diff --git a/apps/settings/serializers/auth/ldap.py b/apps/settings/serializers/auth/ldap.py index 78908e9c6..d8598fa6e 100644 --- a/apps/settings/serializers/auth/ldap.py +++ b/apps/settings/serializers/auth/ldap.py @@ -20,9 +20,9 @@ class LDAPTestConfigSerializer(serializers.Serializer): AUTH_LDAP_SEARCH_FILTER = serializers.CharField() AUTH_LDAP_USER_ATTR_MAP = serializers.JSONField() AUTH_LDAP_START_TLS = serializers.BooleanField(required=False) - AUTH_LDAP_CACERT_CONTENT = serializers.CharField(required=False, allow_blank=True) - AUTH_LDAP_CERT_CONTENT = serializers.CharField(required=False, allow_blank=True) - AUTH_LDAP_KEY_CONTENT = serializers.CharField(required=False, allow_blank=True) + AUTH_LDAP_CACERT_CONTENT = EncryptedField(required=False, allow_blank=True) + AUTH_LDAP_CERT_CONTENT = EncryptedField(required=False, allow_blank=True) + AUTH_LDAP_KEY_CONTENT = EncryptedField(required=False, allow_blank=True) AUTH_LDAP = serializers.BooleanField(required=False) @@ -118,17 +118,17 @@ class LDAPSettingSerializer(LDAPSerializerMixin, serializers.Serializer): required=False, label=_('StartTLS'), help_text=_('Use StartTLS to upgrade ldap:// connections to TLS') ) - AUTH_LDAP_CACERT_CONTENT = serializers.CharField( + AUTH_LDAP_CACERT_CONTENT = EncryptedField( allow_blank=True, required=False, write_only=True, label=_('CA certificate'), help_text=_('CA certificate for verifying LDAPS/StartTLS server') ) - AUTH_LDAP_CERT_CONTENT = serializers.CharField( + AUTH_LDAP_CERT_CONTENT = EncryptedField( allow_blank=True, required=False, write_only=True, label=_('Client certificate'), help_text=_('Client certificate for mutual TLS (optional)') ) - AUTH_LDAP_KEY_CONTENT = serializers.CharField( + AUTH_LDAP_KEY_CONTENT = EncryptedField( allow_blank=True, required=False, write_only=True, label=_('Client private key'), help_text=_('Client private key for mutual TLS (optional)') diff --git a/apps/settings/serializers/auth/ldap_ha.py b/apps/settings/serializers/auth/ldap_ha.py index fed6a3d42..220e1112a 100644 --- a/apps/settings/serializers/auth/ldap_ha.py +++ b/apps/settings/serializers/auth/ldap_ha.py @@ -17,9 +17,9 @@ class LDAPHATestConfigSerializer(serializers.Serializer): AUTH_LDAP_HA_SEARCH_FILTER = serializers.CharField() AUTH_LDAP_HA_USER_ATTR_MAP = serializers.JSONField() AUTH_LDAP_HA_START_TLS = serializers.BooleanField(required=False) - AUTH_LDAP_HA_CACERT_CONTENT = serializers.CharField(required=False, allow_blank=True) - AUTH_LDAP_HA_CERT_CONTENT = serializers.CharField(required=False, allow_blank=True) - AUTH_LDAP_HA_KEY_CONTENT = serializers.CharField(required=False, allow_blank=True) + AUTH_LDAP_HA_CACERT_CONTENT = EncryptedField(required=False, allow_blank=True) + AUTH_LDAP_HA_CERT_CONTENT = EncryptedField(required=False, allow_blank=True) + AUTH_LDAP_HA_KEY_CONTENT = EncryptedField(required=False, allow_blank=True) AUTH_LDAP_HA = serializers.BooleanField(required=False) @@ -100,17 +100,17 @@ class LDAPHASettingSerializer(LDAPSerializerMixin, serializers.Serializer): required=False, label=_('StartTLS'), help_text=_('Use StartTLS to upgrade ldap:// connections to TLS') ) - AUTH_LDAP_HA_CACERT_CONTENT = serializers.CharField( + AUTH_LDAP_HA_CACERT_CONTENT = EncryptedField( allow_blank=True, required=False, write_only=True, label=_('CA certificate'), help_text=_('CA certificate for verifying LDAPS/StartTLS server') ) - AUTH_LDAP_HA_CERT_CONTENT = serializers.CharField( + AUTH_LDAP_HA_CERT_CONTENT = EncryptedField( allow_blank=True, required=False, write_only=True, label=_('Client certificate'), help_text=_('Client certificate for mutual TLS (optional)') ) - AUTH_LDAP_HA_KEY_CONTENT = serializers.CharField( + AUTH_LDAP_HA_KEY_CONTENT = EncryptedField( allow_blank=True, required=False, write_only=True, label=_('Client private key'), help_text=_('Client private key for mutual TLS (optional)') diff --git a/apps/settings/serializers/auth/mixin.py b/apps/settings/serializers/auth/mixin.py index 7a59b5570..fbf213956 100644 --- a/apps/settings/serializers/auth/mixin.py +++ b/apps/settings/serializers/auth/mixin.py @@ -25,8 +25,12 @@ class LDAPSerializerMixin: cert_attrs = [f'{prefix}{suffix}' for suffix in self.cert_content_suffixes] if not any(k in self.validated_data for k in cert_attrs): return + content_map = { + attr: self.validated_data[attr] + for attr in cert_attrs if attr in self.validated_data + } tls_util = LDAPTLSUtil(category) - tls_util.sync_files() + tls_util.sync_files(content_map=content_map) tls_util.refresh_global_options() def post_save(self): diff --git a/apps/settings/ws.py b/apps/settings/ws.py index d7e97888d..3a175a3ed 100644 --- a/apps/settings/ws.py +++ b/apps/settings/ws.py @@ -198,7 +198,7 @@ class LdapWebsocket(AsyncJsonWebsocketConsumer, OrgMixin): if not serializer.is_valid(): self.send_msg(msg=f'error: {str(serializer.errors)}') config = self.get_ldap_config(serializer) - ok, msg = LDAPTestUtil(config).test_config() + ok, msg = LDAPTestUtil(config, category=self.category).test_config() if ok: self.set_task_status_over(CACHE_KEY_LDAP_TEST_CONFIG_TASK_STATUS) return ok, msg