Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9ffd6c0747 | |||
| 8381b9226e | |||
| 949b123e92 | |||
| d8c1f4795d |
@ -3,7 +3,7 @@
|
||||
# This source code is licensed under the MIT license found in the
|
||||
# LICENSE file in the root directory of this source tree.
|
||||
|
||||
FROM golang:1.12-alpine AS build
|
||||
FROM golang:1.13-alpine AS build
|
||||
|
||||
ARG VERSION
|
||||
ARG GOPROXY
|
||||
|
||||
2
go.mod
2
go.mod
@ -19,3 +19,5 @@ require (
|
||||
gopkg.in/asn1-ber.v1 v1.0.0-20170511165959-379148ca0225 // indirect
|
||||
gopkg.in/ldap.v2 v2.5.1
|
||||
)
|
||||
|
||||
go 1.13
|
||||
|
||||
@ -9,6 +9,7 @@ package ldapclient
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
@ -57,6 +58,7 @@ type Config struct {
|
||||
RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
|
||||
CacheSize int `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"`
|
||||
CacheTTL time.Duration `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"`
|
||||
IsTLS bool `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"`
|
||||
}
|
||||
|
||||
// Client is a LDAP client (compatible with Active Directory).
|
||||
@ -70,7 +72,7 @@ type Client struct {
|
||||
func New(cnf Config) *Client {
|
||||
return &Client{
|
||||
Config: cnf,
|
||||
connector: &ldapConnector{BaseDN: cnf.BaseDN, RoleBaseDN: cnf.RoleBaseDN},
|
||||
connector: &ldapConnector{BaseDN: cnf.BaseDN, RoleBaseDN: cnf.RoleBaseDN, IsTLS: cnf.IsTLS},
|
||||
cache: freecache.NewCache(cnf.CacheSize * 1024),
|
||||
}
|
||||
}
|
||||
@ -296,6 +298,7 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
|
||||
type ldapConnector struct {
|
||||
BaseDN string
|
||||
RoleBaseDN string
|
||||
IsTLS bool
|
||||
}
|
||||
|
||||
func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error) {
|
||||
@ -304,7 +307,17 @@ func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ldapcn := ldap.NewConn(tcpcn, false)
|
||||
|
||||
if c.IsTLS {
|
||||
tlscn, err := tls.DialWithDialer(&d, "tcp", addr, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tcpcn = tlscn
|
||||
}
|
||||
|
||||
ldapcn := ldap.NewConn(tcpcn, c.IsTLS)
|
||||
|
||||
ldapcn.Start()
|
||||
return &ldapConn{Conn: ldapcn, BaseDN: c.BaseDN, RoleBaseDN: c.RoleBaseDN}, nil
|
||||
}
|
||||
@ -331,7 +344,10 @@ func (c *ldapConn) SearchUser(user string, attrs ...string) ([]map[string]interf
|
||||
}
|
||||
|
||||
func (c *ldapConn) SearchUserRoles(user string, attrs ...string) ([]map[string]interface{}, error) {
|
||||
query := fmt.Sprintf("(&(objectClass=group)(member=%s))", user)
|
||||
query := fmt.Sprintf("(|"+
|
||||
"(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))"+
|
||||
"(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s))"+
|
||||
")", user)
|
||||
return c.searchEntries(c.RoleBaseDN, query, attrs)
|
||||
}
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
BIN
internal/web/templates/static/fonts/Roboto-Light.ttf
Normal file
BIN
internal/web/templates/static/fonts/Roboto-Light.ttf
Normal file
Binary file not shown.
BIN
internal/web/templates/static/fonts/Roboto-Light.woff
Normal file
BIN
internal/web/templates/static/fonts/Roboto-Light.woff
Normal file
Binary file not shown.
BIN
internal/web/templates/static/fonts/Roboto-Light.woff2
Normal file
BIN
internal/web/templates/static/fonts/Roboto-Light.woff2
Normal file
Binary file not shown.
@ -1,4 +1,40 @@
|
||||
@import url(https://fonts.googleapis.com/css?family=Roboto:300);
|
||||
/* cyrillic-ext */
|
||||
@font-face {
|
||||
font-family: 'Roboto';
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
src: local('Roboto Light'), local('Roboto-Light'), url('./fonts/Roboto-Light.ttf') format('ttf'),
|
||||
url('./fonts/Roboto-Light.woff') format('woff'), url('./fonts/Roboto-Light.woff2') format('woff2');
|
||||
unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
|
||||
}
|
||||
/* cyrillic */
|
||||
@font-face {
|
||||
font-family: 'Roboto';
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
src: local('Roboto Light'), local('Roboto-Light'), url('./fonts/Roboto-Light.ttf') format('ttf'),
|
||||
url('./fonts/Roboto-Light.woff') format('woff'), url('./fonts/Roboto-Light.woff2') format('woff2');
|
||||
unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
|
||||
}
|
||||
/* latin-ext */
|
||||
@font-face {
|
||||
font-family: 'Roboto';
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
src: local('Roboto Light'), local('Roboto-Light'), url('./fonts/Roboto-Light.ttf') format('ttf'),
|
||||
url('./fonts/Roboto-Light.woff') format('woff'), url('./fonts/Roboto-Light.woff2') format('woff2');
|
||||
unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
|
||||
}
|
||||
/* latin */
|
||||
@font-face {
|
||||
font-family: 'Roboto';
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
src: local('Roboto Light'), local('Roboto-Light'), url('./fonts/Roboto-Light.ttf') format('ttf'),
|
||||
url('./fonts/Roboto-Light.woff') format('woff'), url('./fonts/Roboto-Light.woff2') format('woff2');
|
||||
unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC,
|
||||
U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
|
||||
}
|
||||
|
||||
html {
|
||||
box-sizing: border-box;
|
||||
|
||||
Reference in New Issue
Block a user