fix(xo-server-auth-ldap): get name from LDAP record not user input

Fixes vatesfr/xo-web#1655

packages/xo-server-auth-ldap/src/index.js

@@ -1,7 +1,7 @@
 /* eslint no-throw-literal: 0 */
 
 import eventToPromise from 'event-to-promise'
-import noop from 'lodash/noop'
+import { find, identity, noop } from 'lodash'
 import { createClient } from 'ldapjs'
 import { escape } from 'ldapjs/lib/filters/escape'
 import { promisify } from 'promise-toolbox'
@@ -25,6 +25,22 @@ const evalFilter = (filter, vars) =>
 
     return escape(value)
   })
+const makeEvalFormat = format =>
+  format === undefined
+    ? identity
+    : (input, record) =>
+        format.replace(VAR_RE, (_, name) => {
+          if (name === 'input') {
+            return input
+          }
+
+          let tmp = find(record.attributes, _ => _.type === name)
+          if (tmp !== undefined && (tmp = tmp.vals).length !== 0) {
+            return tmp[0]
+          }
+
+          throw new Error(`invalid entry ${name}`)
+        })
 
 export const configurationSchema = {
   type: 'object',
@@ -100,6 +116,12 @@ Or something like this if you also want to filter by group:
       type: 'string',
       default: DEFAULTS.filter,
     },
+    usernameFormat: {
+      description: `
+
+`.trim(),
+      type: 'string',
+    },
   },
   required: ['uri', 'base'],
 }
@@ -157,15 +179,10 @@ class AuthLdap {
       }
     }
 
-    const {
-      bind: credentials,
-      base: searchBase,
-      filter: searchFilter = DEFAULTS.filter,
-    } = conf
-
-    this._credentials = credentials
-    this._searchBase = searchBase
-    this._searchFilter = searchFilter
+    this._credentials = conf.bind
+    this._formatUsername = makeEvalFormat(conf.usernameFormat)
+    this._searchBase = conf.base
+    ;({ filter: this._searchFilter = DEFAULTS.filter } = conf)
   }
 
   load() {
@@ -242,6 +259,9 @@ class AuthLdap {
         try {
           logger(`attempting to bind as ${entry.objectName}`)
           await bind(entry.objectName, password)
+
+          username = this._formatUsername(username, entry)
+
           logger(
             `successfully bound as ${entry.objectName} => ${username} authenticated`
           )

packages/xo-server-auth-ldap/src/prompt-schema.js

@@ -157,6 +157,8 @@ const promptByType = {
           defaultValue && defaultValue[name],
           subpath
         )
+      } else {
+        value[name] = schema.default
       }
     }