test logic fix for ldap users not in an ldap group
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -19,6 +19,7 @@ type User struct {
|
|||||||
LdapUser bool `db:"LdapUser" json:"ldapUser"`
|
LdapUser bool `db:"LdapUser" json:"ldapUser"`
|
||||||
Admin bool `db:"Admin"`
|
Admin bool `db:"Admin"`
|
||||||
LastLogin time.Time `db:"LastLogin" json:"lastLogin"`
|
LastLogin time.Time `db:"LastLogin" json:"lastLogin"`
|
||||||
|
LdapGroup bool `db:"LdapGroup"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserRole struct {
|
type UserRole struct {
|
||||||
@@ -122,7 +123,13 @@ func LoginCheck(username string, password string) (string, error) {
|
|||||||
|
|
||||||
// Query database for matching user object
|
// Query database for matching user object
|
||||||
// Use IFNULL to handle situation where a user might not be a member of a group
|
// Use IFNULL to handle situation where a user might not be a member of a group
|
||||||
err = db.QueryRowx("SELECT UserId, IFNULL(GroupId, 0) GroupId, UserName, Password, LdapUser, Admin FROM Users WHERE Username=?", username).StructScan(&u)
|
|
||||||
|
// TODO join on groups table so we can get the value in LdapGroup column
|
||||||
|
|
||||||
|
err = db.QueryRowx(`
|
||||||
|
SELECT users.UserId, IFNULL(users.GroupId, 0) GroupId, UserName, Password, LdapUser, users.Admin, groups.LdapGroup FROM Users
|
||||||
|
INNER JOIN groups ON users.GroupId = groups.GroupId
|
||||||
|
WHERE Username=?`, username).StructScan(&u)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == sql.ErrNoRows {
|
if err == sql.ErrNoRows {
|
||||||
@@ -186,6 +193,11 @@ func LoginCheck(username string, password string) (string, error) {
|
|||||||
} else {
|
} else {
|
||||||
log.Printf("LoginCheck successfully verified LDAP user\n")
|
log.Printf("LoginCheck successfully verified LDAP user\n")
|
||||||
|
|
||||||
|
// check if user's group membership is an ldap group or not
|
||||||
|
log.Printf("User id '%d' is a member of group '%d' which has ldapGroup status '%v'\n", u.UserId, u.GroupId, u.LdapGroup)
|
||||||
|
|
||||||
|
// If user's group membership is an ldap group, then run UserLdapGroupVerify as we were doing before
|
||||||
|
if u.LdapGroup {
|
||||||
// confirm that current LDAP group membership matches a group
|
// confirm that current LDAP group membership matches a group
|
||||||
err := UserLdapGroupVerify(username, password)
|
err := UserLdapGroupVerify(username, password)
|
||||||
|
|
||||||
@@ -195,6 +207,9 @@ func LoginCheck(username string, password string) (string, error) {
|
|||||||
log.Printf("LoginCheck %s\n", errString)
|
log.Printf("LoginCheck %s\n", errString)
|
||||||
return "", errors.New(errString)
|
return "", errors.New(errString)
|
||||||
}
|
}
|
||||||
|
} else { // If user's group membership is not an ldap group, then we are fine and the login attempt was successful
|
||||||
|
log.Printf("No need to check ldap group membership since user is not a member of an ldap group\n")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log.Printf("LoginCheck no need to repeat LDAP bind for new user login\n")
|
log.Printf("LoginCheck no need to repeat LDAP bind for new user login\n")
|
||||||
|
|||||||
Reference in New Issue
Block a user