# Mentorenwahl: A fullstack application for assigning mentors to students based on their whishes.
# Copyright (C) 2022  Dominic Grimm

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

require "ldap"
require "socket"
require "ldap_escape"

module Backend
  # Provides LDAP utility functions
  module Ldap
    extend self

    # Creates a new LDAP connection
    def create_client : LDAP::Client
      LDAP::Client.new(TCPSocket.new(Backend.config.ldap.host, Backend.config.ldap.port))
    end

    # Constructs a CN DN from a username
    def cn(username : String) : String
      "cn=#{LdapEscape.dn(username)},#{Backend.config.ldap.user_dn}"
    end

    # Constructs a UID DN from a username
    def uid(uid : String) : String
      "uid=#{LdapEscape.dn(uid)},#{Backend.config.ldap.base_user_dn}"
    end

    # Queries the LDAP server for a user
    #
    # NOTE: Returns a hash of the user's attributes
    def user(dn : String) : Array(Hash(String, Array(String)))
      create_client
        .authenticate(Backend.config.ldap.bind_dn, Backend.config.ldap.bind_password)
        .search(base: dn)
    end

    # Checks if credentials are valid
    def authenticate?(dn : String, password : String) : Bool
      !!create_client.authenticate(dn, password)
    rescue LDAP::Client::AuthError
      false
    end
  end
end