UNPKG

jscas-ad-attributes-resolver

Version:

An attributes resolver for JSCAS that get attributes from Active Directory

github.com/jscas/jscas-ad-attributes-resolver

jscas/jscas-ad-attributes-resolver

122 lines (106 loc) 3.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
'use strict' const fp = require('fastify-plugin') const conflate = require('conflate') const defaultConfig = { ad: { searchUser: undefined, searchUserPass: undefined, ldapjs: { url: undefined, scope: 'sub', searchBase: undefined, attributes: undefined } }, attributesMap: undefined } function remapAttributes (map, user) { const result = {} for (let k of Object.keys(user)) { if (map.hasOwnProperty(k)) { result[map[k]] = user[k] } else { result[k] = user[k] } } return result } function processAttributes (user, attributesMap) { const _user = conflate({}, user) let memberOf = _user.memberOf || [] _user.memberOf = undefined memberOf = (Array.isArray(memberOf) === false) ? [memberOf] : memberOf const remappedAttrsObject = (attributesMap) ? remapAttributes(attributesMap, _user) : _user const result = conflate({}, remappedAttrsObject) if (memberOf.length > 0 && user.hasOwnProperty('memberOf')) { result.memberOf = memberOf } else { delete result.memberOf } return result } function isObject (obj) { return Object.prototype.toString.apply(obj) === '[object Object]' } function validateConfig (config) { if (!config.hasOwnProperty('ad') || !isObject(config.ad)) { throw Error('missing adldap config object') } if (!config.ad.ldapjs || !isObject(config.ad.ldapjs)) { throw Error('missing ldapjs config object') } if (!config.ad.searchUser || !config.ad.searchUserPass) { throw Error('missing search user credentials') } if (!config.ad.ldapjs.url) { throw Error('missing ldapjs url') } if (!config.ad.ldapjs.searchBase) { throw Error('missing ldapjs search base') } } module.exports = fp(function adAttrResolverPlugin (server, options, next) { const log = server.log let config try { if (!options || !isObject(options)) throw Error('missing configuration object') validateConfig(options) config = conflate({}, defaultConfig, options) } catch (e) { log.error('jscas-ad-attributes-resolver: invalid configuration: %s', e.message) log.debug(e.stack) return next(e) } const adldapFactory = require('adldap')(log) async function findUser (username) { try { log.trace('finding user: %s', username) const ad = adldapFactory(config.ad) await ad.bind() const adUser = await ad.findUser(username) await ad.unbind() log.trace('find user result: %j', adUser) return adUser } catch (e) { log.error('error attempting to find user `%s`: %s', username, e.message) log.debug(e.stack) } } const resolver = { async attributesFor (username) { const adUser = await findUser(username) if (!adUser) { log.trace('could not find attributes for user: %s', username) return {} } return processAttributes(adUser, config.attributesMap) } } server.registerAttributesResolver(resolver) next() }) module.exports.pluginName = 'adAttributesResolver' // for unit testing module.exports.internals = {remapAttributes, processAttributes}