fix(auth): improve google auth
always instanciate a new client for bind request
This commit is contained in:
simon
parent
82f9a2e55b
commit
0baf8155bf
@ -1,4 +1,4 @@
|
|||||||
import { Client, createClient } from 'ldapjs';
|
import { Client, ClientOptions, createClient } from 'ldapjs';
|
||||||
import debug from 'debug';
|
import debug from 'debug';
|
||||||
import * as tls from 'tls';
|
import * as tls from 'tls';
|
||||||
import { IAuthentication } from '../types/Authentication';
|
import { IAuthentication } from '../types/Authentication';
|
||||||
@ -22,7 +22,7 @@ interface IGoogleLDAPAuthOptions {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export class GoogleLDAPAuth implements IAuthentication {
|
export class GoogleLDAPAuth implements IAuthentication {
|
||||||
private ldap: Client;
|
private ldapDNClient: Client;
|
||||||
|
|
||||||
private lastDNsFetch: Date;
|
private lastDNsFetch: Date;
|
||||||
|
|
||||||
@ -30,16 +30,20 @@ export class GoogleLDAPAuth implements IAuthentication {
|
|||||||
|
|
||||||
private base: string;
|
private base: string;
|
||||||
|
|
||||||
|
private config: ClientOptions;
|
||||||
|
|
||||||
constructor(config: IGoogleLDAPAuthOptions) {
|
constructor(config: IGoogleLDAPAuthOptions) {
|
||||||
this.base = config.base;
|
this.base = config.base;
|
||||||
|
|
||||||
this.ldap = createClient({
|
this.config = {
|
||||||
url: 'ldaps://ldap.google.com:636',
|
url: 'ldaps://ldap.google.com:636',
|
||||||
tlsOptions: {
|
tlsOptions: {
|
||||||
...config.tlsOptions,
|
...config.tlsOptions,
|
||||||
servername: 'ldap.google.com'
|
servername: 'ldap.google.com'
|
||||||
}
|
}
|
||||||
}).on('error', error => {
|
};
|
||||||
|
|
||||||
|
this.ldapDNClient = createClient(this.config).on('error', error => {
|
||||||
console.error('Error in ldap', error);
|
console.error('Error in ldap', error);
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -50,7 +54,7 @@ export class GoogleLDAPAuth implements IAuthentication {
|
|||||||
const dns: { [key: string]: string } = {};
|
const dns: { [key: string]: string } = {};
|
||||||
|
|
||||||
await new Promise((resolve, reject) => {
|
await new Promise((resolve, reject) => {
|
||||||
this.ldap.search(
|
this.ldapDNClient.search(
|
||||||
this.base,
|
this.base,
|
||||||
{
|
{
|
||||||
scope: 'sub'
|
scope: 'sub'
|
||||||
@ -118,7 +122,10 @@ export class GoogleLDAPAuth implements IAuthentication {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const authResult: boolean = await new Promise((resolve, reject) => {
|
const authResult: boolean = await new Promise((resolve, reject) => {
|
||||||
this.ldap.bind(dn, password, (err, res) => {
|
// we never unbding a client, therefore create a new client every time
|
||||||
|
const authClient = createClient(this.config);
|
||||||
|
|
||||||
|
authClient.bind(dn, password, (err, res) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
if (err && (err as any).stack && (err as any).stack.includes(`ldap.google.com closed`)) {
|
if (err && (err as any).stack && (err as any).stack.includes(`ldap.google.com closed`)) {
|
||||||
count++;
|
count++;
|
||||||
@ -133,6 +140,8 @@ export class GoogleLDAPAuth implements IAuthentication {
|
|||||||
}
|
}
|
||||||
if (res) resolve(res);
|
if (res) resolve(res);
|
||||||
else reject();
|
else reject();
|
||||||
|
|
||||||
|
authClient.unbind();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user