apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Move LDAP Escape to login handler (#14234)

Browse Source
pull/14236/head^2
Rodrigo Nascimento 6 years ago committed by GitHub
parent b587351dd3
commit 29bf1ffee6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      app/ldap/server/ldap.js
  2. 12
      app/ldap/server/loginHandler.js

6
app/ldap/server/ldap.js
Unescape View File

@ -3,7 +3,6 @@ import { settings } from '../../settings';
import { Logger } from '../../logger';
import ldapjs from 'ldapjs';
import Bunyan from 'bunyan';
import ldapEscape from 'ldap-escape';
const logger = new Logger('LDAP', {
sections: {
@ -183,7 +182,6 @@ export default class LDAP {
}
getUserFilter(username) {
username = ldapEscape.filter`${ username }`;
const filter = [];
if (this.options.User_Search_Filter !== '') {
@ -320,9 +318,6 @@ export default class LDAP {
}
isUserInGroup(username, userdn) {
username = ldapEscape.filter`${ username }`;
userdn = ldapEscape.dn`${ userdn }`;
if (!this.options.group_filter_enabled) {
return true;
}
@ -484,7 +479,6 @@ export default class LDAP {
}
authSync(dn, password) {
dn = ldapEscape.dn`${ dn }`;
logger.auth.info('Authenticating', dn);
try {

12
app/ldap/server/loginHandler.js
Unescape View File

@ -7,6 +7,8 @@ import { Logger } from '../../logger';
import { slug, getLdapUsername, getLdapUserUniqueID, syncUserData, addLdapUser } from './sync';
import LDAP from './ldap';
import ldapEscape from 'ldap-escape';
const logger = new Logger('LDAPHandler', {});
function fallbackDefaultAccountSystem(bind, username, password) {
@ -46,23 +48,25 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
const ldap = new LDAP();
let ldapUser;
const escapedUsername = ldapEscape.filter`${ loginRequest.username }`;
try {
ldap.connectSync();
const users = ldap.searchUsersSync(loginRequest.username);
const users = ldap.searchUsersSync(escapedUsername);
if (users.length !== 1) {
logger.info('Search returned', users.length, 'record(s) for', loginRequest.username);
logger.info('Search returned', users.length, 'record(s) for', escapedUsername);
throw new Error('User not Found');
}
if (ldap.authSync(users[0].dn, loginRequest.ldapPass) === true) {
if (ldap.isUserInGroup(loginRequest.username, users[0].dn)) {
if (ldap.isUserInGroup(escapedUsername, users[0].dn)) {
ldapUser = users[0];
} else {
throw new Error('User not in a valid group');
}
} else {
logger.info('Wrong password for', loginRequest.username);
logger.info('Wrong password for', escapedUsername);
}
} catch (error) {
logger.error(error);

Write Preview
Loading…
Cancel
Save