ldap.authenticate(username, password, function(err, user) {
ldap.close(function(){}); // We don't care about the closing
if (err) {
// Invalid credentials / user not found are not errors but login failures
if (err.name === 'InvalidCredentialsError' || err.name === 'NoSuchObjectError' || (typeof err === 'string' && err.match(/no such user/i))) {
return self.fail('Invalid username/password');
}
// Other errors are (most likely) real errors
return self.error(err);
}
if (!user) {
return self.fail('User not found');
} else {
user = self.mapProfile(user);
}
// Execute given verify function
if (self.verify) {
if (self.options.passReqToCallback) {
return self.verify(req, user, verified);
} else {
return self.verify(user, verified);
}
} else {
return self.success(user);
}
});
ldap.authenticate(username, password, function(err, user) {
ldap.close(function(){}); // We don't care about the closing
if (err) {
// Invalid credentials / user not found are not errors but login failures
if (err.name === 'InvalidCredentialsError' || err.name === 'NoSuchObjectError' || (typeof err === 'string' && err.match(/no such user/i))) {
return this.fail({message: options.invalidCredentials || 'Invalid username/password'}, 401);
}
if (err.name === 'ConstraintViolationError'){
return this.fail({message: options.constraintViolation || 'Exceeded password retry limit, account locked'}, 401);
}
// Other errors are (most likely) real errors
return this.error(err);
}
if (!user) return this.fail({message: options.userNotFound || 'Invalid username/password'}, 401);
// Execute given verify function
if (this.verify) {
if (this.options.passReqToCallback && this.options.passAuthOptionsToCallback) {
return this.fail({message: options.passToCallback || 'Options passReqToCallback and passAuthOptionsToCallback cannot both be true'}, 401);
} else if (this.options.passReqToCallback) {
return this.verify(req, user, verify.call(this));
} else if (this.options.passAuthOptionsToCallback) {
return this.verify(options, user, verify.call(this));
} else {
return this.verify(user, verify.call(this));
}
} else {
return this.success(user);
}
}.bind(this));
LdapClient.authenticate(user, password, function(err, ldap_user) {
if (err) {
// 'No such user' is reported via error
self._logger.warn({
user: user,
err: err,
}, 'LDAP error @{err}')
LdapClient.close(function(err) {
if (err) {
self._logger.warn({
err: err
}, 'LDAP error on close @{err}')
}
})
return callback({ err: err}, false)
}
if (ldap_user) {
var groups = [ user ]
if ('memberOf' in ldap_user) {
if (!Array.isArray(ldap_user.memberOf)) {
ldap_user.memberOf = [ ldap_user.memberOf ]
}
for (var i = 0; i < ldap_user.memberOf.length; i++) {
groups.push("%" + parseDN(ldap_user.memberOf[i]).rdns[0][self._config.groupNameAttribute])
}
}
}
callback(null, groups)
LdapClient.close(function(err) {
if (err) {
self._logger.warn({
err: err
}, 'LDAP error on close @{err}')
}
})
})
ldapauth.authenticate(email, password, function(err, user) {
ldapauth.close(function() {});
if (err) {
return callback(new Error('Can not authenticate user ' + email + ' : ' + err.message));
}
if (!user) {
return callback(new Error('Can not authenticate user ' + email + ' : null user'));
}
return callback(null, user);
});
ldap.authenticate(username, password, function(err, user) {
ldap.close(function() {}); // We don't care about the closing
if (err) {
// Invalid credentials / user not found are not errors but login failures
if (
err.name === 'InvalidCredentialsError' ||
err.name === 'NoSuchObjectError' ||
(typeof err === 'string' && err.match(/no such user/i))
) {
var message = options.invalidCredentials || 'Invalid username/password';
if (err.message) {
var ldapComment = err.message.match(/data ([0-9a-fA-F]*), v[0-9a-fA-F]*/);
if (ldapComment && ldapComment[1]) {
message = messages[ldapComment[1]] || messages['default'];
}
}
return cb({
message: message,
code: 401
});
}
if (err.name === 'ConstraintViolationError') {
return cb({
message: options.constraintViolation || 'Exceeded password retry limit, account locked',
code: 401
});
}
// Other errors are (most likely) real errors
return cb(err);
}
if (!user) return cb({
message: options.userNotFound || 'Invalid username/password',
code: 401
});
// Check that the user is a member of the allowed user group
if (
options.group &&
(!user.memberOf || user.memberOf.indexOf(options.group) === -1)
) {
return cb({
message: options.userNotAuthorized || 'Your account is not authorized.',
code: 401
});
}
_.set(user, 'username', _.get(user, options.usernameField));
return cb(null, user);
});