src/auth.js

   1 'use strict';
   2
   3 var passport = require('passport'),
   4     LdapStrategy = require('passport-ldapjs').Strategy;
   5
   6 passport.serializeUser(function (user, done) {
   7     console.log('serializeUser', user);
   8     done(null, user.uid);
   9 });
  10
  11 passport.deserializeUser(function (id, done) {
  12     console.log('deserializeUser', id);
  13     done(null, { uid: id });
  14 });
  15
  16 var LDAP_URL = process.env.LDAP_URL;
  17 var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
  18
  19 if (LDAP_URL && LDAP_USERS_BASE_DN) {
  20     console.log('Enable ldap auth');
  21
  22     exports.ldap = passport.authenticate('ldap');
  23 } else {
  24     exports.ldap = function (req, res, next) {
  25         console.log('Disable ldap auth, use developer credentials!');
  26
  27         if (req.query.username !== 'test') return res.send(401);
  28         if (req.query.password !== 'test') return res.send(401);
  29
  30         next();
  31     };
  32 }
  33
  34 var opts = {
  35     server: {
  36         url: LDAP_URL,
  37     },
  38     base: LDAP_USERS_BASE_DN,
  39     search: {
  40         filter: '(|(username={{username}})(mail={{username}}))',
  41         attributes: ['displayname', 'username', 'mail', 'uid'],
  42         scope: 'sub'
  43     },
  44     uidTag: 'cn',
  45     usernameField: 'username',
  46     passwordField: 'password',
  47 };
  48
  49 passport.use(new LdapStrategy(opts, function (profile, done) {
  50     console.log('ldap', profile);
  51     done(null, profile);
  52 }));