add logrus logging, disable LDAP username and password editing on backend

api/login.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"
 
+	log "github.com/Sirupsen/logrus"
 	database "github.com/ansible-semaphore/semaphore/db"
 	"github.com/ansible-semaphore/semaphore/models"
 	"github.com/ansible-semaphore/semaphore/util"
@@ -95,7 +96,7 @@ func ldapAuthentication(auth, password string) (error, models.User) {
 		Alert:    false,
 	}
 
-	println("User " + ldapUser.Name + " with email " + ldapUser.Email + " authorized via LDAP correctly")
+	log.Info("User " + ldapUser.Name + " with email " + ldapUser.Email + " authorized via LDAP correctly")
 	return nil, ldapUser
 
 }
@@ -115,7 +116,7 @@ func login(c *gin.Context) {
 	ldapErr, ldapUser := ldapAuthentication(login.Auth, login.Password)
 
 	if util.Config.LdapEnable == true && ldapErr != nil {
-		println(ldapErr.Error())
+		log.Info(ldapErr.Error())
 	}
 
 	q := sq.Select("*").

api/users.go

@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"time"
 
+	log "github.com/Sirupsen/logrus"
 	database "github.com/ansible-semaphore/semaphore/db"
 	"github.com/ansible-semaphore/semaphore/models"
 	"github.com/ansible-semaphore/semaphore/util"
@@ -63,6 +64,12 @@ func updateUser(c *gin.Context) {
 		return
 	}
 
+	if oldUser.External == true && oldUser.Username != user.Username {
+		log.Warn("Username is not editable for external LDAP users")
+		c.AbortWithStatus(400)
+		return
+	}
+
 	if _, err := database.Mysql.Exec("update user set name=?, username=?, email=?, alert=? where id=?", user.Name, user.Username, user.Email, user.Alert, oldUser.ID); err != nil {
 		panic(err)
 	}
@@ -76,6 +83,12 @@ func updateUserPassword(c *gin.Context) {
 		Pwd string `json:"password"`
 	}
 
+	if user.External == true {
+		log.Warn("Password is not editable for external LDAP users")
+		c.AbortWithStatus(400)
+		return
+	}
+
 	if err := c.Bind(&pwd); err != nil {
 		return
 	}