sources/ldap: add optional tls verification certificate

closes #1875 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-03 10:09:13 +01:00
parent 99c62af89e
commit f1b9021e3e
8 changed files with 141 additions and 20 deletions
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@ -2608,6 +2608,7 @@ msgstr "Loading"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@ -4743,6 +4744,7 @@ msgstr "TLS Authentication Certificate"
 #~ msgstr "TLS Server name"

 #: src/pages/outposts/ServiceConnectionDockerForm.ts
+#: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "TLS Verification Certificate"
 msgstr "TLS Verification Certificate"

@ -5651,6 +5653,10 @@ msgstr "When a user returns from the email successfully, their account will be a
 msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
 msgstr "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."

+#: src/pages/sources/ldap/LDAPSourceForm.ts
+msgid "When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate."
+msgstr "When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate."
+
 #: src/pages/stages/email/EmailStageForm.ts
 msgid "When enabled, global Email connection settings will be used and connection settings below will be ignored."
 msgstr "When enabled, global Email connection settings will be used and connection settings below will be ignored."
--- a/web/src/locales/fr_FR.po
+++ b/web/src/locales/fr_FR.po
@ -2589,6 +2589,7 @@ msgstr "Chargement en cours"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@ -4699,6 +4700,7 @@ msgstr "Certificat TLS d'authentification"
 #~ msgstr "Nom TLS du serveur"

 #: src/pages/outposts/ServiceConnectionDockerForm.ts
+#: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "TLS Verification Certificate"
 msgstr "Certificat de vérification TLS"

@ -5594,6 +5596,10 @@ msgstr "Lorsqu'un utilisateur revient de l'e-mail avec succès, son compte sera
 msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
 msgstr "Lorsqu'un nom d'utilisateur/email valide a été saisi, et si cette option est active, le nom d'utilisateur et l'avatar de l'utilisateur seront affichés. Sinon, le texte que l'utilisateur a saisi sera affiché."

+#: src/pages/sources/ldap/LDAPSourceForm.ts
+msgid "When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate."
+msgstr ""
+
 #: src/pages/stages/email/EmailStageForm.ts
 msgid "When enabled, global Email connection settings will be used and connection settings below will be ignored."
 msgstr "Si activé, les paramètres globaux de connexion courriel seront utilisés et les paramètres de connexion ci-dessous seront ignorés."
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@ -2600,6 +2600,7 @@ msgstr ""
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@ -4735,6 +4736,7 @@ msgstr ""
 #~ msgstr ""

 #: src/pages/outposts/ServiceConnectionDockerForm.ts
+#: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "TLS Verification Certificate"
 msgstr ""

@ -5636,6 +5638,10 @@ msgstr ""
 msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
 msgstr ""

+#: src/pages/sources/ldap/LDAPSourceForm.ts
+msgid "When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate."
+msgstr ""
+
 #: src/pages/stages/email/EmailStageForm.ts
 msgid "When enabled, global Email connection settings will be used and connection settings below will be ignored."
 msgstr ""
--- a/web/src/pages/sources/ldap/LDAPSourceForm.ts
+++ b/web/src/pages/sources/ldap/LDAPSourceForm.ts
@ -7,6 +7,7 @@ import { until } from "lit/directives/until.js";

 import {
    CoreApi,
+    CryptoApi,
    LDAPSource,
    LDAPSourceRequest,
    PropertymappingsApi,
@ -141,6 +142,44 @@ export class LDAPSourceForm extends ModelForm<LDAPSource, string> {
                            ${t`To use SSL instead, use 'ldaps://' and disable this option.`}
                        </p>
                    </ak-form-element-horizontal>
+                    <ak-form-element-horizontal
+                        label=${t`TLS Verification Certificate`}
+                        name="peerCertificate"
+                    >
+                        <select class="pf-c-form-control">
+                            <option
+                                value=""
+                                ?selected=${this.instance?.peerCertificate === undefined}
+                            >
+                                ---------
+                            </option>
+                            ${until(
+                                new CryptoApi(DEFAULT_CONFIG)
+                                    .cryptoCertificatekeypairsList({
+                                        ordering: "name",
+                                    })
+                                    .then((keys) => {
+                                        return keys.results.map((key) => {
+                                            let selected =
+                                                this.instance?.peerCertificate === key.pk;
+                                            if (keys.results.length === 1) {
+                                                selected = true;
+                                            }
+                                            return html`<option
+                                                value=${ifDefined(key.pk)}
+                                                ?selected=${selected}
+                                            >
+                                                ${key.name}
+                                            </option>`;
+                                        });
+                                    }),
+                                html`<option>${t`Loading...`}</option>`,
+                            )}
+                        </select>
+                        <p class="pf-c-form__helper-text">
+                            ${t`When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate.`}
+                        </p>
+                    </ak-form-element-horizontal>
                    <ak-form-element-horizontal label=${t`Bind CN`} name="bindCn">
                        <input
                            type="text"