merge: conflict

.github/workflows/ldap-sync.yml

@@ -0,0 +1,15 @@
+name: ldap-sync-build
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - "tdrive/backend/utils/**"
+
+jobs:
+  ldap-sync-build:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build ldap sync
+        run: cd tdrive/backend/utils/ldap-sync && npm i && npm run build

.github/workflows/publish-ldap-sync.yml

@@ -0,0 +1,32 @@
+name: publish-ldap-sync
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "tdrive/backend/utils/ldap-sync/**"
+      - "tdrive/docker/**"
+
+jobs:
+  publish-node:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Set env to production
+        if: endsWith(github.ref, '/main')
+        run: 'echo "DOCKERTAG=latest" >> $GITHUB_ENV'
+      - name: "Push to the registry following labels:"
+        run: |
+          echo "${{ env.DOCKERTAG }},${{ env.DOCKERTAGVERSION }}"
+      - uses: actions/checkout@v2
+      - name: Publish to Registry
+        uses: elgohr/Publish-Docker-Github-Action@v5
+        with:
+          name: tdrive/tdrive-ldap-sync
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+          workdir: tdrive
+          registry: docker-registry.linagora.com
+          context: .
+          target: production
+          buildoptions: "-t docker-registry.linagora.com/tdrive/tdrive-ldap-sync -f docker/tdrive-ldap-sync/Dockerfile"
+          tags: "${{ env.DOCKERTAG }},${{ env.DOCKERTAGVERSION }}"

tdrive/backend/node/config/custom-environment-variables.json

@@ -27,7 +27,8 @@
   "websocket": {
     "auth": {
       "jwt": {
-        "secret": "AUTH_JWT_SECRET"
+        "secret": "AUTH_JWT_SECRET",
+        "expiration": "AUTH_JWT_EXPIRATION"
       }
     }
   },

tdrive/backend/node/config/default.json

@@ -81,7 +81,7 @@
      }
   },
   "database":{
-     "secret":"ab63bb3e90c0271c9a1c06651a7c0967eab8851a7a897766",
+     "secret":"",
      "type":"cassandra",
      "mongodb":{
         "uri":"mongodb://mongo:27017",

tdrive/backend/node/package.json

@@ -105,6 +105,7 @@
     "@fastify/caching": "^7.0.0",
     "@fastify/formbody": "^6.0.0",
     "@fastify/static": "^5.0.1",
+    "@fastify/cookie": "^6.0.0",
     "@ffprobe-installer/ffprobe": "^1.4.1",
     "@sentry/node": "^6.19.7",
     "@sentry/tracing": "^6.19.7",

tdrive/backend/node/src/core/platform/services/auth/web/jwt.ts

@@ -1,12 +1,18 @@
 import { FastifyPluginCallback, FastifyRequest } from "fastify";
 import fastifyJwt from "fastify-jwt";
+import cookie from "@fastify/cookie";
 import fp from "fastify-plugin";
 import config from "../../../../config";
 import { JwtType } from "../../types";
 
 const jwtPlugin: FastifyPluginCallback = (fastify, _opts, next) => {
+  fastify.register(cookie);
   fastify.register(fastifyJwt, {
     secret: config.get("auth.jwt.secret"),
+    cookie: {
+      cookieName: "X-AuthToken",
+      signed: false,
+    },
   });
 
   const authenticate = async (request: FastifyRequest) => {

tdrive/backend/node/src/core/platform/services/webserver/error.ts

@@ -9,7 +9,7 @@ function serverErrorHandler(server: FastifyInstance): void {
         ? {
             statusCode: reply.statusCode,
             error: "Internal Server Error",
-            message: "Something went wrong",
+            message: "Something went wrong, " + err.message,
             requestId: request.id,
           }
         : err,

tdrive/backend/node/src/services/applications-api/web/controllers/index.ts

@@ -8,18 +8,19 @@ import {
   RealtimeBaseBusEvent,
 } from "../../../../core/platform/services/realtime/types";
 import { ResourceGetResponse } from "../../../../utils/types";
-import { getInstance } from "../../../user/entities/user";
 import {
   ApplicationObject,
   getApplicationObject,
 } from "../../../applications/entities/application";
 import gr from "../../../global-resolver";
+import { logger } from "../../../../core/platform/framework/logger";
 import {
   ApplicationApiExecutionContext,
   ApplicationLoginRequest,
   ApplicationLoginResponse,
   ConfigureRequest,
 } from "../types";
+import { ConsoleHookUser } from "src/services/console/types";
 
 export class ApplicationsApiController {
   async token(
@@ -171,45 +172,18 @@ export class ApplicationsApiController {
         email: string;
         first_name: string;
         last_name: string;
-        application_id: string;
-        company_id: string;
       };
     }>,
   ): Promise<any> {
-    const email = request.body.email.trim().toLocaleLowerCase();
-    const checkApplication = gr.services.applications.companyApps.get({
-      application_id: request.body.application_id,
-      company_id: request.body.company_id,
-    });
-
-    if (!checkApplication) {
-      throw new Error("Application is not allowed to sync users for this company.");
-    }
-
-    if (await gr.services.users.getByEmail(email)) {
-      throw new Error("This email is already used");
-    }
-
     try {
-      const newUser = getInstance({
-        first_name: request.body.first_name,
-        last_name: request.body.last_name,
-        email_canonical: email,
-        username_canonical: (email.replace("@", ".") || "").toLocaleLowerCase(),
-        phone: "",
-        identity_provider: "console",
-        identity_provider_id: email,
-        mail_verified: true,
-      });
-      const user = await gr.services.users.create(newUser);
-
-      await gr.services.companies.setUserRole(request.body.company_id, user.entity.id, "admin");
-
-      await gr.services.users.save(user.entity, {
-        user: { id: user.entity.id, server_request: true },
-      });
+      await gr.services.console.getClient().updateLocalUserFromConsole({
+        email: request.body.email.trim().toLocaleLowerCase(),
+        name: request.body.first_name,
+        surname: request.body.last_name,
+      } as ConsoleHookUser);
     } catch (err) {
-      throw new Error("An unknown error occured");
+      logger.error(err);
+      throw err;
     }
     return {};
   }

tdrive/backend/node/src/services/console/clients/remote.ts

@@ -1,4 +1,3 @@
-import { AxiosInstance } from "axios";
 import { ConsoleServiceClient } from "../client-interface";
 import {
   ConsoleCompany,
@@ -26,7 +25,6 @@ import config from "config";
 import { CompanyUserRole } from "src/services/user/web/types";
 export class ConsoleRemoteClient implements ConsoleServiceClient {
   version: "1";
-  client: AxiosInstance;
 
   private infos: ConsoleOptions;
   private verifier: OidcJwtVerifier;
@@ -101,12 +99,13 @@ export class ConsoleRemoteClient implements ConsoleServiceClient {
       throw CrudException.badRequest("User not found on Console");
     }
 
-    const roles = userDTO.roles.filter(
-      role => role.applications === undefined || role.applications.find(a => a.code === "tdrive"),
-    );
-
-    //REMOVE LATER
-    logger.info(`Roles are: ${roles}.`);
+    if (userDTO.roles) {
+      const roles = userDTO.roles.filter(
+        role => role.applications === undefined || role.applications.find(a => a.code === "tdrive"),
+      );
+      //REMOVE LATER
+      logger.info(`Roles are: ${roles}.`);
+    }
 
     let user = await gr.services.users.getByConsoleId(userDTO.email);
 
@@ -153,7 +152,9 @@ export class ConsoleRemoteClient implements ConsoleServiceClient {
       user.preferences.timezone = coalesce(userDTO.preference.timeZone, user.preferences?.timezone);
     }
 
-    user.picture = userDTO.avatar.value;
+    if (userDTO.avatar) {
+      user.picture = userDTO.avatar.value;
+    }
 
     await gr.services.users.save(user);
 

tdrive/backend/node/src/services/documents/web/routes.ts

@@ -83,14 +83,14 @@ const routes: FastifyPluginCallback = (fastify: FastifyInstance, _options, next)
   fastify.route({
     method: "GET",
     url: `${serviceUrl}/:id/download`,
-    preValidation: [fastify.authenticateOptional],
+    preValidation: [fastify.authenticate],
     handler: documentsController.download.bind(documentsController),
   });
 
   fastify.route({
     method: "GET",
     url: `${serviceUrl}/download/zip`,
-    preValidation: [fastify.authenticateOptional],
+    preValidation: [fastify.authenticate],
     handler: documentsController.downloadZip.bind(documentsController),
   });
 

tdrive/backend/utils/ldap-sync/.env.example

@@ -0,0 +1,10 @@
+LDAP_URL=ldap://localhost:389
+LDAP_BIND_DN=
+LDAP_BIND_CREDENTIALS=
+LDAP_SEARCH_BASE=dc=example,dc=com
+LDAP_SEARCH_FILTER=(objectClass=inetorgperson)
+API_URL=http://tdrive:4000/api/sync
+TDRIVE_URL=http://tdrive:4000/
+TDRIVE_CREDENTIALS_ID=application-name
+TDRIVE_CREDENTIALS_SECRET=application-secret
+LDAP_ATTRIBUTE_MAPPINGS={"firstName": "givenName", "lastName": "sn", "email": "mail"}

tdrive/backend/utils/ldap-sync/.nvmrc

@@ -0,0 +1 @@
+18

tdrive/backend/utils/ldap-sync/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "ldap_project",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "type": "module",
+  "scripts": {
+    "build": "npm run build:clean && npm run build:ts",
+    "build:ts": "tsc",
+    "build:clean": "rimraf ./dist",
+    "sync": "node dist/index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "axios": "^1.4.0",
+    "dotenv": "^16.0.3",
+    "ldapjs": "^3.0.2"
+  },
+  "devDependencies": {
+    "@types/ldapjs": "^2.2.5",
+    "typescript": "^5.0.4",
+    "rimraf": "^3.0.2"
+  }
+}