@verdaccio/active-directory/lib/active-directory.js

Active Directory authentication plugin for Verdaccio

"use strict";

Object.defineProperty(exports, "__esModule", {
  value: true
});
exports.default = exports.NotAuthMessage = void 0;
var _core = require("@verdaccio/core");
var _activedirectory = _interopRequireDefault(require("activedirectory2"));
function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == typeof i ? i : i + ""; }
function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != typeof i) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
const NotAuthMessage = exports.NotAuthMessage = 'AD - Active Directory authentication failed';
const {
  getForbidden,
  getInternalError,
  getUnauthorized
} = _core.errorUtils;
class ActiveDirectoryPlugin {
  constructor(config, opts) {
    _defineProperty(this, "config", void 0);
    _defineProperty(this, "logger", void 0);
    this.config = config;
    this.logger = opts.logger;
  }
  authenticate(user, password, cb) {
    const username = `${user}@${this.config.domainSuffix}`;
    const connectionConfig = {
      ...this.config,
      domainSuffix: undefined,
      username,
      password,
      logging: this.logger
    };
    const connection = new _activedirectory.default(connectionConfig);
    connection.authenticate(username, password, (err, isAuthenticated) => {
      if (err) {
        this.logger.warn(`AD - Active Directory authentication failed with error: ${err}`);
        return cb(getInternalError(err));
      }
      if (!isAuthenticated) {
        this.logger.warn(NotAuthMessage);
        return cb(getUnauthorized(NotAuthMessage));
      }
      const {
        groupName
      } = this.config;
      if (!groupName) {
        this.logger.info('AD - Active Directory authentication succeeded');
        cb(null, [user]);
      } else {
        connection.getGroupMembershipForUser(username, (err, groups) => {
          if (err) {
            this.logger.warn(`AD - Active Directory group check failed with error: ${err}`);
            return cb(getInternalError(err));
          }
          const requestedGroups = Array.isArray(groupName) ? groupName : [groupName];
          const matchingGroups = requestedGroups.filter(requestedGroup => groups.some(group => requestedGroup === group.cn || requestedGroup === group.dn));
          if (matchingGroups.length <= 0) {
            const notMemberMessage = `AD - User ${user} is not member of group(s): ${requestedGroups.join(', ')}`;
            this.logger.warn(notMemberMessage);
            cb(getForbidden(notMemberMessage));
          } else {
            this.logger.info(`AD - Active Directory authentication succeeded in group(s): ${matchingGroups.join(', ')}`);
            cb(null, [...matchingGroups, user]);
          }
        });
      }
    });
  }
}
var _default = exports.default = ActiveDirectoryPlugin;
//# sourceMappingURL=active-directory.js.map