test logic fix for ldap users not in an ldap group
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -19,6 +19,7 @@ type User struct {
|
||||
LdapUser bool `db:"LdapUser" json:"ldapUser"`
|
||||
Admin bool `db:"Admin"`
|
||||
LastLogin time.Time `db:"LastLogin" json:"lastLogin"`
|
||||
LdapGroup bool `db:"LdapGroup"`
|
||||
}
|
||||
|
||||
type UserRole struct {
|
||||
@@ -122,7 +123,13 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
|
||||
// Query database for matching user object
|
||||
// Use IFNULL to handle situation where a user might not be a member of a group
|
||||
err = db.QueryRowx("SELECT UserId, IFNULL(GroupId, 0) GroupId, UserName, Password, LdapUser, Admin FROM Users WHERE Username=?", username).StructScan(&u)
|
||||
|
||||
// TODO join on groups table so we can get the value in LdapGroup column
|
||||
|
||||
err = db.QueryRowx(`
|
||||
SELECT users.UserId, IFNULL(users.GroupId, 0) GroupId, UserName, Password, LdapUser, users.Admin, groups.LdapGroup FROM Users
|
||||
INNER JOIN groups ON users.GroupId = groups.GroupId
|
||||
WHERE Username=?`, username).StructScan(&u)
|
||||
|
||||
if err != nil {
|
||||
if err == sql.ErrNoRows {
|
||||
@@ -186,14 +193,22 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
} else {
|
||||
log.Printf("LoginCheck successfully verified LDAP user\n")
|
||||
|
||||
// confirm that current LDAP group membership matches a group
|
||||
err := UserLdapGroupVerify(username, password)
|
||||
// check if user's group membership is an ldap group or not
|
||||
log.Printf("User id '%d' is a member of group '%d' which has ldapGroup status '%v'\n", u.UserId, u.GroupId, u.LdapGroup)
|
||||
|
||||
if err != nil {
|
||||
// No valid group membership
|
||||
errString := fmt.Sprintf("ldap group membership check unsuccessful : '%s'\n", err)
|
||||
log.Printf("LoginCheck %s\n", errString)
|
||||
return "", errors.New(errString)
|
||||
// If user's group membership is an ldap group, then run UserLdapGroupVerify as we were doing before
|
||||
if u.LdapGroup {
|
||||
// confirm that current LDAP group membership matches a group
|
||||
err := UserLdapGroupVerify(username, password)
|
||||
|
||||
if err != nil {
|
||||
// No valid group membership
|
||||
errString := fmt.Sprintf("ldap group membership check unsuccessful : '%s'\n", err)
|
||||
log.Printf("LoginCheck %s\n", errString)
|
||||
return "", errors.New(errString)
|
||||
}
|
||||
} else { // If user's group membership is not an ldap group, then we are fine and the login attempt was successful
|
||||
log.Printf("No need to check ldap group membership since user is not a member of an ldap group\n")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user