Skip to content

N
Node Radius Server
Commit 5e5005cf authored by simon's avatar simon
Browse files
Options

fix: ldap auth failed auth and added test scripts

parent 9fe25a8b
Hide whitespace changes
Inline Side-by-side
Showing with 29 additions and 8 deletions
package.json
View file @ 5e5005cf
...@@ -7,7 +7,8 @@ ...@@ -7,7 +7,8 @@
"start": "../node/node dist/app.js", "start": "../node/node dist/app.js",
"build": "tsc", "build": "tsc",
"dev": "ts-node src/app.ts", "dev": "ts-node src/app.ts",
"test-ttls-pap": "eapol_test -c ./ttls-pap.conf -s testing123", "test-ttls-pap": "tests/eapol_test -c tests/ttls-pap.conf -s testing123",
"test-radtest": "radtest -x user pwd localhost 1812 testing123",
"create-certificate": "sh ./ssl/create.sh && sh ./ssl/sign.sh" "create-certificate": "sh ./ssl/create.sh && sh ./ssl/sign.sh"
}, },
"dependencies": { "dependencies": {
......
src/auth/google-ldap.ts
View file @ 5e5005cf
...@@ -76,7 +76,7 @@ export class GoogleLDAPAuth implements IAuthentication { ...@@ -76,7 +76,7 @@ export class GoogleLDAPAuth implements IAuthentication {
async authenticate(username: string, password: string, count = 0, forceFetching = false) { async authenticate(username: string, password: string, count = 0, forceFetching = false) {
const cacheKey = `usr:${username}|pwd:${password}`; const cacheKey = `usr:${username}|pwd:${password}`;
const fromCache = this.cache.get(cacheKey); const fromCache = this.cache.get(cacheKey);
if (fromCache) { if (fromCache !== undefined) {
return fromCache; return fromCache;
} }
...@@ -100,10 +100,11 @@ export class GoogleLDAPAuth implements IAuthentication { ...@@ -100,10 +100,11 @@ export class GoogleLDAPAuth implements IAuthentication {
if (!dnsFetched && !forceFetching) { if (!dnsFetched && !forceFetching) {
return this.authenticate(username, password, count, true); return this.authenticate(username, password, count, true);
} }
throw new Error(`invalid username, not found in DN: ${username}`); console.error(`invalid username, not found in DN: ${username}`);
return false;
} }
await new Promise((resolve, reject) => { const authResult: boolean = await new Promise((resolve, reject) => {
this.ldap.bind(dn, password, (err, res) => { this.ldap.bind(dn, password, (err, res) => {
if (err) { if (err) {
if (err && (err as any).stack && (err as any).stack.includes(`${this.url} closed`)) { if (err && (err as any).stack && (err as any).stack.includes(`${this.url} closed`)) {
...@@ -112,16 +113,18 @@ export class GoogleLDAPAuth implements IAuthentication { ...@@ -112,16 +113,18 @@ export class GoogleLDAPAuth implements IAuthentication {
setTimeout(() => resolve(this.authenticate(dn, password)), 2000); setTimeout(() => resolve(this.authenticate(dn, password)), 2000);
return; return;
} }
console.error('ldap error', err);
reject(err); resolve(false);
// console.error('ldap error', err);
// reject(err);
} }
if (res) resolve(res); if (res) resolve(res);
else reject(); else reject();
}); });
}); });
this.cache.set(cacheKey, true, 86400); this.cache.set(cacheKey, authResult, 86400);
return username; return authResult;
} }
} }
tests/ttls-pap.conf 0 → 100644
View file @ 5e5005cf
#
# eapol_test -c ttls-pap.conf -s testing123
#
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="user"
anonymous_identity="anonymous"
password="pwd"
phase2="auth=PAP"
#
# Uncomment the following to perform server certificate validation.
ca_cert="./ssl/cert/ca.pem"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment