const LDAPMiddleware = require('./LDAPMiddleware')
const LDAP = require('ldapjs')

class BindUserMiddleware extends LDAPMiddleware {
    static get services() {
        return [...super.services, 'canon', 'output', 'ldap_server']
    }

    async test(req, res, next) {
        const bind_dn = req.connection.ldap.bindDN

        if ( bind_dn.equals(this.ldap_server.anonymous()) ) {
            this.output.warn(`Blocked anonymous LDAP request on user-protected route.`)
            return next(new LDAP.InsufficientAccessRightsError())
        }

        const user = await this.user_controller().get_resource_from_dn(bind_dn)
        if ( !user || !user.can('ldap:bind') ) {
            return next(new LDAP.InvalidCredentialsError())
        }

        req.user = user
        req.bindDN = bind_dn

        return next()
    }

    user_controller() {
        return this.canon.get('ldap_controller::Users')
    }
}

module.exports = exports = BindUserMiddleware