Implement better radius support

app/ldap/controllers/LDAPController.js

@@ -59,34 +59,8 @@ class LDAPController extends Injectable {
             return next(new LDAP.InsufficientAccessRightsError())
         }
 
-        // Check if the credentials are an app_password
-        const app_password_verified = Array.isArray(item.app_passwords)
-            && item.app_passwords.length > 0
-            && await item.check_app_password(req.credentials)
-
-        // Check if the user has MFA enabled.
-        // If so, split the incoming password to fetch the MFA code
-        // e.g. normalPassword:123456
-        if ( !app_password_verified && item.mfa_enabled ) {
-            const parts = req.credentials.split(':')
-            const mfa_code = parts.pop()
-            const actual_password = parts.join(':')
-
-            // Check the credentials
-            if ( !await item.check_password(actual_password) ) {
-                this.output.debug(`Bind failure: user w/ MFA provided invalid credentials`)
-                return next(new LDAP.InvalidCredentialsError('Invalid credentials. Make sure MFA code is included at the end of your password (e.g. password:123456)'))
-            }
-
-            // Now, check the MFA code
-            if ( !item.mfa_token.verify(mfa_code) ) {
-                this.output.debug(`Bind failure: user w/ MFA provided invalid MFA token`)
-                return next(new LDAP.InvalidCredentialsError('Invalid credentials. Verification of the MFA token failed.'))
-            }
-
-        // If not MFA, just check the credentials
-        } else if (!app_password_verified && !await item.check_password(req.credentials)) {
-            this.output.debug(`Bind failure: user w/ simple auth provided invalid credentials`)
+        // Check if the credentials are valid
+        if ( !(await item.check_credential_string(req.credentials)) ) {
             return next(new LDAP.InvalidCredentialsError())
         }