You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
1.7 KiB
60 lines
1.7 KiB
const LDAPController = require('./LDAPController')
|
|
const LDAP = require('ldapjs')
|
|
|
|
class UsersController extends LDAPController {
|
|
static get services() {
|
|
return [...super.services, 'output', 'ldap_server', 'models']
|
|
}
|
|
|
|
async search_people(req, res, next) {
|
|
global.ireq = req
|
|
}
|
|
|
|
async bind(req, res, next) {
|
|
const auth_dn = this.ldap_server.auth_dn()
|
|
|
|
// Make sure the DN is valid
|
|
if ( !req.dn.childOf(auth_dn) ) {
|
|
return next(new LDAP.InvalidCredentialsError())
|
|
}
|
|
|
|
// Get the user
|
|
const user = await this.get_user_from_dn(req.dn)
|
|
if ( !user ) {
|
|
return next(new LDAP.InvalidCredentialsError())
|
|
}
|
|
|
|
// Make sure the password matches the user record
|
|
if ( !await user.check_password(req.credentials) ) {
|
|
return next(new LDAP.InvalidCredentialsError())
|
|
}
|
|
|
|
// Make sure the user has permission to bind
|
|
if ( !user.can('ldap:bind') ) {
|
|
return next(new LDAP.InsufficientAccessRightsError())
|
|
}
|
|
|
|
this.output.success(`Successfully bound user ${user.uid} as DN: ${req.dn.format({skipSpace: true})}.`)
|
|
return res.end()
|
|
}
|
|
|
|
get_uid_from_dn(dn) {
|
|
const uid_field = this.ldap_server.config.schema.auth.user_id
|
|
|
|
try {
|
|
if ( typeof dn === 'string' ) dn = LDAP.parseDN(dn)
|
|
return dn.rdns[0].attrs[uid_field].value
|
|
} catch (e) {}
|
|
}
|
|
|
|
async get_user_from_dn(dn) {
|
|
const uid = this.get_uid_from_dn(dn)
|
|
if ( uid ) {
|
|
const User = this.models.get('auth:User')
|
|
return User.findOne({uid})
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = exports = UsersController
|