From 5e5005cf6bcbc3d9450db3651478249f8deb92a6 Mon Sep 17 00:00:00 2001
From: simon <simon.tretter@hokify.com>
Date: Sun, 23 Feb 2020 01:09:28 +0100
Subject: [PATCH] fix: ldap auth failed auth and added test scripts

---
 package.json                   |   3 ++-
 src/auth/google-ldap.ts        |  17 ++++++++++-------
 tests/.gitignore               |   1 +
 eapol_test => tests/eapol_test | Bin
 tests/ttls-pap.conf            |  16 ++++++++++++++++
 5 files changed, 29 insertions(+), 8 deletions(-)
 create mode 100644 tests/.gitignore
 rename eapol_test => tests/eapol_test (100%)
 create mode 100644 tests/ttls-pap.conf

diff --git a/package.json b/package.json
index a956448..2fefea1 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,8 @@
 		"start": "../node/node dist/app.js",
 		"build": "tsc",
 		"dev": "ts-node src/app.ts",
-		"test-ttls-pap": "eapol_test -c ./ttls-pap.conf -s testing123",
+		"test-ttls-pap": "tests/eapol_test -c tests/ttls-pap.conf -s testing123",
+		"test-radtest": "radtest -x user pwd localhost 1812 testing123",
 		"create-certificate": "sh ./ssl/create.sh && sh ./ssl/sign.sh"
 	},
 	"dependencies": {
diff --git a/src/auth/google-ldap.ts b/src/auth/google-ldap.ts
index 486d021..3836ab9 100644
--- a/src/auth/google-ldap.ts
+++ b/src/auth/google-ldap.ts
@@ -76,7 +76,7 @@ export class GoogleLDAPAuth implements IAuthentication {
 	async authenticate(username: string, password: string, count = 0, forceFetching = false) {
 		const cacheKey = `usr:${username}|pwd:${password}`;
 		const fromCache = this.cache.get(cacheKey);
-		if (fromCache) {
+		if (fromCache !== undefined) {
 			return fromCache;
 		}
 
@@ -100,10 +100,11 @@ export class GoogleLDAPAuth implements IAuthentication {
 			if (!dnsFetched && !forceFetching) {
 				return this.authenticate(username, password, count, true);
 			}
-			throw new Error(`invalid username, not found in DN: ${username}`);
+			console.error(`invalid username, not found in DN: ${username}`);
+			return false;
 		}
 
-		await new Promise((resolve, reject) => {
+		const authResult: boolean = await new Promise((resolve, reject) => {
 			this.ldap.bind(dn, password, (err, res) => {
 				if (err) {
 					if (err && (err as any).stack && (err as any).stack.includes(`${this.url} closed`)) {
@@ -112,16 +113,18 @@ export class GoogleLDAPAuth implements IAuthentication {
 						setTimeout(() => resolve(this.authenticate(dn, password)), 2000);
 						return;
 					}
-					console.error('ldap error', err);
-					reject(err);
+
+					resolve(false);
+					// console.error('ldap error', err);
+					// reject(err);
 				}
 				if (res) resolve(res);
 				else reject();
 			});
 		});
 
-		this.cache.set(cacheKey, true, 86400);
+		this.cache.set(cacheKey, authResult, 86400);
 
-		return username;
+		return authResult;
 	}
 }
diff --git a/tests/.gitignore b/tests/.gitignore
new file mode 100644
index 0000000..5c17edc
--- /dev/null
+++ b/tests/.gitignore
@@ -0,0 +1 @@
+*hokify*
diff --git a/eapol_test b/tests/eapol_test
similarity index 100%
rename from eapol_test
rename to tests/eapol_test
diff --git a/tests/ttls-pap.conf b/tests/ttls-pap.conf
new file mode 100644
index 0000000..c87fd4d
--- /dev/null
+++ b/tests/ttls-pap.conf
@@ -0,0 +1,16 @@
+#
+#   eapol_test -c ttls-pap.conf -s testing123
+#
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=TTLS
+        identity="user"
+        anonymous_identity="anonymous"
+        password="pwd"
+        phase2="auth=PAP"
+
+	#
+	#  Uncomment the following to perform server certificate validation.
+    	ca_cert="./ssl/cert/ca.pem"
+}