From b51468db8c6c882efc7caccbc00c17520c386a6f Mon Sep 17 00:00:00 2001 From: Nathan Coad Date: Fri, 5 Jan 2024 10:14:54 +1100 Subject: [PATCH] store ldap user in database --- models/setup.go | 4 ++-- models/user.go | 34 ++++++++++++++++++++-------------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/models/setup.go b/models/setup.go index ab2fc19..871af2f 100644 --- a/models/setup.go +++ b/models/setup.go @@ -26,7 +26,7 @@ const createRoles string = ` RoleName VARCHAR, ReadOnly BOOLEAN, Admin BOOLEAN, - LdapGroup VARCHAR + LdapGroup VARCHAR DEFAULT '' ); ` @@ -172,7 +172,7 @@ func CreateTables() { if !ldapCheck { // Add the column for LdapGroup in the roles table - _, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR;") + _, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR DEFAULT '';") if err != nil { log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err) os.Exit(1) diff --git a/models/user.go b/models/user.go index 501909a..a433653 100644 --- a/models/user.go +++ b/models/user.go @@ -98,7 +98,7 @@ func LoginCheck(username string, password string) (string, error) { if LdapEnabled { ldapUser, err := LdapLoginCheck(username, password) if err != nil { - errString := fmt.Sprintf("LoginCheck erro checking LDAP for user : '%s'\n", err) + errString := fmt.Sprintf("LoginCheck error checking LDAP for user : '%s'\n", err) log.Print(errString) return "", errors.New(errString) @@ -108,25 +108,29 @@ func LoginCheck(username string, password string) (string, error) { errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err) log.Print(errString) return "", errors.New(errString) + } else { + u = ldapUser } - } else { + // LDAP is not enabled, if user is not in the database then they can't login return "", errors.New("specified user not found in database") } } - log.Printf("LoginCheck error retrieving user from database : '%s'\n", err) - return "", err } else { log.Printf("LoginCheck retrieved user '%v' from database\n", u) } - err = VerifyPassword(password, u.Password) + if !u.LdapUser { + err = VerifyPassword(password, u.Password) - if err != nil && err == bcrypt.ErrMismatchedHashAndPassword { - log.Printf("LoginCheck says password doesn't match stored hash.\n") - return "", err + if err != nil && err == bcrypt.ErrMismatchedHashAndPassword { + log.Printf("LoginCheck says password doesn't match stored hash.\n") + return "", err + } else { + log.Printf("LoginCheck verified password against stored hash.\n") + } } else { - log.Printf("LoginCheck verified password against stored hash.\n") + log.Printf("LoginCheck no need to verify password in database for LDAP user\n") } token, err := token.GenerateToken(uint(u.UserId)) @@ -142,6 +146,7 @@ func LoginCheck(username string, password string) (string, error) { func LdapLoginCheck(username string, password string) (User, error) { var u User + u.UserName = username // try to get LDAP group membership groups, err := GetLdapGroupMembership(username, password) @@ -163,29 +168,30 @@ func LdapLoginCheck(username string, password string) (User, error) { for _, role := range roleList { for _, group := range groups { if role.LdapGroup == group { - log.Printf("Found match, user is allowed role ID '%d'\n", role.RoleId) + log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId) + u.RoleId = role.RoleId matchFound = true break } else { - log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group) + //log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group) } } } if matchFound { // If we found a match, then store user with appropriate role ID - u.UserId = StoreLdapUser(username) + u.SaveUser() } return u, nil } // StoreLdapUser creates a user record in the database and returns the corresponding userId -func StoreLdapUser(username string) int { +func StoreLdapUser(u *User) error { // TODO - return 99 + return nil } func GetUserByID(uid uint) (User, error) {