rainbox.email/src/LDAPServerComponent.ts

import ApplicationComponent from "swaf/ApplicationComponent";
import ldap, {InvalidCredentialsError, Server} from "ldapjs";
import {logger} from "swaf/Logger";
import Throttler from "swaf/Throttler";
import User from "swaf/auth/models/User";
import UserPasswordComponent from "swaf/auth/password/UserPasswordComponent";

export default class LDAPServerComponent extends ApplicationComponent {
    private server?: Server;

    public async start(): Promise<void> {
        this.server = ldap.createServer({
            log: console,
        });
        this.server.bind('ou=users,dc=toot,dc=party', async (req: Record<string, string>, res: Record<string, () => void>, next: (err: unknown) => void) => {
            const rdns = req.dn.toString().split(', ').map((rdn: string) => rdn.split('='));
            let username: string = '';
            let email;
            for (const rdn of rdns) {
                if (rdn[0] === 'cn') {
                    username = rdn[1];
                } else if (rdn[0] === 'email') {
                    email = rdn[1];
                }
            }

            logger.debug('Matrix authentication attempt:', username, email);

            try {
                Throttler.throttle('ldap_auth', 3, 30 * 1000, username);
            } catch (e) {
                logger.debug('Too many auth requests');
                next(new InvalidCredentialsError());
                return;
            }

            const user = await User.select().where('name', username).first();
            if (user) {
                const email = await user.mainEmail.get();
                if (email) {
                    if (await user.as(UserPasswordComponent).verifyPassword(req.credentials)) {
                        logger.debug('Success');
                        res.end();
                        return;
                    }
                }
            }

            logger.debug('Fail');
            next(new InvalidCredentialsError());
        });
        this.server.unbind((req: unknown, res: unknown, next: () => void) => {
            logger.debug('Unbind', req);
            next();
        });
        this.server.listen(8389, '127.0.0.1', () => {
            logger.info(`LDAP server listening on ${this.server?.url}`);
        });
        this.server.on('close', () => {
            logger.info('LDAP server closed.');
        });
    }


    public async stop(): Promise<void> {
        await new Promise<void>(resolve => {
            if (this.server) {
                this.server.close(() => {
                    resolve();
                });
            } else {
                resolve();
            }
        });
    }
}
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`import ApplicationComponent from "swaf/ApplicationComponent";`
Update codebase to latest wms-core and add recovery email add form 2020-07-20 16:34:35 +02:00			`import ldap, {InvalidCredentialsError, Server} from "ldapjs";`
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`import {logger} from "swaf/Logger";`
			`import Throttler from "swaf/Throttler";`
			`import User from "swaf/auth/models/User";`
			`import UserPasswordComponent from "swaf/auth/password/UserPasswordComponent";`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00
Fix compiling errors following wms-core upgrade 2020-11-02 18:59:35 +01:00			`export default class LDAPServerComponent extends ApplicationComponent {`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`private server?: Server;`

Fix lint issues 2020-11-02 19:27:18 +01:00			`public async start(): Promise<void> {`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`this.server = ldap.createServer({`
Fix lint issues 2020-11-02 19:27:18 +01:00			`log: console,`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`});`
Fix lint issues 2020-11-02 19:27:18 +01:00			`this.server.bind('ou=users,dc=toot,dc=party', async (req: Record<string, string>, res: Record<string, () => void>, next: (err: unknown) => void) => {`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`const rdns = req.dn.toString().split(', ').map((rdn: string) => rdn.split('='));`
Fix lint issues 2020-11-02 19:27:18 +01:00			`let username: string = '';`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`let email;`
			`for (const rdn of rdns) {`
			`if (rdn[0] === 'cn') {`
			`username = rdn[1];`
			`} else if (rdn[0] === 'email') {`
			`email = rdn[1];`
			`}`
			`}`

Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`logger.debug('Matrix authentication attempt:', username, email);`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00
			`try {`
			`Throttler.throttle('ldap_auth', 3, 30 * 1000, username);`
			`} catch (e) {`
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`logger.debug('Too many auth requests');`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`next(new InvalidCredentialsError());`
			`return;`
			`}`

accounts: enable adding/removing recovery email addresses 2020-07-25 18:24:12 +02:00			`const user = await User.select().where('name', username).first();`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`if (user) {`
Update codebase to latest wms-core and add recovery email add form 2020-07-20 16:34:35 +02:00			`const email = await user.mainEmail.get();`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`if (email) {`
accounts: enable adding/removing recovery email addresses 2020-07-25 18:24:12 +02:00			`if (await user.as(UserPasswordComponent).verifyPassword(req.credentials)) {`
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`logger.debug('Success');`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`res.end();`
			`return;`
			`}`
			`}`
			`}`

Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`logger.debug('Fail');`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`next(new InvalidCredentialsError());`
			`});`
Fix lint issues 2020-11-02 19:27:18 +01:00			`this.server.unbind((req: unknown, res: unknown, next: () => void) => {`
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`logger.debug('Unbind', req);`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`next();`
			`});`
			`this.server.listen(8389, '127.0.0.1', () => {`
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			logger.info(`LDAP server listening on ${this.server?.url}`);
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`});`
LDAP server: close on application stop 2020-07-30 11:59:25 +02:00			`this.server.on('close', () => {`
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`logger.info('LDAP server closed.');`
LDAP server: close on application stop 2020-07-30 11:59:25 +02:00			`});`
			`}`


			`public async stop(): Promise<void> {`
Update to swaf 0.23.4 2021-01-25 18:04:11 +01:00			`await new Promise<void>(resolve => {`
LDAP server: close on application stop 2020-07-30 11:59:25 +02:00			`if (this.server) {`
			`this.server.close(() => {`
			`resolve();`
			`});`
			`} else {`
			`resolve();`
			`}`
			`});`
Add LDAP auth server and make username required and unique per user Closes #5 2020-04-25 16:13:07 +02:00			`}`
Fix compiling errors following wms-core upgrade 2020-11-02 18:59:35 +01:00			`}`