From 21acbad2390295c64428ecd94deb2ef58bfd6fe1 Mon Sep 17 00:00:00 2001
From: Vilsol <me@vil.so>
Date: Fri, 31 May 2024 14:45:03 +0300
Subject: [PATCH] fix: catch errors

---
 src/auth.ts   | 15 +++++++++++----
 src/ldap.ts   | 44 ++++++++++++++++++++++++++------------------
 src/worker.ts |  2 +-
 3 files changed, 38 insertions(+), 23 deletions(-)

diff --git a/src/auth.ts b/src/auth.ts
index 7ec3e04..2821516 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -1,8 +1,9 @@
 import { Provider } from "nconf";
 import { default as ldapjs } from "ldapjs";
 import { User, UserServiceClient } from "@restorecommerce/rc-grpc-clients/dist/generated/io/restorecommerce/user.js";
+import { Logger } from "@restorecommerce/logger";
 
-export const testCredentials = async (cfg: Provider, dn: ldapjs.DN, credentials: string, ids: UserServiceClient): Promise<boolean> => {
+export const testCredentials = async (cfg: Provider, dn: ldapjs.DN, credentials: string, ids: UserServiceClient, logger: Logger): Promise<boolean> => {
   const bindDN = ldapjs.parseDN(cfg.get('ldap:bind:dn') + ',' + cfg.get('ldap:base_dn'));
   if (bindDN.equals(dn) && (credentials === cfg.get('ldap:bind:password').toString() || credentials === null)) {
     return true;
@@ -25,13 +26,19 @@ export const testCredentials = async (cfg: Provider, dn: ldapjs.DN, credentials:
     user = await ids.login({
       password: credentials,
       identifier
-    }).then(u => u.payload);
+    }).then(u => u.payload).catch((err) => {
+      logger.error('failed logging in', err);
+      return undefined;
+    });
   } else {
     const users = await ids.find({
       subject: {
         token: cfg.get('apiKey')
       },
       name: identifier
+    }).catch((err) => {
+      logger.error('failed logging in', err);
+      return undefined;
     });
 
     user = users?.items?.[0]?.payload;
@@ -40,9 +47,9 @@ export const testCredentials = async (cfg: Provider, dn: ldapjs.DN, credentials:
   return !!user;
 };
 
-export const authorize = (cfg: Provider, ids: UserServiceClient) => {
+export const authorize = (cfg: Provider, ids: UserServiceClient, logger: Logger) => {
   return async (req: any, res: any, next: any) => {
-    if (await testCredentials(cfg, req.connection.ldap.bindDN, null, ids)) {
+    if (await testCredentials(cfg, req.connection.ldap.bindDN, null, ids, logger)) {
       return next();
     }
     return next(new ldapjs.InsufficientAccessRightsError());
diff --git a/src/ldap.ts b/src/ldap.ts
index 5eb46e1..4603827 100644
--- a/src/ldap.ts
+++ b/src/ldap.ts
@@ -1,8 +1,12 @@
 import { type Server, default as ldapjs, SearchRequest } from "ldapjs";
 import { Provider } from "nconf";
-import { UserServiceClient } from "@restorecommerce/rc-grpc-clients/dist/generated/io/restorecommerce/user.js";
+import {
+  UserListResponse,
+  UserServiceClient
+} from "@restorecommerce/rc-grpc-clients/dist/generated/io/restorecommerce/user.js";
 import { authorize, testCredentials } from "./auth.js";
 import { allAttributeFix, withLowercase } from "./utils.js";
+import { Logger } from "@restorecommerce/logger";
 
 interface NewSearchRequest extends SearchRequest {
   dn: ldapjs.DN;
@@ -18,18 +22,18 @@ const commonAttributes: Record<string, string[]> = {
   entryDN: [''],
 };
 
-export const mountPaths = (cfg: Provider, server: Server, ids: UserServiceClient) => {
-  bind(cfg, server, ids);
-  rootSearch(cfg, server, ids);
-  subschemaSearch(cfg, server, ids);
-  usersSearch(cfg, server, ids);
-  baseSearch(cfg, server, ids);
+export const mountPaths = (cfg: Provider, server: Server, ids: UserServiceClient, logger: Logger) => {
+  bind(cfg, server, ids, logger);
+  rootSearch(cfg, server, ids, logger);
+  subschemaSearch(cfg, server, ids, logger);
+  usersSearch(cfg, server, ids, logger);
+  baseSearch(cfg, server, ids, logger);
 };
 
-const bind = (cfg: Provider, server: Server, ids: UserServiceClient) => {
+const bind = (cfg: Provider, server: Server, ids: UserServiceClient, logger: Logger) => {
   server.bind(cfg.get('ldap:base_dn'), async (req: any, res: any, next: any) => {
     let dn = (req.dn instanceof ldapjs.DN) ? req.dn : ldapjs.parseDN(req.dn);
-    if (await testCredentials(cfg, dn, req.credentials, ids)) {
+    if (await testCredentials(cfg, dn, req.credentials, ids, logger)) {
       res.end();
       return next();
     }
@@ -38,8 +42,8 @@ const bind = (cfg: Provider, server: Server, ids: UserServiceClient) => {
   });
 };
 
-const rootSearch = (cfg: Provider, server: Server, ids: UserServiceClient) => {
-  server.search('', authorize(cfg, ids), allAttributeFix(), (req: NewSearchRequest, res: any, next: any) => {
+const rootSearch = (cfg: Provider, server: Server, ids: UserServiceClient, logger: Logger) => {
+  server.search('', authorize(cfg, ids, logger), allAttributeFix(), (req: NewSearchRequest, res: any, next: any) => {
     if (req.dn && req.dn.toString() !== '') {
       return next();
     }
@@ -58,8 +62,8 @@ const rootSearch = (cfg: Provider, server: Server, ids: UserServiceClient) => {
   })
 };
 
-const subschemaSearch = (cfg: Provider, server: Server, ids: UserServiceClient) => {
-  server.search('cn=subschema', authorize(cfg, ids), allAttributeFix(), (req: NewSearchRequest, res: any, next: any) => {
+const subschemaSearch = (cfg: Provider, server: Server, ids: UserServiceClient, logger: Logger) => {
+  server.search('cn=subschema', authorize(cfg, ids, logger), allAttributeFix(), (req: NewSearchRequest, res: any, next: any) => {
     res.send({
       dn: req.dn.toString(),
       attributes: {
@@ -70,8 +74,8 @@ const subschemaSearch = (cfg: Provider, server: Server, ids: UserServiceClient)
   })
 };
 
-const baseSearch = (cfg: Provider, server: Server, ids: UserServiceClient) => {
-  server.search(cfg.get('ldap:base_dn'), authorize(cfg, ids), allAttributeFix(), (req: NewSearchRequest, res: any, next: any) => {
+const baseSearch = (cfg: Provider, server: Server, ids: UserServiceClient, logger: Logger) => {
+  server.search(cfg.get('ldap:base_dn'), authorize(cfg, ids, logger), allAttributeFix(), (req: NewSearchRequest, res: any, next: any) => {
     switch (req.scope as any) {
       case 0:
       case 'base':
@@ -105,15 +109,19 @@ const baseSearch = (cfg: Provider, server: Server, ids: UserServiceClient) => {
   })
 };
 
-const usersSearch = (cfg: Provider, server: Server, ids: UserServiceClient) => {
-  server.search('ou=users,' + cfg.get('ldap:base_dn'), authorize(cfg, ids), allAttributeFix(), async (req: NewSearchRequest, res: any, next: any) => {
+const usersSearch = (cfg: Provider, server: Server, ids: UserServiceClient, logger: Logger) => {
+  server.search('ou=users,' + cfg.get('ldap:base_dn'), authorize(cfg, ids, logger), allAttributeFix(), async (req: NewSearchRequest, res: any, next: any) => {
     const sendUsers = async (name?: string) => {
       const userList = await ids.find({
         subject: {
           token: cfg.get('apiKey')
         },
         name
-      });
+      }).catch(() => UserListResponse.fromPartial({}));
+
+      if (!userList || !userList.items || userList.items.length === 0) {
+        return;
+      }
 
       for (const user of userList.items) {
         const attributes = {
diff --git a/src/worker.ts b/src/worker.ts
index 3ea9c42..4489b3a 100644
--- a/src/worker.ts
+++ b/src/worker.ts
@@ -35,7 +35,7 @@ export class Worker {
       logger: this.logger,
     }, UserServiceDefinition, channel)
 
-    mountPaths(this.cfg, this.server, this.ids);
+    mountPaths(this.cfg, this.server, this.ids, this.logger);
 
     await new Promise<void>((r) => {
       this.server.listen(this.cfg.get('ldap:port'), this.cfg.get('ldap:host'), () => {