fix login logic when ldap is enabled

2025-01-21 07:49:34 +01:00 · 2017-04-24 20:05:41 +10:00 · 2017-04-24 20:05:41 +10:00 · 6a8bebe32b
commit 6a8bebe32b
parent 387f655b4e
1 changed files with 28 additions and 17 deletions
--- a/api/login.go
+++ b/api/login.go
@ -101,6 +101,9 @@ func login(w http.ResponseWriter, r *http.Request) {
 		Password string `json:"password" binding:"required"`
 	}

+	var ldapErr error
+	var ldapUser db.User
+
 	if err := mulekick.Bind(w, r, &login); err != nil {
 		return
 	}
@ -112,11 +115,12 @@ func login(w http.ResponseWriter, r *http.Request) {
 		From("user")

 	if util.Config.LdapEnable {
-		ldapErr, ldapUser := ldapAuthentication(login.Auth, login.Password)
-		if ldapErr != nil {
-			log.Info(ldapErr.Error())
-		}

+		// Try to perform LDAP authentication
+		ldapErr, ldapUser = ldapAuthentication(login.Auth, login.Password)
+
+		// If LDAP completed successully - proceed user
+		if ldapErr == nil {
 			// Check if that user already exist in database
 			q = q.Where("username=? and external=true", ldapUser.Username)

@ -133,7 +137,16 @@ func login(w http.ResponseWriter, r *http.Request) {
 				}
 			}
 		} else {
+			log.Info(ldapErr.Error())
+		}
+	}
+
+	// If LDAP not enabled, or LDAP auth finished not successfully (wrong login/pass, unreachable server etc)
+	// - perform normal authorization
+	if util.Config.LdapEnable != true || ldapErr != nil {
+
 		// Perform normal authorization
+		println("Perform normal authorization")
 		_, err := mail.ParseAddress(login.Auth)
 		if err == nil {
 			q = q.Where("email=?", login.Auth)
@ -147,12 +160,10 @@ func login(w http.ResponseWriter, r *http.Request) {
 				w.WriteHeader(http.StatusBadRequest)
 				return
 			}
-
 			panic(err)
 		}

 		if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(login.Password)); err != nil {
-			w.WriteHeader(http.StatusBadRequest)
 			w.WriteHeader(http.StatusBadRequest)
 			return
 		}