feat(EE): LDAP integration (#1515)

* LDAP - WIP * WIP * add hasGeneratedPassword * fix jotai atom * - don't require password confirmation for MFA is user has auto generated password (LDAP) - cleanups * fix * reorder * update migration * update default * fix type error
2025-11-25 12:51:10 +10:00 · 2025-09-02 04:59:01 +01:00
parent 5968764508
commit dcbb65d799
29 changed files with 723 additions and 90 deletions
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -534,6 +534,9 @@ importers:
      kysely-migration-cli:
        specifier: ^0.4.2
        version: 0.4.2
+      ldapts:
+        specifier: ^7.4.0
+        version: 7.4.0
      mime-types:
        specifier: ^2.1.35
        version: 2.1.35
@ -4109,6 +4112,9 @@ packages:
  '@tybys/wasm-util@0.9.0':
    resolution: {integrity: sha512-6+7nlbMVX/PVDCwaIQ8nTOPveOcFLSt8GcXdx8hD0bt39uWxYT88uXzqTd4fTvqta7oeUJqudepapKNt2DYJFw==}

+  '@types/asn1@0.2.4':
+    resolution: {integrity: sha512-V91DSJ2l0h0gRhVP4oBfBzRBN9lAbPUkGDMCnwedqPKX2d84aAMc9CulOvxdw1f7DfEYx99afab+Rsm3e52jhA==}
+
  '@types/babel__core@7.20.5':
    resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==}

@ -4833,6 +4839,9 @@ packages:
  asap@2.0.6:
    resolution: {integrity: sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==}

+  asn1@0.2.6:
+    resolution: {integrity: sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==}
+
  async-lock@1.4.1:
    resolution: {integrity: sha512-Az2ZTpuytrtqENulXwO3GGv1Bztugx6TT37NIo7imr/Qo0gsYiGtSdBa2B6fsXhTpVZDNfu1Qn3pk531e3q+nQ==}

@ -7032,6 +7041,10 @@ packages:
  layout-base@2.0.1:
    resolution: {integrity: sha512-dp3s92+uNI1hWIpPGH3jK2kxE2lMjdXdr+DH8ynZHpd6PUlH6x6cbuXnoMmiNumznqaNO31xu9e79F0uuZ0JFg==}

+  ldapts@7.4.0:
+    resolution: {integrity: sha512-QLgx2pLvxMXY1nCc85Fx+cwVJDvC0sQ3l4CJZSl1FJ/iV8Ypfl6m+5xz4lm1lhoXcUlvhPqxEoyIj/8LR6ut+A==}
+    engines: {node: '>=18'}
+
  leac@0.6.0:
    resolution: {integrity: sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==}

@ -8759,6 +8772,9 @@ packages:
    resolution: {integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==}
    engines: {node: '>=10.0.0'}

+  strict-event-emitter-types@2.0.0:
+    resolution: {integrity: sha512-Nk/brWYpD85WlOgzw5h173aci0Teyv8YdIAEtV+N88nDB0dLlazZyJMIsN6eo1/AR61l+p6CJTG1JIyFaoNEEA==}
+
  string-length@4.0.2:
    resolution: {integrity: sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==}
    engines: {node: '>=10'}
@ -8998,6 +9014,10 @@ packages:
    resolution: {integrity: sha512-tk2G5R2KRwBd+ZN0zaEXpmzdKyOYksXwywulIX95MBODjSzMIuQnQ3m8JxgbhnL1LeVo7lqQKsYa1O3Htl7K5g==}
    engines: {node: '>=18'}

+  tr46@5.1.1:
+    resolution: {integrity: sha512-hdF5ZgjTqgAntKkklYw0R03MG2x/bSzTtkxmIRw/sTNV8YXsCJ1tfLAX23lhxhHJlEf3CRCOCGGWw3vI3GaSPw==}
+    engines: {node: '>=18'}
+
  tree-kill@1.2.2:
    resolution: {integrity: sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==}
    hasBin: true
@ -9452,6 +9472,10 @@ packages:
    resolution: {integrity: sha512-1lfMEm2IEr7RIV+f4lUNPOqfFL+pO+Xw3fJSqmjX9AbXcXcYOkCe1P6+9VBZB6n94af16NfZf+sSk0JCBZC9aw==}
    engines: {node: '>=18'}

+  whatwg-url@14.2.0:
+    resolution: {integrity: sha512-De72GdQZzNTUBBChsXueQUnPKDkg/5A5zp7pFDuQAj5UFoENpiACU0wlCvzpAGnTkj++ihpKwKyYewn/XNUbKw==}
+    engines: {node: '>=18'}
+
  whatwg-url@5.0.0:
    resolution: {integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==}

@ -10321,7 +10345,7 @@ snapshots:
      '@babel/traverse': 7.25.9
      '@babel/types': 7.26.0
      convert-source-map: 2.0.0
-      debug: 4.3.7
+      debug: 4.4.0
      gensync: 1.0.0-beta.2
      json5: 2.2.3
      semver: 6.3.1
@ -10361,7 +10385,7 @@ snapshots:
      '@babel/traverse': 7.25.9
      '@babel/types': 7.26.0
      convert-source-map: 2.0.0
-      debug: 4.3.4
+      debug: 4.4.0
      gensync: 1.0.0-beta.2
      json5: 2.2.3
      semver: 6.3.1
@ -10381,7 +10405,7 @@ snapshots:
      '@babel/traverse': 7.27.0
      '@babel/types': 7.27.0
      convert-source-map: 2.0.0
-      debug: 4.3.7
+      debug: 4.4.0
      gensync: 1.0.0-beta.2
      json5: 2.2.3
      semver: 6.3.1
@ -13945,6 +13969,10 @@ snapshots:
    dependencies:
      tslib: 2.8.1

+  '@types/asn1@0.2.4':
+    dependencies:
+      '@types/node': 22.13.4
+
  '@types/babel__core@7.20.5':
    dependencies:
      '@babel/parser': 7.26.2
@ -14401,7 +14429,7 @@ snapshots:
      '@typescript-eslint/types': 8.17.0
      '@typescript-eslint/typescript-estree': 8.17.0(typescript@5.7.2)
      '@typescript-eslint/visitor-keys': 8.17.0
-      debug: 4.3.7
+      debug: 4.4.0
      eslint: 9.15.0(jiti@1.21.0)
    optionalDependencies:
      typescript: 5.7.2
@ -14414,7 +14442,7 @@ snapshots:
      '@typescript-eslint/types': 8.24.1
      '@typescript-eslint/typescript-estree': 8.24.1(typescript@5.7.3)
      '@typescript-eslint/visitor-keys': 8.24.1
-      debug: 4.3.7
+      debug: 4.4.0
      eslint: 9.20.1(jiti@1.21.0)
      typescript: 5.7.3
    transitivePeerDependencies:
@ -14476,7 +14504,7 @@ snapshots:
    dependencies:
      '@typescript-eslint/types': 8.24.1
      '@typescript-eslint/visitor-keys': 8.24.1
-      debug: 4.3.7
+      debug: 4.4.0
      fast-glob: 3.3.2
      is-glob: 4.0.3
      minimatch: 9.0.4
@ -14832,6 +14860,10 @@ snapshots:

  asap@2.0.6: {}

+  asn1@0.2.6:
+    dependencies:
+      safer-buffer: 2.1.2
+
  async-lock@1.4.1: {}

  async@3.2.5: {}
@ -15750,7 +15782,7 @@ snapshots:
  detect-port@1.5.1:
    dependencies:
      address: 1.2.2
-      debug: 4.3.7
+      debug: 4.4.0
    transitivePeerDependencies:
      - supports-color

@ -15871,7 +15903,7 @@ snapshots:
  engine.io-client@6.6.2:
    dependencies:
      '@socket.io/component-emitter': 3.1.0
-      debug: 4.3.4
+      debug: 4.3.7
      engine.io-parser: 5.2.2
      ws: 8.17.1
      xmlhttprequest-ssl: 2.1.2
@ -15891,7 +15923,7 @@ snapshots:
      base64id: 2.0.0
      cookie: 0.7.2
      cors: 2.8.5
-      debug: 4.3.4
+      debug: 4.3.7
      engine.io-parser: 5.2.2
      ws: 8.17.1
    transitivePeerDependencies:
@ -16795,7 +16827,7 @@ snapshots:
  ioredis@4.28.5:
    dependencies:
      cluster-key-slot: 1.1.2
-      debug: 4.3.7
+      debug: 4.4.0
      denque: 1.5.1
      lodash.defaults: 4.2.0
      lodash.flatten: 4.4.0
@ -17544,6 +17576,17 @@ snapshots:

  layout-base@2.0.1: {}

+  ldapts@7.4.0:
+    dependencies:
+      '@types/asn1': 0.2.4
+      asn1: 0.2.6
+      debug: 4.4.0
+      strict-event-emitter-types: 2.0.0
+      uuid: 11.1.0
+      whatwg-url: 14.2.0
+    transitivePeerDependencies:
+      - supports-color
+
  leac@0.6.0: {}

  less@4.2.0:
@ -19390,7 +19433,7 @@ snapshots:

  socket.io-adapter@2.5.4:
    dependencies:
-      debug: 4.3.4
+      debug: 4.3.7
      ws: 8.11.0
    transitivePeerDependencies:
      - bufferutil
@ -19411,7 +19454,7 @@ snapshots:
  socket.io-parser@4.2.4:
    dependencies:
      '@socket.io/component-emitter': 3.1.0
-      debug: 4.3.4
+      debug: 4.3.7
    transitivePeerDependencies:
      - supports-color

@ -19487,6 +19530,8 @@ snapshots:

  streamsearch@1.1.0: {}

+  strict-event-emitter-types@2.0.0: {}
+
  string-length@4.0.2:
    dependencies:
      char-regex: 1.0.2
@ -19746,6 +19791,10 @@ snapshots:
    dependencies:
      punycode: 2.3.1

+  tr46@5.1.1:
+    dependencies:
+      punycode: 2.3.1
+
  tree-kill@1.2.2: {}

  truncate-utf8-bytes@1.0.2:
@ -20170,6 +20219,11 @@ snapshots:
      tr46: 5.0.0
      webidl-conversions: 7.0.0

+  whatwg-url@14.2.0:
+    dependencies:
+      tr46: 5.1.1
+      webidl-conversions: 7.0.0
+
  whatwg-url@5.0.0:
    dependencies:
      tr46: 0.0.3