avoid unnecessary ldap bind for first user login
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -93,9 +93,8 @@ func VerifyPassword(password, hashedPassword string) error {
|
||||
}
|
||||
|
||||
func LoginCheck(username string, password string) (string, error) {
|
||||
|
||||
var err error
|
||||
|
||||
newLdapUser := false
|
||||
u := User{}
|
||||
|
||||
// Query database for matching user object
|
||||
@@ -119,6 +118,11 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
} else {
|
||||
log.Printf("LoginCheck verified LDAP user successfully\n")
|
||||
u = ldapUser
|
||||
|
||||
// Since this user wasn't in the database, they must have been logging in for the first time
|
||||
// So we don't need to repeat the ldap bind and verification
|
||||
newLdapUser = true
|
||||
|
||||
}
|
||||
} else {
|
||||
// LDAP is not enabled, if user is not in the database then they can't login
|
||||
@@ -132,6 +136,7 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
//log.Printf("u: %v\n", u)
|
||||
|
||||
if !u.LdapUser {
|
||||
// Locally defined user, perform password verification
|
||||
err = VerifyPassword(password, u.Password)
|
||||
|
||||
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
|
||||
@@ -141,17 +146,24 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
log.Printf("LoginCheck verified password against stored hash.\n")
|
||||
}
|
||||
} else {
|
||||
err := VerifyLdapCreds(username, password)
|
||||
// LDAP user, verify credential if user wasn't logging in for the first time
|
||||
if !newLdapUser {
|
||||
err := VerifyLdapCreds(username, password)
|
||||
|
||||
if err != nil {
|
||||
errString := fmt.Sprintf("LoginCheck LDAP user bind unsuccessful : '%s'\n", err)
|
||||
log.Print(errString)
|
||||
return "", errors.New(errString)
|
||||
if err != nil {
|
||||
errString := fmt.Sprintf("LoginCheck LDAP user bind unsuccessful : '%s'\n", err)
|
||||
log.Print(errString)
|
||||
return "", errors.New(errString)
|
||||
} else {
|
||||
log.Printf("LoginCheck successfully verified LDAP user\n")
|
||||
}
|
||||
} else {
|
||||
log.Printf("LoginCheck successfully verified LDAP user\n")
|
||||
log.Printf("LoginCheck no need to repeat LDAP bind for new user login\n")
|
||||
}
|
||||
}
|
||||
|
||||
// If we reached this point then the login was successful
|
||||
// Generate a new token and return it to the user
|
||||
token, err := token.GenerateToken(uint(u.UserId))
|
||||
|
||||
if err != nil {
|
||||
@@ -191,9 +203,9 @@ func LdapLoginCheck(username string, password string) (User, error) {
|
||||
u.RoleId = role.RoleId
|
||||
matchFound = true
|
||||
break
|
||||
} else {
|
||||
//log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
||||
}
|
||||
} //else {
|
||||
//log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
||||
//}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user