LDAP authentication breaks after upgrade to 1.9.4

  • My version of HedgeDoc is: 1.9.4

  • What I expected to happen:

Authenticate with LDAP backend as usual.

  • What actually happened:

Server internal error

In the logs:

Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]: TypeError: Cannot add property 3, object is not extensible
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at Array.push (<anonymous>)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at LdapAuth._findUser (/opt/codimd/codimd-git/node_modules/ldapauth-fork/lib/ldapauth.js:329:21)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at LdapAuth.authenticate (/opt/codimd/codimd-git/node_modules/ldapauth-fork/lib/ldapauth.js:418:8)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at Strategy.handleAuthentication (/opt/codimd/codimd-git/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js:276:8)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at Strategy.authenticate (/opt/codimd/codimd-git/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js:344:33)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at attempt (/opt/codimd/codimd-git/node_modules/passport/lib/middleware/authenticate.js:369:16)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at authenticate (/opt/codimd/codimd-git/node_modules/passport/lib/middleware/authenticate.js:370:7)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at /opt/codimd/codimd-git/lib/web/auth/ldap/index.js:88:5
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at Layer.handle [as handle_request] (/opt/codimd/codimd-git/node_modules/express/lib/router/layer.js:95:5)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at next (/opt/codimd/codimd-git/node_modules/express/lib/router/route.js:144:13)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at /opt/codimd/codimd-git/node_modules/body-parser/lib/read.js:137:5
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at AsyncResource.runInAsyncScope (async_hooks.js:197:9)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at invokeCallback (/opt/codimd/codimd-git/node_modules/raw-body/index.js:231:16)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at done (/opt/codimd/codimd-git/node_modules/raw-body/index.js:220:7)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at IncomingMessage.onEnd (/opt/codimd/codimd-git/node_modules/raw-body/index.js:280:7)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at IncomingMessage.emit (events.js:412:35)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at endReadableNT (internal/streams/readable.js:1333:12)
Jul 28 11:52:08 hedgedoc-app.x.fr yarn[160158]:     at processTicksAndRejections (internal/process/task_queues.js:82:21)

at LdapAuth._findUser (/opt/codimd/codimd-git/node_modules/ldapauth-fork/lib/ldapauth.js:329:21)

  • I already tried:

Issue seems to come from a recent change in ldapauth-fork/lib/ldapauth.js:

I found a workaround by commenting out the following block:

  // groupDnProperty will be accessed in the user returned by the search, and
  // so needs to be requested from the LDAP server.
        //
  // -- Breaks my LDAP auth --
  //if (
  //  opts.attributes &&
  //  self.opts.groupDnProperty &&
  //  !opts.attributes.includes(self.opts.groupDnProperty)
  //) {
  //  opts.attributes.push(self.opts.groupDnProperty);
  //}

I’ve also opened an issue on node-ldapauth-fork github repository.

This was addressed (not released in a new stable yet though) as part of https://github.com/hedgedoc/hedgedoc/issues/2561