store ldap user in database
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -26,7 +26,7 @@ const createRoles string = `
|
|||||||
RoleName VARCHAR,
|
RoleName VARCHAR,
|
||||||
ReadOnly BOOLEAN,
|
ReadOnly BOOLEAN,
|
||||||
Admin BOOLEAN,
|
Admin BOOLEAN,
|
||||||
LdapGroup VARCHAR
|
LdapGroup VARCHAR DEFAULT ''
|
||||||
);
|
);
|
||||||
`
|
`
|
||||||
|
|
||||||
@@ -172,7 +172,7 @@ func CreateTables() {
|
|||||||
|
|
||||||
if !ldapCheck {
|
if !ldapCheck {
|
||||||
// Add the column for LdapGroup in the roles table
|
// Add the column for LdapGroup in the roles table
|
||||||
_, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR;")
|
_, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR DEFAULT '';")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err)
|
log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
|
|||||||
@@ -98,7 +98,7 @@ func LoginCheck(username string, password string) (string, error) {
|
|||||||
if LdapEnabled {
|
if LdapEnabled {
|
||||||
ldapUser, err := LdapLoginCheck(username, password)
|
ldapUser, err := LdapLoginCheck(username, password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errString := fmt.Sprintf("LoginCheck erro checking LDAP for user : '%s'\n", err)
|
errString := fmt.Sprintf("LoginCheck error checking LDAP for user : '%s'\n", err)
|
||||||
log.Print(errString)
|
log.Print(errString)
|
||||||
return "", errors.New(errString)
|
return "", errors.New(errString)
|
||||||
|
|
||||||
@@ -108,18 +108,19 @@ func LoginCheck(username string, password string) (string, error) {
|
|||||||
errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err)
|
errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err)
|
||||||
log.Print(errString)
|
log.Print(errString)
|
||||||
return "", errors.New(errString)
|
return "", errors.New(errString)
|
||||||
}
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
u = ldapUser
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// LDAP is not enabled, if user is not in the database then they can't login
|
||||||
return "", errors.New("specified user not found in database")
|
return "", errors.New("specified user not found in database")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
log.Printf("LoginCheck error retrieving user from database : '%s'\n", err)
|
|
||||||
return "", err
|
|
||||||
} else {
|
} else {
|
||||||
log.Printf("LoginCheck retrieved user '%v' from database\n", u)
|
log.Printf("LoginCheck retrieved user '%v' from database\n", u)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !u.LdapUser {
|
||||||
err = VerifyPassword(password, u.Password)
|
err = VerifyPassword(password, u.Password)
|
||||||
|
|
||||||
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
|
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
|
||||||
@@ -128,6 +129,9 @@ func LoginCheck(username string, password string) (string, error) {
|
|||||||
} else {
|
} else {
|
||||||
log.Printf("LoginCheck verified password against stored hash.\n")
|
log.Printf("LoginCheck verified password against stored hash.\n")
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
log.Printf("LoginCheck no need to verify password in database for LDAP user\n")
|
||||||
|
}
|
||||||
|
|
||||||
token, err := token.GenerateToken(uint(u.UserId))
|
token, err := token.GenerateToken(uint(u.UserId))
|
||||||
|
|
||||||
@@ -142,6 +146,7 @@ func LoginCheck(username string, password string) (string, error) {
|
|||||||
|
|
||||||
func LdapLoginCheck(username string, password string) (User, error) {
|
func LdapLoginCheck(username string, password string) (User, error) {
|
||||||
var u User
|
var u User
|
||||||
|
u.UserName = username
|
||||||
|
|
||||||
// try to get LDAP group membership
|
// try to get LDAP group membership
|
||||||
groups, err := GetLdapGroupMembership(username, password)
|
groups, err := GetLdapGroupMembership(username, password)
|
||||||
@@ -163,29 +168,30 @@ func LdapLoginCheck(username string, password string) (User, error) {
|
|||||||
for _, role := range roleList {
|
for _, role := range roleList {
|
||||||
for _, group := range groups {
|
for _, group := range groups {
|
||||||
if role.LdapGroup == group {
|
if role.LdapGroup == group {
|
||||||
log.Printf("Found match, user is allowed role ID '%d'\n", role.RoleId)
|
log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId)
|
||||||
|
u.RoleId = role.RoleId
|
||||||
matchFound = true
|
matchFound = true
|
||||||
break
|
break
|
||||||
} else {
|
} else {
|
||||||
log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
//log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if matchFound {
|
if matchFound {
|
||||||
// If we found a match, then store user with appropriate role ID
|
// If we found a match, then store user with appropriate role ID
|
||||||
u.UserId = StoreLdapUser(username)
|
u.SaveUser()
|
||||||
}
|
}
|
||||||
|
|
||||||
return u, nil
|
return u, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// StoreLdapUser creates a user record in the database and returns the corresponding userId
|
// StoreLdapUser creates a user record in the database and returns the corresponding userId
|
||||||
func StoreLdapUser(username string) int {
|
func StoreLdapUser(u *User) error {
|
||||||
|
|
||||||
// TODO
|
// TODO
|
||||||
|
|
||||||
return 99
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetUserByID(uid uint) (User, error) {
|
func GetUserByID(uid uint) (User, error) {
|
||||||
|
|||||||
Reference in New Issue
Block a user