salix/modules/account/back/methods/role-inherit/sync.js

const ldap = require('../../util/ldapjs-extra');

module.exports = Self => {
    Self.remoteMethod('sync', {
        description: 'Synchronizes the user with the other user databases',
        http: {
            path: `/sync`,
            verb: 'PATCH'
        }
    });

    Self.sync = async function() {
        let $ = Self.app.models;

        let ldapConfig = await $.LdapConfig.findOne({
            fields: ['host', 'rdn', 'password', 'groupDn']
        });
        let accountConfig = await $.AccountConfig.findOne({
            fields: ['idBase']
        });

        if (!ldapConfig) return;

        // Connect

        let client = ldap.createClient({
            url: `ldap://${ldapConfig.host}:389`
        });

        let ldapPassword = Buffer
            .from(ldapConfig.password, 'base64')
            .toString('ascii');
        await client.bind(ldapConfig.rdn, ldapPassword);

        let err;
        try {
            // Delete roles

            let opts = {
                scope: 'sub',
                attributes: ['dn'],
                filter: 'objectClass=posixGroup'
            };
            let res = await client.search(ldapConfig.groupDn, opts);

            let reqs = [];
            await new Promise((resolve, reject) => {
                res.on('error', err => {
                    if (err.name === 'NoSuchObjectError')
                        err = new Error(`Object '${ldapConfig.groupDn}' does not exist`);
                    reject(err);
                });
                res.on('searchEntry', e => {
                    reqs.push(client.del(e.object.dn));
                });
                res.on('end', resolve);
            });
            await Promise.all(reqs);

            // Recreate roles

            let roles = await $.Role.find({
                fields: ['id', 'name']
            });
            let roleRoles = await $.RoleRole.find({
                fields: ['role', 'inheritsFrom']
            });
            let roleMap = toMap(roleRoles, e => {
                return {key: e.inheritsFrom, val: e.role};
            });

            let accounts = await $.UserAccount.find({
                fields: ['id'],
                include: {
                    relation: 'user',
                    scope: {
                        fields: ['name', 'roleFk'],
                        where: {active: true}
                    }
                }
            });
            let accountMap = toMap(accounts, e => {
                let user = e.user();
                if (!user) return;
                return {key: user.roleFk, val: user.name};
            });

            reqs = [];
            for (let role of roles) {
                let newEntry = {
                    objectClass: ['top', 'posixGroup'],
                    cn: role.name,
                    gidNumber: accountConfig.idBase + role.id
                };

                let memberUid = [];
                for (subrole of roleMap.get(role.id) || [])
                    memberUid = memberUid.concat(accountMap.get(subrole) || []);

                if (memberUid.length) {
                    memberUid.sort((a, b) => a.localeCompare(b));
                    newEntry.memberUid = memberUid;
                }

                let dn = `cn=${role.name},${ldapConfig.groupDn}`;
                reqs.push(client.add(dn, newEntry));
            }
            await Promise.all(reqs);
        } catch (e) {
            err = e;
        }

        await client.unbind();
        if (err) throw err;
    };
};

function toMap(array, fn) {
    let map = new Map();
    for (let item of array) {
        let keyVal = fn(item);
        if (!keyVal) continue;
        let key = keyVal.key;
        if (!map.has(key)) map.set(key, []);
        map.get(key).push(keyVal.val);
    }
    return map;
}
LDAP user & role syncronization 2020-09-21 11:24:43 +00:00			`const ldap = require('../../util/ldapjs-extra');`

			`module.exports = Self => {`
			`Self.remoteMethod('sync', {`
			`description: 'Synchronizes the user with the other user databases',`
			`http: {`
			path: `/sync`,
			`verb: 'PATCH'`
			`}`
			`});`

			`Self.sync = async function() {`
			`let $ = Self.app.models;`

			`let ldapConfig = await $.LdapConfig.findOne({`
			`fields: ['host', 'rdn', 'password', 'groupDn']`
			`});`
			`let accountConfig = await $.AccountConfig.findOne({`
			`fields: ['idBase']`
			`});`

			`if (!ldapConfig) return;`

			`// Connect`

			`let client = ldap.createClient({`
			url: `ldap://${ldapConfig.host}:389`
			`});`

			`let ldapPassword = Buffer`
			`.from(ldapConfig.password, 'base64')`
			`.toString('ascii');`
			`await client.bind(ldapConfig.rdn, ldapPassword);`

			`let err;`
			`try {`
			`// Delete roles`

			`let opts = {`
			`scope: 'sub',`
			`attributes: ['dn'],`
			`filter: 'objectClass=posixGroup'`
			`};`
User sync fixes 2020-10-31 20:16:58 +00:00			`let res = await client.search(ldapConfig.groupDn, opts);`
LDAP user & role syncronization 2020-09-21 11:24:43 +00:00
			`let reqs = [];`
			`await new Promise((resolve, reject) => {`
			`res.on('error', err => {`
			`if (err.name === 'NoSuchObjectError')`
			err = new Error(`Object '${ldapConfig.groupDn}' does not exist`);
			`reject(err);`
			`});`
			`res.on('searchEntry', e => {`
			`reqs.push(client.del(e.object.dn));`
			`});`
			`res.on('end', resolve);`
			`});`
			`await Promise.all(reqs);`

			`// Recreate roles`

			`let roles = await $.Role.find({`
			`fields: ['id', 'name']`
			`});`
LDAP & Samba synchronization fixes + improvements 2020-10-30 23:02:27 +00:00			`let roleRoles = await $.RoleRole.find({`
			`fields: ['role', 'inheritsFrom']`
			`});`
			`let roleMap = toMap(roleRoles, e => {`
			`return {key: e.inheritsFrom, val: e.role};`
			`});`

LDAP user & role syncronization 2020-09-21 11:24:43 +00:00			`let accounts = await $.UserAccount.find({`
			`fields: ['id'],`
			`include: {`
			`relation: 'user',`
			`scope: {`
LDAP & Samba synchronization fixes + improvements 2020-10-30 23:02:27 +00:00			`fields: ['name', 'roleFk'],`
			`where: {active: true}`
LDAP user & role syncronization 2020-09-21 11:24:43 +00:00			`}`
			`}`
			`});`
LDAP & Samba synchronization fixes + improvements 2020-10-30 23:02:27 +00:00			`let accountMap = toMap(accounts, e => {`
			`let user = e.user();`
User sync fixes 2020-10-30 23:40:54 +00:00			`if (!user) return;`
LDAP & Samba synchronization fixes + improvements 2020-10-30 23:02:27 +00:00			`return {key: user.roleFk, val: user.name};`
			`});`
LDAP user & role syncronization 2020-09-21 11:24:43 +00:00
			`reqs = [];`
			`for (let role of roles) {`
			`let newEntry = {`
			`objectClass: ['top', 'posixGroup'],`
			`cn: role.name,`
			`gidNumber: accountConfig.idBase + role.id`
			`};`

LDAP & Samba synchronization fixes + improvements 2020-10-30 23:02:27 +00:00			`let memberUid = [];`
			`for (subrole of roleMap.get(role.id) \|\| [])`
			`memberUid = memberUid.concat(accountMap.get(subrole) \|\| []);`

			`if (memberUid.length) {`
			`memberUid.sort((a, b) => a.localeCompare(b));`
			`newEntry.memberUid = memberUid;`
			`}`
LDAP user & role syncronization 2020-09-21 11:24:43 +00:00
			let dn = `cn=${role.name},${ldapConfig.groupDn}`;
			`reqs.push(client.add(dn, newEntry));`
			`}`
			`await Promise.all(reqs);`
			`} catch (e) {`
			`err = e;`
			`}`

User sync fixes 2020-10-31 20:16:58 +00:00			`await client.unbind();`
LDAP user & role syncronization 2020-09-21 11:24:43 +00:00			`if (err) throw err;`
			`};`
			`};`
LDAP & Samba synchronization fixes + improvements 2020-10-30 23:02:27 +00:00
			`function toMap(array, fn) {`
			`let map = new Map();`
			`for (let item of array) {`
			`let keyVal = fn(item);`
User sync fixes 2020-10-30 23:40:54 +00:00			`if (!keyVal) continue;`
LDAP & Samba synchronization fixes + improvements 2020-10-30 23:02:27 +00:00			`let key = keyVal.key;`
			`if (!map.has(key)) map.set(key, []);`
			`map.get(key).push(keyVal.val);`
			`}`
			`return map;`
			`}`