const LDAPController = require('./LDAPController')
const LDAP = require('ldapjs')

class UsersController extends LDAPController {
    static get services() {
        return [...super.services, 'output', 'ldap_server', 'models']
    }

    async search_people(req, res, next) {
        global.ireq = req
    }

    async bind(req, res, next) {
        const auth_dn = this.ldap_server.auth_dn()

        // Make sure the DN is valid
        if ( !req.dn.childOf(auth_dn) ) {
            return next(new LDAP.InvalidCredentialsError())
        }

        // Get the user
        const user = await this.get_user_from_dn(req.dn)
        if ( !user ) {
            return next(new LDAP.InvalidCredentialsError())
        }

        // Make sure the password matches the user record
        if ( !await user.check_password(req.credentials) ) {
            return next(new LDAP.InvalidCredentialsError())
        }

        // Make sure the user has permission to bind
        if ( !user.can('ldap:bind') ) {
            return next(new LDAP.InsufficientAccessRightsError())
        }

        this.output.success(`Successfully bound user ${user.uid} as DN: ${req.dn.format({skipSpace: true})}.`)
        return res.end()
    }

    get_uid_from_dn(dn) {
        const uid_field = this.ldap_server.config.schema.auth.user_id

        try {
            if ( typeof dn === 'string' ) dn = LDAP.parseDN(dn)
            return dn.rdns[0].attrs[uid_field].value
        } catch (e) {}
    }

    async get_user_from_dn(dn) {
        const uid = this.get_uid_from_dn(dn)
        if ( uid ) {
            const User = this.models.get('auth:User')
            return User.findOne({uid})
        }
    }
}

module.exports = exports = UsersController