Add LDAP auth module (parse-community#6226)

UnderratedDev · Nov 25, 2019 · 9d2bce7 · 9d2bce7
1 parent cbddc7f
commit 9d2bce7
Show file tree

Hide file tree

Showing 6 changed files with 452 additions and 0 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "graphql-upload": "8.1.0",
     "intersect": "1.0.1",
     "jsonwebtoken": "8.5.1",
+    "ldapjs": "1.0.2",
     "lodash": "4.17.15",
     "lru-cache": "5.1.1",
     "mime": "2.4.4",

diff --git a/spec/LdapAuth.spec.js b/spec/LdapAuth.spec.js
@@ -0,0 +1,138 @@
+const ldap = require('../lib/Adapters/Auth/ldap');
+const mockLdapServer = require('./MockLdapServer');
+const port = 12345;
+
+it('Should fail with missing options', done => {
+  ldap
+    .validateAuthData({ id: 'testuser', password: 'testpw' })
+    .then(done.fail)
+    .catch(err => {
+      jequal(err.message, 'LDAP auth configuration missing');
+      done();
+    });
+});
+
+it('Should return a resolved promise when validating the app id', done => {
+  ldap
+    .validateAppId()
+    .then(done)
+    .catch(done.fail);
+});
+
+it('Should succeed with right credentials', done => {
+  mockLdapServer(port, 'uid=testuser, o=example').then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example',
+    };
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done)
+      .catch(done.fail)
+      .finally(() => server.close());
+  });
+});
+
+it('Should fail with wrong credentials', done => {
+  mockLdapServer(port, 'uid=testuser, o=example').then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example',
+    };
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'wrong!' }, options)
+      .then(done.fail)
+      .catch(err => {
+        jequal(err.message, 'LDAP: Wrong username or password');
+        done();
+      })
+      .finally(() => server.close());
+  });
+});
+
+it('Should succeed if user is in given group', done => {
+  mockLdapServer(port, 'uid=testuser, o=example').then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example',
+      groupCn: 'powerusers',
+      groupFilter:
+        '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
+    };
+
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done)
+      .catch(done.fail)
+      .finally(() => server.close());
+  });
+});
+
+it('Should fail if user is not in given group', done => {
+  mockLdapServer(port, 'uid=testuser, o=example').then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example',
+      groupCn: 'groupTheUserIsNotIn',
+      groupFilter:
+        '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
+    };
+
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done.fail)
+      .catch(err => {
+        jequal(err.message, 'LDAP: User not in group');
+        done();
+      })
+      .finally(() => server.close());
+  });
+});
+
+it('Should fail if the LDAP server does not allow searching inside the provided suffix', done => {
+  mockLdapServer(port, 'uid=testuser, o=example').then(server => {
+    const options = {
+      suffix: 'o=invalid',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example',
+      groupCn: 'powerusers',
+      groupFilter:
+        '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
+    };
+
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done.fail)
+      .catch(err => {
+        jequal(err.message, 'LDAP group search failed');
+        done();
+      })
+      .finally(() => server.close());
+  });
+});
+
+it('Should fail if the LDAP server encounters an error while searching', done => {
+  mockLdapServer(port, 'uid=testuser, o=example', true).then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example',
+      groupCn: 'powerusers',
+      groupFilter:
+        '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
+    };
+
+    ldap
+      .validateAuthData({ id: 'testuser', password: 'secret' }, options)
+      .then(done.fail)
+      .catch(err => {
+        jequal(err.message, 'LDAP group search failed');
+        done();
+      })
+      .finally(() => server.close());
+  });
+});