private void Init()

in src/Zyborg.PassCore.PasswordProvider.LDAP/LdapPasswordChangeProvider.cs [244:302]

• 47 lines of code
• 16 McCabe index (conditional complexity)

        private void Init()
        {
            // Validate required options
            if (_options.LdapIgnoreTlsErrors || _options.LdapIgnoreTlsValidation)
                _ldapRemoteCertValidator = CustomServerCertValidation;

            if (_options.LdapHostnames?.Length < 1)
            {
                throw new ArgumentException("Options must specify at least one LDAP hostname",
                    nameof(_options.LdapHostnames));
            }

            if (string.IsNullOrEmpty(_options.LdapUsername))
            {
                throw new ArgumentException("Options missing or invalid LDAP bind distinguished name (DN)",
                    nameof(_options.LdapUsername));
            }

            if (string.IsNullOrEmpty(_options.LdapPassword))
            {
                throw new ArgumentException("Options missing or invalid LDAP bind password",
                    nameof(_options.LdapPassword));
            }

            if (string.IsNullOrEmpty(_options.LdapSearchBase))
            {
                throw new ArgumentException("Options must specify LDAP search base",
                    nameof(_options.LdapSearchBase));
            }

            if (string.IsNullOrWhiteSpace(_options.LdapSearchFilter))
            {
                throw new ArgumentException(
                    $"No {nameof(_options.LdapSearchFilter)} is set. Fill attribute {nameof(_options.LdapSearchFilter)} in file appsettings.json",
                    nameof(_options.LdapSearchFilter));
            }

            if (!_options.LdapSearchFilter.Contains("{Username}"))
            {
                throw new ArgumentException(
                    $"The {nameof(_options.LdapSearchFilter)} should include {{Username}} value in the template string",
                    nameof(_options.LdapSearchFilter));
            }

            // All other configuration is optional, but some may warrant attention
            if (!_options.HideUserNotFound)
                _logger.LogWarning($"Option [{nameof(_options.HideUserNotFound)}] is DISABLED; the presence or absence of usernames can be harvested");

            if (_options.LdapIgnoreTlsErrors)
                _logger.LogWarning($"Option [{nameof(_options.LdapIgnoreTlsErrors)}] is ENABLED; invalid certificates will be allowed");
            else if (_options.LdapIgnoreTlsValidation)
                _logger.LogWarning($"Option [{nameof(_options.LdapIgnoreTlsValidation)}] is ENABLED; untrusted certificate roots will be allowed");

            if (_options.LdapPort == LdapConnection.DefaultSslPort && !_options.LdapSecureSocketLayer)
                _logger.LogWarning($"Option [{nameof(_options.LdapSecureSocketLayer)}] is DISABLED in combination with standard SSL port [{_options.LdapPort}]");

            if (_options.LdapPort != LdapConnection.DefaultSslPort && !_options.LdapStartTls)
                _logger.LogWarning($"Option [{nameof(_options.LdapStartTls)}] is DISABLED in combination with non-standard TLS port [{_options.LdapPort}]");
        }