AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2025-05-04 19:55:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Adapt AuthenticationManager.js to work with sharelatex versions > 2.3.1

Browse source
This commit is contained in:
Simon M. Haller-Seeber 2021-03-11 08:48:34 +01:00
parent ca58b4852a
commit 8f0b270faf
2 changed files with 200 additions and 207 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ldap-overleaf-sl/Dockerfile
View file

@ -1,4 +1,7 @@
FROM sharelatex/sharelatex:2.3.1 FROM sharelatex/sharelatex:2.5.2
# FROM sharelatex/sharelatex:latest
# latest might not be tested
# e.g. the AuthenticationManager.js script had to be adapted between versions after 2.3.1
LABEL maintainer="Simon Haller-Seeber" LABEL maintainer="Simon Haller-Seeber"
LABEL version="0.1" LABEL version="0.1"

82
ldap-overleaf-sl/sharelatex/AuthenticationManager.js
View file

@ -1,9 +1,8 @@
const Settings = require('settings-sharelatex') const Settings = require('settings-sharelatex')
const {User} = require('../../models/User') const { User } = require('../../models/User')
const {db, ObjectId} = require('../../infrastructure/mongojs') const { db, ObjectId } = require('../../infrastructure/mongodb')
const bcrypt = require('bcrypt') const bcrypt = require('bcrypt')
const EmailHelper = require('../Helpers/EmailHelper') const EmailHelper = require('../Helpers/EmailHelper')
const V1Handler = require('../V1/V1Handler')
const { const {
InvalidEmailError, InvalidEmailError,
InvalidPasswordError InvalidPasswordError
@ -18,9 +17,9 @@ const { Client } = require('ldapts');
const BCRYPT_ROUNDS = Settings.security.bcryptRounds || 12 const BCRYPT_ROUNDS = Settings.security.bcryptRounds || 12
const BCRYPT_MINOR_VERSION = Settings.security.bcryptMinorVersion || 'a' const BCRYPT_MINOR_VERSION = Settings.security.bcryptMinorVersion || 'a'
const _checkWriteResult = function (result, callback) { const _checkWriteResult = function(result, callback) {
// for MongoDB // for MongoDB
if (result && result.nModified === 1) { if (result && result.modifiedCount === 1) {
callback(null, true) callback(null, true)
} else { } else {
callback(null, false) callback(null, false)
@ -31,7 +30,7 @@ const AuthenticationManager = {
authenticate(query, password, callback) { authenticate(query, password, callback) {
// Using Mongoose for legacy reasons here. The returned User instance // Using Mongoose for legacy reasons here. The returned User instance
// gets serialized into the session and there may be subtle differences // gets serialized into the session and there may be subtle differences
// between the user returned by Mongoose vs mongojs (such as default values) // between the user returned by Mongoose vs mongodb (such as default values)
User.findOne(query, (error, user) => { User.findOne(query, (error, user) => {
//console.log("Begining:" + JSON.stringify(query)) //console.log("Begining:" + JSON.stringify(query))
AuthenticationManager.authUserObj(error, user, query, password, callback) AuthenticationManager.authUserObj(error, user, query, password, callback)
@ -57,7 +56,7 @@ const AuthenticationManager = {
//console.log("Creating User:" + JSON.stringify(query)) //console.log("Creating User:" + JSON.stringify(query))
//create random pass for local userdb, does not get checked for ldap users during login //create random pass for local userdb, does not get checked for ldap users during login
let pass = require("crypto").randomBytes(32).toString("hex") let pass = require("crypto").randomBytes(32).toString("hex")
console.log("Creating User:" + JSON.stringify(query) + "Random Pass" + pass) //console.log("Creating User:" + JSON.stringify(query) + "Random Pass" + pass)
const userRegHand = require('../User/UserRegistrationHandler.js') const userRegHand = require('../User/UserRegistrationHandler.js')
userRegHand.registerNewUser({ userRegHand.registerNewUser({
@ -117,20 +116,19 @@ const AuthenticationManager = {
// therefore we do not enforce checks here // therefore we do not enforce checks here
const parsed = EmailHelper.parseEmail(email) const parsed = EmailHelper.parseEmail(email)
//if (!parsed) { //if (!parsed) {
// return new InvalidEmailError({message: 'email not valid'}) // return new InvalidEmailError({ message: 'email not valid' })
//} //}
return null return null
}, },
// validates a password based on a similar set of rules to `complexPassword.js` on the frontend // validates a password based on a similar set of rules to `complexPassword.js` on the frontend
// note that `passfield.js` enforces more rules than this, but these are the most commonly set // note that `passfield.js` enforces more rules than this, but these are the most commonly set.
// returns null on success, or an error string. // returns null on success, or an error object.
// Actually we do not need this because we always use the ldap backend validatePassword(password, email) {
validatePassword(password) {
if (password == null) { if (password == null) {
return new InvalidPasswordError({ return new InvalidPasswordError({
message: 'password not set', message: 'password not set',
info: {code: 'not_set'} info: { code: 'not_set' }
}) })
} }
@ -154,13 +152,13 @@ const AuthenticationManager = {
if (password.length < min) { if (password.length < min) {
return new InvalidPasswordError({ return new InvalidPasswordError({
message: 'password is too short', message: 'password is too short',
info: {code: 'too_short'} info: { code: 'too_short' }
}) })
} }
if (password.length > max) { if (password.length > max) {
return new InvalidPasswordError({ return new InvalidPasswordError({
message: 'password is too long', message: 'password is too long',
info: {code: 'too_long'} info: { code: 'too_long' }
}) })
} }
if ( if (
@ -169,33 +167,33 @@ const AuthenticationManager = {
) { ) {
return new InvalidPasswordError({ return new InvalidPasswordError({
message: 'password contains an invalid character', message: 'password contains an invalid character',
info: {code: 'invalid_character'} info: { code: 'invalid_character' }
}) })
} }
return null return null
}, },
setUserPassword(userId, password, callback) { setUserPassword(user, password, callback) {
AuthenticationManager.setUserPasswordInV2(userId, password, callback) AuthenticationManager.setUserPasswordInV2(user, password, callback)
}, },
checkRounds(user, hashedPassword, password, callback) { checkRounds(user, hashedPassword, password, callback) {
// Temporarily disable this function, TODO: re-enable this // Temporarily disable this function, TODO: re-enable this
return callback() //return callback()
if (Settings.security.disableBcryptRoundsUpgrades) { if (Settings.security.disableBcryptRoundsUpgrades) {
return callback() return callback()
} }
// check current number of rounds and rehash if necessary // check current number of rounds and rehash if necessary
const currentRounds = bcrypt.getRounds(hashedPassword) const currentRounds = bcrypt.getRounds(hashedPassword)
if (currentRounds < BCRYPT_ROUNDS) { if (currentRounds < BCRYPT_ROUNDS) {
AuthenticationManager.setUserPassword(user._id, password, callback) AuthenticationManager.setUserPassword(user, password, callback)
} else { } else {
callback() callback()
} }
}, },
hashPassword(password, callback) { hashPassword(password, callback) {
bcrypt.genSalt(BCRYPT_ROUNDS, BCRYPT_MINOR_VERSION, function (error, salt) { bcrypt.genSalt(BCRYPT_ROUNDS, BCRYPT_MINOR_VERSION, function(error, salt) {
if (error) { if (error) {
return callback(error) return callback(error)
} }
@ -203,18 +201,23 @@ const AuthenticationManager = {
}) })
}, },
setUserPasswordInV2(userId, password, callback) { setUserPasswordInV2(user, password, callback) {
const validationError = this.validatePassword(password) //if (!user || !user.email || !user._id) {
// return callback(new Error('invalid user object'))
//}
console.log("Setting pass for user: " + JSON.stringify(user))
const validationError = this.validatePassword(password, user.email)
if (validationError) { if (validationError) {
return callback(validationError) return callback(validationError)
} }
this.hashPassword(password, function (error, hash) { this.hashPassword(password, function(error, hash) {
if (error) { if (error) {
return callback(error) return callback(error)
} }
db.users.update( db.users.updateOne(
{ {
_id: ObjectId(userId.toString()) _id: ObjectId(user._id.toString())
}, },
{ {
$set: { $set: {
@ -224,7 +227,7 @@ const AuthenticationManager = {
password: true password: true
} }
}, },
function (updateError, result) { function(updateError, result) {
if (updateError) { if (updateError) {
return callback(updateError) return callback(updateError)
} }
@ -234,20 +237,6 @@ const AuthenticationManager = {
}) })
}, },
setUserPasswordInV1(v1UserId, password, callback) {
const validationError = this.validatePassword(password)
if (validationError) {
return callback(validationError.message)
}
V1Handler.doPasswordReset(v1UserId, password, function (error, reset) {
if (error) {
return callback(error)
}
callback(error, reset)
})
},
_passwordCharactersAreValid(password) { _passwordCharactersAreValid(password) {
let digits, letters, lettersUp, symbols let digits, letters, lettersUp, symbols
if ( if (
@ -307,12 +296,12 @@ const AuthenticationManager = {
filter: filterstr , filter: filterstr ,
}); });
await searchEntries await searchEntries
console.log(JSON.stringify(searchEntries)) //console.log(JSON.stringify(searchEntries))
if (searchEntries[0]) { if (searchEntries[0]) {
mail = searchEntries[0].mail mail = searchEntries[0].mail
firstname = searchEntries[0].givenName firstname = searchEntries[0].givenName
lastname = searchEntries[0].sn lastname = searchEntries[0].sn
console.log("Found user: " + mail + " Name: " + firstname + " " + lastname) //console.log("Found user: " + mail + " Name: " + firstname + " " + lastname)
} }
} catch (ex) { } catch (ex) {
console.log("An Error occured while getting user data during ldapsearch: " + String(ex)) console.log("An Error occured while getting user data during ldapsearch: " + String(ex))
@ -329,7 +318,7 @@ const AuthenticationManager = {
filter: adminfilter, filter: adminfilter,
}); });
await adminEntry; await adminEntry;
console.log("Admin Search response:" + JSON.stringify(adminEntry.searchEntries)) //console.log("Admin Search response:" + JSON.stringify(adminEntry.searchEntries))
if (adminEntry.searchEntries[0].mail) { if (adminEntry.searchEntries[0].mail) {
console.log("is Admin") console.log("is Admin")
isAdmin=true; isAdmin=true;
@ -345,7 +334,7 @@ const AuthenticationManager = {
console.log("Mail not set - exit. This should not happen - please set mail-entry in ldap.") console.log("Mail not set - exit. This should not happen - please set mail-entry in ldap.")
return callback(null, null) return callback(null, null)
} }
console.log("Logging in iser: " + mail + " Name: " + firstname + " " + lastname + " isAdmin: " + String(isAdmin)) //console.log("Logging in user: " + mail + " Name: " + firstname + " " + lastname + " isAdmin: " + String(isAdmin))
// we are authenticated now let's set the query to the correct mail from ldap // we are authenticated now let's set the query to the correct mail from ldap
query.email = mail query.email = mail
User.findOne(query, (error, user) => { User.findOne(query, (error, user) => {
@ -364,7 +353,8 @@ const AuthenticationManager = {
AuthenticationManager.promises = { AuthenticationManager.promises = {
authenticate: util.promisify(AuthenticationManager.authenticate), authenticate: util.promisify(AuthenticationManager.authenticate),
hashPassword: util.promisify(AuthenticationManager.hashPassword) hashPassword: util.promisify(AuthenticationManager.hashPassword),
setUserPassword: util.promisify(AuthenticationManager.setUserPassword)
} }
module.exports = AuthenticationManager module.exports = AuthenticationManager