opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Javascript error during authentication when OpenCTI is configured with LDAP as provider

Open romain-filigran opened this issue 1 year ago • 1 comments

Description

When OpenCTI is configured to use LDAP as an authentication provider, a Javascript error is diplsayed when user try to log in.

Capture d'écran 2024-08-09 094422

Associated stacktrace:

{"category":"APP","errors":[{"attributes":{"genre":"TECHNICAL","http_status":500},"message":"'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them","name":"UNKNOWN_ERROR","stack":"UNKNOWN_ERROR: 'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at UnknownError (/opt/opencti/build/src/config/errors.js:82:47)\n at Object._logWithError (/opt/opencti/build/src/config/conf.js:235:17)\n at Object.error (/opt/opencti/build/src/config/conf.js:244:48)\n at Object.willSendResponse (/opt/opencti/build/src/graphql/loggerPlugin.js:153:20)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async Promise.all (index 1)\n at N (/opt/opencti/build/node_modules/apollo-server-core/src/requestPipeline.ts:530:5)\n at processHTTPRequest (/opt/opencti/build/node_modules/apollo-server-core/src/runHttpQuery.ts:437:24)"},{"message":"'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them","name":"TypeError","stack":"TypeError: 'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them\n at _toss (/opt/opencti/build/node_modules/assert-plus/assert.js:27:35)\n at Function.n.<computed> [as optionalString] (/opt/opencti/build/node_modules/assert-plus/assert.js:140:17)\n at Eg.bind (/opt/opencti/build/node_modules/ldapjs/lib/client/client.js:274:10)\n at c3._onConnectAdmin (/opt/opencti/build/node_modules/ldapauth-fork/lib/ldapauth.js:222:21)\n at c3._adminBind (/opt/opencti/build/node_modules/ldapauth-fork/lib/ldapauth.js:251:15)\n at c3._search (/opt/opencti/build/node_modules/ldapauth-fork/lib/ldapauth.js:270:8)\n at c3._findUser (/opt/opencti/build/node_modules/ldapauth-fork/lib/ldapauth.js:332:8)\n at c3.authenticate (/opt/opencti/build/node_modules/ldapauth-fork/lib/ldapauth.js:418:8)\n at aWr.handleAuthentication (/opt/opencti/build/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js:276:8)\n at aWr.qRn.authenticate (/opt/opencti/build/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js:344:33)\n at attempt (/opt/opencti/build/node_modules/passport/lib/middleware/authenticate.js:378:16)\n at authenticate (/opt/opencti/build/node_modules/passport/lib/middleware/authenticate.js:180:6)\n at /opt/opencti/build/src/resolvers/user.js:158:12\n at new Promise (<anonymous>)\n at Object.token (/opt/opencti/build/src/resolvers/user.js:152:42)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)"}],"inner_relation_creation":0,"level":"error","message":"'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them","operation":"Unspecified","query_attributes":[[{"arguments":[[{"is_empty":true,"name":"input","type":"Variable"}]],"name":"token"}]],"size":56,"source":"backend","time":13,"timestamp":"2024-08-09T07:37:32.000Z","type":"WRITE_ERROR","version":"6.2.12"}

Environment

OpenCTI version: 6.2.12

Reproducible Steps

Configure OpenCTI to use LDAP as an authentication provider. No need to deploy a LDAP or to have a valid configuration, just need to set LDAP env properties. Example:

- PROVIDERS__LDAP__STRATEGY=LdapStrategy
- PROVIDERS__LDAP__CONFIG__URL=ldaps://test.domain.org:636
- PROVIDERS__LDAP__CONFIG__BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=com
- PROVIDERS__LDAP__CONFIG__BIND_CREDENTIALS=password
- PROVIDERS__LDAP__CONFIG__SEARCH_BASE=cn=Users,dc=mydomain,dc=com
- PROVIDERS__LDAP__CONFIG__SEARCH_FILTER=(cn={{username}})
- PROVIDERS__LDAP__CONFIG__MAIL_ATTRIBUTE=mail
- PROVIDERS__LDAP__CONFIG__ACCOUNT_ATTRIBUTE=givenName
- PROVIDERS__LDAP__CONFIG__ALLOW_SELF_SIGNED=true

Actual Output

Additional information

Screenshots (optional)

romain-filigran avatar Aug 09 '24 07:08 romain-filigran

This issue happens when PROVIDERS__LDAP__CONFIG__BIND_CREDENTIALS is numeric, should be interpreted as a string otherwise ldap configuration fails.

SouadHadjiat avatar Aug 09 '24 16:08 SouadHadjiat

For your information, using " " around bind_credential fix it before any change in code. I'm looking on how to force it as string in code.

aHenryJard avatar Sep 03 '24 08:09 aHenryJard