deblan-mirror/thelounge
deblan-mirror/thelounge
1
0
Fork 0
mirror of https://github.com/thelounge/thelounge.git synced 2024-06-16 12:35:07 +02:00
Code Issues Projects Releases Wiki Activity
thelounge/src/plugins/auth.js

51 lines
1.4 KiB
JavaScript
Raw Normal View History

Tidy up the auth plugin API mechanism to hide implementation details The caller doesn't care which plugin is being used, so this commit consolidates implementation details within auth.js The motivation for this work is to prepare for extending the auth API (to allow "advanced" LDAP to query user entry ontological state at start up), by tidying up rather than duplicating the existing mechanism.
2020-04-22 15:33:35 +02:00
"use strict";
const log = require("../log");
const colors = require("chalk");
// The order defines priority: the first available plugin is used.
// Always keep 'local' auth plugin at the end of the list; it should always be enabled.
const plugins = [require("./auth/ldap"), require("./auth/local")];
function unimplemented(funcName) {
log.debug(
`Auth module ${colors.bold(
module.exports.moduleName
)} doesn't implement function ${colors.bold(funcName)}`
);
}
// Default API implementations
module.exports = {
moduleName: "<module with no name>",
// Must override: implements authentication mechanism
auth: () => unimplemented("auth"),
Filter user loading at startup for "advanced" LDAP Users are loaded at startup. Currently when using "advanced" LDAP authentication this is true even if they no longer have a valid entry in the LDAP server. This commit uses the existing LDAP filter (specified in config.js's searchDN used by the "advanced" LDAP mechanism) to weed out any users that no longer have the relevant LDAP entry. Local and "simple" LDAP auth mechanisms continue to use the existing load all users approach. In the "simple" LDAP case this is because we only have access to the hashed password, and so can't bind to LDAP.
2020-04-22 15:33:09 +02:00
// Optional to override: implements filter for loading users at start up
// This allows an auth plugin to check if a user is still acceptable, if the plugin
// can do so without access to the user's unhashed password.
// Returning 'false' triggers fallback to default behaviour of loading all users
loadUsers: () => false,
Tidy up the auth plugin API mechanism to hide implementation details The caller doesn't care which plugin is being used, so this commit consolidates implementation details within auth.js The motivation for this work is to prepare for extending the auth API (to allow "advanced" LDAP to query user entry ontological state at start up), by tidying up rather than duplicating the existing mechanism.
2020-04-22 15:33:35 +02:00
};
// local auth should always be enabled, but check here to verify
let somethingEnabled = false;
// Override default API stubs with exports from first enabled plugin found
for (const plugin of plugins) {
if (plugin.isEnabled()) {
somethingEnabled = true;
for (const name in plugin) {
module.exports[name] = plugin[name];
}
break;
}
}
if (!somethingEnabled) {
log.error("None of the auth plugins is enabled");
}
Reference in a new issue Copy permalink