feat(active-directory): create @verdaccio/active-directory plugin

Author: sergiohgz

plugins/active-directory/.babelrc

@@ -0,0 +1,5 @@
+{
+  "presets": [
+    ["@verdaccio", { "typescript": true }]
+  ]
+}

plugins/active-directory/.eslintignore

@@ -0,0 +1 @@
+lib/

plugins/active-directory/.gitignore

@@ -0,0 +1 @@
+lib/

plugins/active-directory/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Verdaccio
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

plugins/active-directory/README.md

@@ -0,0 +1,29 @@
+# @verdaccio/active-directory
+
+Active Directory authentication plugin for Verdaccio
+
+## Installation
+
+```bash
+npm install -g @verdaccio/active-directory
+```
+
+## Config
+
+This settings can be set in `config.yaml`. All fields are mandatory except `groupName`, which is optional, to add security group(s). Also, this optional field can be a single string or a list of strings. Take care that, when defining `groupName` key, the user that will be authenticating must be in, at least, one of the groups defined, to authenticate successfully.
+
+```yaml
+auth:
+  activedirectory:
+    url: "ldap://localhost"
+    baseDN: 'dc=local,dc=host'
+    domainSuffix: 'local.host'
+    # groupName: 'singleGroup' # optional, single group syntax
+    # groupName:               # optional, multiple groups syntax
+    #   - 'group1'
+    #   - 'group2'
+```
+
+## License
+
+@verdaccio/active-directory is an open source project with [MIT license](LICENSE)

plugins/active-directory/jest.config.js

@@ -0,0 +1,11 @@
+module.exports = {
+  name: 'memory-storage-jest',
+  moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx'],
+  transform: {
+    '^.+\\.(js|jsx|ts|tsx)$': 'babel-jest',
+  },
+  testPathIgnorePatterns: ['lib'],
+  verbose: true,
+  collectCoverage: true,
+  coveragePathIgnorePatterns: ['node_modules', 'lib'],
+};

plugins/active-directory/jestEnvironment.js

@@ -0,0 +1 @@
+require.requireActual('babel/polyfill');

plugins/active-directory/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@verdaccio/active-directory",
+  "version": "8.0.0-next.3",
+  "description": "Active Directory authentication plugin for Verdaccio",
+  "keywords": [
+    "verdaccio",
+    "active-directory",
+    "auth",
+    "plugin"
+  ],
+  "author": "Sergio Herrera <sergio@sergiohgz.eu>",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "files": [
+    "lib"
+  ],
+  "engines": {
+    "node": ">=8"
+  },
+  "dependencies": {
+    "activedirectory2": "1.2.7"
+  },
+  "devDependencies": {
+    "@types/activedirectory2": "^1.2.0",
+    "@verdaccio/babel-preset": "^8.0.0-next.2",
+    "@verdaccio/eslint-config": "^8.0.0-next.2",
+    "@verdaccio/types": "^8.0.0-next.2"
+  },
+  "scripts": {
+    "build": "npm run build:types && npm run build:js",
+    "build:js": "babel src --out-dir lib --extensions \".ts,.tsx\" --source-maps inline",
+    "build:types": "tsc --emitDeclarationOnly",
+    "lint": "eslint \"**/*.{js,ts}\"",
+    "lint:stage": "lint-staged",
+    "test": "jest",
+    "type-check": "tsc --noEmit",
+    "type-check:watch": "npm run type-check -- --watch"
+  },
+  "lint-staged": {
+    "**/*.{js,ts}": [
+      "eslint --fix",
+      "git add"
+    ]
+  }
+}

plugins/active-directory/src/active-directory.ts

@@ -0,0 +1,80 @@
+import { Callback, IPluginAuth, Logger } from '@verdaccio/types';
+import ActiveDirectory from 'activedirectory2';
+
+export const NotAuthMessage = 'AD - Active Directory authentication failed';
+
+export interface ActiveDirectoryConfig {
+  url: string;
+  baseDN: string;
+  domainSuffix: string;
+  groupName?: string | string[];
+}
+
+class ActiveDirectoryPlugin implements IPluginAuth<ActiveDirectoryConfig> {
+  private config: ActiveDirectoryConfig;
+  private logger: Logger;
+
+  public constructor(config: ActiveDirectoryConfig, opts: { logger: Logger }) {
+    this.config = config;
+    this.logger = opts.logger;
+  }
+
+  public authenticate(user: string, password: string, cb: Callback): void {
+    const username = `${user}@${this.config.domainSuffix}`;
+
+    const connectionConfig = {
+      ...this.config,
+      domainSuffix: undefined,
+      username,
+      password,
+    };
+
+    const connection = new ActiveDirectory(connectionConfig);
+
+    connection.authenticate(username, password, (err, isAuthenticated): void => {
+      if (err) {
+        this.logger.warn(`AD - Active Directory authentication failed with error: ${err}`);
+        return cb(err);
+      }
+
+      if (!isAuthenticated) {
+        this.logger.warn(NotAuthMessage);
+        return cb(new Error(NotAuthMessage));
+      }
+
+      const { groupName } = this.config;
+      if (!groupName) {
+        this.logger.info('AD - Active Directory authentication succeeded');
+        cb(null, [user]);
+      } else {
+        // TODO check for updates on @types/activedirectory2 or add types for this fn
+        // @ts-ignore
+        connection.getGroupMembershipForUser(username, (err, groups: object[]): void => {
+          if (err) {
+            this.logger.warn(`AD - Active Directory group check failed with error: ${err}`);
+            return cb(err);
+          }
+
+          const requestedGroups = Array.isArray(groupName) ? groupName : [groupName];
+          const matchingGroups = requestedGroups.filter((requestedGroup): boolean =>
+            groups.some((group: any): boolean => requestedGroup === group.cn || requestedGroup === group.dn)
+          );
+
+          if (matchingGroups.length <= 0) {
+            const notMemberMessage = `AD - User ${user} is not member of group(s): ${requestedGroups.join(', ')}`;
+
+            this.logger.warn(notMemberMessage);
+            cb(new Error(notMemberMessage));
+          } else {
+            this.logger.info(
+              `AD - Active Directory authentication succeeded in group(s): ${matchingGroups.join(', ')}`
+            );
+            cb(null, [...matchingGroups, user]);
+          }
+        });
+      }
+    });
+  }
+}
+
+export default ActiveDirectoryPlugin;

plugins/active-directory/src/index.ts

@@ -0,0 +1,5 @@
+import ActiveDirectory from './active-directory';
+
+export { ActiveDirectory };
+
+export default ActiveDirectory;