fix(auth): improve google auth
always instanciate a new client for bind request
This commit is contained in:
simon
parent
82f9a2e55b
commit
0baf8155bf
@ -1,4 +1,4 @@
|
||||
import { Client, createClient } from 'ldapjs';
|
||||
import { Client, ClientOptions, createClient } from 'ldapjs';
|
||||
import debug from 'debug';
|
||||
import * as tls from 'tls';
|
||||
import { IAuthentication } from '../types/Authentication';
|
||||
@ -22,7 +22,7 @@ interface IGoogleLDAPAuthOptions {
|
||||
}
|
||||
|
||||
export class GoogleLDAPAuth implements IAuthentication {
|
||||
private ldap: Client;
|
||||
private ldapDNClient: Client;
|
||||
|
||||
private lastDNsFetch: Date;
|
||||
|
||||
@ -30,16 +30,20 @@ export class GoogleLDAPAuth implements IAuthentication {
|
||||
|
||||
private base: string;
|
||||
|
||||
private config: ClientOptions;
|
||||
|
||||
constructor(config: IGoogleLDAPAuthOptions) {
|
||||
this.base = config.base;
|
||||
|
||||
this.ldap = createClient({
|
||||
this.config = {
|
||||
url: 'ldaps://ldap.google.com:636',
|
||||
tlsOptions: {
|
||||
...config.tlsOptions,
|
||||
servername: 'ldap.google.com'
|
||||
}
|
||||
}).on('error', error => {
|
||||
};
|
||||
|
||||
this.ldapDNClient = createClient(this.config).on('error', error => {
|
||||
console.error('Error in ldap', error);
|
||||
});
|
||||
|
||||
@ -50,7 +54,7 @@ export class GoogleLDAPAuth implements IAuthentication {
|
||||
const dns: { [key: string]: string } = {};
|
||||
|
||||
await new Promise((resolve, reject) => {
|
||||
this.ldap.search(
|
||||
this.ldapDNClient.search(
|
||||
this.base,
|
||||
{
|
||||
scope: 'sub'
|
||||
@ -118,7 +122,10 @@ export class GoogleLDAPAuth implements IAuthentication {
|
||||
}
|
||||
|
||||
const authResult: boolean = await new Promise((resolve, reject) => {
|
||||
this.ldap.bind(dn, password, (err, res) => {
|
||||
// we never unbding a client, therefore create a new client every time
|
||||
const authClient = createClient(this.config);
|
||||
|
||||
authClient.bind(dn, password, (err, res) => {
|
||||
if (err) {
|
||||
if (err && (err as any).stack && (err as any).stack.includes(`ldap.google.com closed`)) {
|
||||
count++;
|
||||
@ -133,6 +140,8 @@ export class GoogleLDAPAuth implements IAuthentication {
|
||||
}
|
||||
if (res) resolve(res);
|
||||
else reject();
|
||||
|
||||
authClient.unbind();
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user