const LDAPMiddleware = require('./LDAPMiddleware') const LDAP = require('ldapjs') class BindUserMiddleware extends LDAPMiddleware { static get services() { return [...super.services, 'canon', 'output', 'ldap_server'] } async test(req, res, next) { const bind_dn = req.connection.ldap.bindDN if ( bind_dn.equals(this.ldap_server.anonymous()) ) { this.output.warn(`Blocked anonymous LDAP request on user-protected route.`) return next(new LDAP.InsufficientAccessRightsError()) } const user = await this.user_controller().get_resource_from_dn(bind_dn) if ( !user || !user.can('ldap:bind') ) { return next(new LDAP.InvalidCredentialsError()) } req.user = user req.bindDN = bind_dn return next() } user_controller() { return this.canon.get('ldap_controller::Users') } } module.exports = exports = BindUserMiddleware