diff --git a/backend/src/app/rpc/mutations/ldap.clj b/backend/src/app/rpc/mutations/ldap.clj index d327589d8..d982a30b0 100644 --- a/backend/src/app/rpc/mutations/ldap.clj +++ b/backend/src/app/rpc/mutations/ldap.clj @@ -13,11 +13,20 @@ [app.loggers.audit :as audit] [app.rpc.mutations.profile :as profile-m] [app.rpc.queries.profile :as profile-q] + [app.util.logging :as l] [app.util.services :as sv] [clj-ldap.client :as ldap] [clojure.spec.alpha :as s] [clojure.string])) + +(s/def ::fullname ::us/not-empty-string) +(s/def ::email ::us/email) +(s/def ::backend ::us/not-empty-string) + +(s/def ::info-data + (s/keys :req-un [::fullname ::email ::backend])) + (defn ^java.lang.AutoCloseable connect [] (let [params {:ssl? (cfg/get :ldap-ssl) @@ -57,6 +66,13 @@ (ex/raise :type :validation :code :wrong-credentials)) + (when-not (s/valid? ::info-data info) + (let [explain (s/explain-str ::info-data info)] + (l/warn ::l/raw (str "invalid response from ldap, looks like ldap is not configured correctly\n" explain)) + (ex/raise :type :restriction + :code :wrong-ldap-response + :reason explain))) + (let [profile (login-or-register cfg {:email (:email info) :backend (:backend info) :fullname (:fullname info)})] @@ -94,7 +110,9 @@ (cfg/get :ldap-attrs-fullname)] base-dn (cfg/get :ldap-base-dn) - params {:filter query :sizelimit 1 :attributes attrs}] + params {:filter query + :sizelimit 1 + :attributes attrs}] (first (ldap/search cpool base-dn params)))) (defn- authenticate diff --git a/docker/devenv/docker-compose.yaml b/docker/devenv/docker-compose.yaml index b34f56b1c..c15bd7d00 100644 --- a/docker/devenv/docker-compose.yaml +++ b/docker/devenv/docker-compose.yaml @@ -92,6 +92,7 @@ services: ports: - "1080:1080" + # https://github.com/rroemhild/docker-test-openldap ldap: image: rroemhild/test-openldap:2.1 expose: