ldap.authenticate(username, password, function(err, user) { ldap.close(function(){}); // We don't care about the closing if (err) { // Invalid credentials / user not found are not errors but login failures if (err.name === 'InvalidCredentialsError' || err.name === 'NoSuchObjectError' || (typeof err === 'string' && err.match(/no such user/i))) { return self.fail('Invalid username/password'); } // Other errors are (most likely) real errors return self.error(err); } if (!user) { return self.fail('User not found'); } else { user = self.mapProfile(user); } // Execute given verify function if (self.verify) { if (self.options.passReqToCallback) { return self.verify(req, user, verified); } else { return self.verify(user, verified); } } else { return self.success(user); } });
ldap.authenticate(username, password, function(err, user) { ldap.close(function(){}); // We don't care about the closing if (err) { // Invalid credentials / user not found are not errors but login failures if (err.name === 'InvalidCredentialsError' || err.name === 'NoSuchObjectError' || (typeof err === 'string' && err.match(/no such user/i))) { return this.fail({message: options.invalidCredentials || 'Invalid username/password'}, 401); } if (err.name === 'ConstraintViolationError'){ return this.fail({message: options.constraintViolation || 'Exceeded password retry limit, account locked'}, 401); } // Other errors are (most likely) real errors return this.error(err); } if (!user) return this.fail({message: options.userNotFound || 'Invalid username/password'}, 401); // Execute given verify function if (this.verify) { if (this.options.passReqToCallback && this.options.passAuthOptionsToCallback) { return this.fail({message: options.passToCallback || 'Options passReqToCallback and passAuthOptionsToCallback cannot both be true'}, 401); } else if (this.options.passReqToCallback) { return this.verify(req, user, verify.call(this)); } else if (this.options.passAuthOptionsToCallback) { return this.verify(options, user, verify.call(this)); } else { return this.verify(user, verify.call(this)); } } else { return this.success(user); } }.bind(this));
LdapClient.authenticate(user, password, function(err, ldap_user) { if (err) { // 'No such user' is reported via error self._logger.warn({ user: user, err: err, }, 'LDAP error @{err}') LdapClient.close(function(err) { if (err) { self._logger.warn({ err: err }, 'LDAP error on close @{err}') } }) return callback({ err: err}, false) } if (ldap_user) { var groups = [ user ] if ('memberOf' in ldap_user) { if (!Array.isArray(ldap_user.memberOf)) { ldap_user.memberOf = [ ldap_user.memberOf ] } for (var i = 0; i < ldap_user.memberOf.length; i++) { groups.push("%" + parseDN(ldap_user.memberOf[i]).rdns[0][self._config.groupNameAttribute]) } } } callback(null, groups) LdapClient.close(function(err) { if (err) { self._logger.warn({ err: err }, 'LDAP error on close @{err}') } }) })
ldapauth.authenticate(email, password, function(err, user) { ldapauth.close(function() {}); if (err) { return callback(new Error('Can not authenticate user ' + email + ' : ' + err.message)); } if (!user) { return callback(new Error('Can not authenticate user ' + email + ' : null user')); } return callback(null, user); });
ldap.authenticate(username, password, function(err, user) { ldap.close(function() {}); // We don't care about the closing if (err) { // Invalid credentials / user not found are not errors but login failures if ( err.name === 'InvalidCredentialsError' || err.name === 'NoSuchObjectError' || (typeof err === 'string' && err.match(/no such user/i)) ) { var message = options.invalidCredentials || 'Invalid username/password'; if (err.message) { var ldapComment = err.message.match(/data ([0-9a-fA-F]*), v[0-9a-fA-F]*/); if (ldapComment && ldapComment[1]) { message = messages[ldapComment[1]] || messages['default']; } } return cb({ message: message, code: 401 }); } if (err.name === 'ConstraintViolationError') { return cb({ message: options.constraintViolation || 'Exceeded password retry limit, account locked', code: 401 }); } // Other errors are (most likely) real errors return cb(err); } if (!user) return cb({ message: options.userNotFound || 'Invalid username/password', code: 401 }); // Check that the user is a member of the allowed user group if ( options.group && (!user.memberOf || user.memberOf.indexOf(options.group) === -1) ) { return cb({ message: options.userNotAuthorized || 'Your account is not authorized.', code: 401 }); } _.set(user, 'username', _.get(user, options.usernameField)); return cb(null, user); });