nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

store ldap user in database
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2024-01-05 10:14:54 +11:00
parent cb7376eeeb
commit b51468db8c
2 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
models/setup.go
View File

@@ -26,7 +26,7 @@ const createRoles string = `
RoleName VARCHAR, RoleName VARCHAR,
ReadOnly BOOLEAN, ReadOnly BOOLEAN,
Admin BOOLEAN, Admin BOOLEAN,
LdapGroup VARCHAR LdapGroup VARCHAR DEFAULT ''
); );
` `
@@ -172,7 +172,7 @@ func CreateTables() {
if !ldapCheck { if !ldapCheck {
// Add the column for LdapGroup in the roles table // Add the column for LdapGroup in the roles table
_, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR;") _, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR DEFAULT '';")
if err != nil { if err != nil {
log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err) log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err)
os.Exit(1) os.Exit(1)

34
models/user.go
View File

@@ -98,7 +98,7 @@ func LoginCheck(username string, password string) (string, error) {
if LdapEnabled { if LdapEnabled {
ldapUser, err := LdapLoginCheck(username, password) ldapUser, err := LdapLoginCheck(username, password)
if err != nil { if err != nil {
errString := fmt.Sprintf("LoginCheck erro checking LDAP for user : '%s'\n", err) errString := fmt.Sprintf("LoginCheck error checking LDAP for user : '%s'\n", err)
log.Print(errString) log.Print(errString)
return "", errors.New(errString) return "", errors.New(errString)
@@ -108,25 +108,29 @@ func LoginCheck(username string, password string) (string, error) {
errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err) errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err)
log.Print(errString) log.Print(errString)
return "", errors.New(errString) return "", errors.New(errString)
} else {
u = ldapUser
} }
} else { } else {
// LDAP is not enabled, if user is not in the database then they can't login
return "", errors.New("specified user not found in database") return "", errors.New("specified user not found in database")
} }
} }
log.Printf("LoginCheck error retrieving user from database : '%s'\n", err)
return "", err
} else { } else {
log.Printf("LoginCheck retrieved user '%v' from database\n", u) log.Printf("LoginCheck retrieved user '%v' from database\n", u)
} }
err = VerifyPassword(password, u.Password) if !u.LdapUser {
err = VerifyPassword(password, u.Password)
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword { if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
log.Printf("LoginCheck says password doesn't match stored hash.\n") log.Printf("LoginCheck says password doesn't match stored hash.\n")
return "", err return "", err
} else {
log.Printf("LoginCheck verified password against stored hash.\n")
}
} else { } else {
log.Printf("LoginCheck verified password against stored hash.\n") log.Printf("LoginCheck no need to verify password in database for LDAP user\n")
} }
token, err := token.GenerateToken(uint(u.UserId)) token, err := token.GenerateToken(uint(u.UserId))
@@ -142,6 +146,7 @@ func LoginCheck(username string, password string) (string, error) {
func LdapLoginCheck(username string, password string) (User, error) { func LdapLoginCheck(username string, password string) (User, error) {
var u User var u User
u.UserName = username
// try to get LDAP group membership // try to get LDAP group membership
groups, err := GetLdapGroupMembership(username, password) groups, err := GetLdapGroupMembership(username, password)
@@ -163,29 +168,30 @@ func LdapLoginCheck(username string, password string) (User, error) {
for _, role := range roleList { for _, role := range roleList {
for _, group := range groups { for _, group := range groups {
if role.LdapGroup == group { if role.LdapGroup == group {
log.Printf("Found match, user is allowed role ID '%d'\n", role.RoleId) log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId)
u.RoleId = role.RoleId
matchFound = true matchFound = true
break break
} else { } else {
log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group) //log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
} }
} }
} }
if matchFound { if matchFound {
// If we found a match, then store user with appropriate role ID // If we found a match, then store user with appropriate role ID
u.UserId = StoreLdapUser(username) u.SaveUser()
} }
return u, nil return u, nil
} }
// StoreLdapUser creates a user record in the database and returns the corresponding userId // StoreLdapUser creates a user record in the database and returns the corresponding userId
func StoreLdapUser(username string) int { func StoreLdapUser(u *User) error {
// TODO // TODO
return 99 return nil
} }
func GetUserByID(uid uint) (User, error) { func GetUserByID(uid uint) (User, error) {