fase(25-26): keyboard shortcuts, mobile responsive, enterprise SSO/audit
- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook) - Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6) - Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service - Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository - Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable) - Phase 26: Audit module index.ts + SSO module index.ts - Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke) - Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs) - Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup) - Phase 26: Frontend SessionsSection (list/revoke active sessions) - Phase 26: Settings navigation updated with SSO & Sessions sections Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
debian
81
dist/modules/sso/infrastructure/providers/LDAPProvider.js
vendored
Normal file
81
dist/modules/sso/infrastructure/providers/LDAPProvider.js
vendored
Normal file
@@ -0,0 +1,81 @@
|
||||
"use strict";
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.LDAPProvider = void 0;
|
||||
/**
|
||||
* LDAP/Active Directory authentication provider.
|
||||
*/
|
||||
const ldapjs_1 = __importDefault(require("ldapjs"));
|
||||
class LDAPProvider {
|
||||
constructor(config) {
|
||||
this.config = config;
|
||||
}
|
||||
async authenticate(username, password) {
|
||||
return new Promise((resolve, reject) => {
|
||||
const client = ldapjs_1.default.createClient({
|
||||
url: this.config.url,
|
||||
tlsOptions: this.config.tlsOptions,
|
||||
});
|
||||
client.on('error', (err) => {
|
||||
reject(err);
|
||||
});
|
||||
const escaped = username.replace(/[\\*()\x00]/g, (c) => `\\${c.charCodeAt(0).toString(16).padStart(2, '0')}`);
|
||||
const filter = (this.config.userSearchFilter ?? '(uid={username})')
|
||||
.replace('{username}', escaped);
|
||||
// Bind with service account if provided
|
||||
const bindDN = this.config.bindDN ?? '';
|
||||
const bindPwd = this.config.bindPassword ?? '';
|
||||
client.bind(bindDN, bindPwd, (err) => {
|
||||
if (err) {
|
||||
client.destroy();
|
||||
return resolve(null);
|
||||
}
|
||||
client.search(this.config.baseDN, { filter, scope: 'sub', attributes: ['dn', 'mail', 'displayName', 'memberOf'] }, (searchErr, res) => {
|
||||
if (searchErr) {
|
||||
client.destroy();
|
||||
return reject(searchErr);
|
||||
}
|
||||
let foundEntry = null;
|
||||
res.on('searchEntry', (entry) => {
|
||||
foundEntry = entry;
|
||||
});
|
||||
res.on('error', (resErr) => {
|
||||
client.destroy();
|
||||
reject(resErr);
|
||||
});
|
||||
res.on('end', () => {
|
||||
if (!foundEntry) {
|
||||
client.destroy();
|
||||
return resolve(null);
|
||||
}
|
||||
const entry = foundEntry;
|
||||
const userDN = entry.objectName ?? '';
|
||||
// Authenticate as the found user
|
||||
client.bind(userDN, password, (authErr) => {
|
||||
client.destroy();
|
||||
if (authErr) {
|
||||
return resolve(null);
|
||||
}
|
||||
const obj = entry.pojo;
|
||||
const getAttr = (name) => {
|
||||
const attr = obj.attributes.find((a) => a.type === name);
|
||||
return attr?.values[0];
|
||||
};
|
||||
resolve({
|
||||
dn: userDN,
|
||||
email: getAttr('mail'),
|
||||
displayName: getAttr('displayName'),
|
||||
groups: obj.attributes
|
||||
.find((a) => a.type === 'memberOf')
|
||||
?.values ?? [],
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
exports.LDAPProvider = LDAPProvider;
|
||||
Reference in New Issue
Block a user