LdapProvider

flitter-auth/ldap/LdapProvider~ LdapProvider

LDAP authentication provider for flitter-auth.


Constructor

new LdapProvider()

Extends

Members

(private) _di_allow_defer :boolean

If true, the injector will defer the class if the class requests any services that the container is missing. These services are filled in later and added to the prototype and any instances. True by default.

Type:
  • boolean

(private) _di_deferred_instances :Array.<module:flitter-di/src/Injectable~Injectable>

Collection of instances of this class that need to have the deferred service instances injected into them when the deferred services are finally provided.

(private) _di_deferred_services :Array.<string>

List of services that were deferred and not provided at the time of injection.

Type:
  • Array.<string>

app :module:libflitter/app/FlitterApp~FlitterApp

The Flitter app.

config :Object

The provider's config.

Type:
  • Object

connect_string :string

The LDAP connection string in the format 'ldap://...'.

Type:
  • string

connection :module:flitter-auth/ldap/AsyncLdapConnection~AsyncLdapConnection

The async LDAP connection.

User :module:flitter-auth/model/User~User

The User model's class.

Type:
  • module:flitter-auth/model/User~User

Methods

(async) check_user_auth(user, password) → {Promise.<boolean>}

Check the validity of the provided credentials.

Parameters:
Name Type Description
user string
password string
Returns:
  • true if the credentials succeed, false otherwise
Type
Promise.<boolean>

(async) cleanup(app) → {Promise.<void>}

Clean up resources used by this provider. Unbinds all open LDAP connections.

Parameters:
Name Type Description
app module:libflitter/app/FlitterApp~FlitterApp

the current app

Returns:
Type
Promise.<void>

(async) get_login_args(form_data) → {Promise.<Array.<string>>}

From the form data, get the formatted arguments to be passed into the login function. Should create the username and password params.

Parameters:
Name Type Description
form_data Object
Returns:
Type
Promise.<Array.<string>>

(async) get_registration_args(form_data) → {Promise.<Array.<*>>}

From the form data, get the formatted arguments to be passed into the registration function. Should create the username and {password} objects.

Parameters:
Name Type Description
form_data object
Returns:
Type
Promise.<Array.<*>>

(async) get_user(uid) → {Promise.<(Object|undefined)>}

Get the user data record for the specified user uid matched by the configured filter from the LDAP server.

Parameters:
Name Type Description
uid string

the user's username

Returns:
  • undefined if no user is found with uid
Type
Promise.<(Object|undefined)>

(async) get_user_object(data) → {Promise.<module:flitter-auth/model/User~User>}

Given the user data record from the LDAP server, either look up or create an instance of this.User. Store the raw LDAP data in User.data.ldap (as JSON), and update roles where necessary.

Parameters:
Name Type Description
data object

the data from the LDAP server

Returns:
Type
Promise.<module:flitter-auth/model/User~User>

(async) get_users() → {Promise.<Array.<Object>>}

Get an array of user data records matched by the configured filter from the LDAP server.

Returns:
Type
Promise.<Array.<Object>>

handle_login_get(req, res, next) → {Promise.<*>}

Handle a request to get the login view. By default, shows the view specified by this.registration_view(), passing it title, heading_text, provider_name

Parameters:
Name Type Description
req express/Request
res express/Response
next function
Returns:
Type
Promise.<*>

handle_register_get(req, res, next) → {Promise.<*>}

Handle a request to get the registration view. By default, shows the view specified by this.registration_view(), passing it title, heading_text, provider_name

Parameters:
Name Type Description
req express/Request
res express/Response
next function
Returns:
Type
Promise.<*>

(async) ldap() → {Promise.<ldap/Client>}

Get an LDAP connection bound to the configured DN.

Returns:
Type
Promise.<ldap/Client>

(async) login(username, password, argsopt) → {Promise.<(boolean|module:flitter-auth/model/User~User)>}

Attempt to authenticate a user with the provided credentials. If it succeeds, return their User object.

Parameters:
Name Type Attributes Description
username string
password string
args <optional>

not required

Returns:
  • false if the auth is unsuccessful, a User instance if it is
Type
Promise.<(boolean|module:flitter-auth/model/User~User)>

login_view() → {string}

Get the Flitter canonical name of the login view.

Returns:
Type
string

(async) logout(request) → {Promise.<object>}

Log out the current user, if there is one, and clean the auth session.

Parameters:
Name Type Description
request express/Request
Returns:
  • the clean session
Type
Promise.<object>

logout_view() → {string}

Get the Flitter canonical name of the logout view.

Returns:
Type
string

(async) register(username, attrs, dataopt) → {Promise.<module:flitter-auth/model/User~User>}

Register a new user with the specified username and attributes. Attributes object should contain a 'password' key, which will be removed and used to set the user's LDAP password.

Parameters:
Name Type Attributes Description
username string

uid of the new user

attrs object

additional attributes of the user

data object <optional>

additional data to be stored in the user's JSON

Returns:
Type
Promise.<module:flitter-auth/model/User~User>

registration_view() → {string}

Get the Flitter canonical name of the registration view.

Returns:
Type
string

(async) session(request, user) → {Promise.<void>}

Bootstrap the session. Sets auth.user and auth.user_id.

Parameters:
Name Type Description
request express/Request
user module:flitter-auth/model/User~User

the authenticated user

Returns:
Type
Promise.<void>

(async) set_user_data(data, user) → {Promise.<void>}

Update user data from the LDAP record based on model-attribute to ldap-attribute mappings in the config (config key: attributes).

Parameters:
Name Type Description
data object

the user's LDAP data

user module:flitter-auth/model/User~User

the user to be updated

Returns:
Type
Promise.<void>

(async) set_user_roles(data, user) → {Promise.<void>}

Update the user's auth roles based on the role/group mappings from config. Uses the configured group_membership attribute.

Parameters:
Name Type Description
data object

user's data record from the LDAP server

user module:flitter-auth/model/User~User

the user to be updated

Returns:
Type
Promise.<void>

uid_to_dn(uid) → {string}

Convert a uid string to a fully qualified DN based on the configured user search base.

Parameters:
Name Type Description
uid string
Returns:
  • fully qualified DN of the user
Type
string

user_filter(uid) → {string}

Build the user search filter string. Replaces all instances of '%u' with uid.

Parameters:
Name Type Description
uid string

uid to be interpolated

Returns:
Type
string

(async) validate_login(form_data) → {Promise.<Array.<string>>}

Ensure that login form_data is valid. Checks for username.

Parameters:
Name Type Description
form_data object
Returns:
  • array of string errors. If empty array, no errors.
Type
Promise.<Array.<string>>

(async) validate_registration(form_data) → {Promise.<Array.<string>>}

Ensure that registration form_data is valid. Checks for password and unique username.

Parameters:
Name Type Description
form_data object
Returns:
  • array of string errors. If empty array, no errors.
Type
Promise.<Array.<string>>