chore(release): 0.22.0 [skip ci]

# [0.22.0](https://github.com/sasjs/server/compare/v0.21.7...v0.22.0) (2022-10-03) ### Bug Fixes * do not throw error on deleting group when it is created by an external auth provider ([68f0c5c](68f0c5c588)) * no need to restrict api endpoints when ldap auth is applied ([a142660](a14266077d)) * remove authProvider attribute from user and group payload interface ([bbd7786](bbd7786c6c)) ### Features * implemented LDAP authentication ([f915c51](f915c51b07))
Merge pull request #293 from sasjs/ldap
2025-12-10 19:34:34 +00:00 · 2022-10-03 12:13:18 +00:00 · 2022-10-03 13:09:07 +01:00 · 2022-10-01 16:08:29 +05:00 · 2022-10-01 15:06:55 +05:00 · 2022-10-01 14:52:36 +05:00
45 changed files with 1402 additions and 232 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,52 @@
 # [0.22.0](https://github.com/sasjs/server/compare/v0.21.7...v0.22.0) (2022-10-03)
 ### Bug Fixes
 * do not throw error on deleting group when it is created by an external auth provider ([68f0c5c](https://github.com/sasjs/server/commit/68f0c5c5884431e7e8f586dccf98132abebb193e))
 * no need to restrict api endpoints when ldap auth is applied ([a142660](https://github.com/sasjs/server/commit/a14266077d3541c7a33b7635efa4208335e73519))
 * remove authProvider attribute from user and group payload interface ([bbd7786](https://github.com/sasjs/server/commit/bbd7786c6ce13b374d896a45c23255b8fa3e8bd2))
 ### Features
 * implemented LDAP authentication ([f915c51](https://github.com/sasjs/server/commit/f915c51b077a2b8c4099727355ed914ecd6364bd))
 ## [0.21.7](https://github.com/sasjs/server/compare/v0.21.6...v0.21.7) (2022-09-30)
 ### Bug Fixes
 * csrf package is changed to pillarjs-csrf ([fe3e508](https://github.com/sasjs/server/commit/fe3e5088f8dfff50042ec8e8aac9ba5ba1394deb))
 ## [0.21.6](https://github.com/sasjs/server/compare/v0.21.5...v0.21.6) (2022-09-23)
 ### Bug Fixes
 * in getTokensFromDB handle the scenario when tokens are expired ([40f95f9](https://github.com/sasjs/server/commit/40f95f9072c8685910138d88fd2410f8704fc975))
 ## [0.21.5](https://github.com/sasjs/server/compare/v0.21.4...v0.21.5) (2022-09-22)
 ### Bug Fixes
 * made files extensions case insensitive ([2496043](https://github.com/sasjs/server/commit/249604384e42be4c12c88c70a7dff90fc1917a8f))
 ## [0.21.4](https://github.com/sasjs/server/compare/v0.21.3...v0.21.4) (2022-09-21)
 ### Bug Fixes
 * removing single quotes from _program value ([a0e7875](https://github.com/sasjs/server/commit/a0e7875ae61cbb6e7d3995d2e36e7300b0daec86))
 ## [0.21.3](https://github.com/sasjs/server/compare/v0.21.2...v0.21.3) (2022-09-21)
 ### Bug Fixes
 * return same tokens if not expired ([330c020](https://github.com/sasjs/server/commit/330c020933f1080261b38f07d6b627f6d7c62446))
 ## [0.21.2](https://github.com/sasjs/server/compare/v0.21.1...v0.21.2) (2022-09-20)
--- a/README.md
+++ b/README.md
@@ -125,9 +125,19 @@ PRIVATE_KEY=privkey.pem (required)
 CERT_CHAIN=certificate.pem (required)
 CA_ROOT=fullchain.pem (optional)
-# ENV variables required for MODE: `server`
+## ENV variables required for MODE: `server`
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
 # AUTH_PROVIDERS options: [ldap|internal] default: `internal`
 AUTH_PROVIDERS=
 ## ENV variables required for AUTH_MECHANISM: `ldap`
 LDAP_URL= <LDAP_SERVER_URL>
 LDAP_BIND_DN= <cn=admin,ou=system,dc=cloudron>
 LDAP_BIND_PASSWORD = <password>
 LDAP_USERS_BASE_DN = <ou=users,dc=cloudron>
 LDAP_GROUPS_BASE_DN = <ou=groups,dc=cloudron>
 # options: [disable|enable] default: `disable` for `server` & `enable` for `desktop`
 # If enabled, be sure to also configure the WHITELIST of third party servers.
 CORS=
--- a/api/.env.example
+++ b/api/.env.example
@@ -14,6 +14,14 @@ HELMET_COEP=[true|false] if omitted HELMET default will be used
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
 AUTH_PROVIDERS=[ldap|internal] default considered as internal
 LDAP_URL= <LDAP_SERVER_URL>
 LDAP_BIND_DN= <cn=admin,ou=system,dc=cloudron>
 LDAP_BIND_PASSWORD = <password>
 LDAP_USERS_BASE_DN = <ou=users,dc=cloudron>
 LDAP_GROUPS_BASE_DN = <ou=groups,dc=cloudron>
 RUN_TIMES=[sas,js,py | js,py | sas | sas,js] default considered as sas
 SAS_PATH=/opt/sas/sas9/SASHome/SASFoundation/9.4/sas
 NODE_PATH=~/.nvm/versions/node/v16.14.0/bin/node
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -14,12 +14,12 @@
        "connect-mongo": "^4.6.0",
        "cookie-parser": "^1.4.6",
        "cors": "^2.8.5",
        "csurf": "^1.11.0",
        "express": "^4.17.1",
        "express-session": "^1.17.2",
        "helmet": "^5.0.2",
        "joi": "^17.4.2",
        "jsonwebtoken": "^8.5.1",
        "ldapjs": "2.3.3",
        "mongoose": "^6.0.12",
        "mongoose-sequence": "^5.3.1",
        "morgan": "^1.10.0",
@@ -37,11 +37,11 @@
        "@types/bcryptjs": "^2.4.2",
        "@types/cookie-parser": "^1.4.2",
        "@types/cors": "^2.8.12",
        "@types/csurf": "^1.11.2",
        "@types/express": "^4.17.12",
        "@types/express-session": "^1.17.4",
        "@types/jest": "^26.0.24",
        "@types/jsonwebtoken": "^8.5.5",
        "@types/ldapjs": "^2.2.4",
        "@types/mongoose-sequence": "^3.0.6",
        "@types/morgan": "^1.9.3",
        "@types/multer": "^1.4.7",
@@ -50,6 +50,7 @@
        "@types/swagger-ui-express": "^4.1.3",
        "@types/unzipper": "^0.10.5",
        "adm-zip": "^0.5.9",
        "csrf": "^3.1.0",
        "dotenv": "^10.0.0",
        "http-headers-validation": "^0.0.1",
        "jest": "^27.0.6",
@@ -1833,15 +1834,6 @@
      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
      "dev": true
    },
    "node_modules/@types/csurf": {
      "version": "1.11.2",
      "resolved": "https://registry.npmjs.org/@types/csurf/-/csurf-1.11.2.tgz",
      "integrity": "sha512-9bc98EnwmC1S0aSJiA8rWwXtgXtXHHOQOsGHptImxFgqm6CeH+mIOunHRg6+/eg2tlmDMX3tY7XrWxo2M/nUNQ==",
      "dev": true,
      "dependencies": {
        "@types/express-serve-static-core": "*"
      }
    },
    "node_modules/@types/express": {
      "version": "4.17.12",
      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.12.tgz",
@@ -2044,6 +2036,15 @@
        "@types/node": "*"
      }
    },
    "node_modules/@types/ldapjs": {
      "version": "2.2.4",
      "resolved": "https://registry.npmjs.org/@types/ldapjs/-/ldapjs-2.2.4.tgz",
      "integrity": "sha512-+ZMVolW4N1zpnQ4SgH8nfpIFuiDOfbnXSbwQoBiLaq8mF0vo8FOKotQzKkfoWxbV0lWU1d4V+keZZ07klyOSng==",
      "dev": true,
      "dependencies": {
        "@types/node": "*"
      }
    },
    "node_modules/@types/mime": {
      "version": "1.3.2",
      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.2.tgz",
@@ -2219,6 +2220,11 @@
      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
      "dev": true
    },
    "node_modules/abstract-logging": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/abstract-logging/-/abstract-logging-2.0.1.tgz",
      "integrity": "sha512-2BjRTZxTPvheOvGbBslFSYOUkr+SjPtOnrLP33f+VIWLzezQpZcqVg7ja3L4dBXmzzgwT+a029jRx5PCi3JuiA=="
    },
    "node_modules/accepts": {
      "version": "1.3.7",
      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
@@ -2474,6 +2480,14 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/asn1": {
      "version": "0.2.6",
      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
      "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
      "dependencies": {
        "safer-buffer": "~2.1.0"
      }
    },
    "node_modules/asn1.js": {
      "version": "5.4.1",
      "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
@@ -2485,6 +2499,14 @@
        "safer-buffer": "^2.1.0"
      }
    },
    "node_modules/assert-plus": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
      "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==",
      "engines": {
        "node": ">=0.8"
      }
    },
    "node_modules/async": {
      "version": "2.6.4",
      "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz",
@@ -2646,6 +2668,17 @@
        "@babel/core": "^7.0.0"
      }
    },
    "node_modules/backoff": {
      "version": "2.5.0",
      "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
      "integrity": "sha512-wC5ihrnUXmR2douXmXLCe5O3zg3GKIyvRi/hi58a/XyRxVI+3/yM0PYueQOZXPXQ9pxBislYkw+sF9b7C/RuMA==",
      "dependencies": {
        "precond": "0.2"
      },
      "engines": {
        "node": ">= 0.6"
      }
    },
    "node_modules/balanced-match": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
@@ -3336,6 +3369,7 @@
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/csrf/-/csrf-3.1.0.tgz",
      "integrity": "sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==",
      "dev": true,
      "dependencies": {
        "rndm": "1.2.0",
        "tsscmp": "1.0.6",
@@ -3369,40 +3403,6 @@
      "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==",
      "dev": true
    },
    "node_modules/csurf": {
      "version": "1.11.0",
      "resolved": "https://registry.npmjs.org/csurf/-/csurf-1.11.0.tgz",
      "integrity": "sha512-UCtehyEExKTxgiu8UHdGvHj4tnpE/Qctue03Giq5gPgMQ9cg/ciod5blZQ5a4uCEenNQjxyGuzygLdKUmee/bQ==",
      "dependencies": {
        "cookie": "0.4.0",
        "cookie-signature": "1.0.6",
        "csrf": "3.1.0",
        "http-errors": "~1.7.3"
      },
      "engines": {
        "node": ">= 0.8.0"
      }
    },
    "node_modules/csurf/node_modules/http-errors": {
      "version": "1.7.3",
      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz",
      "integrity": "sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==",
      "dependencies": {
        "depd": "~1.1.2",
        "inherits": "2.0.4",
        "setprototypeof": "1.1.1",
        "statuses": ">= 1.5.0 < 2",
        "toidentifier": "1.0.0"
      },
      "engines": {
        "node": ">= 0.6"
      }
    },
    "node_modules/csurf/node_modules/inherits": {
      "version": "2.0.4",
      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
    },
    "node_modules/csv-stringify": {
      "version": "5.6.5",
      "resolved": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz",
@@ -4049,6 +4049,14 @@
        }
      ]
    },
    "node_modules/extsprintf": {
      "version": "1.4.1",
      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.4.1.tgz",
      "integrity": "sha512-Wrk35e8ydCKDj/ArClo1VrPVmN8zph5V4AtHwIuHhvMXsKf73UT3BOD+azBIW+3wOJ4FhEH7zyaJCFvChjYvMA==",
      "engines": [
        "node >=0.6.0"
      ]
    },
    "node_modules/fast-glob": {
      "version": "3.2.11",
      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.11.tgz",
@@ -6761,6 +6769,35 @@
        "node": ">8"
      }
    },
    "node_modules/ldap-filter": {
      "version": "0.3.3",
      "resolved": "https://registry.npmjs.org/ldap-filter/-/ldap-filter-0.3.3.tgz",
      "integrity": "sha512-/tFkx5WIn4HuO+6w9lsfxq4FN3O+fDZeO9Mek8dCD8rTUpqzRa766BOBO7BcGkn3X86m5+cBm1/2S/Shzz7gMg==",
      "dependencies": {
        "assert-plus": "^1.0.0"
      },
      "engines": {
        "node": ">=0.8"
      }
    },
    "node_modules/ldapjs": {
      "version": "2.3.3",
      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.3.3.tgz",
      "integrity": "sha512-75QiiLJV/PQqtpH+HGls44dXweviFwQ6SiIK27EqzKQ5jU/7UFrl2E5nLdQ3IYRBzJ/AVFJI66u0MZ0uofKYwg==",
      "dependencies": {
        "abstract-logging": "^2.0.0",
        "asn1": "^0.2.4",
        "assert-plus": "^1.0.0",
        "backoff": "^2.5.0",
        "ldap-filter": "^0.3.3",
        "once": "^1.4.0",
        "vasync": "^2.2.0",
        "verror": "^1.8.1"
      },
      "engines": {
        "node": ">=10.13.0"
      }
    },
    "node_modules/leven": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz",
@@ -8050,6 +8087,14 @@
        "node": ">=6"
      }
    },
    "node_modules/precond": {
      "version": "0.2.3",
      "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
      "integrity": "sha512-QCYG84SgGyGzqJ/vlMsxeXd/pgL/I94ixdNFyh1PusWmTCyVfPJjZ1K1jvHtsbfnXQs2TSkEP2fR7QiMZAnKFQ==",
      "engines": {
        "node": ">= 0.6"
      }
    },
    "node_modules/prelude-ls": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
@@ -8377,7 +8422,8 @@
    "node_modules/rndm": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/rndm/-/rndm-1.2.0.tgz",
-      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w="
+      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w=",
      "dev": true
    },
    "node_modules/rotating-file-stream": {
      "version": "3.0.4",
@@ -9389,6 +9435,7 @@
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==",
      "dev": true,
      "engines": {
        "node": ">=0.6.x"
      }
@@ -9646,6 +9693,43 @@
        "node": ">= 0.8"
      }
    },
    "node_modules/vasync": {
      "version": "2.2.1",
      "resolved": "https://registry.npmjs.org/vasync/-/vasync-2.2.1.tgz",
      "integrity": "sha512-Hq72JaTpcTFdWiNA4Y22Amej2GH3BFmBaKPPlDZ4/oC8HNn2ISHLkFrJU4Ds8R3jcUi7oo5Y9jcMHKjES+N9wQ==",
      "engines": [
        "node >=0.6.0"
      ],
      "dependencies": {
        "verror": "1.10.0"
      }
    },
    "node_modules/vasync/node_modules/verror": {
      "version": "1.10.0",
      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
      "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==",
      "engines": [
        "node >=0.6.0"
      ],
      "dependencies": {
        "assert-plus": "^1.0.0",
        "core-util-is": "1.0.2",
        "extsprintf": "^1.2.0"
      }
    },
    "node_modules/verror": {
      "version": "1.10.1",
      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.1.tgz",
      "integrity": "sha512-veufcmxri4e3XSrT0xwfUR7kguIkaxBeosDg00yDWhk49wdwkSUrvvsm7nc75e1PUyvIeZj6nS8VQRYz2/S4Xg==",
      "dependencies": {
        "assert-plus": "^1.0.0",
        "core-util-is": "1.0.2",
        "extsprintf": "^1.2.0"
      },
      "engines": {
        "node": ">=0.6.0"
      }
    },
    "node_modules/w3c-hr-time": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz",
@@ -11361,15 +11445,6 @@
      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
      "dev": true
    },
    "@types/csurf": {
      "version": "1.11.2",
      "resolved": "https://registry.npmjs.org/@types/csurf/-/csurf-1.11.2.tgz",
      "integrity": "sha512-9bc98EnwmC1S0aSJiA8rWwXtgXtXHHOQOsGHptImxFgqm6CeH+mIOunHRg6+/eg2tlmDMX3tY7XrWxo2M/nUNQ==",
      "dev": true,
      "requires": {
        "@types/express-serve-static-core": "*"
      }
    },
    "@types/express": {
      "version": "4.17.12",
      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.12.tgz",
@@ -11547,6 +11622,15 @@
        "@types/node": "*"
      }
    },
    "@types/ldapjs": {
      "version": "2.2.4",
      "resolved": "https://registry.npmjs.org/@types/ldapjs/-/ldapjs-2.2.4.tgz",
      "integrity": "sha512-+ZMVolW4N1zpnQ4SgH8nfpIFuiDOfbnXSbwQoBiLaq8mF0vo8FOKotQzKkfoWxbV0lWU1d4V+keZZ07klyOSng==",
      "dev": true,
      "requires": {
        "@types/node": "*"
      }
    },
    "@types/mime": {
      "version": "1.3.2",
      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.2.tgz",
@@ -11721,6 +11805,11 @@
      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
      "dev": true
    },
    "abstract-logging": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/abstract-logging/-/abstract-logging-2.0.1.tgz",
      "integrity": "sha512-2BjRTZxTPvheOvGbBslFSYOUkr+SjPtOnrLP33f+VIWLzezQpZcqVg7ja3L4dBXmzzgwT+a029jRx5PCi3JuiA=="
    },
    "accepts": {
      "version": "1.3.7",
      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
@@ -11919,6 +12008,14 @@
        "is-string": "^1.0.7"
      }
    },
    "asn1": {
      "version": "0.2.6",
      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
      "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
      "requires": {
        "safer-buffer": "~2.1.0"
      }
    },
    "asn1.js": {
      "version": "5.4.1",
      "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
@@ -11930,6 +12027,11 @@
        "safer-buffer": "^2.1.0"
      }
    },
    "assert-plus": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
      "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw=="
    },
    "async": {
      "version": "2.6.4",
      "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz",
@@ -12057,6 +12159,14 @@
        "babel-preset-current-node-syntax": "^1.0.0"
      }
    },
    "backoff": {
      "version": "2.5.0",
      "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
      "integrity": "sha512-wC5ihrnUXmR2douXmXLCe5O3zg3GKIyvRi/hi58a/XyRxVI+3/yM0PYueQOZXPXQ9pxBislYkw+sF9b7C/RuMA==",
      "requires": {
        "precond": "0.2"
      }
    },
    "balanced-match": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
@@ -12584,6 +12694,7 @@
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/csrf/-/csrf-3.1.0.tgz",
      "integrity": "sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==",
      "dev": true,
      "requires": {
        "rndm": "1.2.0",
        "tsscmp": "1.0.6",
@@ -12613,36 +12724,6 @@
        }
      }
    },
    "csurf": {
      "version": "1.11.0",
      "resolved": "https://registry.npmjs.org/csurf/-/csurf-1.11.0.tgz",
      "integrity": "sha512-UCtehyEExKTxgiu8UHdGvHj4tnpE/Qctue03Giq5gPgMQ9cg/ciod5blZQ5a4uCEenNQjxyGuzygLdKUmee/bQ==",
      "requires": {
        "cookie": "0.4.0",
        "cookie-signature": "1.0.6",
        "csrf": "3.1.0",
        "http-errors": "~1.7.3"
      },
      "dependencies": {
        "http-errors": {
          "version": "1.7.3",
          "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz",
          "integrity": "sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==",
          "requires": {
            "depd": "~1.1.2",
            "inherits": "2.0.4",
            "setprototypeof": "1.1.1",
            "statuses": ">= 1.5.0 < 2",
            "toidentifier": "1.0.0"
          }
        },
        "inherits": {
          "version": "2.0.4",
          "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
          "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
        }
      }
    },
    "csv-stringify": {
      "version": "5.6.5",
      "resolved": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz",
@@ -13136,6 +13217,11 @@
        }
      }
    },
    "extsprintf": {
      "version": "1.4.1",
      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.4.1.tgz",
      "integrity": "sha512-Wrk35e8ydCKDj/ArClo1VrPVmN8zph5V4AtHwIuHhvMXsKf73UT3BOD+azBIW+3wOJ4FhEH7zyaJCFvChjYvMA=="
    },
    "fast-glob": {
      "version": "3.2.11",
      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.11.tgz",
@@ -15176,6 +15262,29 @@
        "asn1.js": "^5.4.1"
      }
    },
    "ldap-filter": {
      "version": "0.3.3",
      "resolved": "https://registry.npmjs.org/ldap-filter/-/ldap-filter-0.3.3.tgz",
      "integrity": "sha512-/tFkx5WIn4HuO+6w9lsfxq4FN3O+fDZeO9Mek8dCD8rTUpqzRa766BOBO7BcGkn3X86m5+cBm1/2S/Shzz7gMg==",
      "requires": {
        "assert-plus": "^1.0.0"
      }
    },
    "ldapjs": {
      "version": "2.3.3",
      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.3.3.tgz",
      "integrity": "sha512-75QiiLJV/PQqtpH+HGls44dXweviFwQ6SiIK27EqzKQ5jU/7UFrl2E5nLdQ3IYRBzJ/AVFJI66u0MZ0uofKYwg==",
      "requires": {
        "abstract-logging": "^2.0.0",
        "asn1": "^0.2.4",
        "assert-plus": "^1.0.0",
        "backoff": "^2.5.0",
        "ldap-filter": "^0.3.3",
        "once": "^1.4.0",
        "vasync": "^2.2.0",
        "verror": "^1.8.1"
      }
    },
    "leven": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz",
@@ -16147,6 +16256,11 @@
        "tunnel-agent": "^0.6.0"
      }
    },
    "precond": {
      "version": "0.2.3",
      "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
      "integrity": "sha512-QCYG84SgGyGzqJ/vlMsxeXd/pgL/I94ixdNFyh1PusWmTCyVfPJjZ1K1jvHtsbfnXQs2TSkEP2fR7QiMZAnKFQ=="
    },
    "prelude-ls": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
@@ -16379,7 +16493,8 @@
    "rndm": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/rndm/-/rndm-1.2.0.tgz",
-      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w="
+      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w=",
      "dev": true
    },
    "rotating-file-stream": {
      "version": "3.0.4",
@@ -17134,7 +17249,8 @@
    "tsscmp": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
-      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA=="
+      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==",
      "dev": true
    },
    "tunnel-agent": {
      "version": "0.6.0",
@@ -17340,6 +17456,36 @@
      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
    },
    "vasync": {
      "version": "2.2.1",
      "resolved": "https://registry.npmjs.org/vasync/-/vasync-2.2.1.tgz",
      "integrity": "sha512-Hq72JaTpcTFdWiNA4Y22Amej2GH3BFmBaKPPlDZ4/oC8HNn2ISHLkFrJU4Ds8R3jcUi7oo5Y9jcMHKjES+N9wQ==",
      "requires": {
        "verror": "1.10.0"
      },
      "dependencies": {
        "verror": {
          "version": "1.10.0",
          "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
          "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==",
          "requires": {
            "assert-plus": "^1.0.0",
            "core-util-is": "1.0.2",
            "extsprintf": "^1.2.0"
          }
        }
      }
    },
    "verror": {
      "version": "1.10.1",
      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.1.tgz",
      "integrity": "sha512-veufcmxri4e3XSrT0xwfUR7kguIkaxBeosDg00yDWhk49wdwkSUrvvsm7nc75e1PUyvIeZj6nS8VQRYz2/S4Xg==",
      "requires": {
        "assert-plus": "^1.0.0",
        "core-util-is": "1.0.2",
        "extsprintf": "^1.2.0"
      }
    },
    "w3c-hr-time": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz",
--- a/api/package.json
+++ b/api/package.json
@@ -53,12 +53,12 @@
    "connect-mongo": "^4.6.0",
    "cookie-parser": "^1.4.6",
    "cors": "^2.8.5",
    "csurf": "^1.11.0",
    "express": "^4.17.1",
    "express-session": "^1.17.2",
    "helmet": "^5.0.2",
    "joi": "^17.4.2",
    "jsonwebtoken": "^8.5.1",
    "ldapjs": "2.3.3",
    "mongoose": "^6.0.12",
    "mongoose-sequence": "^5.3.1",
    "morgan": "^1.10.0",
@@ -73,11 +73,11 @@
    "@types/bcryptjs": "^2.4.2",
    "@types/cookie-parser": "^1.4.2",
    "@types/cors": "^2.8.12",
    "@types/csurf": "^1.11.2",
    "@types/express": "^4.17.12",
    "@types/express-session": "^1.17.4",
    "@types/jest": "^26.0.24",
    "@types/jsonwebtoken": "^8.5.5",
    "@types/ldapjs": "^2.2.4",
    "@types/mongoose-sequence": "^3.0.6",
    "@types/morgan": "^1.9.3",
    "@types/multer": "^1.4.7",
@@ -86,6 +86,7 @@
    "@types/swagger-ui-express": "^4.1.3",
    "@types/unzipper": "^0.10.5",
    "adm-zip": "^0.5.9",
    "csrf": "^3.1.0",
    "dotenv": "^10.0.0",
    "http-headers-validation": "^0.0.1",
    "jest": "^27.0.6",
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -622,6 +622,51 @@ paths:
                -
                    bearerAuth: []
            parameters: []
    /SASjsApi/authConfig:
        get:
            operationId: GetDetail
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema: {}
                            examples:
                                'Example 1':
                                    value: {ldap: {LDAP_URL: 'ldaps://my.ldap.server:636', LDAP_BIND_DN: 'cn=admin,ou=system,dc=cloudron', LDAP_BIND_PASSWORD: secret, LDAP_USERS_BASE_DN: 'ou=users,dc=cloudron', LDAP_GROUPS_BASE_DN: 'ou=groups,dc=cloudron'}}
            summary: 'Gives the detail of Auth Mechanism.'
            tags:
                - Auth_Config
            security:
                -
                    bearerAuth: []
            parameters: []
    /SASjsApi/authConfig/synchronizeWithLDAP:
        post:
            operationId: SynchronizeWithLDAP
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                properties:
                                    groupCount: {type: number, format: double}
                                    userCount: {type: number, format: double}
                                required:
                                    - groupCount
                                    - userCount
                                type: object
                            examples:
                                'Example 1':
                                    value: {users: 5, groups: 3}
            summary: 'Synchronizes LDAP users and groups with internal DB and returns the count of imported users and groups.'
            tags:
                - Auth_Config
            security:
                -
                    bearerAuth: []
            parameters: []
    /SASjsApi/client:
        post:
            operationId: CreateClient
@@ -660,8 +705,8 @@ paths:
                                anyOf:
                                    - {type: string}
                                    - {type: string, format: byte}
-            description: 'Execute SAS code.'
+            description: 'Execute Code on the Specified Runtime'
-            summary: 'Run SAS Code and returns log'
+            summary: 'Run Code and Return Webout Content and Log'
            tags:
                - Code
            security:
@@ -1686,7 +1731,7 @@ paths:
                                    - {type: string}
                                    - {type: string, format: byte}
            description: "Trigger a Stored Program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
-            summary: 'Execute a Stored Program, return a JSON object'
+            summary: 'Execute a Stored Program, returns _webout and (optionally) log.'
            tags:
                - STP
            security:
@@ -1794,6 +1839,9 @@ tags:
    -
        name: Auth
        description: 'Operations about auth'
    -
        name: Auth_Config
        description: 'Operations about external auth providers'
    -
        name: Client
        description: 'Operations about clients'
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -1,6 +1,5 @@
 import path from 'path'
-import express, { ErrorRequestHandler } from 'express'
+import express, { ErrorRequestHandler, CookieOptions } from 'express'
 import csrf, { CookieOptions } from 'csurf'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'
@@ -39,15 +38,7 @@ export const cookieOptions: CookieOptions = {
  maxAge: 24 * 60 * 60 * 1000 // 24 hours
 }
 /***********************************
 *         CSRF Protection         *
 ***********************************/
 export const csrfProtection = csrf({ cookie: cookieOptions })
 const onError: ErrorRequestHandler = (err, req, res, next) => {
  if (err.code === 'EBADCSRFTOKEN')
    return res.status(400).send('Invalid CSRF token!')
  console.error(err.stack)
  res.status(500).send('Something broke!')
 }
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -4,6 +4,7 @@ import { InfoJWT } from '../types'
 import {
  generateAccessToken,
  generateRefreshToken,
  getTokensFromDB,
  removeTokensInDB,
  saveTokensInDB
 } from '../utils'
@@ -73,6 +74,15 @@ const token = async (data: any): Promise<TokenResponse> => {
  AuthController.deleteCode(userInfo.userId, clientId)
  // get tokens from DB
  const existingTokens = await getTokensFromDB(userInfo.userId, clientId)
  if (existingTokens) {
    return {
      accessToken: existingTokens.accessToken,
      refreshToken: existingTokens.refreshToken
    }
  }
  const accessToken = generateAccessToken(userInfo)
  const refreshToken = generateRefreshToken(userInfo)
--- a/api/src/controllers/authConfig.ts
+++ b/api/src/controllers/authConfig.ts
@@ -0,0 +1,185 @@
 import express from 'express'
 import { Security, Route, Tags, Get, Post, Example } from 'tsoa'
 import { LDAPClient, LDAPUser, LDAPGroup, AuthProviderType } from '../utils'
 import { randomBytes } from 'crypto'
 import User from '../model/User'
 import Group from '../model/Group'
 import Permission from '../model/Permission'
@Security('bearerAuth')
@Route('SASjsApi/authConfig')
@Tags('Auth_Config')
 export class AuthConfigController {
  /**
   * @summary Gives the detail of Auth Mechanism.
   *
   */
  @Example({
    ldap: {
      LDAP_URL: 'ldaps://my.ldap.server:636',
      LDAP_BIND_DN: 'cn=admin,ou=system,dc=cloudron',
      LDAP_BIND_PASSWORD: 'secret',
      LDAP_USERS_BASE_DN: 'ou=users,dc=cloudron',
      LDAP_GROUPS_BASE_DN: 'ou=groups,dc=cloudron'
    }
  })
  @Get('/')
  public getDetail() {
    return getAuthConfigDetail()
  }
  /**
   * @summary Synchronizes LDAP users and groups with internal DB and returns the count of imported users and groups.
   *
   */
  @Example({
    users: 5,
    groups: 3
  })
  @Post('/synchronizeWithLDAP')
  public async synchronizeWithLDAP() {
    return synchronizeWithLDAP()
  }
 }
 const synchronizeWithLDAP = async () => {
  process.logger.info('Syncing LDAP with internal DB')
  const permissions = await Permission.get({})
  await Permission.deleteMany()
  await User.deleteMany({ authProvider: AuthProviderType.LDAP })
  await Group.deleteMany({ authProvider: AuthProviderType.LDAP })
  const ldapClient = await LDAPClient.init()
  process.logger.info('fetching LDAP users')
  const users = await ldapClient.getAllLDAPUsers()
  process.logger.info('inserting LDAP users to DB')
  const existingUsers: string[] = []
  const importedUsers: LDAPUser[] = []
  for (const user of users) {
    const usernameExists = await User.findOne({ username: user.username })
    if (usernameExists) {
      existingUsers.push(user.username)
      continue
    }
    const hashPassword = User.hashPassword(randomBytes(64).toString('hex'))
    await User.create({
      displayName: user.displayName,
      username: user.username,
      password: hashPassword,
      authProvider: AuthProviderType.LDAP
    })
    importedUsers.push(user)
  }
  if (existingUsers.length > 0) {
    process.logger.info(
      'Failed to insert following users as they already exist in DB:'
    )
    existingUsers.forEach((user) => process.logger.log(`* ${user}`))
  }
  process.logger.info('fetching LDAP groups')
  const groups = await ldapClient.getAllLDAPGroups()
  process.logger.info('inserting LDAP groups to DB')
  const existingGroups: string[] = []
  const importedGroups: LDAPGroup[] = []
  for (const group of groups) {
    const groupExists = await Group.findOne({ name: group.name })
    if (groupExists) {
      existingGroups.push(group.name)
      continue
    }
    await Group.create({
      name: group.name,
      authProvider: AuthProviderType.LDAP
    })
    importedGroups.push(group)
  }
  if (existingGroups.length > 0) {
    process.logger.info(
      'Failed to insert following groups as they already exist in DB:'
    )
    existingGroups.forEach((group) => process.logger.log(`* ${group}`))
  }
  process.logger.info('associating users and groups')
  for (const group of importedGroups) {
    const dbGroup = await Group.findOne({ name: group.name })
    if (dbGroup) {
      for (const member of group.members) {
        const user = importedUsers.find((user) => user.uid === member)
        if (user) {
          const dbUser = await User.findOne({ username: user.username })
          if (dbUser) await dbGroup.addUser(dbUser)
        }
      }
    }
  }
  process.logger.info('setting permissions')
  for (const permission of permissions) {
    const newPermission = new Permission({
      path: permission.path,
      type: permission.type,
      setting: permission.setting
    })
    if (permission.user) {
      const dbUser = await User.findOne({ username: permission.user.username })
      if (dbUser) newPermission.user = dbUser._id
    } else if (permission.group) {
      const dbGroup = await Group.findOne({ name: permission.group.name })
      if (dbGroup) newPermission.group = dbGroup._id
    }
    await newPermission.save()
  }
  process.logger.info('LDAP synchronization completed!')
  return {
    userCount: importedUsers.length,
    groupCount: importedGroups.length
  }
 }
 const getAuthConfigDetail = () => {
  const { AUTH_PROVIDERS } = process.env
  const returnObj: any = {}
  if (AUTH_PROVIDERS === AuthProviderType.LDAP) {
    const {
      LDAP_URL,
      LDAP_BIND_DN,
      LDAP_BIND_PASSWORD,
      LDAP_USERS_BASE_DN,
      LDAP_GROUPS_BASE_DN
    } = process.env
    returnObj.ldap = {
      LDAP_URL: LDAP_URL ?? '',
      LDAP_BIND_DN: LDAP_BIND_DN ?? '',
      LDAP_BIND_PASSWORD: LDAP_BIND_PASSWORD ?? '',
      LDAP_USERS_BASE_DN: LDAP_USERS_BASE_DN ?? '',
      LDAP_GROUPS_BASE_DN: LDAP_GROUPS_BASE_DN ?? ''
    }
  }
  return returnObj
 }
--- a/api/src/controllers/code.ts
+++ b/api/src/controllers/code.ts
@@ -27,8 +27,8 @@ interface ExecuteCodePayload {
@Tags('Code')
 export class CodeController {
  /**
-   * Execute SAS code.
+   * Execute Code on the Specified Runtime
-   * @summary Run SAS Code and returns log
+   * @summary Run Code and Return Webout Content and Log
   */
  @Post('/execute')
  public async executeCode(
--- a/api/src/controllers/group.ts
+++ b/api/src/controllers/group.ts
@@ -12,6 +12,7 @@ import {
 import Group, { GroupPayload, PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
 import { AuthProviderType } from '../utils'
 import { UserResponse } from './user'
 export interface GroupResponse {
@@ -147,12 +148,14 @@ export class GroupController {
  @Delete('{groupId}')
  public async deleteGroup(@Path() groupId: number) {
    const group = await Group.findOne({ groupId })
-    if (group) return await group.remove()
+    if (!group)
-    throw {
+      throw {
-      code: 404,
+        code: 404,
-      status: 'Not Found',
+        status: 'Not Found',
-      message: 'Group not found.'
+        message: 'Group not found.'
-    }
+      }
    return await group.remove()
  }
 }
@@ -248,6 +251,13 @@ const updateUsersListInGroup = async (
      message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
    }
  if (group.authProvider !== AuthProviderType.Internal)
    throw {
      code: 405,
      status: 'Method Not Allowed',
      message: `Can't add/remove user to group created by external auth provider.`
    }
  const user = await User.findOne({ id: userId })
  if (!user)
    throw {
@@ -256,6 +266,13 @@ const updateUsersListInGroup = async (
      message: 'User not found.'
    }
  if (user.authProvider !== AuthProviderType.Internal)
    throw {
      code: 405,
      status: 'Method Not Allowed',
      message: `Can't add/remove user to group created by external auth provider.`
    }
  const updatedGroup =
    action === 'addUser'
      ? await group.addUser(user)
--- a/api/src/controllers/index.ts
+++ b/api/src/controllers/index.ts
@@ -1,4 +1,5 @@
 export * from './auth'
 export * from './authConfig'
 export * from './client'
 export * from './code'
 export * from './drive'
--- a/api/src/controllers/stp.ts
+++ b/api/src/controllers/stp.ts
@@ -50,7 +50,7 @@ export class STPController {
   * https://server.sasjs.io/storedprograms
   *
   *
-   * @summary Execute a Stored Program, return a JSON object
+   * @summary Execute a Stored Program, returns _webout and (optionally) log.
   * @param _program Location of code in SASjs Drive
   * @example _program "/Projects/myApp/some/program"
   */
--- a/api/src/controllers/user.ts
+++ b/api/src/controllers/user.ts
@@ -17,7 +17,12 @@ import {
 import { desktopUser } from '../middlewares'
 import User, { UserPayload } from '../model/User'
-import { getUserAutoExec, updateUserAutoExec, ModeType } from '../utils'
+import {
  getUserAutoExec,
  updateUserAutoExec,
  ModeType,
  AuthProviderType
 } from '../utils'
 import { GroupResponse } from './group'
 export interface UserResponse {
@@ -211,7 +216,11 @@ const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
  // Checking if user is already in the database
  const usernameExist = await User.findOne({ username })
-  if (usernameExist) throw new Error('Username already exists.')
+  if (usernameExist)
    throw {
      code: 409,
      message: 'Username already exists.'
    }
  // Hash passwords
  const hashPassword = User.hashPassword(password)
@@ -255,7 +264,11 @@ const getUser = async (
    'groupId name description -_id'
  )) as unknown as UserDetailsResponse
-  if (!user) throw new Error('User is not found.')
+  if (!user)
    throw {
      code: 404,
      message: 'User is not found.'
    }
  return {
    id: user.id,
@@ -284,6 +297,19 @@ const updateUser = async (
  const params: any = { displayName, isAdmin, isActive, autoExec }
  const user = await User.findOne(findBy)
  if (
    user?.authProvider !== AuthProviderType.Internal &&
    (username !== user?.username || displayName !== user?.displayName)
  ) {
    throw {
      code: 405,
      message:
        'Can not update username and display name of user that is created by an external auth provider.'
    }
  }
  if (username) {
    // Checking if user is already in the database
    const usernameExist = await User.findOne({ username })
@@ -292,7 +318,10 @@ const updateUser = async (
        (findBy.id && usernameExist.id != findBy.id) ||
        (findBy.username && usernameExist.username != findBy.username)
      )
-        throw new Error('Username already exists.')
+        throw {
          code: 409,
          message: 'Username already exists.'
        }
    }
    params.username = username
  }
@@ -305,7 +334,10 @@ const updateUser = async (
  const updatedUser = await User.findOneAndUpdate(findBy, params, { new: true })
  if (!updatedUser)
-    throw new Error(`Unable to find user with ${findBy.id || findBy.username}`)
+    throw {
      code: 404,
      message: `Unable to find user with ${findBy.id || findBy.username}`
    }
  return {
    id: updatedUser.id,
@@ -332,11 +364,19 @@ const deleteUser = async (
  { password }: { password?: string }
 ) => {
  const user = await User.findOne(findBy)
-  if (!user) throw new Error('User is not found.')
+  if (!user)
    throw {
      code: 404,
      message: 'User is not found.'
    }
  if (!isAdmin) {
    const validPass = user.comparePassword(password!)
-    if (!validPass) throw new Error('Invalid password.')
+    if (!validPass)
      throw {
        code: 401,
        message: 'Invalid password.'
      }
  }
  await User.deleteOne(findBy)
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -5,7 +5,12 @@ import { readFile } from '@sasjs/utils'
 import User from '../model/User'
 import Client from '../model/Client'
-import { getWebBuildFolder, generateAuthCode } from '../utils'
+import {
  getWebBuildFolder,
  generateAuthCode,
  AuthProviderType,
  LDAPClient
 } from '../utils'
 import { InfoJWT } from '../types'
 import { AuthController } from './auth'
@@ -80,8 +85,16 @@ const login = async (
  const user = await User.findOne({ username })
  if (!user) throw new Error('Username is not found.')
-  const validPass = user.comparePassword(password)
+  if (
-  if (!validPass) throw new Error('Invalid password.')
+    process.env.AUTH_PROVIDERS === AuthProviderType.LDAP &&
    user.authProvider === AuthProviderType.LDAP
  ) {
    const ldapClient = await LDAPClient.init()
    await ldapClient.verifyUser(username, password)
  } else {
    const validPass = user.comparePassword(password)
    if (!validPass) throw new Error('Invalid password.')
  }
  req.session.loggedIn = true
  req.session.user = {
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -1,6 +1,6 @@
 import { RequestHandler, Request, Response, NextFunction } from 'express'
 import jwt from 'jsonwebtoken'
-import { csrfProtection } from '../app'
+import { csrfProtection } from './'
 import {
  fetchLatestAutoExec,
  ModeType,
--- a/api/src/middlewares/authorize.ts
+++ b/api/src/middlewares/authorize.ts
@@ -10,9 +10,7 @@ import { getPath, isPublicRoute } from '../utils'
 export const authorize: RequestHandler = async (req, res, next) => {
  const { user } = req
-  if (!user) {
+  if (!user) return res.sendStatus(401)
    return res.sendStatus(401)
  }
  // no need to check for permissions when user is admin
  if (user.isAdmin) return next()
--- a/api/src/middlewares/csrfProtection.ts
+++ b/api/src/middlewares/csrfProtection.ts
@@ -0,0 +1,32 @@
 import { RequestHandler } from 'express'
 import csrf from 'csrf'
 const csrfTokens = new csrf()
 const secret = csrfTokens.secretSync()
 export const generateCSRFToken = () => csrfTokens.create(secret)
 export const csrfProtection: RequestHandler = (req, res, next) => {
  if (req.method === 'GET') return next()
  // Reads the token from the following locations, in order:
  // req.body.csrf_token - typically generated by the body-parser module.
  // req.query.csrf_token - a built-in from Express.js to read from the URL query string.
  // req.headers['csrf-token'] - the CSRF-Token HTTP request header.
  // req.headers['xsrf-token'] - the XSRF-Token HTTP request header.
  // req.headers['x-csrf-token'] - the X-CSRF-Token HTTP request header.
  // req.headers['x-xsrf-token'] - the X-XSRF-Token HTTP request header.
  const token =
    req.body?.csrf_token ||
    req.query?.csrf_token ||
    req.headers['csrf-token'] ||
    req.headers['xsrf-token'] ||
    req.headers['x-csrf-token'] ||
    req.headers['x-xsrf-token']
  if (!csrfTokens.verify(secret, token)) {
    return res.status(400).send('Invalid CSRF token!')
  }
  next()
 }
--- a/api/src/middlewares/index.ts
+++ b/api/src/middlewares/index.ts
@@ -1,5 +1,6 @@
 export * from './authenticateToken'
 export * from './authorize'
 export * from './csrfProtection'
 export * from './desktop'
 export * from './verifyAdmin'
 export * from './verifyAdminIfNeeded'
 export * from './authorize'
--- a/api/src/model/Group.ts
+++ b/api/src/model/Group.ts
@@ -1,6 +1,7 @@
 import mongoose, { Schema, model, Document, Model } from 'mongoose'
 import { GroupDetailsResponse } from '../controllers'
 import User, { IUser } from './User'
 import { AuthProviderType } from '../utils'
 const AutoIncrement = require('mongoose-sequence')(mongoose)
 export const PUBLIC_GROUP_NAME = 'Public'
@@ -27,6 +28,7 @@ interface IGroupDocument extends GroupPayload, Document {
  groupId: number
  isActive: boolean
  users: Schema.Types.ObjectId[]
  authProvider?: AuthProviderType
 }
 interface IGroup extends IGroupDocument {
@@ -46,6 +48,11 @@ const groupSchema = new Schema<IGroupDocument>({
    type: String,
    default: 'Group description.'
  },
  authProvider: {
    type: String,
    enum: AuthProviderType,
    default: 'internal'
  },
  isActive: {
    type: Boolean,
    default: true
--- a/api/src/model/User.ts
+++ b/api/src/model/User.ts
@@ -1,6 +1,7 @@
 import mongoose, { Schema, model, Document, Model } from 'mongoose'
 const AutoIncrement = require('mongoose-sequence')(mongoose)
 import bcrypt from 'bcryptjs'
 import { AuthProviderType } from '../utils'
 export interface UserPayload {
  /**
@@ -42,6 +43,7 @@ interface IUserDocument extends UserPayload, Document {
  autoExec: string
  groups: Schema.Types.ObjectId[]
  tokens: [{ [key: string]: string }]
  authProvider?: AuthProviderType
 }
 export interface IUser extends IUserDocument {
@@ -67,6 +69,11 @@ const userSchema = new Schema<IUserDocument>({
    type: String,
    required: true
  },
  authProvider: {
    type: String,
    enum: AuthProviderType,
    default: 'internal'
  },
  isAdmin: {
    type: Boolean,
    default: false
--- a/api/src/routes/api/auth.ts
+++ b/api/src/routes/api/auth.ts
@@ -7,7 +7,7 @@ import {
  authenticateRefreshToken
 } from '../../middlewares'
-import { authorizeValidation, tokenValidation } from '../../utils'
+import { tokenValidation } from '../../utils'
 import { InfoJWT } from '../../types'
 const authRouter = express.Router()
--- a/api/src/routes/api/authConfig.ts
+++ b/api/src/routes/api/authConfig.ts
@@ -0,0 +1,25 @@
 import express from 'express'
 import { AuthConfigController } from '../../controllers'
 const authConfigRouter = express.Router()
 authConfigRouter.get('/', async (req, res) => {
  const controller = new AuthConfigController()
  try {
    const response = controller.getDetail()
    res.send(response)
  } catch (err: any) {
    res.status(500).send(err.toString())
  }
 })
 authConfigRouter.post('/synchronizeWithLDAP', async (req, res) => {
  const controller = new AuthConfigController()
  try {
    const response = await controller.synchronizeWithLDAP()
    res.send(response)
  } catch (err: any) {
    res.status(500).send(err.toString())
  }
 })
 export default authConfigRouter
--- a/api/src/routes/api/group.ts
+++ b/api/src/routes/api/group.ts
@@ -18,11 +18,7 @@ groupRouter.post(
      const response = await controller.createGroup(body)
      res.send(response)
    } catch (err: any) {
-      const statusCode = err.code
+      res.status(err.code).send(err.message)
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
@@ -33,11 +29,7 @@ groupRouter.get('/', authenticateAccessToken, async (req, res) => {
    const response = await controller.getAllGroups()
    res.send(response)
  } catch (err: any) {
-    const statusCode = err.code
+    res.status(err.code).send(err.message)
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -49,11 +41,7 @@ groupRouter.get('/:groupId', authenticateAccessToken, async (req, res) => {
    const response = await controller.getGroup(parseInt(groupId))
    res.send(response)
  } catch (err: any) {
-    const statusCode = err.code
+    res.status(err.code).send(err.message)
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -71,11 +59,7 @@ groupRouter.get(
      const response = await controller.getGroupByGroupName(name)
      res.send(response)
    } catch (err: any) {
-      const statusCode = err.code
+      res.status(err.code).send(err.message)
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
@@ -95,11 +79,7 @@ groupRouter.post(
      )
      res.send(response)
    } catch (err: any) {
-      const statusCode = err.code
+      res.status(err.code).send(err.message)
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
@@ -119,11 +99,7 @@ groupRouter.delete(
      )
      res.send(response)
    } catch (err: any) {
-      const statusCode = err.code
+      res.status(err.code).send(err.message)
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
@@ -140,11 +116,7 @@ groupRouter.delete(
      await controller.deleteGroup(parseInt(groupId))
      res.status(200).send('Group Deleted!')
    } catch (err: any) {
-      const statusCode = err.code
+      res.status(err.code).send(err.message)
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
--- a/api/src/routes/api/index.ts
+++ b/api/src/routes/api/index.ts
@@ -18,6 +18,7 @@ import clientRouter from './client'
 import authRouter from './auth'
 import sessionRouter from './session'
 import permissionRouter from './permission'
 import authConfigRouter from './authConfig'
 const router = express.Router()
@@ -43,6 +44,14 @@ router.use(
  permissionRouter
 )
 router.use(
  '/authConfig',
  desktopRestrict,
  authenticateAccessToken,
  verifyAdmin,
  authConfigRouter
 )
 router.use(
  '/',
  swaggerUi.serve,
--- a/api/src/routes/api/spec/group.spec.ts
+++ b/api/src/routes/api/spec/group.spec.ts
@@ -4,8 +4,13 @@ import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
 import { UserController, GroupController } from '../../../controllers/'
-import { generateAccessToken, saveTokensInDB } from '../../../utils'
+import {
-import { PUBLIC_GROUP_NAME } from '../../../model/Group'
+  generateAccessToken,
  saveTokensInDB,
  AuthProviderType
 } from '../../../utils'
 import Group, { PUBLIC_GROUP_NAME } from '../../../model/Group'
 import User from '../../../model/User'
 const clientId = 'someclientID'
 const adminUser = {
@@ -560,6 +565,46 @@ describe('group', () => {
        `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
      )
    })
    it('should respond with Method Not Allowed if group is created by an external authProvider', async () => {
      const dbGroup = await Group.create({
        ...group,
        authProvider: AuthProviderType.LDAP
      })
      const dbUser = await userController.createUser({
        ...user,
        username: 'ldapGroupUser'
      })
      const res = await request(app)
        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(405)
      expect(res.text).toEqual(
        `Can't add/remove user to group created by external auth provider.`
      )
    })
    it('should respond with Method Not Allowed if user is created by an external authProvider', async () => {
      const dbGroup = await groupController.createGroup(group)
      const dbUser = await User.create({
        ...user,
        username: 'ldapUser',
        authProvider: AuthProviderType.LDAP
      })
      const res = await request(app)
        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(405)
      expect(res.text).toEqual(
        `Can't add/remove user to group created by external auth provider.`
      )
    })
  })
  describe('RemoveUser', () => {
@@ -611,6 +656,46 @@ describe('group', () => {
      expect(res.body.groups).toEqual([])
    })
    it('should respond with Method Not Allowed if group is created by an external authProvider', async () => {
      const dbGroup = await Group.create({
        ...group,
        authProvider: AuthProviderType.LDAP
      })
      const dbUser = await userController.createUser({
        ...user,
        username: 'removeLdapGroupUser'
      })
      const res = await request(app)
        .delete(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(405)
      expect(res.text).toEqual(
        `Can't add/remove user to group created by external auth provider.`
      )
    })
    it('should respond with Method Not Allowed if user is created by an external authProvider', async () => {
      const dbGroup = await groupController.createGroup(group)
      const dbUser = await User.create({
        ...user,
        username: 'removeLdapUser',
        authProvider: AuthProviderType.LDAP
      })
      const res = await request(app)
        .delete(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(405)
      expect(res.text).toEqual(
        `Can't add/remove user to group created by external auth provider.`
      )
    })
    it('should respond with Unauthorized if access token is not present', async () => {
      const res = await request(app)
        .delete('/SASjsApi/group/123/123')
--- a/api/src/routes/api/spec/user.spec.ts
+++ b/api/src/routes/api/spec/user.spec.ts
@@ -4,7 +4,12 @@ import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
 import { UserController, GroupController } from '../../../controllers/'
-import { generateAccessToken, saveTokensInDB } from '../../../utils'
+import {
  generateAccessToken,
  saveTokensInDB,
  AuthProviderType
 } from '../../../utils'
 import User from '../../../model/User'
 const clientId = 'someclientID'
 const adminUser = {
@@ -110,16 +115,16 @@ describe('user', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if username is already present', async () => {
+    it('should respond with Conflict if username is already present', async () => {
      await controller.createUser(user)
      const res = await request(app)
        .post('/SASjsApi/user')
        .auth(adminAccessToken, { type: 'bearer' })
        .send(user)
-        .expect(403)
+        .expect(409)
-      expect(res.text).toEqual('Error: Username already exists.')
+      expect(res.text).toEqual('Username already exists.')
      expect(res.body).toEqual({})
    })
@@ -226,6 +231,36 @@ describe('user', () => {
        .expect(400)
    })
    it('should respond with Method Not Allowed, when updating username of user created by an external auth provider', async () => {
      const dbUser = await User.create({
        ...user,
        authProvider: AuthProviderType.LDAP
      })
      const accessToken = await generateAndSaveToken(dbUser!.id)
      const newUsername = 'newUsername'
      await request(app)
        .patch(`/SASjsApi/user/${dbUser!.id}`)
        .auth(accessToken, { type: 'bearer' })
        .send({ username: newUsername })
        .expect(405)
    })
    it('should respond with Method Not Allowed, when updating displayName of user created by an external auth provider', async () => {
      const dbUser = await User.create({
        ...user,
        authProvider: AuthProviderType.LDAP
      })
      const accessToken = await generateAndSaveToken(dbUser!.id)
      const newDisplayName = 'My new display Name'
      await request(app)
        .patch(`/SASjsApi/user/${dbUser!.id}`)
        .auth(accessToken, { type: 'bearer' })
        .send({ displayName: newDisplayName })
        .expect(405)
    })
    it('should respond with Unauthorized if access token is not present', async () => {
      const res = await request(app)
        .patch('/SASjsApi/user/1234')
@@ -254,7 +289,7 @@ describe('user', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if username is already present', async () => {
+    it('should respond with Conflict if username is already present', async () => {
      const dbUser1 = await controller.createUser(user)
      const dbUser2 = await controller.createUser({
        ...user,
@@ -265,9 +300,9 @@ describe('user', () => {
        .patch(`/SASjsApi/user/${dbUser1.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send({ username: dbUser2.username })
-        .expect(403)
+        .expect(409)
-      expect(res.text).toEqual('Error: Username already exists.')
+      expect(res.text).toEqual('Username already exists.')
      expect(res.body).toEqual({})
    })
@@ -349,7 +384,7 @@ describe('user', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if username is already present', async () => {
+      it('should respond with Conflict if username is already present', async () => {
        const dbUser1 = await controller.createUser(user)
        const dbUser2 = await controller.createUser({
          ...user,
@@ -360,9 +395,9 @@ describe('user', () => {
          .patch(`/SASjsApi/user/by/username/${dbUser1.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send({ username: dbUser2.username })
-          .expect(403)
+          .expect(409)
-        expect(res.text).toEqual('Error: Username already exists.')
+        expect(res.text).toEqual('Username already exists.')
        expect(res.body).toEqual({})
      })
    })
@@ -446,7 +481,7 @@ describe('user', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden when user himself requests and password is incorrect', async () => {
+    it('should respond with Unauthorized when user himself requests and password is incorrect', async () => {
      const dbUser = await controller.createUser(user)
      const accessToken = await generateAndSaveToken(dbUser.id)
@@ -454,9 +489,9 @@ describe('user', () => {
        .delete(`/SASjsApi/user/${dbUser.id}`)
        .auth(accessToken, { type: 'bearer' })
        .send({ password: 'incorrectpassword' })
-        .expect(403)
+        .expect(401)
-      expect(res.text).toEqual('Error: Invalid password.')
+      expect(res.text).toEqual('Invalid password.')
      expect(res.body).toEqual({})
    })
@@ -528,7 +563,7 @@ describe('user', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden when user himself requests and password is incorrect', async () => {
+      it('should respond with Unauthorized when user himself requests and password is incorrect', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
@@ -536,9 +571,9 @@ describe('user', () => {
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({ password: 'incorrectpassword' })
-          .expect(403)
+          .expect(401)
-        expect(res.text).toEqual('Error: Invalid password.')
+        expect(res.text).toEqual('Invalid password.')
        expect(res.body).toEqual({})
      })
    })
@@ -652,16 +687,16 @@ describe('user', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if userId is incorrect', async () => {
+    it('should respond with Not Found if userId is incorrect', async () => {
      await controller.createUser(user)
      const res = await request(app)
        .get('/SASjsApi/user/1234')
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
-        .expect(403)
+        .expect(404)
-      expect(res.text).toEqual('Error: User is not found.')
+      expect(res.text).toEqual('User is not found.')
      expect(res.body).toEqual({})
    })
@@ -731,16 +766,16 @@ describe('user', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if username is incorrect', async () => {
+      it('should respond with Not Found if username is incorrect', async () => {
        await controller.createUser(user)
        const res = await request(app)
          .get('/SASjsApi/user/by/username/randomUsername')
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
-          .expect(403)
+          .expect(404)
-        expect(res.text).toEqual('Error: User is not found.')
+        expect(res.text).toEqual('User is not found.')
        expect(res.body).toEqual({})
      })
    })
--- a/api/src/routes/api/spec/web.spec.ts
+++ b/api/src/routes/api/spec/web.spec.ts
@@ -49,10 +49,9 @@ describe('web', () => {
  describe('SASLogon/login', () => {
    let csrfToken: string
    let cookies: string
    beforeAll(async () => {
-      ;({ csrfToken, cookies } = await getCSRF(app))
+      ;({ csrfToken } = await getCSRF(app))
    })
    afterEach(async () => {
@@ -66,7 +65,6 @@ describe('web', () => {
      const res = await request(app)
        .post('/SASLogon/login')
        .set('Cookie', cookies)
        .set('x-xsrf-token', csrfToken)
        .send({
          username: user.username,
@@ -82,15 +80,45 @@ describe('web', () => {
        isAdmin: user.isAdmin
      })
    })
    it('should respond with Bad Request if CSRF Token is not present', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASLogon/login')
        .send({
          username: user.username,
          password: user.password
        })
        .expect(400)
      expect(res.text).toEqual('Invalid CSRF token!')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if CSRF Token is invalid', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASLogon/login')
        .set('x-xsrf-token', 'INVALID_CSRF_TOKEN')
        .send({
          username: user.username,
          password: user.password
        })
        .expect(400)
      expect(res.text).toEqual('Invalid CSRF token!')
      expect(res.body).toEqual({})
    })
  })
  describe('SASLogon/authorize', () => {
    let csrfToken: string
    let cookies: string
    let authCookies: string
    beforeAll(async () => {
-      ;({ csrfToken, cookies } = await getCSRF(app))
+      ;({ csrfToken } = await getCSRF(app))
      await userController.createUser(user)
@@ -99,12 +127,7 @@ describe('web', () => {
        password: user.password
      }
-      ;({ cookies: authCookies } = await performLogin(
+      ;({ authCookies } = await performLogin(app, credentials, csrfToken))
        app,
        credentials,
        cookies,
        csrfToken
      ))
    })
    afterAll(async () => {
@@ -116,17 +139,28 @@ describe('web', () => {
    it('should respond with authorization code', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
-        .set('Cookie', [authCookies, cookies].join('; '))
+        .set('Cookie', [authCookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({ clientId })
      expect(res.body).toHaveProperty('code')
    })
    it('should respond with Bad Request if CSRF Token is missing', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
        .set('Cookie', [authCookies].join('; '))
        .send({ clientId })
        .expect(400)
      expect(res.text).toEqual('Invalid CSRF token!')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if clientId is missing', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
-        .set('Cookie', [authCookies, cookies].join('; '))
+        .set('Cookie', [authCookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({})
        .expect(400)
@@ -138,7 +172,7 @@ describe('web', () => {
    it('should respond with Forbidden if clientId is incorrect', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
-        .set('Cookie', [authCookies, cookies].join('; '))
+        .set('Cookie', [authCookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({
          clientId: 'WrongClientID'
@@ -153,27 +187,22 @@ describe('web', () => {
 const getCSRF = async (app: Express) => {
  // make request to get CSRF
-  const { header, text } = await request(app).get('/')
+  const { text } = await request(app).get('/')
  const cookies = header['set-cookie'].join()
-  const csrfToken = extractCSRF(text)
+  return { csrfToken: extractCSRF(text) }
  return { csrfToken, cookies }
 }
 const performLogin = async (
  app: Express,
  credentials: { username: string; password: string },
  cookies: string,
  csrfToken: string
 ) => {
  const { header } = await request(app)
    .post('/SASLogon/login')
    .set('Cookie', cookies)
    .set('x-xsrf-token', csrfToken)
    .send(credentials)
-  const newCookies: string = header['set-cookie'].join()
+  return { authCookies: header['set-cookie'].join() }
  return { cookies: newCookies }
 }
 const extractCSRF = (text: string) =>
--- a/api/src/routes/api/user.ts
+++ b/api/src/routes/api/user.ts
@@ -23,7 +23,7 @@ userRouter.post('/', authenticateAccessToken, verifyAdmin, async (req, res) => {
    const response = await controller.createUser(body)
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    res.status(err.code).send(err.message)
  }
 })
@@ -33,7 +33,7 @@ userRouter.get('/', authenticateAccessToken, async (req, res) => {
    const response = await controller.getAllUsers()
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    res.status(err.code).send(err.message)
  }
 })
@@ -51,7 +51,7 @@ userRouter.get(
      const response = await controller.getUserByUsername(req, username)
      res.send(response)
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      res.status(err.code).send(err.message)
    }
  }
 )
@@ -64,7 +64,7 @@ userRouter.get('/:userId', authenticateAccessToken, async (req, res) => {
    const response = await controller.getUser(req, parseInt(userId))
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    res.status(err.code).send(err.message)
  }
 })
@@ -91,7 +91,7 @@ userRouter.patch(
      const response = await controller.updateUserByUsername(username, body)
      res.send(response)
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      res.status(err.code).send(err.message)
    }
  }
 )
@@ -113,7 +113,7 @@ userRouter.patch(
      const response = await controller.updateUser(parseInt(userId), body)
      res.send(response)
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      res.status(err.code).send(err.message)
    }
  }
 )
@@ -141,7 +141,7 @@ userRouter.delete(
      await controller.deleteUserByUsername(username, data, user!.isAdmin)
      res.status(200).send('Account Deleted!')
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      res.status(err.code).send(err.message)
    }
  }
 )
@@ -163,7 +163,7 @@ userRouter.delete(
      await controller.deleteUser(parseInt(userId), data, user!.isAdmin)
      res.status(200).send('Account Deleted!')
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      res.status(err.code).send(err.message)
    }
  }
 )
--- a/api/src/routes/appStream/index.ts
+++ b/api/src/routes/appStream/index.ts
@@ -1,6 +1,6 @@
 import path from 'path'
 import express, { Request } from 'express'
-import { authenticateAccessToken } from '../../middlewares'
+import { authenticateAccessToken, generateCSRFToken } from '../../middlewares'
 import { folderExists } from '@sasjs/utils'
 import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils'
@@ -13,7 +13,7 @@ const router = express.Router()
 router.get('/', authenticateAccessToken, async (req, res) => {
  const content = appStreamHtml(process.appStreamConfig)
-  res.cookie('XSRF-TOKEN', req.csrfToken())
+  res.cookie('XSRF-TOKEN', generateCSRFToken())
  return res.send(content)
 })
--- a/api/src/routes/setupRoutes.ts
+++ b/api/src/routes/setupRoutes.ts
@@ -4,7 +4,7 @@ import webRouter from './web'
 import apiRouter from './api'
 import appStreamRouter from './appStream'
-import { csrfProtection } from '../app'
+import { csrfProtection } from '../middlewares'
 export const setupRoutes = (app: Express) => {
  app.use('/SASjsApi', apiRouter)
--- a/api/src/routes/web/sas9-web.ts
+++ b/api/src/routes/web/sas9-web.ts
@@ -1,4 +1,5 @@
 import express from 'express'
 import { generateCSRFToken } from '../../middlewares'
 import { WebController } from '../../controllers'
 import { MockSas9Controller } from '../../controllers/mock-sas9'
@@ -15,7 +16,7 @@ sas9WebRouter.get('/', async (req, res) => {
  } catch (_) {
    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
-    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${req.csrfToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
+    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
--- a/api/src/routes/web/sasviya-web.ts
+++ b/api/src/routes/web/sasviya-web.ts
@@ -1,4 +1,5 @@
 import express from 'express'
 import { generateCSRFToken } from '../../middlewares'
 import { WebController } from '../../controllers/web'
 const sasViyaWebRouter = express.Router()
@@ -11,7 +12,7 @@ sasViyaWebRouter.get('/', async (req, res) => {
  } catch (_) {
    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
-    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${req.csrfToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
+    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -1,4 +1,5 @@
 import express from 'express'
 import { generateCSRFToken } from '../../middlewares'
 import { WebController } from '../../controllers/web'
 import { authenticateAccessToken, desktopRestrict } from '../../middlewares'
 import { authorizeValidation, loginWebValidation } from '../../utils'
@@ -13,7 +14,7 @@ webRouter.get('/', async (req, res) => {
  } catch (_) {
    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
-    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${req.csrfToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
+    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
--- a/api/src/utils/getPreProgramVariables.ts
+++ b/api/src/utils/getPreProgramVariables.ts
@@ -7,7 +7,6 @@ export const getPreProgramVariables = (req: Request): PreProgramVars => {
  const { user, accessToken } = req
  const csrfToken = req.headers['x-xsrf-token'] || req.cookies['XSRF-TOKEN']
  const sessionId = req.cookies['connect.sid']
  const { _csrf } = req.cookies
  const httpHeaders: string[] = []
@@ -16,7 +15,6 @@ export const getPreProgramVariables = (req: Request): PreProgramVars => {
  const cookies: string[] = []
  if (sessionId) cookies.push(`connect.sid=${sessionId}`)
  if (_csrf) cookies.push(`_csrf=${_csrf}`)
  if (cookies.length) httpHeaders.push(`cookie: ${cookies.join('; ')}`)
--- a/api/src/utils/getRunTimeAndFilePath.ts
+++ b/api/src/utils/getRunTimeAndFilePath.ts
@@ -4,7 +4,7 @@ import { getFilesFolder } from './file'
 import { RunTimeType } from '.'
 export const getRunTimeAndFilePath = async (programPath: string) => {
-  const ext = path.extname(programPath)
+  const ext = path.extname(programPath).toLowerCase()
  // If programPath (_program) is provided with a ".sas", ".js", ".py" or ".r" extension
  // we should use that extension to determine the appropriate runTime
  if (ext && Object.values(RunTimeType).includes(ext.slice(1) as RunTimeType)) {
--- a/api/src/utils/getTokensFromDB.ts
+++ b/api/src/utils/getTokensFromDB.ts
@@ -0,0 +1,55 @@
 import jwt from 'jsonwebtoken'
 import User from '../model/User'
 const isValidToken = async (
  token: string,
  key: string,
  userId: number,
  clientId: string
 ) => {
  const promise = new Promise<boolean>((resolve, reject) =>
    jwt.verify(token, key, (err, decoded) => {
      if (err) return reject(false)
      if (decoded?.userId === userId && decoded?.clientId === clientId) {
        return resolve(true)
      }
      return reject(false)
    })
  )
  return await promise.then(() => true).catch(() => false)
 }
 export const getTokensFromDB = async (userId: number, clientId: string) => {
  const user = await User.findOne({ id: userId })
  if (!user) return
  const currentTokenObj = user.tokens.find(
    (tokenObj: any) => tokenObj.clientId === clientId
  )
  if (currentTokenObj) {
    const accessToken = currentTokenObj.accessToken
    const refreshToken = currentTokenObj.refreshToken
    const isValidAccessToken = await isValidToken(
      accessToken,
      process.secrets.ACCESS_TOKEN_SECRET,
      userId,
      clientId
    )
    const isValidRefreshToken = await isValidToken(
      refreshToken,
      process.secrets.REFRESH_TOKEN_SECRET,
      userId,
      clientId
    )
    if (isValidAccessToken && isValidRefreshToken) {
      return { accessToken, refreshToken }
    }
  }
 }
--- a/api/src/utils/index.ts
+++ b/api/src/utils/index.ts
@@ -14,9 +14,11 @@ export * from './getDesktopFields'
 export * from './getPreProgramVariables'
 export * from './getRunTimeAndFilePath'
 export * from './getServerUrl'
 export * from './getTokensFromDB'
 export * from './instantiateLogger'
 export * from './isDebugOn'
 export * from './isPublicRoute'
 export * from './ldapClient'
 export * from './zipped'
 export * from './parseLogToArray'
 export * from './removeTokensInDB'
--- a/api/src/utils/ldapClient.ts
+++ b/api/src/utils/ldapClient.ts
@@ -0,0 +1,163 @@
 import { createClient, Client } from 'ldapjs'
 import { ReturnCode } from './verifyEnvVariables'
 export interface LDAPUser {
  uid: string
  username: string
  displayName: string
 }
 export interface LDAPGroup {
  name: string
  members: string[]
 }
 export class LDAPClient {
  private ldapClient: Client
  private static classInstance: LDAPClient | null
  private constructor() {
    process.logger.info('creating LDAP client')
    this.ldapClient = createClient({ url: process.env.LDAP_URL as string })
    this.ldapClient.on('error', (error) => {
      process.logger.error(error.message)
    })
  }
  static async init() {
    if (!LDAPClient.classInstance) {
      LDAPClient.classInstance = new LDAPClient()
      process.logger.info('binding LDAP client')
      await LDAPClient.classInstance.bind().catch((error) => {
        LDAPClient.classInstance = null
        throw error
      })
    }
    return LDAPClient.classInstance
  }
  private async bind() {
    const promise = new Promise<void>((resolve, reject) => {
      const { LDAP_BIND_DN, LDAP_BIND_PASSWORD } = process.env
      this.ldapClient.bind(LDAP_BIND_DN!, LDAP_BIND_PASSWORD!, (error) => {
        if (error) reject(error)
        resolve()
      })
    })
    await promise.catch((error) => {
      throw new Error(error.message)
    })
  }
  async getAllLDAPUsers() {
    const promise = new Promise<LDAPUser[]>((resolve, reject) => {
      const { LDAP_USERS_BASE_DN } = process.env
      const filter = `(objectClass=*)`
      this.ldapClient.search(
        LDAP_USERS_BASE_DN!,
        { filter },
        (error, result) => {
          if (error) reject(error)
          const users: LDAPUser[] = []
          result.on('searchEntry', (entry) => {
            users.push({
              uid: entry.object.uid as string,
              username: entry.object.username as string,
              displayName: entry.object.displayname as string
            })
          })
          result.on('end', (result) => {
            resolve(users)
          })
        }
      )
    })
    return await promise
      .then((res) => res)
      .catch((error) => {
        throw new Error(error.message)
      })
  }
  async getAllLDAPGroups() {
    const promise = new Promise<LDAPGroup[]>((resolve, reject) => {
      const { LDAP_GROUPS_BASE_DN } = process.env
      this.ldapClient.search(LDAP_GROUPS_BASE_DN!, {}, (error, result) => {
        if (error) reject(error)
        const groups: LDAPGroup[] = []
        result.on('searchEntry', (entry) => {
          const members =
            typeof entry.object.memberuid === 'string'
              ? [entry.object.memberuid]
              : entry.object.memberuid
          groups.push({
            name: entry.object.cn as string,
            members
          })
        })
        result.on('end', (result) => {
          resolve(groups)
        })
      })
    })
    return await promise
      .then((res) => res)
      .catch((error) => {
        throw new Error(error.message)
      })
  }
  async verifyUser(username: string, password: string) {
    const promise = new Promise<boolean>((resolve, reject) => {
      const { LDAP_USERS_BASE_DN } = process.env
      const filter = `(username=${username})`
      this.ldapClient.search(
        LDAP_USERS_BASE_DN!,
        { filter },
        (error, result) => {
          if (error) reject(error)
          const items: any = []
          result.on('searchEntry', (entry) => {
            items.push(entry.object)
          })
          result.on('end', (result) => {
            if (result?.status !== 0 || items.length === 0) return reject()
            // pick the first found
            const user = items[0]
            this.ldapClient.bind(user.dn, password, (error) => {
              if (error) return reject(error)
              resolve(true)
            })
          })
        }
      )
    })
    return await promise
      .then(() => true)
      .catch(() => {
        throw new Error('Invalid password.')
      })
  }
 }
--- a/api/src/utils/verifyEnvVariables.ts
+++ b/api/src/utils/verifyEnvVariables.ts
@@ -8,6 +8,11 @@ export enum ModeType {
  Desktop = 'desktop'
 }
 export enum AuthProviderType {
  LDAP = 'ldap',
  Internal = 'internal'
 }
 export enum ProtocolType {
  HTTP = 'http',
  HTTPS = 'https'
@@ -64,6 +69,8 @@ export const verifyEnvVariables = (): ReturnCode => {
  errors.push(...verifyExecutablePaths())
  errors.push(...verifyLDAPVariables())
  if (errors.length) {
    process.logger?.error(
      `Invalid environment variable(s) provided: \n${errors.join('\n')}`
@@ -104,13 +111,24 @@ const verifyMODE = (): string[] => {
  }
  if (process.env.MODE === ModeType.Server) {
-    const { DB_CONNECT } = process.env
+    const { DB_CONNECT, AUTH_MECHANISM } = process.env
-    if (process.env.NODE_ENV !== 'test')
+    if (process.env.NODE_ENV !== 'test') {
      if (!DB_CONNECT)
        errors.push(
          `- DB_CONNECT is required for PROTOCOL '${ModeType.Server}'`
        )
      if (AUTH_MECHANISM) {
        const authMechanismTypes = Object.values(AuthProviderType)
        if (!authMechanismTypes.includes(AUTH_MECHANISM as AuthProviderType))
          errors.push(
            `- AUTH_MECHANISM '${AUTH_MECHANISM}'\n - valid options ${authMechanismTypes}`
          )
      } else {
        process.env.AUTH_MECHANISM = DEFAULTS.AUTH_MECHANISM
      }
    }
  }
  return errors
@@ -280,8 +298,56 @@ const verifyExecutablePaths = () => {
  return errors
 }
 const verifyLDAPVariables = () => {
  const errors: string[] = []
  const {
    LDAP_URL,
    LDAP_BIND_DN,
    LDAP_BIND_PASSWORD,
    LDAP_USERS_BASE_DN,
    LDAP_GROUPS_BASE_DN,
    MODE,
    AUTH_MECHANISM
  } = process.env
  if (MODE === ModeType.Server && AUTH_MECHANISM === AuthProviderType.LDAP) {
    if (!LDAP_URL) {
      errors.push(
        `- LDAP_URL is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
      )
    }
    if (!LDAP_BIND_DN) {
      errors.push(
        `- LDAP_BIND_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
      )
    }
    if (!LDAP_BIND_PASSWORD) {
      errors.push(
        `- LDAP_BIND_PASSWORD is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
      )
    }
    if (!LDAP_USERS_BASE_DN) {
      errors.push(
        `- LDAP_USERS_BASE_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
      )
    }
    if (!LDAP_GROUPS_BASE_DN) {
      errors.push(
        `- LDAP_GROUPS_BASE_DN is required for AUTH_MECHANISM '${AuthProviderType.LDAP}'`
      )
    }
  }
  return errors
 }
 const DEFAULTS = {
  MODE: ModeType.Desktop,
  AUTH_MECHANISM: AuthProviderType.Internal,
  PROTOCOL: ProtocolType.HTTP,
  PORT: '5000',
  HELMET_COEP: HelmetCoepType.TRUE,
--- a/api/tsoa.json
+++ b/api/tsoa.json
@@ -15,6 +15,10 @@
        "name": "Auth",
        "description": "Operations about auth"
      },
      {
        "name": "Auth_Config",
        "description": "Operations about external auth providers"
      },
      {
        "name": "Client",
        "description": "Operations about clients"
--- a/web/src/containers/Settings/authConfig.tsx
+++ b/web/src/containers/Settings/authConfig.tsx
@@ -0,0 +1,151 @@
 import React, { useEffect, useState } from 'react'
 import axios from 'axios'
 import {
  Box,
  Grid,
  CircularProgress,
  Card,
  CardHeader,
  Divider,
  CardContent,
  TextField,
  CardActions,
  Button,
  Typography
 } from '@mui/material'
 import { toast } from 'react-toastify'
 const AuthConfig = () => {
  const [isLoading, setIsLoading] = useState(false)
  const [authDetail, setAuthDetail] = useState<any>({})
  useEffect(() => {
    setIsLoading(true)
    axios
      .get(`/SASjsApi/authConfig`)
      .then((res: any) => {
        setAuthDetail(res.data)
      })
      .catch((err) => {
        toast.error('Failed: ' + err.response?.data || err.text, {
          theme: 'dark',
          position: toast.POSITION.BOTTOM_RIGHT
        })
      })
      .finally(() => setIsLoading(false))
  }, [])
  const synchronizeWithLDAP = () => {
    setIsLoading(true)
    axios
      .post(`/SASjsApi/authConfig/synchronizeWithLDAP`)
      .then((res: any) => {
        const { userCount, groupCount } = res.data
        toast.success(
          `Imported ${userCount} ${
            userCount > 1 ? 'users' : 'user'
          } and ${groupCount} ${groupCount > 1 ? 'groups' : 'group'}`,
          {
            theme: 'dark',
            position: toast.POSITION.BOTTOM_RIGHT
          }
        )
      })
      .catch((err) => {
        toast.error('Failed: ' + err.response?.data || err.text, {
          theme: 'dark',
          position: toast.POSITION.BOTTOM_RIGHT
        })
      })
      .finally(() => setIsLoading(false))
  }
  return isLoading ? (
    <CircularProgress
      style={{ position: 'absolute', left: '50%', top: '50%' }}
    />
  ) : (
    <Box>
      {Object.entries(authDetail).length === 0 && (
        <Typography>No external Auth Provider is used</Typography>
      )}
      {authDetail.ldap && (
        <Card>
          <CardHeader title="LDAP Authentication" />
          <Divider />
          <CardContent>
            <Grid container spacing={4}>
              <Grid item md={6} xs={12}>
                <TextField
                  fullWidth
                  label="LDAP_URL"
                  name="LDAP_URL"
                  value={authDetail.ldap.LDAP_URL}
                  variant="outlined"
                  disabled
                />
              </Grid>
              <Grid item md={6} xs={12}>
                <TextField
                  fullWidth
                  label="LDAP_BIND_DN"
                  name="LDAP_BIND_DN"
                  value={authDetail.ldap.LDAP_BIND_DN}
                  variant="outlined"
                  disabled={true}
                />
              </Grid>
              <Grid item md={6} xs={12}>
                <TextField
                  fullWidth
                  label="LDAP_BIND_PASSWORD"
                  name="LDAP_BIND_PASSWORD"
                  type="password"
                  value={authDetail.ldap.LDAP_BIND_PASSWORD}
                  variant="outlined"
                  disabled
                />
              </Grid>
              <Grid item md={6} xs={12}>
                <TextField
                  fullWidth
                  label="LDAP_USERS_BASE_DN"
                  name="LDAP_USERS_BASE_DN"
                  value={authDetail.ldap.LDAP_USERS_BASE_DN}
                  variant="outlined"
                  disabled={true}
                />
              </Grid>
              <Grid item md={6} xs={12}>
                <TextField
                  fullWidth
                  label="LDAP_GROUPS_BASE_DN"
                  name="LDAP_GROUPS_BASE_DN"
                  value={authDetail.ldap.LDAP_GROUPS_BASE_DN}
                  variant="outlined"
                  disabled={true}
                />
              </Grid>
            </Grid>
          </CardContent>
          <Divider />
          <CardActions>
            <Button
              type="submit"
              variant="contained"
              onClick={synchronizeWithLDAP}
            >
              Synchronize
            </Button>
          </CardActions>
        </Card>
      )}
    </Box>
  )
 }
 export default AuthConfig
--- a/web/src/containers/Settings/index.tsx
+++ b/web/src/containers/Settings/index.tsx
@@ -7,6 +7,7 @@ import TabPanel from '@mui/lab/TabPanel'
 import Permission from './permission'
 import Profile from './profile'
 import AuthConfig from './authConfig'
 import { AppContext, ModeType } from '../../context/appContext'
 import PermissionsContextProvider from '../../context/permissionsContext'
@@ -59,6 +60,9 @@ const Settings = () => {
            {appContext.mode === ModeType.Server && (
              <StyledTab label="Permissions" value="permission" />
            )}
            {appContext.mode === ModeType.Server && appContext.isAdmin && (
              <StyledTab label="Auth Config" value="auth_config" />
            )}
          </TabList>
        </Box>
        <StyledTabpanel value="profile">
@@ -69,6 +73,9 @@ const Settings = () => {
            <Permission />
          </PermissionsContextProvider>
        </StyledTabpanel>
        <StyledTabpanel value="auth_config">
          <AuthConfig />
        </StyledTabpanel>
      </TabContext>
    </Box>
  )
--- a/web/src/containers/Studio/internal/helper.ts
+++ b/web/src/containers/Studio/internal/helper.ts
@@ -31,7 +31,7 @@ export const programPathInjection = (
      return `._PROGRAM = '${path}';\n${code}`
    }
    if (runtime === RunTimeType.SAS) {
-      return `%let _program = '${path}';\n${code}`
+      return `%let _program = ${path};\n${code}`
    }
  }
--- a/web/src/containers/Studio/internal/hooks/useEditor.ts
+++ b/web/src/containers/Studio/internal/hooks/useEditor.ts
@@ -236,7 +236,9 @@ const useEditor = ({
  useEffect(() => {
    if (selectedFilePath) {
      setIsLoading(true)
-      setSelectedFileExtension(selectedFilePath.split('.').pop() ?? '')
+      setSelectedFileExtension(
        selectedFilePath.split('.').pop()?.toLowerCase() ?? ''
      )
      axios
        .get(`/SASjsApi/drive/file?_filePath=${selectedFilePath}`)
        .then((res: any) => {
@@ -270,8 +272,8 @@ const useEditor = ({
  }, [fileContent, selectedFilePath])
  useEffect(() => {
-    if (runTimes.includes(selectedFileExtension))
+    const fileExtension = selectedFileExtension.toLowerCase()
-      setSelectedRunTime(selectedFileExtension)
+    if (runTimes.includes(fileExtension)) setSelectedRunTime(fileExtension)
  }, [selectedFileExtension, runTimes])
  return {
Author	SHA1	Message	Date
semantic-release-bot	d1c1a59e91	chore(release): 0.22.0 [skip ci] # [0.22.0](https://github.com/sasjs/server/compare/v0.21.7...v0.22.0) (2022-10-03) ### Bug Fixes * do not throw error on deleting group when it is created by an external auth provider ([`68f0c5c`](`68f0c5c588`)) * no need to restrict api endpoints when ldap auth is applied ([`a142660`](`a14266077d`)) * remove authProvider attribute from user and group payload interface ([`bbd7786`](`bbd7786c6c`)) ### Features * implemented LDAP authentication ([`f915c51`](`f915c51b07`))	2022-10-03 12:13:18 +00:00
Allan Bowe	668aff83fd	Merge pull request #293 from sasjs/ldap feat: integratedLDAP authentication	2022-10-03 13:09:07 +01:00
Sabir Hassan	3fc06b80fc	chore: add specs	2022-10-01 16:08:29 +05:00
Sabir Hassan	bbd7786c6c	fix: remove authProvider attribute from user and group payload interface	2022-10-01 15:06:55 +05:00
Sabir Hassan	68f0c5c588	fix: do not throw error on deleting group when it is created by an external auth provider	2022-10-01 14:52:36 +05:00
semantic-release-bot	69ddf313b8	chore(release): 0.21.7 [skip ci] ## [0.21.7](https://github.com/sasjs/server/compare/v0.21.6...v0.21.7) (2022-09-30) ### Bug Fixes * csrf package is changed to pillarjs-csrf ([`fe3e508`](`fe3e5088f8`))	2022-09-30 21:44:16 +00:00
Saad Jutt	65e404cdbd	Merge pull request #294 from sasjs/csrf-package-migration fix: csrf package is changed to pillarjs-csrf	2022-10-01 02:39:06 +05:00
Sabir Hassan	a14266077d	fix: no need to restrict api endpoints when ldap auth is applied	2022-09-30 14:41:09 +05:00
Saad Jutt	fda6ad6356	chore(csrf): removed _csrf completely	2022-09-30 03:07:21 +05:00
Saad Jutt	fe3e5088f8	fix: csrf package is changed to pillarjs-csrf	2022-09-29 20:33:30 +05:00
Sabir Hassan	f915c51b07	feat: implemented LDAP authentication	2022-09-29 18:41:28 +05:00
semantic-release-bot	375f924f45	chore(release): 0.21.6 [skip ci] ## [0.21.6](https://github.com/sasjs/server/compare/v0.21.5...v0.21.6) (2022-09-23) ### Bug Fixes * in getTokensFromDB handle the scenario when tokens are expired ([`40f95f9`](`40f95f9072`))	2022-09-23 09:33:49 +00:00
Allan Bowe	72329e30ed	Merge pull request #291 from sasjs/issue-290 fix: in getTokensFromDB handle the scenario when tokens are expired	2022-09-23 10:29:51 +01:00
Sabir Hassan	40f95f9072	fix: in getTokensFromDB handle the scenario when tokens are expired	2022-09-23 09:35:30 +05:00
semantic-release-bot	58e8a869ef	chore(release): 0.21.5 [skip ci] ## [0.21.5](https://github.com/sasjs/server/compare/v0.21.4...v0.21.5) (2022-09-22) ### Bug Fixes * made files extensions case insensitive ([`2496043`](`249604384e`))	2022-09-22 15:50:53 +00:00
Allan Bowe	b558a3d01d	Merge pull request #289 from sasjs/issue-288 fix: made files extensions case insensitive	2022-09-22 16:47:00 +01:00
Sabir Hassan	249604384e	fix: made files extensions case insensitive	2022-09-22 20:37:16 +05:00
semantic-release-bot	056a436e10	chore(release): 0.21.4 [skip ci] ## [0.21.4](https://github.com/sasjs/server/compare/v0.21.3...v0.21.4) (2022-09-21) ### Bug Fixes * removing single quotes from _program value ([`a0e7875`](`a0e7875ae6`))	2022-09-21 20:02:09 +00:00
Allan Bowe	06d59c618c	Merge pull request #287 from sasjs/varfix fix: removing single quotes from _program value	2022-09-21 20:58:28 +01:00
Allan Bowe	a0e7875ae6	fix: removing single quotes from _program value	2022-09-21 19:57:32 +00:00
semantic-release-bot	24966e695a	chore(release): 0.21.3 [skip ci] ## [0.21.3](https://github.com/sasjs/server/compare/v0.21.2...v0.21.3) (2022-09-21) ### Bug Fixes * return same tokens if not expired ([`330c020`](`330c020933`))	2022-09-21 17:49:49 +00:00
Allan Bowe	5c40d8a342	Merge pull request #286 from sasjs/issue-279 fix: return same tokens if not expired	2022-09-21 18:46:07 +01:00
Sabir Hassan	6f5566dabb	chore: lint fix	2022-09-21 22:29:50 +05:00
Sabir Hassan	d93470d183	chore: improve code	2022-09-21 22:27:27 +05:00
Sabir Hassan	330c020933	fix: return same tokens if not expired	2022-09-21 22:12:03 +05:00
munja	a810f6c7cf	chore(docs): updating swagger definitions	2022-09-21 11:08:12 +01:00