diff --git a/api/.env.example b/api/.env.example index e2fafb7..548c509 100644 --- a/api/.env.example +++ b/api/.env.example @@ -14,7 +14,7 @@ HELMET_COEP=[true|false] if omitted HELMET default will be used DB_CONNECT=mongodb+srv://:@/?retryWrites=true&w=majority -AUTH_PROVIDERS=[ldap|internal] default considered as internal +AUTH_PROVIDERS=[ldap] LDAP_URL= LDAP_BIND_DN= diff --git a/api/src/controllers/group.ts b/api/src/controllers/group.ts index 878a9c0..3a49f43 100644 --- a/api/src/controllers/group.ts +++ b/api/src/controllers/group.ts @@ -251,7 +251,7 @@ const updateUsersListInGroup = async ( message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.` } - if (group.authProvider !== AuthProviderType.Internal) + if (group.authProvider) throw { code: 405, status: 'Method Not Allowed', @@ -266,7 +266,7 @@ const updateUsersListInGroup = async ( message: 'User not found.' } - if (user.authProvider !== AuthProviderType.Internal) + if (user.authProvider) throw { code: 405, status: 'Method Not Allowed', diff --git a/api/src/controllers/user.ts b/api/src/controllers/user.ts index 0c96b55..72f0498 100644 --- a/api/src/controllers/user.ts +++ b/api/src/controllers/user.ts @@ -299,14 +299,19 @@ const updateUser = async ( const user = await User.findOne(findBy) - if ( - user?.authProvider !== AuthProviderType.Internal && - (username !== user?.username || displayName !== user?.displayName) - ) { + if (username && username !== user?.username && user?.authProvider) { throw { code: 405, message: - 'Can not update username and display name of user that is created by an external auth provider.' + 'Can not update username of user that is created by an external auth provider.' + } + } + + if (displayName && displayName !== user?.displayName && user?.authProvider) { + throw { + code: 405, + message: + 'Can not update display name of user that is created by an external auth provider.' } } diff --git a/api/src/model/Group.ts b/api/src/model/Group.ts index bf06c9a..6ac1a26 100644 --- a/api/src/model/Group.ts +++ b/api/src/model/Group.ts @@ -50,8 +50,7 @@ const groupSchema = new Schema({ }, authProvider: { type: String, - enum: AuthProviderType, - default: 'internal' + enum: AuthProviderType }, isActive: { type: Boolean, diff --git a/api/src/model/User.ts b/api/src/model/User.ts index e405317..e63ba6f 100644 --- a/api/src/model/User.ts +++ b/api/src/model/User.ts @@ -71,8 +71,7 @@ const userSchema = new Schema({ }, authProvider: { type: String, - enum: AuthProviderType, - default: 'internal' + enum: AuthProviderType }, isAdmin: { type: Boolean, diff --git a/api/src/utils/verifyEnvVariables.ts b/api/src/utils/verifyEnvVariables.ts index e164dc5..84efa08 100644 --- a/api/src/utils/verifyEnvVariables.ts +++ b/api/src/utils/verifyEnvVariables.ts @@ -9,8 +9,7 @@ export enum ModeType { } export enum AuthProviderType { - LDAP = 'ldap', - Internal = 'internal' + LDAP = 'ldap' } export enum ProtocolType { @@ -111,7 +110,7 @@ const verifyMODE = (): string[] => { } if (process.env.MODE === ModeType.Server) { - const { DB_CONNECT, AUTH_MECHANISM } = process.env + const { DB_CONNECT, AUTH_PROVIDERS } = process.env if (process.env.NODE_ENV !== 'test') { if (!DB_CONNECT) @@ -119,14 +118,12 @@ const verifyMODE = (): string[] => { `- DB_CONNECT is required for PROTOCOL '${ModeType.Server}'` ) - if (AUTH_MECHANISM) { - const authMechanismTypes = Object.values(AuthProviderType) - if (!authMechanismTypes.includes(AUTH_MECHANISM as AuthProviderType)) + if (AUTH_PROVIDERS) { + const authProvidersType = Object.values(AuthProviderType) + if (!authProvidersType.includes(AUTH_PROVIDERS as AuthProviderType)) errors.push( - `- AUTH_MECHANISM '${AUTH_MECHANISM}'\n - valid options ${authMechanismTypes}` + `- AUTH_PROVIDERS '${AUTH_PROVIDERS}'\n - valid options ${authProvidersType}` ) - } else { - process.env.AUTH_MECHANISM = DEFAULTS.AUTH_MECHANISM } } } @@ -307,37 +304,37 @@ const verifyLDAPVariables = () => { LDAP_USERS_BASE_DN, LDAP_GROUPS_BASE_DN, MODE, - AUTH_MECHANISM + AUTH_PROVIDERS } = process.env - if (MODE === ModeType.Server && AUTH_MECHANISM === AuthProviderType.LDAP) { + if (MODE === ModeType.Server && AUTH_PROVIDERS === AuthProviderType.LDAP) { if (!LDAP_URL) { errors.push( - `- LDAP_URL is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'` + `- LDAP_URL is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'` ) } if (!LDAP_BIND_DN) { errors.push( - `- LDAP_BIND_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'` + `- LDAP_BIND_DN is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'` ) } if (!LDAP_BIND_PASSWORD) { errors.push( - `- LDAP_BIND_PASSWORD is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'` + `- LDAP_BIND_PASSWORD is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'` ) } if (!LDAP_USERS_BASE_DN) { errors.push( - `- LDAP_USERS_BASE_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'` + `- LDAP_USERS_BASE_DN is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'` ) } if (!LDAP_GROUPS_BASE_DN) { errors.push( - `- LDAP_GROUPS_BASE_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'` + `- LDAP_GROUPS_BASE_DN is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'` ) } } @@ -347,7 +344,6 @@ const verifyLDAPVariables = () => { const DEFAULTS = { MODE: ModeType.Desktop, - AUTH_MECHANISM: AuthProviderType.Internal, PROTOCOL: ProtocolType.HTTP, PORT: '5000', HELMET_COEP: HelmetCoepType.TRUE,