work on LDAP

.drone.yml

@@ -98,21 +98,21 @@ steps:
     - sudo bash -c 'mv /home/l075239/smt/test.env /home/l075239/smt/.env'
     - sudo bash -c '/etc/init.d/smt restart'
 
-- name: dell-deploy
+#- name: dell-deploy
-#  # https://github.com/cschlosser/drone-ftps/blob/master/README.md 
+##  # https://github.com/cschlosser/drone-ftps/blob/master/README.md 
-  image: cschlosser/drone-ftps
+#  image: cschlosser/drone-ftps
-  environment:
+#  environment:
-    FTP_USERNAME:
+#    FTP_USERNAME:
-      from_secret: FTP_USERNAME
+#      from_secret: FTP_USERNAME
-    FTP_PASSWORD:
+#    FTP_PASSWORD:
-      from_secret: FTP_PASSWORD
+#      from_secret: FTP_PASSWORD
-    PLUGIN_HOSTNAME: ftp.emc.com:21
+#    PLUGIN_HOSTNAME: ftp.emc.com:21
-    PLUGIN_SECURE: false
+#    PLUGIN_SECURE: false
-    PLUGIN_VERIFY: false  
+#    PLUGIN_VERIFY: false  
-    PLUGIN_CHMOD: false
+#    PLUGIN_CHMOD: false
-    #PLUGIN_DEBUG: false
+#    #PLUGIN_DEBUG: false
-    PLUGIN_INCLUDE: ^smt$,^smt_checksum.txt$
+#    PLUGIN_INCLUDE: ^smt$,^smt_checksum.txt$
-    PLUGIN_EXCLUDE: ^\.git/$,^\controllers/$,^\middlewares/$,^\models/$,^\utils/$
+#    PLUGIN_EXCLUDE: ^\.git/$,^\controllers/$,^\middlewares/$,^\models/$,^\utils/$
 
 volumes:
 - name: shared

main.go

@@ -150,6 +150,11 @@ func main() {
 	// Load certificate for LDAP connectivy
 	models.LoadLdapCert()
 
+	ldapServer := os.Getenv("LDAP_BIND_ADDRESS")
+	if ldapServer != "" {
+		models.LdapEnabled = true
+	}
+
 	// Create context that listens for the interrupt signal from the OS.
 	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
 	defer stop()

models/ldap.go

@@ -22,7 +22,8 @@ type LdapConfig struct {
 }
 
 var systemCA *x509.CertPool
-var certLoaded bool
+var CertLoaded bool
+var LdapEnabled bool
 
 func GetFilePath(path string) string {
 	// Check for empty filename
@@ -80,7 +81,7 @@ func LoadLdapCert() {
 		// Add custom certificate to the system cert pool
 		systemCA.AddCert(crt)
 
-		certLoaded = true
+		CertLoaded = true
 	}
 }
 
@@ -91,6 +92,8 @@ func VerifyLdapCreds(username string, password string) bool {
 	if ldapServer == "" {
 		log.Printf("VerifyLdapCreds no LDAP bind address supplied\n")
 		return false
+	} else {
+		LdapEnabled = true
 	}
 
 	ldapBaseDn := os.Getenv("LDAP_BASE_DN")

models/user.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"database/sql"
 	"errors"
 	"log"
 	"net/http"
@@ -91,6 +92,18 @@ func LoginCheck(username string, password string) (string, error) {
 	err = db.QueryRowx("SELECT * FROM Users WHERE Username=?", username).StructScan(&u)
 
 	if err != nil {
+		if err == sql.ErrNoRows {
+			// check LDAP if enabled
+			if LdapEnabled {
+				//check, err := LdapLoginCheck(username, password)
+				check := VerifyLdapCreds(username, password)
+				if check {
+					u.UserId = StoreLdapUser(username)
+				}
+			} else {
+				return "", errors.New("specified user not found in database")
+			}
+		}
 		log.Printf("LoginCheck error retrieving user from database : '%s'\n", err)
 		return "", err
 	} else {
@@ -120,6 +133,14 @@ func LoginCheck(username string, password string) (string, error) {
 
 }
 
+// StoreLdapUser creates a user record in the database and returns the corresponding userId
+func StoreLdapUser(username string) int {
+
+	// TODO
+
+	return 99
+}
+
 func GetUserByID(uid uint) (User, error) {
 
 	var u User