });
|
|
60
|
+
}
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
function generateGoogleRefreshHandler(authConf) {
|
|
64
|
+
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
|
|
65
|
+
var _a;
|
|
66
|
+
const refreshTokenCookie = req.cookies["Refresh-Token"];
|
|
67
|
+
const scriptingToken = ((_a = req.body) === null || _a === void 0 ? void 0 : _a.scripting) === true;
|
|
68
|
+
if (refreshTokenCookie) {
|
|
69
|
+
try {
|
|
70
|
+
const refreshToken = yield (0, index_1.verifyToken)(refreshTokenCookie);
|
|
71
|
+
if (!refreshToken || !refreshToken.username || !refreshToken.refresh) {
|
|
72
|
+
next({ statusCode: 403, message: "Not authorized" });
|
|
73
|
+
}
|
|
74
|
+
else if (scriptingToken && config_1.ServerConfig.scriptingAccess !== types_1.ScriptingAccess.Enabled) {
|
|
75
|
+
next({ statusCode: 500, message: "Scripting access not enabled for this server" });
|
|
76
|
+
}
|
|
77
|
+
else {
|
|
78
|
+
const access_token = (0, local_1.generateToken)(authConf, refreshToken.username, scriptingToken ? local_1.TokenType.Scripting : local_1.TokenType.Access);
|
|
79
|
+
console.log(`Refreshed ${scriptingToken ? "scripting" : "access"} token for user ${refreshToken.username}`);
|
|
80
|
+
res.json({
|
|
81
|
+
access_token,
|
|
82
|
+
token_type: "bearer",
|
|
83
|
+
username: refreshToken.username,
|
|
84
|
+
expires_in: (0, ms_1.default)(scriptingToken ? authConf.scriptingTokenAge : authConf.accessTokenAge) / 1000
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
catch (err) {
|
|
89
|
+
next({ statusCode: 400, message: "Invalid refresh token" });
|
|
90
|
+
}
|
|
29
91
|
}
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
console.log(`Google auth rejected due to incorrect domain: ${payload.hd}`);
|
|
33
|
-
return undefined;
|
|
92
|
+
else {
|
|
93
|
+
next({ statusCode: 400, message: "Missing refresh token" });
|
|
34
94
|
}
|
|
35
|
-
return Object.assign(Object.assign({}, payload), { username });
|
|
36
95
|
});
|
|
37
|
-
for (const iss of exports.validGoogleIssuers) {
|
|
38
|
-
verifierMap.set(iss, verifier);
|
|
39
|
-
}
|
|
40
96
|
}
|
|
41
|
-
exports.generateGoogleVerifier = generateGoogleVerifier;
|
|
42
97
|
//# sourceMappingURL=google.js.map
|
package/dist/auth/google.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/auth/google.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/auth/google.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAQA,sDA0CC;AAGD,oEA4BC;AAjFD,sCAAsD;AACtD,oCAA0E;AAC1E,6DAAiD;AACjD,mCAAiD;AACjD,mCAA6C;AAC7C,4CAAoB;AAGpB,SAAsB,qBAAqB,CAAE,GAAY,EAAE,GAAa,EAAE,QAA+B;;;QACrG,uDAAuD;QACvD,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACxH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,oCAAoC,EAAC,CAAC,CAAA;QAChF,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,kCAAY,EAAE,CAAC;QACxC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC,EAAC,OAAO,EAAE,MAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,0CAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAC,CAAC,CAAC;YAC/G,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;YAEnC,iBAAiB;YACjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CAAC;YAEvE,mDAAmD;YACnD,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,CAAA,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;gBACnF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,wCAAwC,EAAC,CAAC,CAAC;YACrF,CAAC;YAED,6BAA6B;YAC7B,IAAI,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,KAAK,OAAO,CAAC,EAAE,EAAE,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,iDAAiD,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,wCAAwC,EAAC,CAAC,CAAC;YACrF,CAAC;YAED,+BAA+B;YAC/B,MAAM,YAAY,GAAG,IAAA,qBAAa,EAAC,QAAQ,EAAE,QAAQ,EAAE,iBAAS,CAAC,OAAO,CAAC,CAAC;YAC1E,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,EAAE;gBACtC,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,IAAA,YAAE,EAAC,QAAQ,CAAC,eAAyB,CAAC;gBAC9C,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,sBAAa,CAAC,gBAAgB,eAAe,QAAQ,EAAE,CAAC,CAAA;QAEnF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,wCAAwC,EAAC,CAAC,CAAA;QACpF,CAAC;IACL,CAAC;CAAA;AAGD,SAAgB,4BAA4B,CAAC,QAA+B;IACxE,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;;QAC7D,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QACpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC;gBAC3D,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBACnE,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,IAAI,cAAc,IAAI,qBAAY,CAAC,eAAe,KAAK,uBAAe,CAAC,OAAO,EAAE,CAAC;oBACpF,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,8CAA8C,EAAC,CAAC,CAAC;gBACrF,CAAC;qBAAM,CAAC;oBACJ,MAAM,YAAY,GAAG,IAAA,qBAAa,EAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,iBAAS,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,CAAC;oBAC7H,OAAO,CAAC,GAAG,CAAC,aAAa,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,mBAAmB,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAC5G,GAAG,CAAC,IAAI,CAAC;wBACL,YAAY;wBACZ,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,UAAU,EAAE,IAAA,YAAE,EAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAE,QAAQ,CAAC,cAAyB,CAAC,GAAG,IAAI;qBAC3G,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;QAC9D,CAAC;IACL,CAAC,CAAA,CAAC;AACN,CAAC"}
|
package/dist/auth/index.js
CHANGED
|
@@ -8,10 +8,16 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.authRouter =
|
|
15
|
+
exports.authRouter = void 0;
|
|
16
|
+
exports.verifyToken = verifyToken;
|
|
17
|
+
exports.getUser = getUser;
|
|
18
|
+
exports.authGuard = authGuard;
|
|
13
19
|
const jwt = require("jsonwebtoken");
|
|
14
|
-
const
|
|
20
|
+
const express_1 = __importDefault(require("express"));
|
|
15
21
|
const util_1 = require("../util");
|
|
16
22
|
const config_1 = require("../config");
|
|
17
23
|
const external_1 = require("./external");
|
|
@@ -31,7 +37,7 @@ let refreshHandler = (req, res) => {
|
|
|
31
37
|
throw { statusCode: 501, message: "Token refresh not implemented" };
|
|
32
38
|
};
|
|
33
39
|
let callbackHandler = (req, res) => {
|
|
34
|
-
throw { statusCode: 501, message: "
|
|
40
|
+
throw { statusCode: 501, message: "Callback handler not implemented" };
|
|
35
41
|
};
|
|
36
42
|
// Local providers
|
|
37
43
|
if (config_1.ServerConfig.authProviders.pam) {
|
|
@@ -48,9 +54,11 @@ else if (config_1.ServerConfig.authProviders.ldap) {
|
|
|
48
54
|
}
|
|
49
55
|
else if (config_1.ServerConfig.authProviders.google) {
|
|
50
56
|
const authConf = config_1.ServerConfig.authProviders.google;
|
|
51
|
-
(0,
|
|
57
|
+
(0, local_1.generateLocalVerifier)(tokenVerifiers, authConf);
|
|
58
|
+
refreshHandler = (0, google_1.generateGoogleRefreshHandler)(authConf);
|
|
59
|
+
callbackHandler = (req, res) => (0, google_1.googleCallbackHandler)(req, res, authConf);
|
|
52
60
|
if (authConf.userLookupTable) {
|
|
53
|
-
(0, external_1.watchUserTable)(userMaps,
|
|
61
|
+
(0, external_1.watchUserTable)(userMaps, authConf.issuer, authConf.userLookupTable);
|
|
54
62
|
}
|
|
55
63
|
}
|
|
56
64
|
else if (config_1.ServerConfig.authProviders.external) {
|
|
@@ -90,7 +98,6 @@ function verifyToken(cookieString) {
|
|
|
90
98
|
return undefined;
|
|
91
99
|
});
|
|
92
100
|
}
|
|
93
|
-
exports.verifyToken = verifyToken;
|
|
94
101
|
function getUser(username, issuer) {
|
|
95
102
|
const userMap = userMaps.get(issuer);
|
|
96
103
|
if (userMap) {
|
|
@@ -100,7 +107,6 @@ function getUser(username, issuer) {
|
|
|
100
107
|
return username;
|
|
101
108
|
}
|
|
102
109
|
}
|
|
103
|
-
exports.getUser = getUser;
|
|
104
110
|
// Express middleware to guard against unauthorized access. Writes the username to the request object
|
|
105
111
|
function authGuard(req, res, next) {
|
|
106
112
|
return __awaiter(this, void 0, void 0, function* () {
|
|
@@ -128,7 +134,6 @@ function authGuard(req, res, next) {
|
|
|
128
134
|
}
|
|
129
135
|
});
|
|
130
136
|
}
|
|
131
|
-
exports.authGuard = authGuard;
|
|
132
137
|
function logoutHandler(req, res) {
|
|
133
138
|
res.cookie("Refresh-Token", "", {
|
|
134
139
|
path: config_1.RuntimeConfig.authPath,
|
|
@@ -137,7 +142,7 @@ function logoutHandler(req, res) {
|
|
|
137
142
|
secure: !config_1.ServerConfig.httpOnly,
|
|
138
143
|
sameSite: "strict"
|
|
139
144
|
});
|
|
140
|
-
return res.
|
|
145
|
+
return res.redirect(`${config_1.RuntimeConfig.dashboardAddress}`);
|
|
141
146
|
}
|
|
142
147
|
function handleCheckAuth(req, res) {
|
|
143
148
|
res.json({
|
|
@@ -145,15 +150,19 @@ function handleCheckAuth(req, res) {
|
|
|
145
150
|
username: req.username
|
|
146
151
|
});
|
|
147
152
|
}
|
|
148
|
-
exports.authRouter =
|
|
153
|
+
exports.authRouter = express_1.default.Router();
|
|
149
154
|
if (config_1.ServerConfig.authProviders.oidc) {
|
|
150
155
|
exports.authRouter.get("/logout", util_1.noCache, oidc_1.oidcLogoutHandler);
|
|
151
156
|
exports.authRouter.get("/oidcCallback", util_1.noCache, callbackHandler);
|
|
152
157
|
exports.authRouter.get("/login", util_1.noCache, loginHandler);
|
|
153
158
|
}
|
|
159
|
+
else if (config_1.ServerConfig.authProviders.google) {
|
|
160
|
+
exports.authRouter.post("/googleCallback", util_1.noCache, callbackHandler);
|
|
161
|
+
exports.authRouter.get("/logout", util_1.noCache, logoutHandler);
|
|
162
|
+
}
|
|
154
163
|
else {
|
|
155
164
|
exports.authRouter.post("/login", util_1.noCache, loginHandler);
|
|
156
|
-
exports.authRouter.
|
|
165
|
+
exports.authRouter.get("/logout", util_1.noCache, logoutHandler);
|
|
157
166
|
}
|
|
158
167
|
exports.authRouter.post("/refresh", util_1.noCache, refreshHandler);
|
|
159
168
|
exports.authRouter.get("/status", authGuard, util_1.noCache, handleCheckAuth);
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AA0EA,kCAUC;AAED,0BAOC;AAGD,8BAqBC;AArHD,oCAAqC;AACrC,sDAA0C;AAC1C,kCAAgC;AAEhC,sCAAsD;AACtD,yCAAqE;AACrE,mCAA2E;AAC3E,iCAAoJ;AACpJ,iCAA2C;AAC3C,+BAAyC;AACzC,qCAA6E;AAE7E,2CAA2C;AAC3C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;AACnD,qCAAqC;AACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,IAAI,YAAY,GAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5C,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,IAAI,cAAc,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,+BAA+B,EAAC,CAAC;AACtE,CAAC,CAAC;AAEF,IAAI,eAAe,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACpD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,kCAAkC,EAAC,CAAC;AACzE,CAAC,CAAC;AAEF,kBAAkB;AAClB,IAAI,qBAAY,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,GAAG,CAAC;IAChD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,wBAAkB,EAAC,QAAQ,CAAC,CAAC;IAC5C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,0BAAmB,EAAC,QAAQ,CAAC,CAAC;IAC7C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,MAAM,CAAC;IACnD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,cAAc,GAAG,IAAA,qCAA4B,EAAC,QAAQ,CAAC,CAAC;IACxD,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,8BAAqB,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1E,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC3B,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,QAAQ,CAAC;IACrD,IAAA,oCAAyB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IAC3C,IAAI,SAAS,EAAE,CAAC;QACZ,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;AACL,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,IAAA,gCAAyB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,cAAc,GAAG,IAAA,sCAA+B,EAAC,QAAQ,CAAC,CAAC;IAC3D,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,qBAAc,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChE,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,0BAAmB,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxE,IAAA,eAAQ,EAAC,QAAQ,CAAC,CAAC;IACnB,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,eAAe,mBAAmB,CAAC,CAAC;QAClE,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;AAED,iCAAiC;AACjC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACvB,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,SAAsB,WAAW,CAAC,YAAoB;;QAClD,MAAM,SAAS,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAEhD,IAAI,SAAS,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACX,OAAO,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;YACxC,CAAC;QACL,CAAC;QACD,OAAO,SAAS,CAAC;IACrB,CAAC;CAAA;AAED,SAAgB,OAAO,CAAC,QAAgB,EAAE,MAAc;IACpD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,OAAO,EAAE,CAAC;QACV,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACJ,OAAO,QAAQ,CAAC;IACpB,CAAC;AACL,CAAC;AAED,qGAAqG;AACrG,SAAsB,SAAS,CAAC,GAAyB,EAAE,GAAqB,EAAE,IAA0B;;QACxG,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC;QAC9B,IAAI,WAAW,EAAE,CAAC;YACd,IAAI,CAAC;gBACD,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;gBAE7C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;oBAC5B,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;wBAClB,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;oBACzB,CAAC;oBACD,IAAI,EAAE,CAAC;gBACX,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAC,CAAC,CAAC;YAClD,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;QACvD,CAAC;IACL,CAAC;CAAA;AAED,SAAS,aAAa,CAAC,GAAoB,EAAE,GAAqB;IAC9D,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;QAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,CAAC;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IACC,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,eAAe,CAAC,GAAyB,EAAE,GAAqB;IACrE,GAAG,CAAC,IAAI,CAAC;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACzB,CAAC,CAAC;AACP,CAAC;AAEY,QAAA,UAAU,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;AAC3C,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IAClC,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,wBAAiB,CAAC,CAAC;IACtD,kBAAU,CAAC,GAAG,CAAC,eAAe,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC;IAC1D,kBAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;AACpD,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3C,kBAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC;IAC7D,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACtD,CAAC;KACI,CAAC;IACF,kBAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;IACjD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACtD,CAAC;AACD,kBAAU,CAAC,IAAI,CAAC,UAAU,EAAE,cAAO,EAAE,cAAc,CAAC,CAAC;AACrD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC"}
|
package/dist/auth/ldap.js
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getLdapLoginHandler =
|
|
4
|
-
const
|
|
6
|
+
exports.getLdapLoginHandler = getLdapLoginHandler;
|
|
7
|
+
const ldapauth_fork_1 = __importDefault(require("ldapauth-fork"));
|
|
5
8
|
const local_1 = require("./local");
|
|
6
9
|
const util_1 = require("../util");
|
|
7
10
|
let ldap;
|
|
8
11
|
function getLdapLoginHandler(authConf) {
|
|
9
|
-
ldap = new
|
|
12
|
+
ldap = new ldapauth_fork_1.default(authConf.ldapOptions);
|
|
10
13
|
ldap.on("error", err => console.error("LdapAuth: ", err));
|
|
11
14
|
setTimeout(() => {
|
|
12
15
|
var _a;
|
|
@@ -51,7 +54,7 @@ function getLdapLoginHandler(authConf) {
|
|
|
51
54
|
if ((_a = errorObj === null || errorObj === void 0 ? void 0 : errorObj.name) === null || _a === void 0 ? void 0 : _a.includes("ConfidentialityRequiredError")) {
|
|
52
55
|
console.log(`TLS error encountered. Reconnecting to the LDAP server!`);
|
|
53
56
|
ldap.close();
|
|
54
|
-
ldap = new
|
|
57
|
+
ldap = new ldapauth_fork_1.default(authConf.ldapOptions);
|
|
55
58
|
ldap.on("error", err => console.error("LdapAuth: ", err));
|
|
56
59
|
// Wait for the connection to be re-established
|
|
57
60
|
setTimeout(() => {
|
|
@@ -64,5 +67,4 @@ function getLdapLoginHandler(authConf) {
|
|
|
64
67
|
});
|
|
65
68
|
};
|
|
66
69
|
}
|
|
67
|
-
exports.getLdapLoginHandler = getLdapLoginHandler;
|
|
68
70
|
//# sourceMappingURL=ldap.js.map
|
package/dist/auth/ldap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;;;AAQA,kDAwDC;AA/DD,kEAAqC;AAErC,mCAA4C;AAC5C,kCAA4D;AAE5D,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,uBAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAC,IAAY,aAAZ,IAAI,uBAAJ,IAAI,CAAU,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;YAC/F,CAAC;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACvF,IAAA,iBAAU,EAAC,IAAI,CAAC,CAAC;YACrB,CAAC;YACD,IAAI,CAAC;gBACD,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,QAAQ,CAAC,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;gBAC5E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAA,mBAAY,EAAC,CAAC,CAAC,CAAC;gBAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;YACnF,CAAC;QACL,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;;YAClD,MAAM,QAAQ,GAAG,KAAc,CAAC;YAChC,oDAAoD;YACpD,IAAI,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,EAAE,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,GAAG,IAAI,uBAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC1D,+CAA+C;gBAC/C,UAAU,CAAC,GAAG,EAAE;oBACZ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACtD,CAAC,EAAE,GAAG,CAAC,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACJ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC"}
|