feat(core): Add LDAP support (#3835)

2025-12-16 09:36:44 +00:00 · 2023-01-24 20:18:39 -05:00
parent 259296c5c9
commit 0c70a40317
77 changed files with 3686 additions and 192 deletions
--- a/packages/cli/src/auth/methods/email.ts
+++ b/packages/cli/src/auth/methods/email.ts
@@ -0,0 +1,32 @@
+import * as Db from '@/Db';
+import type { User } from '@db/entities/User';
+import { compareHash } from '@/UserManagement/UserManagementHelper';
+import { InternalHooksManager } from '@/InternalHooksManager';
+import * as ResponseHelper from '@/ResponseHelper';
+
+export const handleEmailLogin = async (
+	email: string,
+	password: string,
+): Promise<User | undefined> => {
+	const user = await Db.collections.User.findOne({
+		where: { email },
+		relations: ['globalRole', 'authIdentities'],
+	});
+
+	if (user?.password && (await compareHash(password, user.password))) {
+		return user;
+	}
+
+	// At this point if the user has a LDAP ID, means it was previously an LDAP user,
+	// so suggest to reset the password to gain access to the instance.
+	const ldapIdentity = user?.authIdentities?.find((i) => i.providerType === 'ldap');
+	if (user && ldapIdentity) {
+		void InternalHooksManager.getInstance().userLoginFailedDueToLdapDisabled({
+			user_id: user.id,
+		});
+
+		throw new ResponseHelper.AuthError('Reset your password to gain access to the instance.');
+	}
+
+	return undefined;
+};