PixNyb
diff --git a/‎README.md‎
Lines changed: 13 additions & 1 deletion b/‎README.md‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎__tests__/providers/ldap.test.js‎
Lines changed: 50 additions & 0 deletions b/‎__tests__/providers/ldap.test.js‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎app.js‎
Lines changed: 15 additions & 10 deletions b/‎app.js‎
Lines changed: 15 additions & 10 deletions
@@ -55,7 +55,7 @@ As mentioned above, there are a few environment variables that can be used to co
 | SESSION_SECRET            | The secret used to sign the session cookie                                                            |                  |
 | ACCESS_TOKEN_NAME         | The name of the access token cookie                                                                   | `_access_token`  |
 | ACCESS_TOKEN_SECRET       | The secret used to sign the access token cookie                                                       | `secret`         |
-| ACCESS_TOKEN_EXPIRATION   | The expiration time for the access token cookie                                                       | `15m`             |
+| ACCESS_TOKEN_EXPIRATION   | The expiration time for the access token cookie                                                       | `15m`            |
 | REFRESH_TOKEN_NAME        | The name of the refresh token cookie                                                                  | `_refresh_token` |
 | REFRESH_TOKEN_SECRET      | The secret used to sign the refresh token cookie                                                      | `refresh`        |
 | REFRESH_TOKEN_EXPIRATION  | The expiration time for the refresh token cookie                                                      | `7d`             |
@@ -169,6 +169,18 @@ The Apple provider is used to authenticate users using Apple ID.
 > [!NOTE]
 > In order to set up this provider, you'll need to enroll in the Apple Developer Program. You can find more information [here](https://developer.apple.com/sign-in-with-apple/get-started/).
 
+#### LDAP
+
+The LDAP provider is used to authenticate users against an LDAP server.
+
+| Variable           | Description                              | Default |
+| ------------------ | ---------------------------------------- | ------- |
+| \_URL              | The URL to the LDAP server               |         |
+| \_BIND_DN          | The bind DN for the LDAP server          |         |
+| \_BIND_CREDENTIALS | The bind credentials for the LDAP server |         |
+| \_SEARCH_BASE      | The search base for the LDAP server      |         |
+| \_SEARCH_FILTER    | The search filter for the LDAP server    |         |
+
 ## Contributing
 
 Contributions are welcome, please read the [CONTRIBUTING.md](CONTRIBUTING.md) file for more information.
@@ -0,0 +1,50 @@
+const { stop } = require("../../app");
+
+jest.mock("passport-ldapauth");
+
+describe("LDAP Authentication Strategy", () => {
+  // Mock environment variables
+  process.env.LDAP_LDAP_URL = "ldap://test-ldap";
+  process.env.LDAP_LDAP_BIND_DN = "cn=admin,dc=example,dc=com";
+  process.env.LDAP_LDAP_BIND_CREDENTIALS = "admin-password";
+  process.env.LDAP_LDAP_SEARCH_BASE = "ou=users,dc=example,dc=com";
+  process.env.LDAP_LDAP_SEARCH_FILTER = "(uid={{username}})";
+  process.env.LDAP_LDAP_DISPLAY_NAME = "Test LDAP";
+  process.env.LDAP_LDAP_ICON = "fas fa-user";
+  const ldapProvider = require("../../src/providers/ldap");
+
+  it("should correctly configure the LDAP strategy", () => {
+    const provider = ldapProvider("ldap", "LDAP");
+
+    expect(provider.name).toBe("ldap_ldap");
+    expect(provider.type).toBe("ldap");
+    expect(provider.params.server.url).toBe("ldap://test-ldap");
+    expect(provider.params.server.bindDN).toBe("cn=admin,dc=example,dc=com");
+    expect(provider.params.server.bindCredentials).toBe("admin-password");
+    expect(provider.params.loginURL).toBe("/_ldap/ldap");
+    expect(provider.params.callbackURL).toBe("/_ldap/ldap/callback");
+  });
+
+  it("should correctly process user profile in verify callback", (done) => {
+    const provider = ldapProvider("ldap", "LDAP");
+
+    const mockUser = {
+      uid: "ldap123",
+      displayName: "Test User",
+    };
+
+    provider.verify(mockUser, (err, user) => {
+      expect(err).toBeNull();
+      expect(user).toEqual({
+        id: "ldap123",
+        strategy: "ldap_ldap",
+        profile: mockUser,
+      });
+      done();
+    });
+  });
+});
+
+afterAll(() => {
+  stop();
+});
@@ -9,6 +9,7 @@ const passport = require("./src/passport-setup");
 const session = require("express-session");
 const strategies = require("./src/strategies");
 const createProviderRoutes = require("./src/dynamic-routes");
+// const helmet = require("helmet");
 const {
   ACCESS_TOKEN_NAME,
   REFRESH_TOKEN_NAME,
@@ -45,23 +46,27 @@ app.set("layout", "./layouts/page");
 app.set("view engine", "ejs");
 app.set("layout extractScripts", true);
 
-// Middleware
+// Security Middleware
 // app.use(
 //   helmet.contentSecurityPolicy({
 //     directives: {
 //       defaultSrc: ["'self'"],
 //       scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", AUTH_HOST],
 //       formAction: [AUTH_HOST],
 //     },
-//   }),
+//   })
 // );
+
+// Monitoring Middleware
 app.use(
   promBundle({
     includeMethod: true,
     includePath: true,
     metricsPath: `${PROMETHEUS_PREFIX}/metrics`,
   })
 );
+
+// Other Middleware
 app.use(express.json());
 app.use(cookieParser());
 app.use(bodyParser.urlencoded({ extended: false }));
@@ -148,7 +153,8 @@ app.get(`${AUTH_PREFIX}/refresh`, async (req, res) => {
         : `${req.protocol}://${AUTH_HOST}${AUTH_PREFIX}/`,
       [{ name: ACCESS_TOKEN_NAME, value: token, options: COOKIE_CONFIG }]
     );
-  } catch {
+  } catch (error) {
+    console.error("Error verifying refresh token:", error);
     removeGlobalCookies(
       req,
       res,
@@ -194,11 +200,9 @@ app.get(`${AUTH_PREFIX}/`, (req, res) => {
         .redirect(
           redirect_url
             ? `${req.protocol}://${AUTH_HOST}${AUTH_PREFIX}/refresh?redirect_url=${redirect_url}`
-            : `${
-                req.protocol
-              }://${AUTH_HOST}${AUTH_PREFIX}/refresh?redirect_url=${
-                req.protocol
-              }://${req.headers.host}${req.forwardedUri || ""}`
+            : `${req.protocol
+            }://${AUTH_HOST}${AUTH_PREFIX}/refresh?redirect_url=${req.protocol
+            }://${req.headers.host}${req.forwardedUri || ""}`
         );
 
     const decoded = jwt.verify(token, ACCESS_TOKEN_SECRET);
@@ -212,7 +216,8 @@ app.get(`${AUTH_PREFIX}/`, (req, res) => {
       longLivedTokens: LONG_LIVED_TOKENS,
       show_credit: !FORM_DISABLE_CREDITS,
     });
-  } catch {
+  } catch (error) {
+    console.error("Error verifying access token:", error);
     req.session.redirect =
       req.query.redirect_url ||
       `${req.protocol}://${req.headers.host}${req.forwardedUri || ""}`;
@@ -253,4 +258,4 @@ process.on("SIGTERM", stop);
 
 start();
 
-module.exports = { app, server, start, stop };
+module.exports = { app, server, start, stop };