fix: ldap issues

logic fixed for updating user created by external auth provider remove internal from AuthProviderType replace AUTH_MECHANISM with AUTH_PROVIDERS
2025-12-10 19:34:34 +00:00 · 2022-10-03 21:24:10 +05:00
parent 042ed41189
commit 4d64420c45
6 changed files with 28 additions and 29 deletions
--- a/api/.env.example
+++ b/api/.env.example
@@ -14,7 +14,7 @@ HELMET_COEP=[true|false] if omitted HELMET default will be used

 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority

-AUTH_PROVIDERS=[ldap|internal] default considered as internal
+AUTH_PROVIDERS=[ldap]

 LDAP_URL= <LDAP_SERVER_URL>
 LDAP_BIND_DN= <cn=admin,ou=system,dc=cloudron>
--- a/api/src/controllers/group.ts
+++ b/api/src/controllers/group.ts
@@ -251,7 +251,7 @@ const updateUsersListInGroup = async (
      message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
    }

-  if (group.authProvider !== AuthProviderType.Internal)
+  if (group.authProvider)
    throw {
      code: 405,
      status: 'Method Not Allowed',
@@ -266,7 +266,7 @@ const updateUsersListInGroup = async (
      message: 'User not found.'
    }

-  if (user.authProvider !== AuthProviderType.Internal)
+  if (user.authProvider)
    throw {
      code: 405,
      status: 'Method Not Allowed',
--- a/api/src/controllers/user.ts
+++ b/api/src/controllers/user.ts
@@ -299,14 +299,19 @@ const updateUser = async (

  const user = await User.findOne(findBy)

-  if (
-    user?.authProvider !== AuthProviderType.Internal &&
-    (username !== user?.username || displayName !== user?.displayName)
-  ) {
+  if (username && username !== user?.username && user?.authProvider) {
    throw {
      code: 405,
      message:
-        'Can not update username and display name of user that is created by an external auth provider.'
+        'Can not update username of user that is created by an external auth provider.'
+    }
+  }
+
+  if (displayName && displayName !== user?.displayName && user?.authProvider) {
+    throw {
+      code: 405,
+      message:
+        'Can not update display name of user that is created by an external auth provider.'
    }
  }

--- a/api/src/model/Group.ts
+++ b/api/src/model/Group.ts
@@ -50,8 +50,7 @@ const groupSchema = new Schema<IGroupDocument>({
  },
  authProvider: {
    type: String,
-    enum: AuthProviderType,
-    default: 'internal'
+    enum: AuthProviderType
  },
  isActive: {
    type: Boolean,
--- a/api/src/model/User.ts
+++ b/api/src/model/User.ts
@@ -71,8 +71,7 @@ const userSchema = new Schema<IUserDocument>({
  },
  authProvider: {
    type: String,
-    enum: AuthProviderType,
-    default: 'internal'
+    enum: AuthProviderType
  },
  isAdmin: {
    type: Boolean,
--- a/api/src/utils/verifyEnvVariables.ts
+++ b/api/src/utils/verifyEnvVariables.ts
@@ -9,8 +9,7 @@ export enum ModeType {
 }

 export enum AuthProviderType {
-  LDAP = 'ldap',
-  Internal = 'internal'
+  LDAP = 'ldap'
 }

 export enum ProtocolType {
@@ -111,7 +110,7 @@ const verifyMODE = (): string[] => {
  }

  if (process.env.MODE === ModeType.Server) {
-    const { DB_CONNECT, AUTH_MECHANISM } = process.env
+    const { DB_CONNECT, AUTH_PROVIDERS } = process.env

    if (process.env.NODE_ENV !== 'test') {
      if (!DB_CONNECT)
@@ -119,14 +118,12 @@ const verifyMODE = (): string[] => {
          `- DB_CONNECT is required for PROTOCOL '${ModeType.Server}'`
        )

-      if (AUTH_MECHANISM) {
-        const authMechanismTypes = Object.values(AuthProviderType)
-        if (!authMechanismTypes.includes(AUTH_MECHANISM as AuthProviderType))
+      if (AUTH_PROVIDERS) {
+        const authProvidersType = Object.values(AuthProviderType)
+        if (!authProvidersType.includes(AUTH_PROVIDERS as AuthProviderType))
          errors.push(
-            `- AUTH_MECHANISM '${AUTH_MECHANISM}'\n - valid options ${authMechanismTypes}`
+            `- AUTH_PROVIDERS '${AUTH_PROVIDERS}'\n - valid options ${authProvidersType}`
          )
-      } else {
-        process.env.AUTH_MECHANISM = DEFAULTS.AUTH_MECHANISM
      }
    }
  }
@@ -307,37 +304,37 @@ const verifyLDAPVariables = () => {
    LDAP_USERS_BASE_DN,
    LDAP_GROUPS_BASE_DN,
    MODE,
-    AUTH_MECHANISM
+    AUTH_PROVIDERS
  } = process.env

-  if (MODE === ModeType.Server && AUTH_MECHANISM === AuthProviderType.LDAP) {
+  if (MODE === ModeType.Server && AUTH_PROVIDERS === AuthProviderType.LDAP) {
    if (!LDAP_URL) {
      errors.push(
-        `- LDAP_URL is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
+        `- LDAP_URL is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'`
      )
    }

    if (!LDAP_BIND_DN) {
      errors.push(
-        `- LDAP_BIND_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
+        `- LDAP_BIND_DN is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'`
      )
    }

    if (!LDAP_BIND_PASSWORD) {
      errors.push(
-        `- LDAP_BIND_PASSWORD is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
+        `- LDAP_BIND_PASSWORD is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'`
      )
    }

    if (!LDAP_USERS_BASE_DN) {
      errors.push(
-        `- LDAP_USERS_BASE_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
+        `- LDAP_USERS_BASE_DN is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'`
      )
    }

    if (!LDAP_GROUPS_BASE_DN) {
      errors.push(
-        `- LDAP_GROUPS_BASE_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
+        `- LDAP_GROUPS_BASE_DN is required for AUTH_PROVIDER '${AuthProviderType.LDAP}'`
      )
    }
  }
@@ -347,7 +344,6 @@ const verifyLDAPVariables = () => {

 const DEFAULTS = {
  MODE: ModeType.Desktop,
-  AUTH_MECHANISM: AuthProviderType.Internal,
  PROTOCOL: ProtocolType.HTTP,
  PORT: '5000',
  HELMET_COEP: HelmetCoepType.TRUE,