-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key issues for v1.3.0 #17
Conversation
I find this easier to deal with than console logs when deploying to production environment. Also added a utility function so that JSON.stringify can be used w/o logging the bindCredentials or passwords.
I have been using winston logging...and I have not changed that (yet?). However the underlying ldapauth-fork and ldapjs use bunyan, and since I'm working on figuring out the connection errors I'm waning to use the logging already in those package. So adding that for the moment. Maybe later I'll swap out the current winston for bunyan? Addresses issue #6
Because the ldapauth-fork and ldapjs use bunyan, switching to that for general logging.
This is to address the ECONNRESET issue from ldapauth-fork. This solution is to bind and unbind from the ldap server for each authentication. Note: the /verify endpoint does NOT require any connection to ldap, only the /authenticate endpoint. Addresses issue #9
The unit tests for this project are written in python (I know..they should be in node since the rest of the project is in node). Because I had some python package version issues when running them today, I added info to create a virtual environment for running the tests.
A number of key events were logged at debug level, so promoted those to info or error level as appropriate. Also added some extra logging details regarding authorized groups that might be handy. These changes might be handy for analyzing security issues on the server (e.g. attack attempts).
One school of thought is 'ERROR' is an application error. With that in mind changing these to 'WARN'. This will also make it a little easier to grep the logs and find failed login attempts.
This saves a little space and makes the log easier to read.
The log object creates a circular reference and breaks JSON.stringify. So masking it in the replacer function for JSON.stringify.
Adding the option to configure the server to bind to LDAP using the authenticating user instead of a specific service account. Addresses #12
This is helpful in development, and will be used when DEBUG is set. Also removed the no-longer-used 'debug' setting.
This eliminates a number of vulnerabilities found by docker scout.
This is to avoid the `COPY . ./` in the Dockerfile.
Adding different build targets for development and production. This allows for development w/ handy things like vim and nodemon w/o adding bloat to the production build. Also adding a docker-compose file to simplify configuration (sometimes this is easier than `docker run`).
Build arguments with reasonable defaults used for non-root user. Addresses issue #14.
This should have been part of de49a5d.
This env is used by index.js to determine if it should use http or httpS. Use this to determine if server should use http or httpS.
This addresses issue #13.
This should have been part of de49a5d.
Moving these functions just to make the index.js file simpler.
I like to make those pretty websites of API documentation.
Adding this mock server to facilitate testing.
Moving the guts of the `/authenticate` and `/verify` routes to their own functions. This cleans up the logic in index.js and potentially makes things easier to test. Also did some refactoring within those handlers to make the code more clear, and added JSDoc.
This changes the hard-coded 'ldap-jwt' base path for the URL to be configurable. The default is 'ldap-jwt'.
If the user sends a garbage token, e.g. something that can't even be decoded, we want to send back a 401 (not a 500). Therefore adding this first try/catch in verifyHandler.
userInAuhorizedGroups and getGroupCN used to be exported from utils.js, and when used in index.js, were referenced with `ut.`. But that's no longer the case. This change should have been included a few commits ago.
Use supertest to directly test the application's main routes. This addresses issue #10. Removed the now-superseded python tests.
For running a GitHub Actions Worflow for CI testing, we don't need to run a docker container. We can just use a runner with node installed. With this in mind, giving setconfig the option to exit after writing the config file in a CI build, and for index.js to start the mock ldap server in a CI build.
I had this at the top level to start automatically in development...but moving it into __tests_ to make things cleaner. If a developer wants to use it for their testing, it's easy enough for them to add a few lines of code to do so.
Adding this to make it easier for people to run test suite.
Trying to debug the workflow dispatch.
I had been wondering why the workflow dispatch wasn't showing up in the browser. It's because it only shows up if the workflow is in the default branch of the project. So it should show up once this is merged into main.
This version adds non-breaking features.
This name just seems clearer
Tweaked code comments for clarity, added a variable or two to try and make the code easier to understand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've looked at all the code changes, but anticipate the Github action to do its testing.
Some of these commits should be flattened but perhaps not all of them, so we may not want to worry about that.
- Remind me about the "warn" loglevel.
Thanks for your input @ChrisWakefield Do you have a specific question about the warn log level? Maybe you're wondering why some log messages are |
This pull request addresses key features for v1.3.0 release:
In addition I did quite a bit of refactoring to make the code easier to test, maintain, and read.