From de5ba5d0d3d50f4a260174ff8c2d3fa01d240d34 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 17 Mar 2015 16:28:31 +0100 Subject: [PATCH 01/84] Initial commit. --- packages/xo-server-auth-ldap/.editorconfig | 65 +++++++++++++++ packages/xo-server-auth-ldap/.gitignore | 7 ++ packages/xo-server-auth-ldap/.jshintrc | 95 ++++++++++++++++++++++ packages/xo-server-auth-ldap/README.md | 17 ++++ packages/xo-server-auth-ldap/index.js | 49 +++++++++++ packages/xo-server-auth-ldap/index.spec.js | 11 +++ packages/xo-server-auth-ldap/package.json | 35 ++++++++ 7 files changed, 279 insertions(+) create mode 100644 packages/xo-server-auth-ldap/.editorconfig create mode 100644 packages/xo-server-auth-ldap/.gitignore create mode 100644 packages/xo-server-auth-ldap/.jshintrc create mode 100644 packages/xo-server-auth-ldap/README.md create mode 100644 packages/xo-server-auth-ldap/index.js create mode 100644 packages/xo-server-auth-ldap/index.spec.js create mode 100644 packages/xo-server-auth-ldap/package.json diff --git a/packages/xo-server-auth-ldap/.editorconfig b/packages/xo-server-auth-ldap/.editorconfig new file mode 100644 index 000000000..da21ef4c5 --- /dev/null +++ b/packages/xo-server-auth-ldap/.editorconfig @@ -0,0 +1,65 @@ +# http://EditorConfig.org +# +# Julien Fontanet's configuration +# https://gist.github.com/julien-f/8096213 + +# Top-most EditorConfig file. +root = true + +# Common config. +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespaces = true + +# CoffeeScript +# +# https://github.com/polarmobile/coffeescript-style-guide/blob/master/README.md +[*.{,lit}coffee] +indent_size = 2 +indent_style = space + +# Markdown +[*.{md,mdwn,mdown,markdown}] +indent_size = 4 +indent_style = space + +# Package.json +# +# This indentation style is the one used by npm. +[/package.json] +indent_size = 2 +indent_style = space + +# Jade +[*.jade] +indent_size = 2 +indent_style = space + +# JavaScript +# +# Two spaces seems to be the standard most common style, at least in +# Node.js (http://nodeguide.com/style.html#tabs-vs-spaces). +[*.js] +indent_size = 2 +indent_style = space + +# Less +[*.less] +indent_size = 2 +indent_style = space + +# Sass +# +# Style used for http://libsass.com +[*.s[ac]ss] +indent_size = 2 +indent_style = space + +# YAML +# +# Only spaces are allowed. +[*.yaml] +indent_size = 2 +indent_style = space diff --git a/packages/xo-server-auth-ldap/.gitignore b/packages/xo-server-auth-ldap/.gitignore new file mode 100644 index 000000000..a4a5666f8 --- /dev/null +++ b/packages/xo-server-auth-ldap/.gitignore @@ -0,0 +1,7 @@ +/bower_components/ +/dist/ + +npm-debug.log + +!node_modules/* +node_modules/*/ diff --git a/packages/xo-server-auth-ldap/.jshintrc b/packages/xo-server-auth-ldap/.jshintrc new file mode 100644 index 000000000..f920ae826 --- /dev/null +++ b/packages/xo-server-auth-ldap/.jshintrc @@ -0,0 +1,95 @@ +{ + // Julien Fontanet JSHint configuration + // https://gist.github.com/julien-f/8095615 + // + // Changes from defaults: + // - all enforcing options (except `++` & `--`) enabled + // - single quotes + // - indentation set to 2 instead of 4 + // - almost all relaxing options disabled + // - allow expression statements (necessary for chai.expect()) + // - allow global strict (most of my devs are in Node.js or Browserify) + // - environments are set to Browserify, mocha & Node.js + // + // See http://jshint.com/docs/ for more details + + "maxerr" : 50, // {int} Maximum error before stopping + + // Enforcing + "bitwise" : true, // true: Prohibit bitwise operators (&, |, ^, etc.) + "camelcase" : true, // true: Identifiers must be in camelCase + "curly" : true, // true: Require {} for every new block or scope + "eqeqeq" : true, // true: Require triple equals (===) for comparison + "forin" : true, // true: Require filtering for..in loops with obj.hasOwnProperty() + "freeze" : true, // true: Prohibit overwriting prototypes of native objects (Array, Date, ...) + "immed" : true, // true: Require immediate invocations to be wrapped in parens e.g. `(function () { } ());` + "indent" : 2, // {int} Number of spaces to use for indentation + "latedef" : true, // true: Require variables/functions to be defined before being used + "newcap" : true, // true: Require capitalization of all constructor functions e.g. `new F()` + "noarg" : true, // true: Prohibit use of `arguments.caller` and `arguments.callee` + "noempty" : true, // true: Prohibit use of empty blocks + "nonbsp" : true, // true: Prohibit use of non breakable spaces + "nonew" : true, // true: Prohibit use of constructors for side-effects (without assignment) + "plusplus" : false, // true: Prohibit use of `++` & `--` + "quotmark" : "single", // Quotation mark consistency: + // false : do nothing (default) + // true : ensure whatever is used is consistent + // "single" : require single quotes + // "double" : require double quotes + "undef" : true, // true: Require all non-global variables to be declared (prevents global leaks) + "unused" : true, // true: Require all defined variables be used + "strict" : true, // true: Requires all functions run in ES5 Strict Mode + "maxcomplexity" : 7, // {int} Max cyclomatic complexity per function + "maxdepth" : 3, // {int} Max depth of nested blocks (within functions) + "maxlen" : 80, // {int} Max number of characters per line + "maxparams" : 4, // {int} Max number of formal params allowed per function + "maxstatements" : 20, // {int} Max number statements per function + + // Relaxing + "asi" : false, // true: Tolerate Automatic Semicolon Insertion (no semicolons) + "boss" : false, // true: Tolerate assignments where comparisons would be expected + "debug" : false, // true: Allow debugger statements e.g. browser breakpoints. + "eqnull" : false, // true: Tolerate use of `== null` + "esnext" : false, // true: Allow ES.next (ES6) syntax (ex: `const`) + "evil" : false, // true: Tolerate use of `eval` and `new Function()` + "expr" : true, // true: Tolerate `ExpressionStatement` as Programs + "funcscope" : false, // true: Tolerate defining variables inside control statements + "globalstrict" : true, // true: Allow global "use strict" (also enables 'strict') + "iterator" : false, // true: Tolerate using the `__iterator__` property + "lastsemic" : false, // true: Tolerate omitting a semicolon for the last statement of a 1-line block + "laxbreak" : false, // true: Tolerate possibly unsafe line breakings + "laxcomma" : false, // true: Tolerate comma-first style coding + "loopfunc" : false, // true: Tolerate functions being defined in loops + "moz" : false, // true: Allow Mozilla specific syntax (extends and overrides esnext features) + // (ex: `for each`, multiple try/catch, function expression…) + "multistr" : false, // true: Tolerate multi-line strings + "notypeof" : false, // true: Tolerate typeof comparison with unknown values. + "proto" : false, // true: Tolerate using the `__proto__` property + "scripturl" : false, // true: Tolerate script-targeted URLs + "shadow" : false, // true: Allows re-define variables later in code e.g. `var x=1; x=2;` + "sub" : false, // true: Tolerate using `[]` notation when it can still be expressed in dot notation + "supernew" : false, // true: Tolerate `new function () { ... };` and `new Object;` + "validthis" : false, // true: Tolerate using this in a non-constructor function + "noyield" : false, // true: Tolerate generators without yields + + // Environments + "browser" : false, // Web Browser (window, document, etc) + //"browserify" : true, // Browserify (node.js code in the browser) + "couch" : false, // CouchDB + "devel" : true, // Development/debugging (alert, confirm, etc) + "dojo" : false, // Dojo Toolkit + "jquery" : false, // jQuery + "mocha" : true, // mocha + "mootools" : false, // MooTools + "node" : true, // Node.js + "nonstandard" : false, // Widely adopted globals (escape, unescape, etc) + "phantom" : false, // PhantomJS + "prototypejs" : false, // Prototype and Scriptaculous + "rhino" : false, // Rhino + "worker" : false, // Web Workers + "wsh" : false, // Windows Scripting Host + "yui" : false, // Yahoo User Interface + + // Custom Globals + "globals" : {} // additional predefined global variables +} diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md new file mode 100644 index 000000000..45c37b665 --- /dev/null +++ b/packages/xo-server-auth-ldap/README.md @@ -0,0 +1,17 @@ +# xo-server-auth-ldap + +> XO-Server LDAP authentication plugin. + +To enable this plugin you have to add it into the configuration file +of XO-Server: + +```json +{ + "plugins": { + "auth-ldap": { + "uri": "ldap://ldap.example.org", + "base": "ou=people,dc=example,dc=org" + } + } +} +``` diff --git a/packages/xo-server-auth-ldap/index.js b/packages/xo-server-auth-ldap/index.js new file mode 100644 index 000000000..aeae9f277 --- /dev/null +++ b/packages/xo-server-auth-ldap/index.js @@ -0,0 +1,49 @@ +'use strict'; + +//==================================================================== + +var Bluebird = require('bluebird'); +var createClient = require('ldapjs').createClient; +var escape = require('ldapjs/lib/filters/escape'); + +//==================================================================== + +function AuthLdap(conf) { + var base = conf.base ? ',' + conf.base : ''; + + this._provider = function (credentials) { + return new Bluebird(function (resolve, reject) { + var client = createClient({ + url: conf.uri, + }); + + client.bind( + 'uid=' + escape(credentials.username) + base, + credentials.password, + function (error) { + if (error) { + reject(error); + } else { + resolve(); + } + + client.unbind(); + } + ); + }); + }; +} + +AuthLdap.prototype.load = function load(xo) { + xo.registerAuthenticationProvider(this._provider); +}; + +AuthLdap.prototype.unload = function unload(xo) { + xo.unregisterAuthenticationProvider(this._provider); +}; + +//==================================================================== + +exports = module.exports = function (conf) { + return new AuthLdap(conf); +}; diff --git a/packages/xo-server-auth-ldap/index.spec.js b/packages/xo-server-auth-ldap/index.spec.js new file mode 100644 index 000000000..2bd761ed2 --- /dev/null +++ b/packages/xo-server-auth-ldap/index.spec.js @@ -0,0 +1,11 @@ +'use strict'; + +//==================================================================== + +var myLib = require('./'); + +var expect = require('must'); + +//==================================================================== + +describe('myLib'); diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json new file mode 100644 index 000000000..e5816f708 --- /dev/null +++ b/packages/xo-server-auth-ldap/package.json @@ -0,0 +1,35 @@ +{ + "name": "xo-server-auth-ldap", + "version": "0.0.0", + "license": "ISC", + "description": "LDAP authentication plugin for XO-Server", + "keywords": [ + "xo-server", + "ldap" + ], + "homepage": "https://github.com/vatesfr/xo-server-auth-ldap", + "bugs": "https://github.com/vatesfr/xo-server-auth-ldap/issues", + "repository": { + "type": "git", + "url": "https://github.com/vatesfr/xo-server-auth-ldap" + }, + "author": { + "name": "Julien Fontanet", + "email": "julien.fontanet@isonoe.net" + }, + "preferGlobal": false, + "files": [ + "index.js" + ], + "devDependencies": { + "ldapjs": "^0.7.1", + "mocha": "*", + "must": "*" + }, + "scripts": { + "test": "mocha *.spec.js" + }, + "dependencies": { + "bluebird": "^2.9.14" + } +} From f6b3f898de2f2ce1d1cf713748d4de1e04b786af Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 18 Mar 2015 17:07:19 +0100 Subject: [PATCH 02/84] Various fixes. --- packages/xo-server-auth-ldap/index.js | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/packages/xo-server-auth-ldap/index.js b/packages/xo-server-auth-ldap/index.js index aeae9f277..a7f8fef1f 100644 --- a/packages/xo-server-auth-ldap/index.js +++ b/packages/xo-server-auth-ldap/index.js @@ -4,27 +4,34 @@ var Bluebird = require('bluebird'); var createClient = require('ldapjs').createClient; -var escape = require('ldapjs/lib/filters/escape'); +var escape = require('ldapjs/lib/filters/escape').escape; //==================================================================== function AuthLdap(conf) { var base = conf.base ? ',' + conf.base : ''; + var clientOpts = { + url: conf.uri, + }; this._provider = function (credentials) { + var username = credentials.username; + var password = credentials.password; + if (username === undefined || password === undefined) { + return Bluebird.reject(new Error('invalid credentials')); + } + return new Bluebird(function (resolve, reject) { - var client = createClient({ - url: conf.uri, - }); + var client = createClient(clientOpts); client.bind( - 'uid=' + escape(credentials.username) + base, - credentials.password, + 'uid=' + escape(username) + base, + password, function (error) { if (error) { reject(error); } else { - resolve(); + resolve({ username }); } client.unbind(); From f193ce87bf357afcda94a336dec195bb5caf0806 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 18 Mar 2015 17:10:58 +0100 Subject: [PATCH 03/84] 0.1.0 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index e5816f708..08992592d 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.0.0", + "version": "0.1.0", "license": "ISC", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 9390eacb7c7d81a4c813c0f3e62c39049d34529c Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 18 Mar 2015 17:23:21 +0100 Subject: [PATCH 04/84] Remove ES6 syntax. --- packages/xo-server-auth-ldap/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/index.js b/packages/xo-server-auth-ldap/index.js index a7f8fef1f..7e39ec8c9 100644 --- a/packages/xo-server-auth-ldap/index.js +++ b/packages/xo-server-auth-ldap/index.js @@ -31,7 +31,7 @@ function AuthLdap(conf) { if (error) { reject(error); } else { - resolve({ username }); + resolve({ username: username }); } client.unbind(); From c9b502c72b550590d9cb45f1336e40ba277e02de Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 18 Mar 2015 17:24:36 +0100 Subject: [PATCH 05/84] Use YAML in config example. --- packages/xo-server-auth-ldap/README.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 45c37b665..95b439d04 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -5,13 +5,10 @@ To enable this plugin you have to add it into the configuration file of XO-Server: -```json -{ - "plugins": { - "auth-ldap": { - "uri": "ldap://ldap.example.org", - "base": "ou=people,dc=example,dc=org" - } - } -} +```yaml +plugins: + + auth-ldap: + uri: "ldap://ldap.example.org", + base: "ou=people,dc=example,dc=org" ``` From 095ea470a19826dde18c93a31cccafa4235fd876 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 18 Mar 2015 17:24:59 +0100 Subject: [PATCH 06/84] 0.1.1 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 08992592d..5ad35589f 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.1.0", + "version": "0.1.1", "license": "ISC", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From bfcabd30c573cc8b8210c2649d4a54d6cec0d4d0 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 18 Mar 2015 17:33:33 +0100 Subject: [PATCH 07/84] ldapjs is a production dependency! --- packages/xo-server-auth-ldap/package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 5ad35589f..7e94f916f 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -22,7 +22,6 @@ "index.js" ], "devDependencies": { - "ldapjs": "^0.7.1", "mocha": "*", "must": "*" }, @@ -30,6 +29,7 @@ "test": "mocha *.spec.js" }, "dependencies": { - "bluebird": "^2.9.14" + "bluebird": "^2.9.14", + "ldapjs": "^0.7.1" } } From 52fa4f11ac185282d7c696e7f9f2cd87358eda34 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 18 Mar 2015 18:21:44 +0100 Subject: [PATCH 08/84] 0.1.2 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 7e94f916f..7c7370c76 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.1.1", + "version": "0.1.2", "license": "ISC", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 1feaa43d2e7d7a9854696390aae261d1ad861582 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 10:45:37 +0200 Subject: [PATCH 09/84] Update license. --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 7c7370c76..a08d10d6b 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,7 +1,7 @@ { "name": "xo-server-auth-ldap", "version": "0.1.2", - "license": "ISC", + "license": "AGPL3", "description": "LDAP authentication plugin for XO-Server", "keywords": [ "xo-server", From 62618acfed184a5a702a28e3144d9063994c6576 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 10:46:38 +0200 Subject: [PATCH 10/84] ES6 & standard style --- packages/xo-server-auth-ldap/.jshintrc | 95 ---------------------- packages/xo-server-auth-ldap/README.md | 51 +++++++++++- packages/xo-server-auth-ldap/index.js | 56 ------------- packages/xo-server-auth-ldap/index.spec.js | 11 --- packages/xo-server-auth-ldap/package.json | 26 ++++-- packages/xo-server-auth-ldap/src/index.js | 51 ++++++++++++ 6 files changed, 120 insertions(+), 170 deletions(-) delete mode 100644 packages/xo-server-auth-ldap/.jshintrc delete mode 100644 packages/xo-server-auth-ldap/index.js delete mode 100644 packages/xo-server-auth-ldap/index.spec.js create mode 100644 packages/xo-server-auth-ldap/src/index.js diff --git a/packages/xo-server-auth-ldap/.jshintrc b/packages/xo-server-auth-ldap/.jshintrc deleted file mode 100644 index f920ae826..000000000 --- a/packages/xo-server-auth-ldap/.jshintrc +++ /dev/null @@ -1,95 +0,0 @@ -{ - // Julien Fontanet JSHint configuration - // https://gist.github.com/julien-f/8095615 - // - // Changes from defaults: - // - all enforcing options (except `++` & `--`) enabled - // - single quotes - // - indentation set to 2 instead of 4 - // - almost all relaxing options disabled - // - allow expression statements (necessary for chai.expect()) - // - allow global strict (most of my devs are in Node.js or Browserify) - // - environments are set to Browserify, mocha & Node.js - // - // See http://jshint.com/docs/ for more details - - "maxerr" : 50, // {int} Maximum error before stopping - - // Enforcing - "bitwise" : true, // true: Prohibit bitwise operators (&, |, ^, etc.) - "camelcase" : true, // true: Identifiers must be in camelCase - "curly" : true, // true: Require {} for every new block or scope - "eqeqeq" : true, // true: Require triple equals (===) for comparison - "forin" : true, // true: Require filtering for..in loops with obj.hasOwnProperty() - "freeze" : true, // true: Prohibit overwriting prototypes of native objects (Array, Date, ...) - "immed" : true, // true: Require immediate invocations to be wrapped in parens e.g. `(function () { } ());` - "indent" : 2, // {int} Number of spaces to use for indentation - "latedef" : true, // true: Require variables/functions to be defined before being used - "newcap" : true, // true: Require capitalization of all constructor functions e.g. `new F()` - "noarg" : true, // true: Prohibit use of `arguments.caller` and `arguments.callee` - "noempty" : true, // true: Prohibit use of empty blocks - "nonbsp" : true, // true: Prohibit use of non breakable spaces - "nonew" : true, // true: Prohibit use of constructors for side-effects (without assignment) - "plusplus" : false, // true: Prohibit use of `++` & `--` - "quotmark" : "single", // Quotation mark consistency: - // false : do nothing (default) - // true : ensure whatever is used is consistent - // "single" : require single quotes - // "double" : require double quotes - "undef" : true, // true: Require all non-global variables to be declared (prevents global leaks) - "unused" : true, // true: Require all defined variables be used - "strict" : true, // true: Requires all functions run in ES5 Strict Mode - "maxcomplexity" : 7, // {int} Max cyclomatic complexity per function - "maxdepth" : 3, // {int} Max depth of nested blocks (within functions) - "maxlen" : 80, // {int} Max number of characters per line - "maxparams" : 4, // {int} Max number of formal params allowed per function - "maxstatements" : 20, // {int} Max number statements per function - - // Relaxing - "asi" : false, // true: Tolerate Automatic Semicolon Insertion (no semicolons) - "boss" : false, // true: Tolerate assignments where comparisons would be expected - "debug" : false, // true: Allow debugger statements e.g. browser breakpoints. - "eqnull" : false, // true: Tolerate use of `== null` - "esnext" : false, // true: Allow ES.next (ES6) syntax (ex: `const`) - "evil" : false, // true: Tolerate use of `eval` and `new Function()` - "expr" : true, // true: Tolerate `ExpressionStatement` as Programs - "funcscope" : false, // true: Tolerate defining variables inside control statements - "globalstrict" : true, // true: Allow global "use strict" (also enables 'strict') - "iterator" : false, // true: Tolerate using the `__iterator__` property - "lastsemic" : false, // true: Tolerate omitting a semicolon for the last statement of a 1-line block - "laxbreak" : false, // true: Tolerate possibly unsafe line breakings - "laxcomma" : false, // true: Tolerate comma-first style coding - "loopfunc" : false, // true: Tolerate functions being defined in loops - "moz" : false, // true: Allow Mozilla specific syntax (extends and overrides esnext features) - // (ex: `for each`, multiple try/catch, function expression…) - "multistr" : false, // true: Tolerate multi-line strings - "notypeof" : false, // true: Tolerate typeof comparison with unknown values. - "proto" : false, // true: Tolerate using the `__proto__` property - "scripturl" : false, // true: Tolerate script-targeted URLs - "shadow" : false, // true: Allows re-define variables later in code e.g. `var x=1; x=2;` - "sub" : false, // true: Tolerate using `[]` notation when it can still be expressed in dot notation - "supernew" : false, // true: Tolerate `new function () { ... };` and `new Object;` - "validthis" : false, // true: Tolerate using this in a non-constructor function - "noyield" : false, // true: Tolerate generators without yields - - // Environments - "browser" : false, // Web Browser (window, document, etc) - //"browserify" : true, // Browserify (node.js code in the browser) - "couch" : false, // CouchDB - "devel" : true, // Development/debugging (alert, confirm, etc) - "dojo" : false, // Dojo Toolkit - "jquery" : false, // jQuery - "mocha" : true, // mocha - "mootools" : false, // MooTools - "node" : true, // Node.js - "nonstandard" : false, // Widely adopted globals (escape, unescape, etc) - "phantom" : false, // PhantomJS - "prototypejs" : false, // Prototype and Scriptaculous - "rhino" : false, // Rhino - "worker" : false, // Web Workers - "wsh" : false, // Windows Scripting Host - "yui" : false, // Yahoo User Interface - - // Custom Globals - "globals" : {} // additional predefined global variables -} diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 95b439d04..875437337 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -1,6 +1,16 @@ -# xo-server-auth-ldap +# xo-server-auth-ldap [![Build Status](https://travis-ci.org/vatesfr/xo-server-auth-ldap.png?branch=master)](https://travis-ci.org/vatesfr/xo-server-auth-ldap) -> XO-Server LDAP authentication plugin. +> LDAP authentication plugin for XO-Server + +## Install + +Installation of the [npm package](https://npmjs.org/package/xo-server-auth-ldap): + +``` +> npm install xo-server-auth-ldap +``` + +## Usage To enable this plugin you have to add it into the configuration file of XO-Server: @@ -12,3 +22,40 @@ plugins: uri: "ldap://ldap.example.org", base: "ou=people,dc=example,dc=org" ``` + +## Development + +### Installing dependencies + +``` +> npm install +``` + +### Compilation + +The sources files are watched and automatically recompiled on changes. + +``` +> npm run dev +``` + +### Tests + +``` +> npm run test-dev +``` + +## Contributions + +Contributions are *very* welcomed, either on the documentation or on +the code. + +You may: + +- report any [issue](https://github.com/vatesfr/xo-server-auth-ldap/issues) + you've encountered; +- fork and create a pull request. + +## License + +AGPL3 © [Vates SAS](http://vates.fr) diff --git a/packages/xo-server-auth-ldap/index.js b/packages/xo-server-auth-ldap/index.js deleted file mode 100644 index 7e39ec8c9..000000000 --- a/packages/xo-server-auth-ldap/index.js +++ /dev/null @@ -1,56 +0,0 @@ -'use strict'; - -//==================================================================== - -var Bluebird = require('bluebird'); -var createClient = require('ldapjs').createClient; -var escape = require('ldapjs/lib/filters/escape').escape; - -//==================================================================== - -function AuthLdap(conf) { - var base = conf.base ? ',' + conf.base : ''; - var clientOpts = { - url: conf.uri, - }; - - this._provider = function (credentials) { - var username = credentials.username; - var password = credentials.password; - if (username === undefined || password === undefined) { - return Bluebird.reject(new Error('invalid credentials')); - } - - return new Bluebird(function (resolve, reject) { - var client = createClient(clientOpts); - - client.bind( - 'uid=' + escape(username) + base, - password, - function (error) { - if (error) { - reject(error); - } else { - resolve({ username: username }); - } - - client.unbind(); - } - ); - }); - }; -} - -AuthLdap.prototype.load = function load(xo) { - xo.registerAuthenticationProvider(this._provider); -}; - -AuthLdap.prototype.unload = function unload(xo) { - xo.unregisterAuthenticationProvider(this._provider); -}; - -//==================================================================== - -exports = module.exports = function (conf) { - return new AuthLdap(conf); -}; diff --git a/packages/xo-server-auth-ldap/index.spec.js b/packages/xo-server-auth-ldap/index.spec.js deleted file mode 100644 index 2bd761ed2..000000000 --- a/packages/xo-server-auth-ldap/index.spec.js +++ /dev/null @@ -1,11 +0,0 @@ -'use strict'; - -//==================================================================== - -var myLib = require('./'); - -var expect = require('must'); - -//==================================================================== - -describe('myLib'); diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index a08d10d6b..902c7436a 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -18,18 +18,32 @@ "email": "julien.fontanet@isonoe.net" }, "preferGlobal": false, + "main": "dist/", "files": [ - "index.js" + "dist/" ], + "dependencies": { + "babel-runtime": "^4", + "bluebird": "^2.9.21", + "ldapjs": "^0.7.1" + }, "devDependencies": { + "babel": "^4", "mocha": "*", - "must": "*" + "must": "*", + "sinon": "*", + "standard": "*" }, "scripts": { - "test": "mocha *.spec.js" + "build": "mkdir --parents dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", + "dev": "mkdir --parents dist && babel --watch --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", + "prepublish": "npm build", + "test": "standard && mocha 'dist/**/*.spec.js'", + "test-dev": "standard && mocha --watch --reporter=min 'dist/**/*.spec.js'" }, - "dependencies": { - "bluebird": "^2.9.14", - "ldapjs": "^0.7.1" + "standard": { + "ignore": [ + "dist/**" + ] } } diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js new file mode 100644 index 000000000..a8279343d --- /dev/null +++ b/packages/xo-server-auth-ldap/src/index.js @@ -0,0 +1,51 @@ +import Bluebird from 'bluebird' +import {createClient} from 'ldapjs' +import {escape} from 'ldapjs/lib/filters/escape' + +// =================================================================== + +class AuthLdap { + constructor (conf) { + const base = conf.base ? ',' + conf.base : '' + const clientOpts = { + url: conf.uri + } + + this._provider = (credentials) => { + const {username, password} = credentials + if (username === undefined || password === undefined) { + return Bluebird.reject(new Error('invalid credentials')) + } + + return new Bluebird((resolve, reject) => { + const client = createClient(clientOpts) + + client.bind( + 'uid=' + escape(username) + base, + password, + (error) => { + if (error) { + reject(error) + } else { + resolve({ username }) + } + + client.unbind() + } + ) + }) + } + } + + load (xo) { + xo.registerAuthenticationProvider(this._provider) + } + + unload (xo) { + xo.unregisterAuthenticationProvider(this._provider) + } +} + +// =================================================================== + +export default (conf) => new AuthLdap(conf) From 0693e196053e5a5ecf97c6ab8f8e3c7947cd6407 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 10:47:02 +0200 Subject: [PATCH 11/84] Unit tests. --- packages/xo-server-auth-ldap/.npmignore | 2 + .../xo-server-auth-ldap/src/index.spec.js | 49 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 packages/xo-server-auth-ldap/.npmignore create mode 100644 packages/xo-server-auth-ldap/src/index.spec.js diff --git a/packages/xo-server-auth-ldap/.npmignore b/packages/xo-server-auth-ldap/.npmignore new file mode 100644 index 000000000..5f4b80cec --- /dev/null +++ b/packages/xo-server-auth-ldap/.npmignore @@ -0,0 +1,2 @@ +*.spec.js +*.spec.js.map diff --git a/packages/xo-server-auth-ldap/src/index.spec.js b/packages/xo-server-auth-ldap/src/index.spec.js new file mode 100644 index 000000000..b7ba3b86a --- /dev/null +++ b/packages/xo-server-auth-ldap/src/index.spec.js @@ -0,0 +1,49 @@ +/* eslint-env mocha */ + +import authLdap from './' + +import expect from 'must' +import {assert, spy} from 'sinon' + +import sourceMapSupport from 'source-map-support' +sourceMapSupport.install() + +// =================================================================== + +describe('authLdap()', function () { + before(function () { + this.instance = authLdap({}) + + this.xo = { + registerAuthenticationProvider: spy(), + unregisterAuthenticationProvider: spy() + } + }) + + it('is a function', function () { + expect(authLdap).to.be.a.function() + }) + + it('returns an object', function () { + expect(this.instance).to.be.an.object() + }) + + it('#load(xo) register the auth provider', function () { + this.instance.load(this.xo) + + const spy = this.xo.registerAuthenticationProvider + assert.calledOnce(spy) + + this.provider = spy.args[0][0] + expect(this.provider).to.be.a.function() + }) + + it('#unload(xo) unregister the auth provider', function () { + this.instance.unload(this.xo) + + const spy = this.xo.unregisterAuthenticationProvider + assert.calledOnce(spy) + + expect(spy.args[0][0]).to.be(this.provider) + }) +}) From 4617025bd4a3f47632e6c283fd881724de3be750 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 10:47:12 +0200 Subject: [PATCH 12/84] Travis CI --- packages/xo-server-auth-ldap/.travis.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 packages/xo-server-auth-ldap/.travis.yml diff --git a/packages/xo-server-auth-ldap/.travis.yml b/packages/xo-server-auth-ldap/.travis.yml new file mode 100644 index 000000000..5227e1127 --- /dev/null +++ b/packages/xo-server-auth-ldap/.travis.yml @@ -0,0 +1,5 @@ +language: node_js +node_js: + - 'iojs' + - '0.12' + - '0.10' \ No newline at end of file From f2e7963e1f22a90c39a18c9fb5e889a01eadbe4d Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 16:08:40 +0200 Subject: [PATCH 13/84] New implementation. --- packages/xo-server-auth-ldap/README.md | 30 ++++++- packages/xo-server-auth-ldap/package.json | 1 + packages/xo-server-auth-ldap/src/index.js | 101 +++++++++++++++++----- 3 files changed, 110 insertions(+), 22 deletions(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 875437337..a6b825be9 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -19,10 +19,38 @@ of XO-Server: plugins: auth-ldap: - uri: "ldap://ldap.example.org", + uri: "ldap://ldap.example.org" + + # Credentials to use before looking for the user record. + # + # Default to anonymous. + bind: + + # Distinguished name of the user permitted to search the LDAP + # directory for the user to authenticate. + dn: 'cn=admin,ou=people,dc=example,dc=org' + + # Password of the user permitted to search the LDAP directory. + password: 'secret' + + # The base is the part of the directory tree where the users are + # looked for. base: "ou=people,dc=example,dc=org" + + # Filter used to find the user. + # + # Default is `'(uid={{name}})'`. + #filter: '(uid={{name}})' ``` +## Algorithm + +1. If `bind` is defined, attempt to bind using this user. +2. Searches for the user in the directory starting from the `base` + with the defined `filter`. +3. If found, a bind is attempted using the distinguished name of this + user and the provided password. + ## Development ### Installing dependencies diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 902c7436a..ed69c21dc 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -25,6 +25,7 @@ "dependencies": { "babel-runtime": "^4", "bluebird": "^2.9.21", + "event-to-promise": "^0.3.2", "ldapjs": "^0.7.1" }, "devDependencies": { diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index a8279343d..a497555ee 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -1,40 +1,99 @@ -import Bluebird from 'bluebird' +import Bluebird, {coroutine, promisify} from 'bluebird' +import eventToPromise from 'event-to-promise' import {createClient} from 'ldapjs' import {escape} from 'ldapjs/lib/filters/escape' // =================================================================== +const VAR_RE = /\{\{([^}]+)\}\}/g +function evalFilter (filter, vars) { + return filter.replace(VAR_RE, (_, name) => { + const value = vars[name] + + if (value === undefined) { + throw new Error('invalid variable: ' + name) + } + + return escape(value) + }) +} + + function createAuthenticator (conf) { +} + +// =================================================================== + class AuthLdap { constructor (conf) { - const base = conf.base ? ',' + conf.base : '' const clientOpts = { - url: conf.uri + url: conf.uri, + maxConnections: 5 } - this._provider = (credentials) => { - const {username, password} = credentials + { + const {bind} = conf + if (bind) { + clientOpts.bindDN = bind.dn + clientOpts.bindCredentials = bind.password + } + } + + const {base: searchBase} = conf + const searchFilter = conf.filter || '(uid={{name}})' + + this._provider = coroutine(function * ({username, password}) { if (username === undefined || password === undefined) { - return Bluebird.reject(new Error('invalid credentials')) + throw null } - return new Bluebird((resolve, reject) => { - const client = createClient(clientOpts) + const client = createClient(clientOpts) - client.bind( - 'uid=' + escape(username) + base, - password, - (error) => { - if (error) { - reject(error) - } else { - resolve({ username }) - } + try { + // Promisify some methods. + const bind = promisify(client.bind, client) + const search = promisify(client.search, client) - client.unbind() + // Bind if necessary. + { + const {bind: credentials} = conf + if (credentials) { + yield bind(credentials.dn, credentials.password) } - ) - }) - } + } + + // Search for the user. + const entries = [] + { + const response = yield search(searchBase, { + scope: 'sub', + filter: evalFilter(searchFilter, { + name: username + }) + }) + + response.on('searchEntry', entry => { + entries.push(entry.json) + }) + + const {status} = yield eventToPromise(response, 'end') + if (status) { + throw new Error('unexpected search response status: ' + status) + } + } + + // Try to find an entry which can be bind with the given password. + for (let entry of entries) { + try { + yield bind(entry.objectName, password) + return { username } + } catch (error) {} + } + + throw null + } finally { + client.unbind() + } + }) } load (xo) { From d26b6103b55392aa26b225e1d2d47dc8fc6d4d6e Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 16:16:22 +0200 Subject: [PATCH 14/84] Tweak ESLint. --- packages/xo-server-auth-ldap/src/index.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index a497555ee..82658e638 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -1,3 +1,5 @@ +/* eslint no-lone-blocks: 0, no-throw-literal: 0 */ + import Bluebird, {coroutine, promisify} from 'bluebird' import eventToPromise from 'event-to-promise' import {createClient} from 'ldapjs' From 9051322338bc1a755738298738f00e36efe0bac2 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 16:16:35 +0200 Subject: [PATCH 15/84] Remove erroneous paste. --- packages/xo-server-auth-ldap/src/index.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 82658e638..f6e4402cf 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -20,9 +20,6 @@ function evalFilter (filter, vars) { }) } - function createAuthenticator (conf) { -} - // =================================================================== class AuthLdap { From 10d7cd15204638003a1706a8dd98251912d02681 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 16:30:51 +0200 Subject: [PATCH 16/84] Build sources in npm test. --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index ed69c21dc..9267b083e 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -39,7 +39,7 @@ "build": "mkdir --parents dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", "dev": "mkdir --parents dist && babel --watch --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", "prepublish": "npm build", - "test": "standard && mocha 'dist/**/*.spec.js'", + "test": "standard && npm run build && mocha 'dist/**/*.spec.js'", "test-dev": "standard && mocha --watch --reporter=min 'dist/**/*.spec.js'" }, "standard": { From ea277d0579048218b2beff2a2ea7991821949372 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 1 Apr 2015 16:35:41 +0200 Subject: [PATCH 17/84] Add missing dev dep. --- packages/xo-server-auth-ldap/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 9267b083e..e4e0d5407 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -33,6 +33,7 @@ "mocha": "*", "must": "*", "sinon": "*", + "source-map-support": "^0.2.10", "standard": "*" }, "scripts": { From b73126e6c16a38c5ef646f4d95398ebaa4120ea5 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Thu, 2 Apr 2015 16:34:11 +0200 Subject: [PATCH 18/84] README updates [skip ci]. --- packages/xo-server-auth-ldap/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index a6b825be9..b88e20f2d 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -2,6 +2,11 @@ > LDAP authentication plugin for XO-Server +This plugin allows LDAP users to authenticate to Xen-Orchestra. + +The first time a user signs in, XO will create a new XO user with the +same identifier. + ## Install Installation of the [npm package](https://npmjs.org/package/xo-server-auth-ldap): @@ -28,6 +33,9 @@ plugins: # Distinguished name of the user permitted to search the LDAP # directory for the user to authenticate. + # + # For Microsoft Active Directory, it can also be + # `'@'` dn: 'cn=admin,ou=people,dc=example,dc=org' # Password of the user permitted to search the LDAP directory. @@ -39,6 +47,9 @@ plugins: # Filter used to find the user. # + # For Microsoft Active Directory, the filter should be + # `'(cn={{name}})'` or `'(sAMAccountName={{name}}@)'`. + # # Default is `'(uid={{name}})'`. #filter: '(uid={{name}})' ``` From 82e2a19749973e50a82ceae89f069978402f32d0 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Thu, 2 Apr 2015 16:34:21 +0200 Subject: [PATCH 19/84] 0.2.0 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index e4e0d5407..af0d0de16 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.1.2", + "version": "0.2.0", "license": "AGPL3", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 0966ba909b107ebbbf7f529d572c541615e7dd4a Mon Sep 17 00:00:00 2001 From: Will Rigby Date: Thu, 16 Apr 2015 00:25:55 -0400 Subject: [PATCH 20/84] Allow connecting to SSL-secured servers with self-signed certificates Adds a new configuration parameter ('check_certificate'), which gets wired up to the rejectUnauthorized option of tls.connect. --- packages/xo-server-auth-ldap/src/index.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index f6e4402cf..9c713e92c 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -26,7 +26,8 @@ class AuthLdap { constructor (conf) { const clientOpts = { url: conf.uri, - maxConnections: 5 + maxConnections: 5, + tlsOptions: { } } { @@ -37,6 +38,10 @@ class AuthLdap { } } + if (conf.check_certificate !== undefined) { + clientOpts.tlsOptions.rejectUnauthorized = conf.check_certificate + } + const {base: searchBase} = conf const searchFilter = conf.filter || '(uid={{name}})' From 068df6f2b122bdd528ca92bf57cac7fa71fdf89a Mon Sep 17 00:00:00 2001 From: Will Rigby Date: Thu, 16 Apr 2015 00:48:04 -0400 Subject: [PATCH 21/84] Support specifying path(s) to CA certificate(s) Wires the 'ca_certificates' configuration option through to tls.connect's 'ca' option. --- packages/xo-server-auth-ldap/src/index.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 9c713e92c..5835152de 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -42,6 +42,10 @@ class AuthLdap { clientOpts.tlsOptions.rejectUnauthorized = conf.check_certificate } + if (conf.ca_certificates !== undefined) { + clientOpts.tlsOptions.ca = conf.ca_certificates + } + const {base: searchBase} = conf const searchFilter = conf.filter || '(uid={{name}})' From 03cc8248bc8675d82e8455b967b04aa7aa312c5e Mon Sep 17 00:00:00 2001 From: Will Rigby Date: Thu, 16 Apr 2015 00:59:29 -0400 Subject: [PATCH 22/84] Update documentation --- packages/xo-server-auth-ldap/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index b88e20f2d..add959999 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -26,6 +26,18 @@ plugins: auth-ldap: uri: "ldap://ldap.example.org" + # Path to CA certificates to use when connecting to + # SSL-secured LDAP servers. If not specified, it will use + # a default set of well-known CAs. + ca_certificates: + - /path/to/ca_cert.pem + - /path/to/another/ca_cert.pem + + # Check the validity of the server's certificate. Useful + # when connecting to servers that use a self-signed certificate. + # Defaults to true if not specified. + check_certificate: true + # Credentials to use before looking for the user record. # # Default to anonymous. From 6e7588e9fcfde1b5baa0cc9966e1d48c74434a24 Mon Sep 17 00:00:00 2001 From: Will Rigby Date: Thu, 16 Apr 2015 01:03:20 -0400 Subject: [PATCH 23/84] Fix npm scripts on OS X BSD's mkdir doesn't support the long --parents flag. --- packages/xo-server-auth-ldap/package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index af0d0de16..b33ddf32d 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -37,8 +37,8 @@ "standard": "*" }, "scripts": { - "build": "mkdir --parents dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", - "dev": "mkdir --parents dist && babel --watch --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", + "build": "mkdir -p dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", + "dev": "mkdir -p dist && babel --watch --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", "prepublish": "npm build", "test": "standard && npm run build && mocha 'dist/**/*.spec.js'", "test-dev": "standard && mocha --watch --reporter=min 'dist/**/*.spec.js'" From 37e5bcad6186e0656a32c17f8b542fd628ceca94 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Sat, 18 Apr 2015 12:37:02 +0200 Subject: [PATCH 24/84] Minor style fixes. --- packages/xo-server-auth-ldap/README.md | 8 ++++---- packages/xo-server-auth-ldap/src/index.js | 21 +++++++++++++-------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index add959999..3ce5aaa56 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -29,14 +29,14 @@ plugins: # Path to CA certificates to use when connecting to # SSL-secured LDAP servers. If not specified, it will use # a default set of well-known CAs. - ca_certificates: - - /path/to/ca_cert.pem - - /path/to/another/ca_cert.pem + certificateAuthorities: + - /path/to/ca_cert.pem + - /path/to/another/ca_cert.pem # Check the validity of the server's certificate. Useful # when connecting to servers that use a self-signed certificate. # Defaults to true if not specified. - check_certificate: true + checkCertificate: true # Credentials to use before looking for the user record. # diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 5835152de..5e2152b1c 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -4,6 +4,7 @@ import Bluebird, {coroutine, promisify} from 'bluebird' import eventToPromise from 'event-to-promise' import {createClient} from 'ldapjs' import {escape} from 'ldapjs/lib/filters/escape' +import {readFileSync} from 'fs' // =================================================================== @@ -27,23 +28,27 @@ class AuthLdap { const clientOpts = { url: conf.uri, maxConnections: 5, - tlsOptions: { } + tlsOptions: {} } { - const {bind} = conf + const { + bind, + checkCertificate = true, + certificateAuthorities + } = conf + if (bind) { clientOpts.bindDN = bind.dn clientOpts.bindCredentials = bind.password } - } - if (conf.check_certificate !== undefined) { - clientOpts.tlsOptions.rejectUnauthorized = conf.check_certificate - } + const {tlsOptions} = clientOpts - if (conf.ca_certificates !== undefined) { - clientOpts.tlsOptions.ca = conf.ca_certificates + tlsOptions.rejectUnauthorized = !checkCertificate + if (certificateAuthorities) { + tlsOptions.ca = certificateAuthorities.map(path => readFileSync(path)) + } } const {base: searchBase} = conf From e8e7a92131c8ee996e15afec8d406dadc8115430 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 21 Apr 2015 17:48:26 +0200 Subject: [PATCH 25/84] Minor README updates. --- packages/xo-server-auth-ldap/README.md | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 3ce5aaa56..64042db54 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -26,16 +26,18 @@ plugins: auth-ldap: uri: "ldap://ldap.example.org" - # Path to CA certificates to use when connecting to - # SSL-secured LDAP servers. If not specified, it will use - # a default set of well-known CAs. + # Path to CA certificates to use when connecting to SSL-secured + # LDAP servers. + # + # If not specified, it will use a default set of well-known CAs. certificateAuthorities: - /path/to/ca_cert.pem - /path/to/another/ca_cert.pem - # Check the validity of the server's certificate. Useful - # when connecting to servers that use a self-signed certificate. - # Defaults to true if not specified. + # Check the validity of the server's certificate. Useful when + # connecting to servers that use a self-signed certificate. + # + # Default to true checkCertificate: true # Credentials to use before looking for the user record. @@ -47,7 +49,7 @@ plugins: # directory for the user to authenticate. # # For Microsoft Active Directory, it can also be - # `'@'` + # '@' dn: 'cn=admin,ou=people,dc=example,dc=org' # Password of the user permitted to search the LDAP directory. @@ -59,10 +61,14 @@ plugins: # Filter used to find the user. # - # For Microsoft Active Directory, the filter should be - # `'(cn={{name}})'` or `'(sAMAccountName={{name}}@)'`. + # For Microsoft Active Directory, you can try one of the following + # filters: # - # Default is `'(uid={{name}})'`. + # - '(cn={{name}})' + # - '(sAMAccountName={{name}}@)' + # - '(userPrincipalName={{name}})' + # + # Default is '(uid={{name}})' #filter: '(uid={{name}})' ``` From 7a4dcd52c4d538235489565654c9ddf048a560b7 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 21 Apr 2015 17:52:07 +0200 Subject: [PATCH 26/84] 0.3.0 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index b33ddf32d..c5965ff39 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.2.0", + "version": "0.3.0", "license": "AGPL3", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 047fa5b2db9ba94445b1f2e94771cc827e2436eb Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Sun, 26 Apr 2015 11:16:15 +0200 Subject: [PATCH 27/84] Fix checkCertificate (thx @wrigby). --- packages/xo-server-auth-ldap/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 5e2152b1c..8120a18c8 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -45,7 +45,7 @@ class AuthLdap { const {tlsOptions} = clientOpts - tlsOptions.rejectUnauthorized = !checkCertificate + tlsOptions.rejectUnauthorized = checkCertificate if (certificateAuthorities) { tlsOptions.ca = certificateAuthorities.map(path => readFileSync(path)) } From c3acf8341bae4525478ecdddaf7062e91ca92271 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 28 Apr 2015 13:25:03 +0200 Subject: [PATCH 28/84] 0.3.1 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index c5965ff39..eb7b9605e 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.3.0", + "version": "0.3.1", "license": "AGPL3", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 71482bd06c97c16dd6535681435295ab4b21f627 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 28 Apr 2015 14:05:47 +0200 Subject: [PATCH 29/84] Correctly build the package. --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index eb7b9605e..052b7624b 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -39,7 +39,7 @@ "scripts": { "build": "mkdir -p dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", "dev": "mkdir -p dist && babel --watch --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", - "prepublish": "npm build", + "prepublish": "npm run build", "test": "standard && npm run build && mocha 'dist/**/*.spec.js'", "test-dev": "standard && mocha --watch --reporter=min 'dist/**/*.spec.js'" }, From 4db6971cc4d0670cd9597315e0fd1a2c5ba33db6 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 28 Apr 2015 14:06:08 +0200 Subject: [PATCH 30/84] 0.3.2 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 052b7624b..9cd168931 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.3.1", + "version": "0.3.2", "license": "AGPL3", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 82766d1645516f994e9a731f533398c6bbcf5470 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 12:39:54 +0200 Subject: [PATCH 31/84] Update README.md --- packages/xo-server-auth-ldap/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 64042db54..06a591894 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -65,6 +65,7 @@ plugins: # filters: # # - '(cn={{name}})' + # - '(sAMAccountName={{name}})' # - '(sAMAccountName={{name}}@)' # - '(userPrincipalName={{name}})' # From f61a16074bf479ef53c008c0b08f4f322f7b1855 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 12:46:11 +0200 Subject: [PATCH 32/84] Update deps. --- packages/xo-server-auth-ldap/package.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 9cd168931..b3be1272f 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -23,18 +23,18 @@ "dist/" ], "dependencies": { - "babel-runtime": "^4", + "babel-runtime": "^5", "bluebird": "^2.9.21", "event-to-promise": "^0.3.2", "ldapjs": "^0.7.1" }, "devDependencies": { - "babel": "^4", - "mocha": "*", - "must": "*", - "sinon": "*", - "source-map-support": "^0.2.10", - "standard": "*" + "babel": "^5", + "mocha": "^2.2.5", + "must": "^0.12.0", + "sinon": "^1.15.3", + "source-map-support": "^0.3.1", + "standard": "^4.2.1" }, "scripts": { "build": "mkdir -p dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", From b78e74cdf6bf67f81a50b79b9e6c83875b3cdec1 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 12:46:58 +0200 Subject: [PATCH 33/84] Use a valid SPDX license. --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index b3be1272f..93badc032 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,7 +1,7 @@ { "name": "xo-server-auth-ldap", "version": "0.3.2", - "license": "AGPL3", + "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ "xo-server", From 60a278490f95d3ec7589ac0308edbb64bf11e001 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 12:49:22 +0200 Subject: [PATCH 34/84] Fix coding style. --- packages/xo-server-auth-ldap/src/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 8120a18c8..fe28bc35a 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -1,6 +1,6 @@ -/* eslint no-lone-blocks: 0, no-throw-literal: 0 */ +/* eslint no-throw-literal: 0 */ -import Bluebird, {coroutine, promisify} from 'bluebird' +import {coroutine, promisify} from 'bluebird' import eventToPromise from 'event-to-promise' import {createClient} from 'ldapjs' import {escape} from 'ldapjs/lib/filters/escape' From 3183ca02b348ccaff63c0d15290b92f37a6f6db8 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 15:56:36 +0200 Subject: [PATCH 35/84] Improve tests execution. --- packages/xo-server-auth-ldap/.mocha.js | 3 +++ packages/xo-server-auth-ldap/.mocha.opts | 1 + packages/xo-server-auth-ldap/package.json | 12 ++++++++---- 3 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 packages/xo-server-auth-ldap/.mocha.js create mode 100644 packages/xo-server-auth-ldap/.mocha.opts diff --git a/packages/xo-server-auth-ldap/.mocha.js b/packages/xo-server-auth-ldap/.mocha.js new file mode 100644 index 000000000..b888fb4d5 --- /dev/null +++ b/packages/xo-server-auth-ldap/.mocha.js @@ -0,0 +1,3 @@ +try { require('clarify') } catch (_) {} +try { require('trace') } catch (_) {} +try { require('source-map-support/register') } catch (_) {} diff --git a/packages/xo-server-auth-ldap/.mocha.opts b/packages/xo-server-auth-ldap/.mocha.opts new file mode 100644 index 000000000..6cfd94898 --- /dev/null +++ b/packages/xo-server-auth-ldap/.mocha.opts @@ -0,0 +1 @@ +--require ./.mocha.js diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 93badc032..b211562fa 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -30,22 +30,26 @@ }, "devDependencies": { "babel": "^5", + "babel-eslint": "^3.1.15", + "clarify": "^1.0.5", "mocha": "^2.2.5", "must": "^0.12.0", "sinon": "^1.15.3", "source-map-support": "^0.3.1", - "standard": "^4.2.1" + "standard": "^4.2.1", + "trace": "^1.2.0" }, "scripts": { "build": "mkdir -p dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", "dev": "mkdir -p dist && babel --watch --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", "prepublish": "npm run build", - "test": "standard && npm run build && mocha 'dist/**/*.spec.js'", - "test-dev": "standard && mocha --watch --reporter=min 'dist/**/*.spec.js'" + "test": "mocha --opts .mocha.opts \"dist/**/*.spec.js\"", + "test-dev": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"" }, "standard": { "ignore": [ "dist/**" - ] + ], + "parser": "babel-eslint" } } From 5e18b6b87801074f2d33c9c64dada77bda0574fa Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 15:57:12 +0200 Subject: [PATCH 36/84] Improve Babel configuration. --- packages/xo-server-auth-ldap/.babelrc | 14 ++++++++++++++ packages/xo-server-auth-ldap/package.json | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 packages/xo-server-auth-ldap/.babelrc diff --git a/packages/xo-server-auth-ldap/.babelrc b/packages/xo-server-auth-ldap/.babelrc new file mode 100644 index 000000000..0bb8741f7 --- /dev/null +++ b/packages/xo-server-auth-ldap/.babelrc @@ -0,0 +1,14 @@ +{ + "comments": false, + "compact": true, + "optional": [ + // Experimental features. + // "minification.constantFolding", + // "minification.deadCodeElimination", + + "es7.asyncFunctions", + "es7.decorators", + "es7.functionBind", + "runtime" + ] +} diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index b211562fa..122d49271 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -40,8 +40,8 @@ "trace": "^1.2.0" }, "scripts": { - "build": "mkdir -p dist && babel --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", - "dev": "mkdir -p dist && babel --watch --optional=runtime --compact=true --source-maps --out-dir=dist/ src/", + "build": "babel --source-maps --out-dir=dist/ src/", + "dev": "babel --watch --source-maps --out-dir=dist/ src/", "prepublish": "npm run build", "test": "mocha --opts .mocha.opts \"dist/**/*.spec.js\"", "test-dev": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"" From d521c75085d33caf5f958e6f5d3f39d1de45d15d Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 16:00:17 +0200 Subject: [PATCH 37/84] Minor changes. --- packages/xo-server-auth-ldap/.gitignore | 1 + packages/xo-server-auth-ldap/.npmignore | 7 +++++++ packages/xo-server-auth-ldap/.travis.yml | 2 +- packages/xo-server-auth-ldap/package.json | 1 + 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/.gitignore b/packages/xo-server-auth-ldap/.gitignore index a4a5666f8..384949d8a 100644 --- a/packages/xo-server-auth-ldap/.gitignore +++ b/packages/xo-server-auth-ldap/.gitignore @@ -2,6 +2,7 @@ /dist/ npm-debug.log +npm-debug.log.* !node_modules/* node_modules/*/ diff --git a/packages/xo-server-auth-ldap/.npmignore b/packages/xo-server-auth-ldap/.npmignore index 5f4b80cec..c6cf49e61 100644 --- a/packages/xo-server-auth-ldap/.npmignore +++ b/packages/xo-server-auth-ldap/.npmignore @@ -1,2 +1,9 @@ +/examples/ +example.js +*.example.js +*.example.js.map + +/test/ +/tests/ *.spec.js *.spec.js.map diff --git a/packages/xo-server-auth-ldap/.travis.yml b/packages/xo-server-auth-ldap/.travis.yml index 5227e1127..e667b9209 100644 --- a/packages/xo-server-auth-ldap/.travis.yml +++ b/packages/xo-server-auth-ldap/.travis.yml @@ -2,4 +2,4 @@ language: node_js node_js: - 'iojs' - '0.12' - - '0.10' \ No newline at end of file + - '0.10' diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 122d49271..cf1710df9 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -19,6 +19,7 @@ }, "preferGlobal": false, "main": "dist/", + "bin": {}, "files": [ "dist/" ], From b934a7de6aa86f78c4968d0d6769ba0994cb8bb5 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 16:00:29 +0200 Subject: [PATCH 38/84] npm run lint --- packages/xo-server-auth-ldap/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index cf1710df9..b736f212c 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -43,6 +43,7 @@ "scripts": { "build": "babel --source-maps --out-dir=dist/ src/", "dev": "babel --watch --source-maps --out-dir=dist/ src/", + "lint": "standard", "prepublish": "npm run build", "test": "mocha --opts .mocha.opts \"dist/**/*.spec.js\"", "test-dev": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"" From 27df44bf4417e9a47cdd1ed219309ea1e51ae0ac Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 16:09:40 +0200 Subject: [PATCH 39/84] Use more ES6/7 features. --- packages/xo-server-auth-ldap/src/index.js | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index fe28bc35a..c642f2fea 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -1,6 +1,6 @@ /* eslint no-throw-literal: 0 */ -import {coroutine, promisify} from 'bluebird' +import {promisify} from 'bluebird' import eventToPromise from 'event-to-promise' import {createClient} from 'ldapjs' import {escape} from 'ldapjs/lib/filters/escape' @@ -51,10 +51,12 @@ class AuthLdap { } } - const {base: searchBase} = conf - const searchFilter = conf.filter || '(uid={{name}})' + const { + base: searchBase, + filter: searchFilter = '(uid={{name}})' + } = conf - this._provider = coroutine(function * ({username, password}) { + this._provider = async function ({username, password}) { if (username === undefined || password === undefined) { throw null } @@ -70,14 +72,14 @@ class AuthLdap { { const {bind: credentials} = conf if (credentials) { - yield bind(credentials.dn, credentials.password) + await bind(credentials.dn, credentials.password) } } // Search for the user. const entries = [] { - const response = yield search(searchBase, { + const response = await search(searchBase, { scope: 'sub', filter: evalFilter(searchFilter, { name: username @@ -88,7 +90,7 @@ class AuthLdap { entries.push(entry.json) }) - const {status} = yield eventToPromise(response, 'end') + const {status} = await eventToPromise(response, 'end') if (status) { throw new Error('unexpected search response status: ' + status) } @@ -97,7 +99,7 @@ class AuthLdap { // Try to find an entry which can be bind with the given password. for (let entry of entries) { try { - yield bind(entry.objectName, password) + await bind(entry.objectName, password) return { username } } catch (error) {} } @@ -106,7 +108,7 @@ class AuthLdap { } finally { client.unbind() } - }) + } } load (xo) { From 124f7f43ab2def1b8c30fda521455bb885de7a90 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 17:45:44 +0200 Subject: [PATCH 40/84] Minor changes. --- packages/xo-server-auth-ldap/src/index.js | 4 ++-- packages/xo-server-auth-ldap/src/index.spec.js | 7 +++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index c642f2fea..aac04e069 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -97,11 +97,11 @@ class AuthLdap { } // Try to find an entry which can be bind with the given password. - for (let entry of entries) { + for (const entry of entries) { try { await bind(entry.objectName, password) return { username } - } catch (error) {} + } catch (_) {} } throw null diff --git a/packages/xo-server-auth-ldap/src/index.spec.js b/packages/xo-server-auth-ldap/src/index.spec.js index b7ba3b86a..1986e0e59 100644 --- a/packages/xo-server-auth-ldap/src/index.spec.js +++ b/packages/xo-server-auth-ldap/src/index.spec.js @@ -1,12 +1,11 @@ /* eslint-env mocha */ -import authLdap from './' - import expect from 'must' import {assert, spy} from 'sinon' -import sourceMapSupport from 'source-map-support' -sourceMapSupport.install() +// =================================================================== + +import authLdap from './' // =================================================================== From e9e0fdae37b990fbc2564658f9c490c04f6e8174 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 16 Jun 2015 17:53:30 +0200 Subject: [PATCH 41/84] Run linter with npm test. --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index b736f212c..c70bb4374 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -45,7 +45,7 @@ "dev": "babel --watch --source-maps --out-dir=dist/ src/", "lint": "standard", "prepublish": "npm run build", - "test": "mocha --opts .mocha.opts \"dist/**/*.spec.js\"", + "test": "npm run lint && mocha --opts .mocha.opts \"dist/**/*.spec.js\"", "test-dev": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"" }, "standard": { From ea1afb260afb69f10623289e7c415641a4407ea2 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 22 Jun 2015 14:00:35 +0200 Subject: [PATCH 42/84] Update README.md --- packages/xo-server-auth-ldap/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 06a591894..40cdb9dea 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -30,15 +30,15 @@ plugins: # LDAP servers. # # If not specified, it will use a default set of well-known CAs. - certificateAuthorities: - - /path/to/ca_cert.pem - - /path/to/another/ca_cert.pem + #certificateAuthorities: + # - /path/to/ca_cert.pem + # - /path/to/another/ca_cert.pem # Check the validity of the server's certificate. Useful when # connecting to servers that use a self-signed certificate. # # Default to true - checkCertificate: true + #checkCertificate: true # Credentials to use before looking for the user record. # @@ -57,7 +57,7 @@ plugins: # The base is the part of the directory tree where the users are # looked for. - base: "ou=people,dc=example,dc=org" + base: 'ou=people,dc=example,dc=org' # Filter used to find the user. # From 1a8149e45691fbbe784ec023fdfc016dafb7334f Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 18 Sep 2015 14:51:18 +0200 Subject: [PATCH 43/84] This package should be installed globally. --- packages/xo-server-auth-ldap/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 40cdb9dea..69ea63d05 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -12,7 +12,7 @@ same identifier. Installation of the [npm package](https://npmjs.org/package/xo-server-auth-ldap): ``` -> npm install xo-server-auth-ldap +> npm install --global xo-server-auth-ldap ``` ## Usage From 0595360808dd70ea5fd1f3f0a1646074dcf032e9 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 18 Sep 2015 14:51:34 +0200 Subject: [PATCH 44/84] Update deps. --- packages/xo-server-auth-ldap/package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index c70bb4374..074ab8835 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -26,18 +26,18 @@ "dependencies": { "babel-runtime": "^5", "bluebird": "^2.9.21", - "event-to-promise": "^0.3.2", + "event-to-promise": "^0.4.0", "ldapjs": "^0.7.1" }, "devDependencies": { "babel": "^5", - "babel-eslint": "^3.1.15", + "babel-eslint": "^4.1.3", "clarify": "^1.0.5", "mocha": "^2.2.5", "must": "^0.12.0", "sinon": "^1.15.3", "source-map-support": "^0.3.1", - "standard": "^4.2.1", + "standard": "^5.3.0", "trace": "^1.2.0" }, "scripts": { From e1587d11b162a2b8a3cfa1c668e18bfebb0dd1b7 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 21 Sep 2015 10:23:48 +0200 Subject: [PATCH 45/84] FIXME: certificates reading should be async. --- packages/xo-server-auth-ldap/src/index.js | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index aac04e069..fd326df61 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -47,6 +47,7 @@ class AuthLdap { tlsOptions.rejectUnauthorized = checkCertificate if (certificateAuthorities) { + // FIXME: should be async!!! tlsOptions.ca = certificateAuthorities.map(path => readFileSync(path)) } } From 22638a8147cf96ea5d7b66f6a4732617a9e47f57 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Thu, 8 Oct 2015 13:54:33 +0200 Subject: [PATCH 46/84] New plugin API. --- packages/xo-server-auth-ldap/src/index.js | 80 +++++++++++++++++++++-- 1 file changed, 74 insertions(+), 6 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index fd326df61..f2b7f6ac9 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -21,10 +21,78 @@ function evalFilter (filter, vars) { }) } +export const configurationSchema = { + type: 'object', + properties: { + uri: { + description: 'URI of the LDAP server.', + type: 'string' + }, + certificateAuthorities: { + description: ` +Paths to CA certificates to use when connecting to SSL-secured LDAP servers. + +If not specified, it will use a default set of well-known CAs. +`.trim(), + type: 'array', + items: { + type: 'string' + } + }, + checkCertificate: { + description: 'Check the validity of the server\'s certificates. Useful when connecting to servers that use a self-signed certificate.', + type: 'boolean' + }, + bind: { + description: 'Credentials to use before looking for the user record.', + type: 'object', + properties: { + dn: { + description: ` +Distinguished name of the user permitted to search the LDAP directory for the user to authenticate. + +For Microsoft Active Directory, it can also be \`@\`. +`.trim(), + type: 'string' + }, + password: { + description: 'Password of the user permitted ot search the LDAP directory.', + type: 'string' + } + }, + required: ['dn', 'password'] + }, + base: { + description: 'The base is the part of the description tree where the users are looked for.', + type: 'string' + }, + filter: { + description: ` +Filter used to find the user. + +For Microsoft Active Directory, you can try one of the following filters: + +- \`(cn={{name}})\` +- \`(sAMAccountName={{name}})\` +- \`(sAMAccountName={{name}}@)\` +- \`(userPrincipalName={{name}})\` + +Default is \`(uid={{name}})\`. +`.trim(), + type: 'string' + } + }, + required: ['uri', 'base'] +} + // =================================================================== class AuthLdap { - constructor (conf) { + constructor (xo) { + this._xo = xo + } + + configure (conf) { const clientOpts = { url: conf.uri, maxConnections: 5, @@ -112,15 +180,15 @@ class AuthLdap { } } - load (xo) { - xo.registerAuthenticationProvider(this._provider) + load () { + this._xo.registerAuthenticationProvider(this._provider) } - unload (xo) { - xo.unregisterAuthenticationProvider(this._provider) + unload () { + this._xo.unregisterAuthenticationProvider(this._provider) } } // =================================================================== -export default (conf) => new AuthLdap(conf) +export default ({xo}) => new AuthLdap(xo) From 98395abc1789f1301e421fc40f7f388833d9859d Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 9 Oct 2015 17:56:37 +0200 Subject: [PATCH 47/84] 0.4.0 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 074ab8835..73cc27596 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.3.2", + "version": "0.4.0", "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 2021b644c0e70440ae9f3a3d6661ef625d06754a Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 9 Oct 2015 18:52:57 +0200 Subject: [PATCH 48/84] 0.4.1 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 73cc27596..1a93b7e07 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.4.0", + "version": "0.4.1", "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 334d8439554f806a95ec7c3af801142ece0a6d0f Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 12 Oct 2015 10:16:34 +0200 Subject: [PATCH 49/84] Move defaults to the schema. --- packages/xo-server-auth-ldap/README.md | 2 -- packages/xo-server-auth-ldap/src/index.js | 8 ++++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 69ea63d05..737c7aeb7 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -68,8 +68,6 @@ plugins: # - '(sAMAccountName={{name}})' # - '(sAMAccountName={{name}}@)' # - '(userPrincipalName={{name}})' - # - # Default is '(uid={{name}})' #filter: '(uid={{name}})' ``` diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index f2b7f6ac9..6693e1491 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -41,7 +41,8 @@ If not specified, it will use a default set of well-known CAs. }, checkCertificate: { description: 'Check the validity of the server\'s certificates. Useful when connecting to servers that use a self-signed certificate.', - type: 'boolean' + type: 'boolean', + default: true }, bind: { description: 'Credentials to use before looking for the user record.', @@ -76,10 +77,9 @@ For Microsoft Active Directory, you can try one of the following filters: - \`(sAMAccountName={{name}})\` - \`(sAMAccountName={{name}}@)\` - \`(userPrincipalName={{name}})\` - -Default is \`(uid={{name}})\`. `.trim(), - type: 'string' + type: 'string', + default: '(uid={{name}})' } }, required: ['uri', 'base'] From c418c766d83f8d1c940cfb5e5ca11fef14b21de3 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 12 Oct 2015 10:26:45 +0200 Subject: [PATCH 50/84] This test is no longer relevant. --- .../xo-server-auth-ldap/src/index.spec.js | 48 ------------------- 1 file changed, 48 deletions(-) delete mode 100644 packages/xo-server-auth-ldap/src/index.spec.js diff --git a/packages/xo-server-auth-ldap/src/index.spec.js b/packages/xo-server-auth-ldap/src/index.spec.js deleted file mode 100644 index 1986e0e59..000000000 --- a/packages/xo-server-auth-ldap/src/index.spec.js +++ /dev/null @@ -1,48 +0,0 @@ -/* eslint-env mocha */ - -import expect from 'must' -import {assert, spy} from 'sinon' - -// =================================================================== - -import authLdap from './' - -// =================================================================== - -describe('authLdap()', function () { - before(function () { - this.instance = authLdap({}) - - this.xo = { - registerAuthenticationProvider: spy(), - unregisterAuthenticationProvider: spy() - } - }) - - it('is a function', function () { - expect(authLdap).to.be.a.function() - }) - - it('returns an object', function () { - expect(this.instance).to.be.an.object() - }) - - it('#load(xo) register the auth provider', function () { - this.instance.load(this.xo) - - const spy = this.xo.registerAuthenticationProvider - assert.calledOnce(spy) - - this.provider = spy.args[0][0] - expect(this.provider).to.be.a.function() - }) - - it('#unload(xo) unregister the auth provider', function () { - this.instance.unload(this.xo) - - const spy = this.xo.unregisterAuthenticationProvider - assert.calledOnce(spy) - - expect(spy.args[0][0]).to.be(this.provider) - }) -}) From 9771402c54ba490ffeeff0ddbc4b7c07e16ef2ad Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 12 Oct 2015 15:38:34 +0200 Subject: [PATCH 51/84] No need to reload the plugin after a configure. --- packages/xo-server-auth-ldap/src/index.js | 125 ++++++++++++---------- 1 file changed, 69 insertions(+), 56 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 6693e1491..ddc644fbd 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -8,6 +8,12 @@ import {readFileSync} from 'fs' // =================================================================== +function bind (fn, thisArg) { + return function () { + return fn.apply(thisArg, arguments) + } +} + const VAR_RE = /\{\{([^}]+)\}\}/g function evalFilter (filter, vars) { return filter.replace(VAR_RE, (_, name) => { @@ -90,10 +96,12 @@ For Microsoft Active Directory, you can try one of the following filters: class AuthLdap { constructor (xo) { this._xo = xo + + this._authenticate = bind(this._authenticate, this) } configure (conf) { - const clientOpts = { + const clientOpts = this._clientOpts = { url: conf.uri, maxConnections: 5, tlsOptions: {} @@ -121,71 +129,76 @@ class AuthLdap { } const { + bind: credentials, base: searchBase, filter: searchFilter = '(uid={{name}})' } = conf - this._provider = async function ({username, password}) { - if (username === undefined || password === undefined) { - throw null - } - - const client = createClient(clientOpts) - - try { - // Promisify some methods. - const bind = promisify(client.bind, client) - const search = promisify(client.search, client) - - // Bind if necessary. - { - const {bind: credentials} = conf - if (credentials) { - await bind(credentials.dn, credentials.password) - } - } - - // Search for the user. - const entries = [] - { - const response = await search(searchBase, { - scope: 'sub', - filter: evalFilter(searchFilter, { - name: username - }) - }) - - response.on('searchEntry', entry => { - entries.push(entry.json) - }) - - const {status} = await eventToPromise(response, 'end') - if (status) { - throw new Error('unexpected search response status: ' + status) - } - } - - // Try to find an entry which can be bind with the given password. - for (const entry of entries) { - try { - await bind(entry.objectName, password) - return { username } - } catch (_) {} - } - - throw null - } finally { - client.unbind() - } - } + this._credentials = credentials + this._searchBase = searchBase + this._searchFilter = searchFilter } load () { - this._xo.registerAuthenticationProvider(this._provider) + this._xo.registerAuthenticationProvider(this._authenticate) } unload () { - this._xo.unregisterAuthenticationProvider(this._provider) + this._xo.unregisterAuthenticationProvider(this._authenticate) + } + + async _authenticate ({ username, password }) { + if (username === undefined || password === undefined) { + throw null + } + + const client = createClient(this._clientOpts) + + try { + // Promisify some methods. + const bind = promisify(client.bind, client) + const search = promisify(client.search, client) + + // Bind if necessary. + { + const {_credentials: credentials} = this + if (credentials) { + await bind(credentials.dn, credentials.password) + } + } + + // Search for the user. + const entries = [] + { + const response = await search(this._searchBase, { + scope: 'sub', + filter: evalFilter(this._searchFilter, { + name: username + }) + }) + + response.on('searchEntry', entry => { + entries.push(entry.json) + }) + + const {status} = await eventToPromise(response, 'end') + if (status) { + throw new Error('unexpected search response status: ' + status) + } + } + + // Try to find an entry which can be bind with the given password. + for (const entry of entries) { + try { + await bind(entry.objectName, password) + return { username } + } catch (_) {} + } + + throw null + } finally { + client.unbind() + } } } From 138e60e77c8049d59465a3f71b7c98b4239627ab Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 12 Oct 2015 15:38:50 +0200 Subject: [PATCH 52/84] 0.4.2 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 1a93b7e07..97610bf04 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.4.1", + "version": "0.4.2", "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 93a07b62071f756a3cc78fafa2008dfbac28ae5e Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 28 Dec 2015 08:56:38 +0100 Subject: [PATCH 53/84] Typo. --- packages/xo-server-auth-ldap/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index ddc644fbd..f2c26d6d4 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -63,7 +63,7 @@ For Microsoft Active Directory, it can also be \`@\`. type: 'string' }, password: { - description: 'Password of the user permitted ot search the LDAP directory.', + description: 'Password of the user permitted of search the LDAP directory.', type: 'string' } }, From 2129645f396333e8f71c277e586f50eb59138e2d Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 28 Dec 2015 09:16:11 +0100 Subject: [PATCH 54/84] Babel 6. --- packages/xo-server-auth-ldap/.babelrc | 21 +++++++++------------ packages/xo-server-auth-ldap/package.json | 9 ++++++--- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/packages/xo-server-auth-ldap/.babelrc b/packages/xo-server-auth-ldap/.babelrc index 0bb8741f7..df6800285 100644 --- a/packages/xo-server-auth-ldap/.babelrc +++ b/packages/xo-server-auth-ldap/.babelrc @@ -1,14 +1,11 @@ { - "comments": false, - "compact": true, - "optional": [ - // Experimental features. - // "minification.constantFolding", - // "minification.deadCodeElimination", - - "es7.asyncFunctions", - "es7.decorators", - "es7.functionBind", - "runtime" - ] + "comments": false, + "compact": true, + "plugins": [ + "transform-runtime" + ], + "presets": [ + "stage-0", + "es2015" + ] } diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 97610bf04..7d03f14a0 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -24,14 +24,17 @@ "dist/" ], "dependencies": { - "babel-runtime": "^5", + "babel-runtime": "^6.3.19", "bluebird": "^2.9.21", "event-to-promise": "^0.4.0", "ldapjs": "^0.7.1" }, "devDependencies": { - "babel": "^5", - "babel-eslint": "^4.1.3", + "babel-cli": "^6.3.17", + "babel-eslint": "^5.0.0-beta6", + "babel-plugin-transform-runtime": "^6.3.13", + "babel-preset-es2015": "^6.3.13", + "babel-preset-stage-0": "^6.3.13", "clarify": "^1.0.5", "mocha": "^2.2.5", "must": "^0.12.0", From 22bd87c965ac26814ef541cd3a964ba79e9b516a Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 28 Dec 2015 09:17:48 +0100 Subject: [PATCH 55/84] Update ldapjs to 1.0. --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 7d03f14a0..97fa98821 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -27,7 +27,7 @@ "babel-runtime": "^6.3.19", "bluebird": "^2.9.21", "event-to-promise": "^0.4.0", - "ldapjs": "^0.7.1" + "ldapjs": "^1.0.0" }, "devDependencies": { "babel-cli": "^6.3.17", From ae20ca5558d58a814f2591c36919d16d7fd28666 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 28 Dec 2015 09:19:51 +0100 Subject: [PATCH 56/84] Update deps. --- packages/xo-server-auth-ldap/.npmignore | 1 + packages/xo-server-auth-ldap/package.json | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/packages/xo-server-auth-ldap/.npmignore b/packages/xo-server-auth-ldap/.npmignore index c6cf49e61..c31ee82cb 100644 --- a/packages/xo-server-auth-ldap/.npmignore +++ b/packages/xo-server-auth-ldap/.npmignore @@ -1,5 +1,6 @@ /examples/ example.js +example.js.map *.example.js *.example.js.map diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 97fa98821..c16bd9c24 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -25,8 +25,8 @@ ], "dependencies": { "babel-runtime": "^6.3.19", - "bluebird": "^2.9.21", - "event-to-promise": "^0.4.0", + "bluebird": "^3.1.1", + "event-to-promise": "^0.6.0", "ldapjs": "^1.0.0" }, "devDependencies": { @@ -37,11 +37,11 @@ "babel-preset-stage-0": "^6.3.13", "clarify": "^1.0.5", "mocha": "^2.2.5", - "must": "^0.12.0", + "must": "^0.13.1", "sinon": "^1.15.3", - "source-map-support": "^0.3.1", + "source-map-support": "^0.4.0", "standard": "^5.3.0", - "trace": "^1.2.0" + "trace": "^2.1.1" }, "scripts": { "build": "babel --source-maps --out-dir=dist/ src/", From faf5ff6aa493886e9d8174315a8ec00e3eed3d48 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 28 Dec 2015 09:24:06 +0100 Subject: [PATCH 57/84] Reading certs is now async. --- packages/xo-server-auth-ldap/package.json | 1 + packages/xo-server-auth-ldap/src/index.js | 15 ++++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index c16bd9c24..ca9f17e0c 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -27,6 +27,7 @@ "babel-runtime": "^6.3.19", "bluebird": "^3.1.1", "event-to-promise": "^0.6.0", + "fs-promise": "^0.3.1", "ldapjs": "^1.0.0" }, "devDependencies": { diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index f2c26d6d4..3e709c5ce 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -1,10 +1,10 @@ /* eslint no-throw-literal: 0 */ -import {promisify} from 'bluebird' import eventToPromise from 'event-to-promise' -import {createClient} from 'ldapjs' -import {escape} from 'ldapjs/lib/filters/escape' -import {readFileSync} from 'fs' +import { createClient } from 'ldapjs' +import { escape } from 'ldapjs/lib/filters/escape' +import { promisify } from 'bluebird' +import { readFile } from 'fs-promise' // =================================================================== @@ -100,7 +100,7 @@ class AuthLdap { this._authenticate = bind(this._authenticate, this) } - configure (conf) { + async configure (conf) { const clientOpts = this._clientOpts = { url: conf.uri, maxConnections: 5, @@ -123,8 +123,9 @@ class AuthLdap { tlsOptions.rejectUnauthorized = checkCertificate if (certificateAuthorities) { - // FIXME: should be async!!! - tlsOptions.ca = certificateAuthorities.map(path => readFileSync(path)) + tlsOptions.ca = await Promise.all( + certificateAuthorities.map(path => readFile(path)) + ) } } From a6e18819d4a51acd403d78c336e6e24e83a3d0b5 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 28 Dec 2015 10:18:21 +0100 Subject: [PATCH 58/84] Use arrow funcs where possible. --- packages/xo-server-auth-ldap/src/index.js | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 3e709c5ce..4f3103d90 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -8,24 +8,20 @@ import { readFile } from 'fs-promise' // =================================================================== -function bind (fn, thisArg) { - return function () { - return fn.apply(thisArg, arguments) - } +const bind = (fn, thisArg) => function () { + return fn.apply(thisArg, arguments) } const VAR_RE = /\{\{([^}]+)\}\}/g -function evalFilter (filter, vars) { - return filter.replace(VAR_RE, (_, name) => { - const value = vars[name] +const evalFilter = (filter, vars) => filter.replace(VAR_RE, (_, name) => { + const value = vars[name] - if (value === undefined) { - throw new Error('invalid variable: ' + name) - } + if (value === undefined) { + throw new Error('invalid variable: ' + name) + } - return escape(value) - }) -} + return escape(value) +}) export const configurationSchema = { type: 'object', From 641e13496e6cf5480f1d9e23fa05a7ecffc91595 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Mon, 28 Dec 2015 10:18:47 +0100 Subject: [PATCH 59/84] Return null instead of throwing when no matches. --- packages/xo-server-auth-ldap/src/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 4f3103d90..1092eafc4 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -146,7 +146,7 @@ class AuthLdap { async _authenticate ({ username, password }) { if (username === undefined || password === undefined) { - throw null + return null } const client = createClient(this._clientOpts) @@ -192,7 +192,7 @@ class AuthLdap { } catch (_) {} } - throw null + return null } finally { client.unbind() } From b8e2cfc47ff6231becbba7d708ed6a93b7cd62af Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 30 Dec 2015 17:39:00 +0100 Subject: [PATCH 60/84] CLI for testing. --- packages/xo-server-auth-ldap/package.json | 6 +- packages/xo-server-auth-ldap/src/index.js | 17 +- .../xo-server-auth-ldap/src/prompt-schema.js | 220 ++++++++++++++++++ packages/xo-server-auth-ldap/src/test-cli.js | 47 ++++ 4 files changed, 288 insertions(+), 2 deletions(-) create mode 100644 packages/xo-server-auth-ldap/src/prompt-schema.js create mode 100755 packages/xo-server-auth-ldap/src/test-cli.js diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index ca9f17e0c..c6add5845 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -19,7 +19,9 @@ }, "preferGlobal": false, "main": "dist/", - "bin": {}, + "bin": { + "xo-server-auth-ldap": "dist/test-cli.js" + }, "files": [ "dist/" ], @@ -27,7 +29,9 @@ "babel-runtime": "^6.3.19", "bluebird": "^3.1.1", "event-to-promise": "^0.6.0", + "exec-promise": "^0.5.1", "fs-promise": "^0.3.1", + "inquirer": "^0.11.0", "ldapjs": "^1.0.0" }, "devDependencies": { diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 1092eafc4..856a2be56 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -12,6 +12,10 @@ const bind = (fn, thisArg) => function () { return fn.apply(thisArg, arguments) } +const noop = () => {} + +// ------------------------------------------------------------------- + const VAR_RE = /\{\{([^}]+)\}\}/g const evalFilter = (filter, vars) => filter.replace(VAR_RE, (_, name) => { const value = vars[name] @@ -144,8 +148,10 @@ class AuthLdap { this._xo.unregisterAuthenticationProvider(this._authenticate) } - async _authenticate ({ username, password }) { + async _authenticate ({ username, password }, logger = noop) { if (username === undefined || password === undefined) { + logger('require `username` and `password` to authenticate!') + return null } @@ -160,13 +166,16 @@ class AuthLdap { { const {_credentials: credentials} = this if (credentials) { + logger(`attempting to bind with as ${credentials.dn}...`) await bind(credentials.dn, credentials.password) + logger(`successfully bound as ${credentials.dn}`) } } // Search for the user. const entries = [] { + logger('searching for entries...') const response = await search(this._searchBase, { scope: 'sub', filter: evalFilter(this._searchFilter, { @@ -175,6 +184,7 @@ class AuthLdap { }) response.on('searchEntry', entry => { + logger('.') entries.push(entry.json) }) @@ -182,16 +192,21 @@ class AuthLdap { if (status) { throw new Error('unexpected search response status: ' + status) } + + logger(`${entries.length} entries found`) } // Try to find an entry which can be bind with the given password. for (const entry of entries) { try { + logger(`attempting to bind as ${entry.objectName}`) await bind(entry.objectName, password) + logger(`successfully bound as ${entry.objectName} => ${username} authenticated`) return { username } } catch (_) {} } + logger(`could not authenticate ${username}`) return null } finally { client.unbind() diff --git a/packages/xo-server-auth-ldap/src/prompt-schema.js b/packages/xo-server-auth-ldap/src/prompt-schema.js new file mode 100644 index 000000000..342bb79c4 --- /dev/null +++ b/packages/xo-server-auth-ldap/src/prompt-schema.js @@ -0,0 +1,220 @@ +import { prompt } from 'inquirer' + +// =================================================================== + +const forArray = (array, iteratee) => { + for (let i = 0, n = array.length; i < n; ++i) { + iteratee(array[i], i, array) + } +} + +const { hasOwnProperty } = Object.prototype +const forOwn = (object, iteratee) => { + for (const key in object) { + if (hasOwnProperty.call(object, key)) { + iteratee(object[key], key, object) + } + } +} + +// ------------------------------------------------------------------- + +const _makeAsyncIterator = iterator => (promises, cb) => { + let mainPromise = Promise.resolve() + + iterator(promises, (promise, key) => { + mainPromise = mainPromise + + // Waits the current promise. + .then(() => promise) + + // Executes the callback. + .then(value => cb(value, key)) + }) + + return mainPromise +} + +const forOwnAsync = _makeAsyncIterator(forOwn) + +// ------------------------------------------------------------------- + +const _isNaN = ( + Number.isNaN || + (value => value !== value) // eslint-disable-line no-self-compare +) + +const isNumber = value => !_isNaN(value) && typeof value === 'number' + +const isInteger = ( + Number.isInteger || + (value => ( + isNumber(value) && + value > -Infinity && value < Infinity && + Math.floor(value) === value + )) +) + +// =================================================================== + +const EMPTY_OBJECT = Object.freeze({ __proto__: null }) + +const _extractValue = ({ value }) => value + +export const confirm = (message, { + default: defaultValue = null +} = EMPTY_OBJECT) => new Promise(resolve => prompt({ + default: defaultValue, + message, + name: 'value', + type: 'confirm' +}, resolve)).then(_extractValue) + +export const input = (message, { + default: defaultValue = null, + filter = undefined, + validate = undefined +} = EMPTY_OBJECT) => new Promise(resolve => prompt({ + default: defaultValue, + message, + name: 'value', + type: 'input', + validate +}, resolve)).then(_extractValue) + +export const list = (message, choices, { + default: defaultValue = null +} = EMPTY_OBJECT) => new Promise(resolve => prompt({ + default: defaultValue, + choices, + message, + name: 'value', + type: 'list' +}, resolve)).then(_extractValue) + +export const password = (message, { + default: defaultValue = null, + filter = undefined, + validate = undefined +} = EMPTY_OBJECT) => new Promise(resolve => prompt({ + default: defaultValue, + message, + name: 'value', + type: 'password', + validate +}, resolve)).then(_extractValue) + +// =================================================================== + +const promptByType = { + __proto__: null, + + array: async (schema, defaultValue, path) => { + const items = [] + if (defaultValue == null) { + defaultValue = items + } + + let i = 0 + + const itemSchema = schema.items + const promptItem = async () => { + items[i] = await promptGeneric( + itemSchema, + defaultValue[i], + path + ? `${path} [${i}]` + : `[${i}]` + ) + + ++i + } + + let n = schema.minItems || 0 + while (i < n) { + await promptItem() + } + + n = schema.maxItems || Infinity + while ( + i < n && + await confirm('additional item?', { + default: false + }) + ) { + await promptItem() + } + + return items + }, + + boolean: (schema, defaultValue, path) => confirm(path, { + default: defaultValue || schema.default + }), + + enum: (schema, defaultValue, path) => list(path, schema.enum, { + defaultValue: defaultValue || schema.defaultValue + }), + + integer: (schema, defaultValue, path) => input(path, { + default: defaultValue || schema.default, + filter: input => +input, + validate: input => isInteger(+input) + }), + + number: (schema, defaultValue, path) => input(path, { + default: defaultValue || schema.default, + filter: input => +input, + validate: input => isNumber(+input) + }), + + object: async (schema, defaultValue, path) => { + const value = {} + + const required = {} + schema.required && forArray(schema.required, name => { + required[name] = true + }) + + const promptProperty = async (schema, name) => { + const subpath = path + ? `${path} > ${schema.title || name}` + : schema.title || name + + if ( + required[name] || + await confirm(`fill optional ${subpath}?`, { + default: false + }) + ) { + value[name] = await promptGeneric( + schema, + defaultValue && defaultValue[name], + subpath + ) + } + } + + await forOwnAsync(schema.properties || {}, promptProperty) + + return value + }, + + string: (schema, defaultValue, path) => input(path, { + default: defaultValue || schema.default + }) +} + +export default function promptGeneric (schema, defaultValue, path) { + const type = schema.enum + ? 'enum' + : schema.type + + const prompt = promptByType[type.toLowerCase()] + if (!prompt) { + throw new Error(`unsupported type: ${type}`) + } + + return prompt(schema, defaultValue, path) +} + diff --git a/packages/xo-server-auth-ldap/src/test-cli.js b/packages/xo-server-auth-ldap/src/test-cli.js new file mode 100755 index 000000000..0a602eefa --- /dev/null +++ b/packages/xo-server-auth-ldap/src/test-cli.js @@ -0,0 +1,47 @@ +#!/usr/bin/env node + +import execPromise from 'exec-promise' +import { readFile, writeFile } from 'fs-promise' + +import promptSchema, { + input, + password +} from './prompt-schema' +import createPlugin, { + configurationSchema +} from './' + +// =================================================================== + +const CACHE_FILE = './ldap.cache.conf' + +// ------------------------------------------------------------------- + +execPromise(async args => { + const config = await promptSchema( + configurationSchema, + await readFile(CACHE_FILE, 'utf-8').then( + JSON.parse, + () => ({}) + ) + ) + await writeFile(CACHE_FILE, JSON.stringify(config, null, 2)).then( + () => { + console.log('configuration saved in %s', CACHE_FILE) + }, + error => { + console.warn('failed to save configuration in %s', CACHE_FILE) + console.warn(error.message) + } + ) + + const plugin = createPlugin({}) + await plugin.configure(config) + + await plugin._authenticate({ + username: await input('Username', { + validate: input => !!input.length + }), + password: await password('Password') + }, ::console.log) +}) From 84fbe9ee067d67d6b1743c51244ca3a4deaa3b31 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 30 Dec 2015 19:00:32 +0100 Subject: [PATCH 61/84] Do not depend on Bluebird. --- packages/xo-server-auth-ldap/package.json | 1 - packages/xo-server-auth-ldap/src/index.js | 17 ++++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index c6add5845..d50357213 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -27,7 +27,6 @@ ], "dependencies": { "babel-runtime": "^6.3.19", - "bluebird": "^3.1.1", "event-to-promise": "^0.6.0", "exec-promise": "^0.5.1", "fs-promise": "^0.3.1", diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 856a2be56..4a8721de0 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -3,7 +3,6 @@ import eventToPromise from 'event-to-promise' import { createClient } from 'ldapjs' import { escape } from 'ldapjs/lib/filters/escape' -import { promisify } from 'bluebird' import { readFile } from 'fs-promise' // =================================================================== @@ -14,6 +13,22 @@ const bind = (fn, thisArg) => function () { const noop = () => {} +export const promisify = (fn, thisArg) => function () { + const { length } = arguments + const args = new Array(length + 1) + for (let i = 0; i < length; ++i) { + args[i] = arguments[i] + } + + return new Promise((resolve, reject) => { + args[length] = (error, result) => error + ? reject(error) + : resolve(result) + + fn.apply(thisArg || this, args) + }) +} + // ------------------------------------------------------------------- const VAR_RE = /\{\{([^}]+)\}\}/g From 1974a2c0e498e1cfb609460a3063354150fe2aeb Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 30 Dec 2015 19:01:41 +0100 Subject: [PATCH 62/84] Use my Vates email. --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index d50357213..bd4b2dd01 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -15,7 +15,7 @@ }, "author": { "name": "Julien Fontanet", - "email": "julien.fontanet@isonoe.net" + "email": "julien.fontanet@vates.fr" }, "preferGlobal": false, "main": "dist/", From 2193c26acb8f511d29ee2273f9dcfd3406dbc4a8 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 30 Dec 2015 19:03:13 +0100 Subject: [PATCH 63/84] 0.5.0 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index bd4b2dd01..874cb89b9 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.4.2", + "version": "0.5.0", "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 5515f90147b834b8ab37748a4775ec56e1597a44 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 30 Dec 2015 19:12:24 +0100 Subject: [PATCH 64/84] README updates. --- packages/xo-server-auth-ldap/README.md | 68 +++++++------------------- 1 file changed, 18 insertions(+), 50 deletions(-) diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index 737c7aeb7..bf4df57b4 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -17,58 +17,26 @@ Installation of the [npm package](https://npmjs.org/package/xo-server-auth-ldap) ## Usage -To enable this plugin you have to add it into the configuration file -of XO-Server: +Like all other xo-server plugins, it can be configured directly via +the web iterface, see [the plugin documentation](https://xen-orchestra.com/docs/plugins.html). -```yaml -plugins: +If you have issues, you can use the provided CLI to gather more +information: - auth-ldap: - uri: "ldap://ldap.example.org" - - # Path to CA certificates to use when connecting to SSL-secured - # LDAP servers. - # - # If not specified, it will use a default set of well-known CAs. - #certificateAuthorities: - # - /path/to/ca_cert.pem - # - /path/to/another/ca_cert.pem - - # Check the validity of the server's certificate. Useful when - # connecting to servers that use a self-signed certificate. - # - # Default to true - #checkCertificate: true - - # Credentials to use before looking for the user record. - # - # Default to anonymous. - bind: - - # Distinguished name of the user permitted to search the LDAP - # directory for the user to authenticate. - # - # For Microsoft Active Directory, it can also be - # '@' - dn: 'cn=admin,ou=people,dc=example,dc=org' - - # Password of the user permitted to search the LDAP directory. - password: 'secret' - - # The base is the part of the directory tree where the users are - # looked for. - base: 'ou=people,dc=example,dc=org' - - # Filter used to find the user. - # - # For Microsoft Active Directory, you can try one of the following - # filters: - # - # - '(cn={{name}})' - # - '(sAMAccountName={{name}})' - # - '(sAMAccountName={{name}}@)' - # - '(userPrincipalName={{name}})' - #filter: '(uid={{name}})' +``` +> xo-server-auth-ldap +? uri ldap://ldap.company.net +? fill optional certificateAuthorities? No +? fill optional checkCertificate? No +? fill optional bind? No +? base ou=people,dc=company,dc=net +? fill optional filter? No +configuration saved in ./ldap.cache.conf +? Username john.smith +? Password ***** +searching for entries... +0 entries found +could not authenticate john.smith ``` ## Algorithm From 4826e14cadb50bc347b201e4f7959bcfc2078d38 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 30 Dec 2015 19:15:58 +0100 Subject: [PATCH 65/84] Log bind failures. --- packages/xo-server-auth-ldap/src/index.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 4a8721de0..0cf460478 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -218,7 +218,9 @@ class AuthLdap { await bind(entry.objectName, password) logger(`successfully bound as ${entry.objectName} => ${username} authenticated`) return { username } - } catch (_) {} + } catch (error) { + logger(`failed to bind as ${entry.objectName}: ${error.message}`) + } } logger(`could not authenticate ${username}`) From e6ef6ccccfbbb3149b88ecb61097e3082b0647b1 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 30 Dec 2015 19:16:05 +0100 Subject: [PATCH 66/84] 0.5.1 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 874cb89b9..1a478bd01 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.5.0", + "version": "0.5.1", "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From afb6974cc02942f015ccd88d094349787b977ee2 Mon Sep 17 00:00:00 2001 From: greenkeeperio-bot Date: Wed, 4 May 2016 14:35:22 +0200 Subject: [PATCH 67/84] chore(package): update dependencies https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 1a478bd01..e6c585c1b 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -27,15 +27,15 @@ ], "dependencies": { "babel-runtime": "^6.3.19", - "event-to-promise": "^0.6.0", - "exec-promise": "^0.5.1", - "fs-promise": "^0.3.1", - "inquirer": "^0.11.0", + "event-to-promise": "^0.7.0", + "exec-promise": "^0.6.1", + "fs-promise": "^0.5.0", + "inquirer": "^1.0.2", "ldapjs": "^1.0.0" }, "devDependencies": { "babel-cli": "^6.3.17", - "babel-eslint": "^5.0.0-beta6", + "babel-eslint": "^6.0.4", "babel-plugin-transform-runtime": "^6.3.13", "babel-preset-es2015": "^6.3.13", "babel-preset-stage-0": "^6.3.13", @@ -44,7 +44,7 @@ "must": "^0.13.1", "sinon": "^1.15.3", "source-map-support": "^0.4.0", - "standard": "^5.3.0", + "standard": "^7.0.0", "trace": "^2.1.1" }, "scripts": { From ceab4e37cde20b7ca0644e20fcda8ca041f87dc4 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 4 May 2016 14:45:01 +0200 Subject: [PATCH 68/84] style(prompt-schema): handle ESLint special cases --- packages/xo-server-auth-ldap/src/prompt-schema.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/prompt-schema.js b/packages/xo-server-auth-ldap/src/prompt-schema.js index 342bb79c4..0214c0a16 100644 --- a/packages/xo-server-auth-ldap/src/prompt-schema.js +++ b/packages/xo-server-auth-ldap/src/prompt-schema.js @@ -131,13 +131,13 @@ const promptByType = { } let n = schema.minItems || 0 - while (i < n) { + while (i < n) { // eslint-disable-line no-unmodified-loop-condition await promptItem() } n = schema.maxItems || Infinity while ( - i < n && + i < n && // eslint-disable-line no-unmodified-loop-condition await confirm('additional item?', { default: false }) From 75bb7d5a2dc7a8b8ed4c15b5cfffb1bb0d557018 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 4 May 2016 14:48:47 +0200 Subject: [PATCH 69/84] fix(prompt-schema): adapt to inquirer version 1.0.0 --- .../xo-server-auth-ldap/src/prompt-schema.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/packages/xo-server-auth-ldap/src/prompt-schema.js b/packages/xo-server-auth-ldap/src/prompt-schema.js index 0214c0a16..6c7e29560 100644 --- a/packages/xo-server-auth-ldap/src/prompt-schema.js +++ b/packages/xo-server-auth-ldap/src/prompt-schema.js @@ -63,46 +63,46 @@ const _extractValue = ({ value }) => value export const confirm = (message, { default: defaultValue = null -} = EMPTY_OBJECT) => new Promise(resolve => prompt({ +} = EMPTY_OBJECT) => prompt({ default: defaultValue, message, name: 'value', type: 'confirm' -}, resolve)).then(_extractValue) +}).then(_extractValue) export const input = (message, { default: defaultValue = null, filter = undefined, validate = undefined -} = EMPTY_OBJECT) => new Promise(resolve => prompt({ +} = EMPTY_OBJECT) => prompt({ default: defaultValue, message, name: 'value', type: 'input', validate -}, resolve)).then(_extractValue) +}).then(_extractValue) export const list = (message, choices, { default: defaultValue = null -} = EMPTY_OBJECT) => new Promise(resolve => prompt({ +} = EMPTY_OBJECT) => prompt({ default: defaultValue, choices, message, name: 'value', type: 'list' -}, resolve)).then(_extractValue) +}).then(_extractValue) export const password = (message, { default: defaultValue = null, filter = undefined, validate = undefined -} = EMPTY_OBJECT) => new Promise(resolve => prompt({ +} = EMPTY_OBJECT) => prompt({ default: defaultValue, message, name: 'value', type: 'password', validate -}, resolve)).then(_extractValue) +}).then(_extractValue) // =================================================================== From 9328518bbccf74beda342fc1a2c45cb53721fcbe Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 4 May 2016 16:14:35 +0200 Subject: [PATCH 70/84] chore: various updates --- packages/xo-server-auth-ldap/.babelrc | 11 ------- packages/xo-server-auth-ldap/.gitignore | 1 + packages/xo-server-auth-ldap/.mocha.js | 4 ++- packages/xo-server-auth-ldap/.travis.yml | 8 +++-- packages/xo-server-auth-ldap/package.json | 30 ++++++++++++++++--- .../xo-server-auth-ldap/src/index.spec.js | 17 +++++++++++ 6 files changed, 53 insertions(+), 18 deletions(-) delete mode 100644 packages/xo-server-auth-ldap/.babelrc create mode 100644 packages/xo-server-auth-ldap/src/index.spec.js diff --git a/packages/xo-server-auth-ldap/.babelrc b/packages/xo-server-auth-ldap/.babelrc deleted file mode 100644 index df6800285..000000000 --- a/packages/xo-server-auth-ldap/.babelrc +++ /dev/null @@ -1,11 +0,0 @@ -{ - "comments": false, - "compact": true, - "plugins": [ - "transform-runtime" - ], - "presets": [ - "stage-0", - "es2015" - ] -} diff --git a/packages/xo-server-auth-ldap/.gitignore b/packages/xo-server-auth-ldap/.gitignore index 384949d8a..6959be1cf 100644 --- a/packages/xo-server-auth-ldap/.gitignore +++ b/packages/xo-server-auth-ldap/.gitignore @@ -1,3 +1,4 @@ +/.nyc_output/ /bower_components/ /dist/ diff --git a/packages/xo-server-auth-ldap/.mocha.js b/packages/xo-server-auth-ldap/.mocha.js index b888fb4d5..e6d84e403 100644 --- a/packages/xo-server-auth-ldap/.mocha.js +++ b/packages/xo-server-auth-ldap/.mocha.js @@ -1,3 +1,5 @@ -try { require('clarify') } catch (_) {} +Error.stackTraceLimit = 100 + try { require('trace') } catch (_) {} +try { require('clarify') } catch (_) {} try { require('source-map-support/register') } catch (_) {} diff --git a/packages/xo-server-auth-ldap/.travis.yml b/packages/xo-server-auth-ldap/.travis.yml index e667b9209..a9b136ea6 100644 --- a/packages/xo-server-auth-ldap/.travis.yml +++ b/packages/xo-server-auth-ldap/.travis.yml @@ -1,5 +1,9 @@ language: node_js node_js: - - 'iojs' + - 'stable' + - '4' - '0.12' - - '0.10' + +# Use containers. +# http://docs.travis-ci.com/user/workers/container-based-infrastructure/ +sudo: false diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index e6c585c1b..a32d33188 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -25,6 +25,9 @@ "files": [ "dist/" ], + "engines": { + "node": ">=0.12" + }, "dependencies": { "babel-runtime": "^6.3.19", "event-to-promise": "^0.7.0", @@ -40,25 +43,44 @@ "babel-preset-es2015": "^6.3.13", "babel-preset-stage-0": "^6.3.13", "clarify": "^1.0.5", + "dependency-check": "^2.5.1", + "ghooks": "^1.2.1", "mocha": "^2.2.5", "must": "^0.13.1", + "nyc": "^6.4.2", "sinon": "^1.15.3", "source-map-support": "^0.4.0", "standard": "^7.0.0", "trace": "^2.1.1" }, "scripts": { - "build": "babel --source-maps --out-dir=dist/ src/", + "build": "NODE_ENV=production babel --source-maps --out-dir=dist/ src/", + "depcheck": "dependency-check ./package.json", "dev": "babel --watch --source-maps --out-dir=dist/ src/", + "dev-test": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"", "lint": "standard", + "posttest": "npm run lint && npm run depcheck", "prepublish": "npm run build", - "test": "npm run lint && mocha --opts .mocha.opts \"dist/**/*.spec.js\"", - "test-dev": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"" + "test": "nyc mocha --opts .mocha.opts \"dist/**/*.spec.js\"" + }, + "babel": { + "plugins": [ + "transform-runtime" + ], + "presets": [ + "stage-0", + "es2015" + ] }, "standard": { "ignore": [ - "dist/**" + "dist" ], "parser": "babel-eslint" + }, + "config": { + "ghooks": { + "commit-msg": "npm test" + } } } diff --git a/packages/xo-server-auth-ldap/src/index.spec.js b/packages/xo-server-auth-ldap/src/index.spec.js new file mode 100644 index 000000000..2319bd7d5 --- /dev/null +++ b/packages/xo-server-auth-ldap/src/index.spec.js @@ -0,0 +1,17 @@ +/* eslint-env mocha */ + +import expect from 'must' + +// =================================================================== + +import myLib from './' + +// =================================================================== + +describe.skip('myLib', () => { + it('does something', () => { + // TODO: some real tests. + + expect(myLib).to.exists() + }) +}) From de6f0ef8eb3493ef40eb6c0577c678f047a7eba6 Mon Sep 17 00:00:00 2001 From: greenkeeperio-bot Date: Sat, 9 Jul 2016 09:13:32 +0200 Subject: [PATCH 71/84] chore(package): update nyc to version 7.0.0 https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index a32d33188..777666d04 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -47,7 +47,7 @@ "ghooks": "^1.2.1", "mocha": "^2.2.5", "must": "^0.13.1", - "nyc": "^6.4.2", + "nyc": "^7.0.0", "sinon": "^1.15.3", "source-map-support": "^0.4.0", "standard": "^7.0.0", From 2b504ce5ab207f2b1b861b87213dd67ca1b67015 Mon Sep 17 00:00:00 2001 From: greenkeeperio-bot Date: Mon, 1 Aug 2016 07:33:49 +0200 Subject: [PATCH 72/84] chore(package): update mocha to version 3.0.0 https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 777666d04..ca34aa279 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -45,7 +45,7 @@ "clarify": "^1.0.5", "dependency-check": "^2.5.1", "ghooks": "^1.2.1", - "mocha": "^2.2.5", + "mocha": "^3.0.0", "must": "^0.13.1", "nyc": "^7.0.0", "sinon": "^1.15.3", From 2ddb84f4572d54fc191e09d5d86f6950cc3e7637 Mon Sep 17 00:00:00 2001 From: greenkeeperio-bot Date: Sun, 14 Aug 2016 10:26:33 +0200 Subject: [PATCH 73/84] chore(package): update nyc to version 8.1.0 https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index ca34aa279..c61324a9a 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -47,7 +47,7 @@ "ghooks": "^1.2.1", "mocha": "^3.0.0", "must": "^0.13.1", - "nyc": "^7.0.0", + "nyc": "^8.1.0", "sinon": "^1.15.3", "source-map-support": "^0.4.0", "standard": "^7.0.0", From 99ae3e0f7f78700e61d774ee9777c8b456070cb9 Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Wed, 24 Aug 2016 17:37:01 +0200 Subject: [PATCH 74/84] chore(package): update standard to version 8.0.0 (#18) https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index c61324a9a..0c479b4e5 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -50,7 +50,7 @@ "nyc": "^8.1.0", "sinon": "^1.15.3", "source-map-support": "^0.4.0", - "standard": "^7.0.0", + "standard": "^8.0.0", "trace": "^2.1.1" }, "scripts": { From 7e7ec83c12fcd0e13a942900fbe38500afeecf5c Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Tue, 27 Sep 2016 23:27:37 +0200 Subject: [PATCH 75/84] chore(package): update babel-eslint to version 7.0.0 (#19) https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 0c479b4e5..17090e73f 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -38,7 +38,7 @@ }, "devDependencies": { "babel-cli": "^6.3.17", - "babel-eslint": "^6.0.4", + "babel-eslint": "^7.0.0", "babel-plugin-transform-runtime": "^6.3.13", "babel-preset-es2015": "^6.3.13", "babel-preset-stage-0": "^6.3.13", From abf146707f1c1e61cabcd84f4b13ad9082251410 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 28 Oct 2016 11:07:31 +0200 Subject: [PATCH 76/84] chore(package): update all dependencies --- packages/xo-server-auth-ldap/.gitignore | 9 ++-- packages/xo-server-auth-ldap/.mocha.js | 5 -- packages/xo-server-auth-ldap/.mocha.opts | 1 - packages/xo-server-auth-ldap/.travis.yml | 2 +- packages/xo-server-auth-ldap/README.md | 19 ++++---- packages/xo-server-auth-ldap/package.json | 47 +++++++++++-------- .../xo-server-auth-ldap/src/index.spec.js | 17 ------- 7 files changed, 41 insertions(+), 59 deletions(-) delete mode 100644 packages/xo-server-auth-ldap/.mocha.js delete mode 100644 packages/xo-server-auth-ldap/.mocha.opts delete mode 100644 packages/xo-server-auth-ldap/src/index.spec.js diff --git a/packages/xo-server-auth-ldap/.gitignore b/packages/xo-server-auth-ldap/.gitignore index 6959be1cf..9e41c869a 100644 --- a/packages/xo-server-auth-ldap/.gitignore +++ b/packages/xo-server-auth-ldap/.gitignore @@ -1,9 +1,8 @@ -/.nyc_output/ -/bower_components/ /dist/ +/ldap.cache.conf +/node_modules/ npm-debug.log npm-debug.log.* - -!node_modules/* -node_modules/*/ +pnpm-debug.log +pnpm-debug.log.* diff --git a/packages/xo-server-auth-ldap/.mocha.js b/packages/xo-server-auth-ldap/.mocha.js deleted file mode 100644 index e6d84e403..000000000 --- a/packages/xo-server-auth-ldap/.mocha.js +++ /dev/null @@ -1,5 +0,0 @@ -Error.stackTraceLimit = 100 - -try { require('trace') } catch (_) {} -try { require('clarify') } catch (_) {} -try { require('source-map-support/register') } catch (_) {} diff --git a/packages/xo-server-auth-ldap/.mocha.opts b/packages/xo-server-auth-ldap/.mocha.opts deleted file mode 100644 index 6cfd94898..000000000 --- a/packages/xo-server-auth-ldap/.mocha.opts +++ /dev/null @@ -1 +0,0 @@ ---require ./.mocha.js diff --git a/packages/xo-server-auth-ldap/.travis.yml b/packages/xo-server-auth-ldap/.travis.yml index a9b136ea6..ae52e87e6 100644 --- a/packages/xo-server-auth-ldap/.travis.yml +++ b/packages/xo-server-auth-ldap/.travis.yml @@ -1,8 +1,8 @@ language: node_js node_js: - 'stable' + - '6' - '4' - - '0.12' # Use containers. # http://docs.travis-ci.com/user/workers/container-based-infrastructure/ diff --git a/packages/xo-server-auth-ldap/README.md b/packages/xo-server-auth-ldap/README.md index bf4df57b4..fd27082dc 100644 --- a/packages/xo-server-auth-ldap/README.md +++ b/packages/xo-server-auth-ldap/README.md @@ -49,24 +49,21 @@ could not authenticate john.smith ## Development -### Installing dependencies - ``` +# Install dependencies > npm install -``` -### Compilation +# Run the tests +> npm test -The sources files are watched and automatically recompiled on changes. - -``` +# Continuously compile > npm run dev -``` -### Tests +# Continuously run the tests +> npm run dev-test -``` -> npm run test-dev +# Build for production (automatically called by npm install) +> npm run build ``` ## Contributions diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 17090e73f..ba2c9ddcf 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -4,8 +4,12 @@ "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ - "xo-server", - "ldap" + "ldap", + "orchestra", + "plugin", + "xen", + "xen-orchestra", + "xo-server" ], "homepage": "https://github.com/vatesfr/xo-server-auth-ldap", "bugs": "https://github.com/vatesfr/xo-server-auth-ldap/issues", @@ -26,7 +30,7 @@ "dist/" ], "engines": { - "node": ">=0.12" + "node": ">=4" }, "dependencies": { "babel-runtime": "^6.3.19", @@ -40,36 +44,41 @@ "babel-cli": "^6.3.17", "babel-eslint": "^7.0.0", "babel-plugin-transform-runtime": "^6.3.13", - "babel-preset-es2015": "^6.3.13", + "babel-preset-babili": "^0.0.5", + "babel-preset-latest": "^6.16.0", "babel-preset-stage-0": "^6.3.13", - "clarify": "^1.0.5", + "cross-env": "^3.1.3", "dependency-check": "^2.5.1", "ghooks": "^1.2.1", - "mocha": "^3.0.0", - "must": "^0.13.1", - "nyc": "^8.1.0", - "sinon": "^1.15.3", - "source-map-support": "^0.4.0", - "standard": "^8.0.0", - "trace": "^2.1.1" + "rimraf": "^2.5.4", + "standard": "^8.0.0" }, "scripts": { - "build": "NODE_ENV=production babel --source-maps --out-dir=dist/ src/", + "build": "cross-env NODE_ENV=production babel --source-maps --out-dir=dist/ src/", + "clean": "rimraf dist/", "depcheck": "dependency-check ./package.json", - "dev": "babel --watch --source-maps --out-dir=dist/ src/", - "dev-test": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"", + "dev": "cross-env NODE_ENV=development babel --watch --source-maps --out-dir=dist/ src/", "lint": "standard", "posttest": "npm run lint && npm run depcheck", - "prepublish": "npm run build", - "test": "nyc mocha --opts .mocha.opts \"dist/**/*.spec.js\"" + "prebuild": "npm run clean", + "predev": "npm run clean", + "prepublish": "npm run build" }, "babel": { + "env": { + "production": { + "comments": false, + "presets": [ + "babili" + ] + } + }, "plugins": [ "transform-runtime" ], "presets": [ - "stage-0", - "es2015" + "latest", + "stage-0" ] }, "standard": { diff --git a/packages/xo-server-auth-ldap/src/index.spec.js b/packages/xo-server-auth-ldap/src/index.spec.js deleted file mode 100644 index 2319bd7d5..000000000 --- a/packages/xo-server-auth-ldap/src/index.spec.js +++ /dev/null @@ -1,17 +0,0 @@ -/* eslint-env mocha */ - -import expect from 'must' - -// =================================================================== - -import myLib from './' - -// =================================================================== - -describe.skip('myLib', () => { - it('does something', () => { - // TODO: some real tests. - - expect(myLib).to.exists() - }) -}) From cdf1a5fe47fbd271cadcb4e9be07a4c10fccd8f2 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 28 Oct 2016 11:14:17 +0200 Subject: [PATCH 77/84] fix(package): do not use babel-preset-babili --- packages/xo-server-auth-ldap/package.json | 9 --------- 1 file changed, 9 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index ba2c9ddcf..bc5696391 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -44,7 +44,6 @@ "babel-cli": "^6.3.17", "babel-eslint": "^7.0.0", "babel-plugin-transform-runtime": "^6.3.13", - "babel-preset-babili": "^0.0.5", "babel-preset-latest": "^6.16.0", "babel-preset-stage-0": "^6.3.13", "cross-env": "^3.1.3", @@ -65,14 +64,6 @@ "prepublish": "npm run build" }, "babel": { - "env": { - "production": { - "comments": false, - "presets": [ - "babili" - ] - } - }, "plugins": [ "transform-runtime" ], From 47991b7d1a387e5c84427bc304dd4036799112be Mon Sep 17 00:00:00 2001 From: badrAZ Date: Wed, 9 Nov 2016 16:41:53 +0100 Subject: [PATCH 78/84] feat(test): this plugin is now testable (#20) See vatesfr/xo-web#1749 --- packages/xo-server-auth-ldap/src/index.js | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 0cf460478..9e227ef4d 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -106,6 +106,21 @@ For Microsoft Active Directory, you can try one of the following filters: required: ['uri', 'base'] } +export const testSchema = { + type: 'object', + properties: { + username: { + description: 'LDAP username', + type: 'string' + }, + password: { + description: 'LDAP password', + type: 'string' + } + }, + required: ['username', 'password'] +} + // =================================================================== class AuthLdap { @@ -163,6 +178,13 @@ class AuthLdap { this._xo.unregisterAuthenticationProvider(this._authenticate) } + test ({ username, password }) { + return this._authenticate({ + username, + password + }) + } + async _authenticate ({ username, password }, logger = noop) { if (username === undefined || password === undefined) { logger('require `username` and `password` to authenticate!') From 9b5fac9e2b34b2f65a755c9468eecc64605d0404 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 9 Nov 2016 17:08:17 +0100 Subject: [PATCH 79/84] feat(test): throw an error when authentication fails --- packages/xo-server-auth-ldap/src/index.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 9e227ef4d..9e77b16c5 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -182,6 +182,10 @@ class AuthLdap { return this._authenticate({ username, password + }).then(result => { + if (result === null) { + throw new Error('could not authenticate user') + } }) } From 7227af9aac330d47dbdc2ac2612867494e11fe68 Mon Sep 17 00:00:00 2001 From: "greenkeeper[bot]" Date: Thu, 10 Nov 2016 08:57:20 +0100 Subject: [PATCH 80/84] fix(package): update fs-promise to version 1.0.0 (#21) https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index bc5696391..1bc95c46d 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -36,7 +36,7 @@ "babel-runtime": "^6.3.19", "event-to-promise": "^0.7.0", "exec-promise": "^0.6.1", - "fs-promise": "^0.5.0", + "fs-promise": "^1.0.0", "inquirer": "^1.0.2", "ldapjs": "^1.0.0" }, From eab007db6e060fca43df6fb0e14d019ae65ae299 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 23 Nov 2016 11:15:55 +0100 Subject: [PATCH 81/84] 0.6.0 --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 1bc95c46d..97cc59ba7 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -1,6 +1,6 @@ { "name": "xo-server-auth-ldap", - "version": "0.5.1", + "version": "0.6.0", "license": "AGPL-3.0", "description": "LDAP authentication plugin for XO-Server", "keywords": [ From 92a1f2c6d5c3696aa0fd85e87e49dc16aaaec0fe Mon Sep 17 00:00:00 2001 From: Olivier Lambert Date: Tue, 29 Nov 2016 10:51:24 +0100 Subject: [PATCH 82/84] feat(description): better explanation of checkCertificate (#22) --- packages/xo-server-auth-ldap/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/src/index.js b/packages/xo-server-auth-ldap/src/index.js index 9e77b16c5..cc97601e1 100644 --- a/packages/xo-server-auth-ldap/src/index.js +++ b/packages/xo-server-auth-ldap/src/index.js @@ -61,7 +61,7 @@ If not specified, it will use a default set of well-known CAs. } }, checkCertificate: { - description: 'Check the validity of the server\'s certificates. Useful when connecting to servers that use a self-signed certificate.', + description: 'Enforce the validity of the server\'s certificates. You can disable it when connecting to servers that use a self-signed certificate.', type: 'boolean', default: true }, From 013d4b94119b0390c9d765c963ff83793f258a9c Mon Sep 17 00:00:00 2001 From: "greenkeeper[bot]" Date: Tue, 6 Dec 2016 23:18:15 +0100 Subject: [PATCH 83/84] fix(package): update inquirer to version 2.0.0 (#23) https://greenkeeper.io/ --- packages/xo-server-auth-ldap/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index 97cc59ba7..f358ae779 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -37,7 +37,7 @@ "event-to-promise": "^0.7.0", "exec-promise": "^0.6.1", "fs-promise": "^1.0.0", - "inquirer": "^1.0.2", + "inquirer": "^2.0.0", "ldapjs": "^1.0.0" }, "devDependencies": { From 8c0028055a7209e21901e2a8258cc6206ffbf959 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 20 Dec 2016 15:01:05 +0100 Subject: [PATCH 84/84] chore(package): use husky instead of ghooks --- packages/xo-server-auth-ldap/package.json | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/packages/xo-server-auth-ldap/package.json b/packages/xo-server-auth-ldap/package.json index f358ae779..7c80c29c2 100644 --- a/packages/xo-server-auth-ldap/package.json +++ b/packages/xo-server-auth-ldap/package.json @@ -48,13 +48,14 @@ "babel-preset-stage-0": "^6.3.13", "cross-env": "^3.1.3", "dependency-check": "^2.5.1", - "ghooks": "^1.2.1", + "husky": "^0.12.0", "rimraf": "^2.5.4", "standard": "^8.0.0" }, "scripts": { "build": "cross-env NODE_ENV=production babel --source-maps --out-dir=dist/ src/", "clean": "rimraf dist/", + "commit-msg": "npm test", "depcheck": "dependency-check ./package.json", "dev": "cross-env NODE_ENV=development babel --watch --source-maps --out-dir=dist/ src/", "lint": "standard", @@ -77,10 +78,5 @@ "dist" ], "parser": "babel-eslint" - }, - "config": { - "ghooks": { - "commit-msg": "npm test" - } } }