Fixes #164

claudioc · Sep 18, 2016 · 34122cc · 34122cc
1 parent fa51014
commit 34122cc
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 16 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -11,4 +11,5 @@ Noteworthy contributors
 David McFadzean (static assets management) https://github.com/macterra
 Bradly Sharpe https://github.com/brad7928
 Collin Reynolds https://github.com/creynold
-jon r https://github.com/almereyda
+jon r https://github.com/almereyda
+everpcpc (LDAP support) https://github.com/everpcpc
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,3 +1,9 @@
+Version 1.7.0, September 18th, 2016
+==================================
+
+- Fixes #164 (ProxyPath not used on /login)
+- Adds LDAP authentication support (@everpcpc). Requires manual installation of `passport-ldapauth`
+
 Version 1.6.1, January 27th, 2016
 ==================================
 

diff --git a/README.md b/README.md
@@ -133,6 +133,7 @@ For GitHub, follow these instructions (you need to be logged in in GitHub):
 * Now you need to copy the `Client ID` and `Client secret` in your jingo config file in the proper places
 
 The _ldap_ method uses `url` as the ldap server url, and optionally a `bindDn` and `bindCredentials` if needed. The `searchBase` and `searchFilter` are required for searching in the tree.
+Since we want to install the (binary) support to LDAP only when needed, please _manually_ `npm install passport-ldapauth` to use the LDAP support.
 
 The _local_ method uses an array of `username`, `passwordHash` and optionally an `email`. The password is hashed using a _non salted_ SHA-1 algorithm, which makes this method not the safest in the world but at least you don't have a clear text password in the config file. To generate the hash, use the `--hash-string` program option: once you get the hash, copy it in the config file.
 
@@ -286,6 +287,7 @@ Configuration options reference
 #### authentication.ldap.enabled (boolean: false)
 
   Enable or disable authentication via LDAP logins
+  Requires manual installation of `passport-ldapauth` module via npm
 
 #### authentication.ldap.url
 #### authentication.ldap.bindDn

diff --git a/jingo b/jingo
@@ -17,7 +17,7 @@ var program = require("commander"),
 
 global.Git = require("./lib/gitmech");
 
-program.version("1.6.1")
+program.version("1.7.0")
        .option("-c, --config <path>", "Specify the config file")
        .option("-#, --hash-string <string>", "Create an hash for a string")
        .option("-l, --local", "Listen on localhost only")

diff --git a/lib/app.js b/lib/app.js
@@ -172,7 +172,7 @@ module.exports.initialize = function (config) {
 
   function requireAuthentication(req, res, next) {
     if (!res.locals.user) {
-      res.redirect("/login");
+      res.redirect(res.locals.proxyPath + "/login");
     }
     else {
       next();

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jingo",
-  "version": "1.6.1",
+  "version": "1.7.0",
   "description": "A nodejs based wiki engine",
   "author": "Claudio Cicali <claudio.cicali@gmail.com>",
   "keywords": [
@@ -46,7 +46,6 @@
     "passport": "^0.2.0",
     "passport-github": "^0.1.5",
     "passport-google-oauth": "^0.1.5",
-    "passport-ldapauth": "^0.3.1",
     "passport-local": "^1.0.0",
     "semver": "^2.3.2",
     "serve-favicon": "^2.1.7",

diff --git a/routes/auth.js b/routes/auth.js
@@ -4,10 +4,16 @@ var router = require("express").Router(),
   passportLocal = require("passport-local"),
   passportGoogle = require("passport-google-oauth"),
   passportGithub = require("passport-github").Strategy,
-  passportLDAP = require("passport-ldapauth"),
   tools = require("../lib/tools");
 
 var auth = app.locals.config.get("authentication");
+
+// Additional LDAP support only if needed
+var passportLDAP;
+if (auth.ldap.enabled) {
+  passportLDAP = require("passport-ldapauth");
+}
+
 var passport = app.locals.passport;
 var proxyPath = app.locals.config.getProxyPath();
 
@@ -34,11 +40,13 @@ router.get("/auth/github/callback", passport.authenticate("github", {
   failureRedirect: proxyPath + "/login"
 }));
 
-router.post("/auth/ldap", passport.authenticate("ldapauth", {
-  successRedirect: proxyPath + "/auth/done",
-  failureRedirect: proxyPath + "/login",
-  failureFlash: true
-}));
+if (auth.ldap.enabled) {
+  router.post("/auth/ldap", passport.authenticate("ldapauth", {
+    successRedirect: proxyPath + "/auth/done",
+    failureRedirect: proxyPath + "/login",
+    failureFlash: true
+  }));
+}
 
 if (auth.google.enabled) {
   var redirectURL = auth.google.redirectURL || app.locals.baseUrl + "/oauth2callback";
@@ -165,11 +173,13 @@ passport.deserializeUser(function (user, done) {
   }
 
   // for ldap auth
-  if (!user.displayName && user.uid) {
-    user.displayName = user.uid;
-  }
-  if (!user.email && user.mail) {
-    user.email = user.mail;
+  if (auth.ldap.enabled) {
+    if (!user.displayName && user.uid) {
+      user.displayName = user.uid;
+    }
+    if (!user.email && user.mail) {
+      user.email = user.mail;
+    }
   }
 
   if (!user.email) {