n8n/packages/cli/src/auth/methods/ldap.ts

import { Container } from 'typedi';

import { InternalHooks } from '@/InternalHooks';
import { LdapService } from '@/Ldap/ldap.service';
import {
	createLdapUserOnLocalDb,
	getLdapUserRole,
	getUserByEmail,
	getAuthIdentityByLdapId,
	isLdapEnabled,
	mapLdapAttributesToUser,
	createLdapAuthIdentity,
	updateLdapUserOnLocalDb,
} from '@/Ldap/helpers';
import type { User } from '@db/entities/User';

export const handleLdapLogin = async (
	loginId: string,
	password: string,
): Promise<User | undefined> => {
	if (!isLdapEnabled()) return undefined;

	const ldapService = Container.get(LdapService);

	if (!ldapService.config.loginEnabled) return undefined;

	const { loginIdAttribute, userFilter } = ldapService.config;

	const ldapUser = await ldapService.findAndAuthenticateLdapUser(
		loginId,
		password,
		loginIdAttribute,
		userFilter,
	);

	if (!ldapUser) return undefined;

	const [ldapId, ldapAttributesValues] = mapLdapAttributesToUser(ldapUser, ldapService.config);

	const { email: emailAttributeValue } = ldapAttributesValues;

	if (!ldapId || !emailAttributeValue) return undefined;

	const ldapAuthIdentity = await getAuthIdentityByLdapId(ldapId);
	if (!ldapAuthIdentity) {
		const emailUser = await getUserByEmail(emailAttributeValue);

		// check if there is an email user with the same email as the authenticated LDAP user trying to log-in
		if (emailUser && emailUser.email === emailAttributeValue) {
			const identity = await createLdapAuthIdentity(emailUser, ldapId);
			await updateLdapUserOnLocalDb(identity, ldapAttributesValues);
		} else {
			const role = await getLdapUserRole();
			const user = await createLdapUserOnLocalDb(role, ldapAttributesValues, ldapId);
			void Container.get(InternalHooks).onUserSignup(user, {
				user_type: 'ldap',
				was_disabled_ldap_user: false,
			});
			return user;
		}
	} else {
		if (ldapAuthIdentity.user) {
			if (ldapAuthIdentity.user.disabled) return undefined;
			await updateLdapUserOnLocalDb(ldapAuthIdentity, ldapAttributesValues);
		}
	}

	// Retrieve the user again as user's data might have been updated
	return (await getAuthIdentityByLdapId(ldapId))?.user;
};
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`import { Container } from 'typedi';`

refactor(core): Use an IoC container to manage singleton classes [Part-1] (no-changelog) (#5509) * add typedi * convert ActiveWorkflowRunner into an injectable service * convert ExternalHooks into an injectable service * convert InternalHooks into an injectable service * convert LoadNodesAndCredentials into an injectable service * convert NodeTypes and CredentialTypes into an injectable service * convert ActiveExecutions into an injectable service * convert WaitTracker into an injectable service * convert Push into an injectable service * convert ActiveWebhooks and TestWebhooks into an injectable services * handle circular references, and log errors when a circular dependency is found 2023-02-21 10:21:56 -08:00			`import { InternalHooks } from '@/InternalHooks';`
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`import { LdapService } from '@/Ldap/ldap.service';`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00			`import {`
			`createLdapUserOnLocalDb,`
			`getLdapUserRole,`
			`getUserByEmail,`
			`getAuthIdentityByLdapId,`
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`isLdapEnabled,`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00			`mapLdapAttributesToUser,`
			`createLdapAuthIdentity,`
			`updateLdapUserOnLocalDb,`
			`} from '@/Ldap/helpers';`
			`import type { User } from '@db/entities/User';`

			`export const handleLdapLogin = async (`
			`loginId: string,`
			`password: string,`
			`): Promise<User \| undefined> => {`
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`if (!isLdapEnabled()) return undefined;`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`const ldapService = Container.get(LdapService);`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`if (!ldapService.config.loginEnabled) return undefined;`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`const { loginIdAttribute, userFilter } = ldapService.config;`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00
refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`const ldapUser = await ldapService.findAndAuthenticateLdapUser(`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00			`loginId,`
			`password,`
			`loginIdAttribute,`
			`userFilter,`
			`);`

			`if (!ldapUser) return undefined;`

refactor(core): Use DI for LDAP code (no-changelog) (#8248) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-15 06:01:48 -08:00			`const [ldapId, ldapAttributesValues] = mapLdapAttributesToUser(ldapUser, ldapService.config);`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00
			`const { email: emailAttributeValue } = ldapAttributesValues;`

			`if (!ldapId \|\| !emailAttributeValue) return undefined;`

			`const ldapAuthIdentity = await getAuthIdentityByLdapId(ldapId);`
			`if (!ldapAuthIdentity) {`
			`const emailUser = await getUserByEmail(emailAttributeValue);`

			`// check if there is an email user with the same email as the authenticated LDAP user trying to log-in`
			`if (emailUser && emailUser.email === emailAttributeValue) {`
			`const identity = await createLdapAuthIdentity(emailUser, ldapId);`
			`await updateLdapUserOnLocalDb(identity, ldapAttributesValues);`
			`} else {`
			`const role = await getLdapUserRole();`
			`const user = await createLdapUserOnLocalDb(role, ldapAttributesValues, ldapId);`
refactor(core): Use an IoC container to manage singleton classes [Part-1] (no-changelog) (#5509) * add typedi * convert ActiveWorkflowRunner into an injectable service * convert ExternalHooks into an injectable service * convert InternalHooks into an injectable service * convert LoadNodesAndCredentials into an injectable service * convert NodeTypes and CredentialTypes into an injectable service * convert ActiveExecutions into an injectable service * convert WaitTracker into an injectable service * convert Push into an injectable service * convert ActiveWebhooks and TestWebhooks into an injectable services * handle circular references, and log errors when a circular dependency is found 2023-02-21 10:21:56 -08:00			`void Container.get(InternalHooks).onUserSignup(user, {`
feat(core): Add LDAP support (#3835) 2023-01-24 17:18:39 -08:00			`user_type: 'ldap',`
			`was_disabled_ldap_user: false,`
			`});`
			`return user;`
			`}`
			`} else {`
			`if (ldapAuthIdentity.user) {`
			`if (ldapAuthIdentity.user.disabled) return undefined;`
			`await updateLdapUserOnLocalDb(ldapAuthIdentity, ldapAttributesValues);`
			`}`
			`}`

			`// Retrieve the user again as user's data might have been updated`
			`return (await getAuthIdentityByLdapId(ldapId))?.user;`
			`};`