bitwarden/directory-connector
1
0
Fork 0
mirror of https://github.com/bitwarden/directory-connector synced 2025-12-11 05:43:26 +00:00
Code Issues Releases Wiki Activity

update jslib. tweaks to start tls

Browse Source
This commit is contained in:
Kyle Spearrin
2020-03-04 11:31:35 -05:00
parent 20bb5a4926
commit bf27872973
5 changed files with 39 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jslib

Submodule jslib updated: e1d42f95d9...44b86f5dd0

2
src/app/app.module.ts
View File

@@ -15,6 +15,7 @@ import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
import { AppComponent } from './app.component'; import { AppComponent } from './app.component';
import { CalloutComponent } from 'jslib/angular/components/callout.component';
import { IconComponent } from 'jslib/angular/components/icon.component'; import { IconComponent } from 'jslib/angular/components/icon.component';
import { ModalComponent } from 'jslib/angular/components/modal.component'; import { ModalComponent } from 'jslib/angular/components/modal.component';
@@ -60,6 +61,7 @@ import { SearchCiphersPipe } from 'jslib/angular/pipes/search-ciphers.pipe';
AutofocusDirective, AutofocusDirective,
BlurClickDirective, BlurClickDirective,
BoxRowDirective, BoxRowDirective,
CalloutComponent,
DashboardComponent, DashboardComponent,
EnvironmentComponent, EnvironmentComponent,
FallbackSrcDirective, FallbackSrcDirective,

42
src/app/tabs/settings.component.html
View File

@@ -35,54 +35,64 @@
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="form-check"> <div class="form-check">
<input class="form-check-input" type="checkbox" id="ldapEncrypted" [(ngModel)]="ldap.ssl" name="Encrypted"> <input class="form-check-input" type="checkbox" id="ldapEncrypted" [(ngModel)]="ldap.ssl"
name="Encrypted">
<label class="form-check-label" for="ldapEncrypted">{{'ldapEncrypted' | i18n}}</label> <label class="form-check-label" for="ldapEncrypted">{{'ldapEncrypted' | i18n}}</label>
</div> </div>
</div> </div>
<div class="ml-4" *ngIf="ldap.ssl"> <div class="ml-4" *ngIf="ldap.ssl">
<div class="form-group"> <div class="form-group">
<div class="form-radio"> <div class="form-radio">
<input class="form-radio-input" type="radio" [value]=true id="starttls" [(ngModel)]="ldap.starttls" name="StartTls"> <input class="form-radio-input" type="radio" [value]="false" id="ssl"
<label class="form-radio-label" for="starttls">{{'ldapTls' | i18n}}</label> [(ngModel)]="ldap.startTls" name="SSL">
</div>
<div class="form-radio">
<input class="form-radio-input" type="radio" [value]=false id="ssl" [(ngModel)]="ldap.starttls" name="SSL">
<label class="form-radio-label" for="ssl">{{'ldapSsl' | i18n}}</label> <label class="form-radio-label" for="ssl">{{'ldapSsl' | i18n}}</label>
</div> </div>
<div class="form-radio">
<input class="form-radio-input" type="radio" [value]="true" id="startTls"
[(ngModel)]="ldap.startTls" name="StartTLS">
<label class="form-radio-label" for="startTls">{{'ldapTls' | i18n}}</label>
</div>
</div> </div>
<div class="ml-4" *ngIf="ldap.starttls"> <div class="ml-4" *ngIf="ldap.startTls">
<p>{{'ldapTlsUntrustedDesc' | i18n}}</p> <p>{{'ldapTlsUntrustedDesc' | i18n}}</p>
<div class="form-group"> <div class="form-group">
<label for="tlsCaPath">{{'ldapTlsCa' | i18n}}</label> <label for="tlsCaPath">{{'ldapTlsCa' | i18n}}</label>
<input type="file" class="form-control-file mb-2" id="tlsCaPath_file" <input type="file" class="form-control-file mb-2" id="tlsCaPath_file"
(change)="setSslPath('tlsCaPath')"> (change)="setSslPath('tlsCaPath')">
<input type="text" class="form-control" id="tlsCaPath" name="TLSCaPath" [(ngModel)]="ldap.tlsCaPath"> <input type="text" class="form-control" id="tlsCaPath" name="TLSCaPath"
[(ngModel)]="ldap.tlsCaPath">
</div> </div>
</div> </div>
<div class="ml-4" *ngIf="!ldap.starttls"> <div class="ml-4" *ngIf="!ldap.startTls">
<p>{{'ldapSslUntrustedDesc' | i18n}}</p> <p>{{'ldapSslUntrustedDesc' | i18n}}</p>
<div class="form-group"> <div class="form-group">
<label for="sslCertPath">{{'ldapSslCert' | i18n}}</label> <label for="sslCertPath">{{'ldapSslCert' | i18n}}</label>
<input type="file" class="form-control-file mb-2" id="sslCertPath_file" <input type="file" class="form-control-file mb-2" id="sslCertPath_file"
(change)="setSslPath('sslCertPath')"> (change)="setSslPath('sslCertPath')">
<input type="text" class="form-control" id="sslCertPath" name="SSLCertPath" [(ngModel)]="ldap.sslCertPath"> <input type="text" class="form-control" id="sslCertPath" name="SSLCertPath"
[(ngModel)]="ldap.sslCertPath">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="sslKeyPath">{{'ldapSslKey' | i18n}}</label> <label for="sslKeyPath">{{'ldapSslKey' | i18n}}</label>
<input type="file" class="form-control-file mb-2" id="sslKeyPath_file" (change)="setSslPath('sslKeyPath')"> <input type="file" class="form-control-file mb-2" id="sslKeyPath_file"
<input type="text" class="form-control" id="sslKeyPath" name="SSLKeyPath" [(ngModel)]="ldap.sslKeyPath"> (change)="setSslPath('sslKeyPath')">
<input type="text" class="form-control" id="sslKeyPath" name="SSLKeyPath"
[(ngModel)]="ldap.sslKeyPath">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="sslCaPath">{{'ldapSslCa' | i18n}}</label> <label for="sslCaPath">{{'ldapSslCa' | i18n}}</label>
<input type="file" class="form-control-file mb-2" id="sslCaPath_file" (change)="setSslPath('sslCaPath')"> <input type="file" class="form-control-file mb-2" id="sslCaPath_file"
<input type="text" class="form-control" id="sslCaPath" name="SSLCaPath" [(ngModel)]="ldap.sslCaPath"> (change)="setSslPath('sslCaPath')">
<input type="text" class="form-control" id="sslCaPath" name="SSLCaPath"
[(ngModel)]="ldap.sslCaPath">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="form-check"> <div class="form-check">
<input class="form-check-input" type="checkbox" id="certDoNotVerify" <input class="form-check-input" type="checkbox" id="certDoNotVerify"
[(ngModel)]="ldap.sslAllowUnauthorized" name="CertDoNoVerify"> [(ngModel)]="ldap.sslAllowUnauthorized" name="CertDoNoVerify">
<label class="form-check-label" for="certDoNotVerify">{{'ldapCertDoNotVerify' | i18n}}</label> <label class="form-check-label"
for="certDoNotVerify">{{'ldapCertDoNotVerify' | i18n}}</label>
</div> </div>
</div> </div>
</div> </div>

2
src/models/ldapConfiguration.ts
View File

@@ -1,6 +1,6 @@
export class LdapConfiguration { export class LdapConfiguration {
ssl = false; ssl = false;
starttls = true; startTls = false;
tlsCaPath: string; tlsCaPath: string;
sslAllowUnauthorized = false; sslAllowUnauthorized = false;
sslCertPath: string; sslCertPath: string;

18
src/services/ldap-directory.service.ts
View File

@@ -324,7 +324,7 @@ export class LdapDirectoryService implements DirectoryService {
reject(this.i18nService.t('dirConfigIncomplete')); reject(this.i18nService.t('dirConfigIncomplete'));
return; return;
} }
const protocol = 'ldap' + (this.dirConfig.ssl && !this.dirConfig.starttls ? 's' : ''); const protocol = 'ldap' + (this.dirConfig.ssl && !this.dirConfig.startTls ? 's' : '');
const url = protocol + '://' + this.dirConfig.hostname + const url = protocol + '://' + this.dirConfig.hostname +
':' + this.dirConfig.port; ':' + this.dirConfig.port;
const options: ldap.ClientOptions = { const options: ldap.ClientOptions = {
@@ -333,7 +333,10 @@ export class LdapDirectoryService implements DirectoryService {
const tlsOptions: any = {}; const tlsOptions: any = {};
if (this.dirConfig.ssl) { if (this.dirConfig.ssl) {
if (!this.dirConfig.starttls) { if (this.dirConfig.sslAllowUnauthorized) {
tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized;
}
if (!this.dirConfig.startTls) {
if (this.dirConfig.sslCaPath != null && this.dirConfig.sslCaPath !== '' && if (this.dirConfig.sslCaPath != null && this.dirConfig.sslCaPath !== '' &&
fs.existsSync(this.dirConfig.sslCaPath)) { fs.existsSync(this.dirConfig.sslCaPath)) {
tlsOptions.ca = [fs.readFileSync(this.dirConfig.sslCaPath)]; tlsOptions.ca = [fs.readFileSync(this.dirConfig.sslCaPath)];
@@ -352,9 +355,6 @@ export class LdapDirectoryService implements DirectoryService {
tlsOptions.ca = [fs.readFileSync(this.dirConfig.tlsCaPath)]; tlsOptions.ca = [fs.readFileSync(this.dirConfig.tlsCaPath)];
} }
} }
if (this.dirConfig.sslAllowUnauthorized) {
tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized;
}
} }
if (Object.keys(tlsOptions).length > 0) { if (Object.keys(tlsOptions).length > 0) {
@@ -373,14 +373,14 @@ export class LdapDirectoryService implements DirectoryService {
return; return;
} }
if (this.dirConfig.starttls && this.dirConfig.ssl) { if (this.dirConfig.startTls && this.dirConfig.ssl) {
this.client.starttls(options.tlsOptions, undefined, (err, res) => { this.client.starttls(options.tlsOptions, undefined, (err, res) => {
if (err != null) { if (err != null) {
reject(err.message); reject(err.message);
} else { } else {
this.client.bind(user, pass, (err) => { this.client.bind(user, pass, (err2) => {
if (err != null) { if (err2 != null) {
reject(err.message); reject(err2.message);
} else { } else {
resolve(); resolve();
} }