-
Notifications
You must be signed in to change notification settings - Fork 3
/
ad.ts
120 lines (108 loc) · 3.19 KB
/
ad.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/**
* SudoSOS back-end API service.
* Copyright (C) 2024 Study association GEWIS
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { EntityManager } from 'typeorm';
import { Client } from 'ldapts';
import log4js, { Logger } from 'log4js';
import User from '../entity/user/user';
import LDAPAuthenticator from '../entity/authenticator/ldap-authenticator';
/**
* Wrapper for the LDAP environment variables.
*/
export function getLDAPSettings() {
return {
url: process.env.LDAP_SERVER_URL,
reader: process.env.LDAP_BIND_USER,
readerPassword: process.env.LDAP_BIND_PW,
base: process.env.LDAP_BASE,
userFilter: process.env.LDAP_USER_FILTER,
};
}
export interface LDAPResponse {
objectGUID: string,
whenChanged: string,
}
export interface LDAPGroup extends LDAPResponse {
displayName: string,
dn: string,
cn: string,
}
export interface LDAPUser {
dn: string,
whenChanged: string,
memberOfFlattened: string[],
givenName: string,
sn: string,
objectGUID: string,
mail: string,
mNumber: number | undefined;
}
/**
* Function that takes a valid ADUser response and binds it
* to a existing User such that the AD user can authenticate as the existing user.
* @param manager - Transaction manager.
* @param ADUser - The AD user to bind.
* @param user - The User to bind to.
*/
export async function bindUser(manager: EntityManager,
ADUser: { objectGUID: string }, user: User): Promise<LDAPAuthenticator> {
const auth = Object.assign(new LDAPAuthenticator(), {
user,
UUID: ADUser.objectGUID,
}) as LDAPAuthenticator;
await manager.save(auth);
return auth;
}
/**
* Makes and bind an LDAP connection.
*/
export async function getLDAPConnection(): Promise<Client> {
const logger: Logger = log4js.getLogger('LDAP');
logger.level = process.env.LOG_LEVEL;
const ldapSettings = getLDAPSettings();
const client = new Client({
url: ldapSettings.url,
});
// Bind LDAP Reader
try {
await client.bind(ldapSettings.reader, ldapSettings.readerPassword);
} catch (error) {
logger.error(`Could not bind LDAP reader: ${ldapSettings.reader} err: ${String(error)}`);
return undefined;
}
return client;
}
/**
* Wrapper for typing the untyped ldap result.
* @param ldapResult - Search result to type
*/
export function userFromLDAP(ldapResult: any): LDAPUser {
const {
dn, memberOfFlattened, givenName, sn,
objectGUID, mail, employeeNumber, whenChanged,
} = ldapResult;
return {
whenChanged,
dn,
memberOfFlattened,
givenName,
sn,
objectGUID,
mail,
mNumber: employeeNumber,
};
}