import { Client } from "ldapts";
import { TotpChecker } from "./totpChecker.js";
export class LdapAuthenticationHandler {
    configuration;
    constructor(configuration) {
        this.configuration = configuration;
    }
    async tryBind(username, password) {
        if (!username || !password)
            return null;
        const client = new Client({
            url: this.configuration.ldapUrl,
            timeout: 0,
            connectTimeout: 0,
            tlsOptions: {
                minVersion: 'TLSv1.2',
            },
            strictDN: true,
        });
        const bindDn = `${this.configuration.bindDnField}=${username},${this.configuration.bindRoot}`;
        let totp = null;
        try {
            await client.bind(bindDn, password);
            if (this.configuration.totpField) {
                const data = await client.search(bindDn);
                let totpData = data.searchEntries[0]?.[this.configuration.totpField];
                if (typeof totpData === "string")
                    totp = totpData;
                if (Array.isArray(totpData))
                    totp = totpData.join("");
                else
                    totp = totpData.toString("utf8");
            }
        }
        catch (ex) {
            console.error(ex);
            return null;
        }
        finally {
            client.unbind();
        }
        return {
            username: username,
            totp: totp
        };
    }
    async tryLogin(username, password, totp) {
        const account = await this.tryBind(username, password);
        if (!account)
            return null;
        return TotpChecker.ValidateTotp(account.totp, totp);
    }
    async needTotp(username, password) {
        const account = await this.tryBind(username, password);
        if (!account)
            return null;
        return !!account.totp;
    }
}
//# sourceMappingURL=ldapAuthenticationHandler.js.map