* 🛠️ Synchronization of the user with LDAP

* add configuration with LDAP attributes mappings * add defalut company and remove application check since it's not configurable * change error handling, now all the requests are independant
linagora · Sep 12, 2023 · efcb27b · efcb27b
1 parent 7976498
commit efcb27b
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 43 deletions.
diff --git a/tdrive/backend/node/config/default.json b/tdrive/backend/node/config/default.json
@@ -81,7 +81,7 @@
      }
   },
   "database":{
-     "secret":"ab63bb3e90c0271c9a1c06651a7c0967eab8851a7a897766",
+     "secret":"",
      "type":"cassandra",
      "mongodb":{
         "uri":"mongodb://mongo:27017",

diff --git a/tdrive/backend/node/src/services/applications-api/web/controllers/index.ts b/tdrive/backend/node/src/services/applications-api/web/controllers/index.ts
@@ -8,7 +8,6 @@ import {
   RealtimeBaseBusEvent,
 } from "../../../../core/platform/services/realtime/types";
 import { ResourceGetResponse } from "../../../../utils/types";
-import { getInstance } from "../../../user/entities/user";
 import {
   ApplicationObject,
   getApplicationObject,
@@ -21,6 +20,7 @@ import {
   ApplicationLoginResponse,
   ConfigureRequest,
 } from "../types";
+import { ConsoleHookUser } from "src/services/console/types";
 
 export class ApplicationsApiController {
   async token(
@@ -175,37 +175,15 @@ export class ApplicationsApiController {
       };
     }>,
   ): Promise<any> {
-    const email = request.body.email.trim().toLocaleLowerCase();
-
-    if (await gr.services.users.getByEmail(email)) {
-      throw new Error("This email is already used");
-    }
-
     try {
-      const newUser = getInstance({
-        first_name: request.body.first_name,
-        last_name: request.body.last_name,
-        email_canonical: email,
-        username_canonical: (email.replace("@", ".") || "").toLocaleLowerCase(),
-        phone: "",
-        identity_provider: "console",
-        identity_provider_id: email,
-        mail_verified: true,
-      });
-      const user = await gr.services.users.create(newUser);
-
-      const company = await gr.services.companies.getCompany({
-        id: "00000000-0000-4000-0000-000000000000",
-      });
-
-      await gr.services.companies.setUserRole(company.id, user.entity.id, "member");
-
-      await gr.services.users.save(user.entity, {
-        user: { id: user.entity.id, server_request: true },
-      });
+      await gr.services.console.getClient().updateLocalUserFromConsole({
+        email: request.body.email.trim().toLocaleLowerCase(),
+        name: request.body.first_name,
+        surname: request.body.last_name,
+      } as ConsoleHookUser);
     } catch (err) {
       logger.error(err);
-      throw new Error("An unknown error occured");
+      throw err;
     }
     return {};
   }

diff --git a/tdrive/backend/node/src/services/console/clients/remote.ts b/tdrive/backend/node/src/services/console/clients/remote.ts
@@ -99,12 +99,13 @@ export class ConsoleRemoteClient implements ConsoleServiceClient {
       throw CrudException.badRequest("User not found on Console");
     }
 
-    const roles = userDTO.roles.filter(
-      role => role.applications === undefined || role.applications.find(a => a.code === "tdrive"),
-    );
-
-    //REMOVE LATER
-    logger.info(`Roles are: ${roles}.`);
+    if (userDTO.roles) {
+      const roles = userDTO.roles.filter(
+        role => role.applications === undefined || role.applications.find(a => a.code === "tdrive"),
+      );
+      //REMOVE LATER
+      logger.info(`Roles are: ${roles}.`);
+    }
 
     let user = await gr.services.users.getByConsoleId(userDTO.email);
 
@@ -151,7 +152,9 @@ export class ConsoleRemoteClient implements ConsoleServiceClient {
       user.preferences.timezone = coalesce(userDTO.preference.timeZone, user.preferences?.timezone);
     }
 
-    user.picture = userDTO.avatar.value;
+    if (userDTO.avatar) {
+      user.picture = userDTO.avatar.value;
+    }
 
     await gr.services.users.save(user);
 

diff --git a/tdrive/backend/utils/ldap-sync/src/index.ts b/tdrive/backend/utils/ldap-sync/src/index.ts
@@ -1,4 +1,4 @@
-import ldap from "ldapjs";
+import ldap, { SearchEntry } from "ldapjs";
 import axios, { AxiosError } from "axios";
 import dotenv from "dotenv";
 
@@ -119,14 +119,14 @@ client.bind(ldapConfig.bindDN, ldapConfig.bindCredentials, (err) => {
 
       const apiRequests: Promise<any>[] = [];
 
-      searchRes.on("searchEntry", (entry: any) => {
-        console.log('Receive entry:: ' + JSON.stringify(entry.pojo));
+      searchRes.on("searchEntry", (entry: SearchEntry) => {
+        console.log('Receive entry:: ' + JSON.stringify(entry.attributes));
 
         // Handle each search result entry
         const userAttributes: UserAttributes = {
-          first_name: entry.attributes[0]?.values[0],
-          last_name: entry.attributes[1]?.values[0],
-          email: entry.attributes[2]?.values[0],
+          first_name: entry.attributes.find(a=> a.type == ldapConfig.mappings.firstName)?.vals[0]!,
+          last_name: entry.attributes.find(a=> a.type == ldapConfig.mappings.lastName)?.vals[0]!,
+          email: entry.attributes.find(a=> a.type == ldapConfig.mappings.email)?.vals[0]!,
         };
 
         if (userAttributes.email) {