fix: ldap auth failed auth and added test scripts

4 years ago · 5e5005cf6b
parent 9fe25a8b49
commit 5e5005cf6b
5 changed files with 29 additions and 8 deletions
--- a/package.json
+++ b/package.json
@ -7,7 +7,8 @@
 		"start": "../node/node dist/app.js",
 		"build": "tsc",
 		"dev": "ts-node src/app.ts",
-		"test-ttls-pap": "eapol_test -c ./ttls-pap.conf -s testing123",
+		"test-ttls-pap": "tests/eapol_test -c tests/ttls-pap.conf -s testing123",
+		"test-radtest": "radtest -x user pwd localhost 1812 testing123",
 		"create-certificate": "sh ./ssl/create.sh && sh ./ssl/sign.sh"
 	},
 	"dependencies": {
--- a/src/auth/google-ldap.ts
+++ b/src/auth/google-ldap.ts
@ -76,7 +76,7 @@ export class GoogleLDAPAuth implements IAuthentication {
 	async authenticate(username: string, password: string, count = 0, forceFetching = false) {
 		const cacheKey = `usr:${username}|pwd:${password}`;
 		const fromCache = this.cache.get(cacheKey);
-		if (fromCache) {
+		if (fromCache !== undefined) {
 			return fromCache;
 		}

@ -100,10 +100,11 @@ export class GoogleLDAPAuth implements IAuthentication {
 			if (!dnsFetched && !forceFetching) {
 				return this.authenticate(username, password, count, true);
 			}
-			throw new Error(`invalid username, not found in DN: ${username}`);
+			console.error(`invalid username, not found in DN: ${username}`);
+			return false;
 		}

-		await new Promise((resolve, reject) => {
+		const authResult: boolean = await new Promise((resolve, reject) => {
 			this.ldap.bind(dn, password, (err, res) => {
 				if (err) {
 					if (err && (err as any).stack && (err as any).stack.includes(`${this.url} closed`)) {
@ -112,16 +113,18 @@ export class GoogleLDAPAuth implements IAuthentication {
 						setTimeout(() => resolve(this.authenticate(dn, password)), 2000);
 						return;
 					}
-					console.error('ldap error', err);
-					reject(err);
+
+					resolve(false);
+					// console.error('ldap error', err);
+					// reject(err);
 				}
 				if (res) resolve(res);
 				else reject();
 			});
 		});

-		this.cache.set(cacheKey, true, 86400);
+		this.cache.set(cacheKey, authResult, 86400);

-		return username;
+		return authResult;
 	}
 }
--- a/tests/.gitignore
+++ b/tests/.gitignore
@ -0,0 +1 @@
+*hokify*
--- a/tests/eapol_test
+++ b/tests/eapol_test
--- a/tests/ttls-pap.conf
+++ b/tests/ttls-pap.conf
@ -0,0 +1,16 @@
+#
+#   eapol_test -c ttls-pap.conf -s testing123
+#
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=TTLS
+        identity="user"
+        anonymous_identity="anonymous"
+        password="pwd"
+        phase2="auth=PAP"
+
+	#
+	#  Uncomment the following to perform server certificate validation.
+    	ca_cert="./ssl/cert/ca.pem"
+}