store ldap user in database

models/setup.go

@@ -26,7 +26,7 @@ const createRoles string = `
 		RoleName VARCHAR,
 		ReadOnly BOOLEAN,
 		Admin BOOLEAN,
-		LdapGroup VARCHAR		
+		LdapGroup VARCHAR DEFAULT ''	
 	);
 `
 
@@ -172,7 +172,7 @@ func CreateTables() {
 
 	if !ldapCheck {
 		// Add the column for LdapGroup in the roles table
-		_, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR;")
+		_, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR DEFAULT '';")
 		if err != nil {
 			log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err)
 			os.Exit(1)

models/user.go

@@ -98,7 +98,7 @@ func LoginCheck(username string, password string) (string, error) {
 			if LdapEnabled {
 				ldapUser, err := LdapLoginCheck(username, password)
 				if err != nil {
-					errString := fmt.Sprintf("LoginCheck erro checking LDAP for user : '%s'\n", err)
+					errString := fmt.Sprintf("LoginCheck error checking LDAP for user : '%s'\n", err)
 					log.Print(errString)
 					return "", errors.New(errString)
 
@@ -108,25 +108,29 @@ func LoginCheck(username string, password string) (string, error) {
 					errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err)
 					log.Print(errString)
 					return "", errors.New(errString)
+				} else {
+					u = ldapUser
 				}
-
 			} else {
+				// LDAP is not enabled, if user is not in the database then they can't login
 				return "", errors.New("specified user not found in database")
 			}
 		}
-		log.Printf("LoginCheck error retrieving user from database : '%s'\n", err)
-		return "", err
 	} else {
 		log.Printf("LoginCheck retrieved user '%v' from database\n", u)
 	}
 
-	err = VerifyPassword(password, u.Password)
+	if !u.LdapUser {
+		err = VerifyPassword(password, u.Password)
 
-	if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
-		log.Printf("LoginCheck says password doesn't match stored hash.\n")
-		return "", err
+		if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
+			log.Printf("LoginCheck says password doesn't match stored hash.\n")
+			return "", err
+		} else {
+			log.Printf("LoginCheck verified password against stored hash.\n")
+		}
 	} else {
-		log.Printf("LoginCheck verified password against stored hash.\n")
+		log.Printf("LoginCheck no need to verify password in database for LDAP user\n")
 	}
 
 	token, err := token.GenerateToken(uint(u.UserId))
@@ -142,6 +146,7 @@ func LoginCheck(username string, password string) (string, error) {
 
 func LdapLoginCheck(username string, password string) (User, error) {
 	var u User
+	u.UserName = username
 
 	// try to get LDAP group membership
 	groups, err := GetLdapGroupMembership(username, password)
@@ -163,29 +168,30 @@ func LdapLoginCheck(username string, password string) (User, error) {
 	for _, role := range roleList {
 		for _, group := range groups {
 			if role.LdapGroup == group {
-				log.Printf("Found match, user is allowed role ID '%d'\n", role.RoleId)
+				log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId)
+				u.RoleId = role.RoleId
 				matchFound = true
 				break
 			} else {
-				log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
+				//log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
 			}
 		}
 	}
 
 	if matchFound {
 		// If we found a match, then store user with appropriate role ID
-		u.UserId = StoreLdapUser(username)
+		u.SaveUser()
 	}
 
 	return u, nil
 }
 
 // StoreLdapUser creates a user record in the database and returns the corresponding userId
-func StoreLdapUser(username string) int {
+func StoreLdapUser(u *User) error {
 
 	// TODO
 
-	return 99
+	return nil
 }
 
 func GetUserByID(uid uint) (User, error) {