CoreID/app/ldap/middleware/BindUser.middleware.js

34 lines
967 B
JavaScript

const LDAPMiddleware = require('./LDAPMiddleware')
const LDAP = require('ldapjs')
class BindUserMiddleware extends LDAPMiddleware {
static get services() {
return [...super.services, 'canon', 'output', 'ldap_server']
}
async test(req, res, next) {
const bind_dn = req.connection.ldap.bindDN
if ( bind_dn.equals(this.ldap_server.anonymous()) ) {
this.output.warn(`Blocked anonymous LDAP request on user-protected route.`)
return next(new LDAP.InsufficientAccessRightsError())
}
const user = await this.user_controller().get_resource_from_dn(bind_dn)
if ( !user || !user.can('ldap:bind') ) {
return next(new LDAP.InvalidCredentialsError())
}
req.user = user
req.bindDN = bind_dn
return next()
}
user_controller() {
return this.canon.get('ldap_controller::Users')
}
}
module.exports = exports = BindUserMiddleware