Merge remote-tracking branch 'shasler/ldap-replace-uid' into fix-uid

ldap-overleaf-sl/sharelatex/AuthenticationManager.js

@@ -11,6 +11,7 @@ const util = require('util')
 
 const { Client } = require('ldapts');
 const ldapEscape = require('ldap-escape');
+
 // https://www.npmjs.com/package/@overleaf/o-error
 // have a look if we can do nice error messages.
 
@@ -110,7 +111,7 @@ const AuthenticationManager = {
   },
 
   validateEmail(email) {
-    // we use the emailadress from the ldap 
+    // we use the emailadress from the ldap
     // therefore we do not enforce checks here
     const parsed = EmailHelper.parseEmail(email)
     //if (!parsed) {
@@ -203,7 +204,7 @@ const AuthenticationManager = {
     //if (!user || !user.email || !user._id) {
     //  return callback(new Error('invalid user object'))
     //}
-    
+
     console.log("Setting pass for user: " + JSON.stringify(user))
     const validationError = this.validatePassword(password, user.email)
     if (validationError) {
@@ -273,10 +274,10 @@ const AuthenticationManager = {
     const ldap_reader = process.env.LDAP_BIND_USER
     const ldap_reader_pass = process.env.LDAP_BIND_PW
     const ldap_base = process.env.LDAP_BASE
-    var mail = query.email
-    var uid = query.email.split('@')[0]
-    const filterstr = '(&' + process.env.LDAP_GROUP_FILTER + '(' + ldapEscape.filter`uid=${uid}` + '))'
-    var userDn = "" //'uid=' + uid + ',' + ldap_bd;
+    var uid = query.email
+    const filterstr = process.env.LDAP_GROUP_FILTER.replaceAll('%u', ldapEscape.filter`${uid}`)
+    const userDn = ldapEscape.filter`uid=${uid}` + ',' + ldap_bd;
+    var mail = ""
     var firstname = ""
     var lastname = ""
     var isAdmin = false
@@ -306,15 +307,15 @@ const AuthenticationManager = {
       }
     } catch (ex) {
       console.log("An Error occured while getting user data during ldapsearch: " + String(ex))
-        await client.unbind();
-        return callback(null, null)
+      await client.unbind();
+      return callback(null, null)
     }
 
     try {
       // if admin filter is set - only set admin for user in ldap group
       // does not matter - admin is deactivated: managed through ldap
       if (process.env.LDAP_ADMIN_GROUP_FILTER) {
-        const adminfilter = '(&' + process.env.LDAP_ADMIN_GROUP_FILTER + '(' +ldapEscape.filter`uid=${uid}` + '))'
+        const adminfilter = process.env.LDAP_ADMIN_GROUP_FILTER.replaceAll('%u', ldapEscape.filter`${uid}`)
         adminEntry = await client.search(ldap_base, {
           scope: 'sub',
           filter: adminfilter,

ldap-overleaf-sl/sharelatex/admin-sysadmin.pug

@@ -0,0 +1,79 @@
+extends ../layout
+
+block content
+	.content.content-alt
+		.container
+			.row
+				.col-xs-12
+					.card(ng-controller="RegisterUsersController")
+						.page-header
+							h1 Admin Panel
+						tabset(ng-cloak)
+							tab(heading="System Messages")
+								each message in systemMessages
+									.alert.alert-info.row-spaced(ng-non-bindable) #{message.content}
+								hr
+								form(method='post', action='/admin/messages')
+									input(name="_csrf", type="hidden", value=csrfToken)
+									.form-group
+										label(for="content")
+										input.form-control(name="content", type="text", placeholder="Message...", required)
+									button.btn.btn-primary(type="submit") Post Message
+								hr
+								form(method='post', action='/admin/messages/clear')
+									input(name="_csrf", type="hidden", value=csrfToken)
+									button.btn.btn-danger(type="submit") Clear all messages
+
+
+							tab(heading="Register non LDAP User")
+								form.form
+								.row
+									.col-md-4.col-xs-8
+										input.form-control(
+										name="email",
+										type="text",
+										placeholder="jane@example.com, joe@example.com",
+										ng-model="inputs.emails",
+										on-enter="registerUsers()"
+									)
+									.col-md-8.col-xs-4
+										button.btn.btn-primary(ng-click="registerUsers()") #{translate("register")}
+
+									.row-spaced(ng-show="error").ng-cloak.text-danger
+										p Sorry, an error occured
+
+									.row-spaced(ng-show="users.length > 0").ng-cloak.text-success
+										p We've sent out welcome emails to the registered users.
+										p You can also manually send them URLs below to allow them to reset their password and log in for the first time.
+										p (Password reset tokens will expire after one week and the user will need registering again).
+
+									hr(ng-show="users.length > 0").ng-cloak
+									table(ng-show="users.length > 0").table.table-striped.ng-cloak
+										tr
+												th #{translate("email")}
+												th Set Password Url
+										tr(ng-repeat="user in users")
+												td {{ user.email }}
+												td(style="word-break: break-all;") {{ user.setNewPasswordUrl }}
+							tab(heading="Open/Close Editor" bookmarkable-tab="open-close-editor")
+								if hasFeature('saas')
+									| The "Open/Close Editor" feature is not available in SAAS.
+								else
+									.row-spaced
+										form(method='post',action='/admin/closeEditor')
+											input(name="_csrf", type="hidden", value=csrfToken)
+											button.btn.btn-danger(type="submit") Close Editor
+										p.small Will stop anyone opening the editor. Will NOT disconnect already connected users.
+
+									.row-spaced
+										form(method='post',action='/admin/disconnectAllUsers')
+											input(name="_csrf", type="hidden", value=csrfToken)
+											button.btn.btn-danger(type="submit") Disconnect all users
+										p.small Will force disconnect all users with the editor open. Make sure to close the editor first to avoid them reconnecting.
+
+									.row-spaced
+										form(method='post',action='/admin/openEditor')
+											input(name="_csrf", type="hidden", value=csrfToken)
+											button.btn.btn-danger(type="submit") Reopen Editor
+										p.small Will reopen the editor after closing.
+