fixes for #310

2025-01-20 23:39:56 +01:00 · 2017-04-18 16:37:44 +01:00 · 2017-04-18 16:37:44 +01:00 · fe8851bcfe
commit fe8851bcfe
parent 68abf976be
3 changed files with 26 additions and 40 deletions
--- a/api/login.go
+++ b/api/login.go
@ -19,14 +19,10 @@ import (
 )

 func ldapAuthentication(auth, password string) (error, db.User) {
-
 	if util.Config.LdapEnable != true {
 		return fmt.Errorf("LDAP not configured"), db.User{}
 	}

-	bindusername := util.Config.LdapBindDN
-	bindpassword := util.Config.LdapBindPassword
-
 	l, err := ldap.Dial("tcp", util.Config.LdapServer)
 	if err != nil {
 		return err, db.User{}
@ -42,7 +38,7 @@ func ldapAuthentication(auth, password string) (error, db.User) {
 	}

 	// First bind with a read only user
-	err = l.Bind(bindusername, bindpassword)
+	err = l.Bind(util.Config.LdapBindDN, util.Config.LdapBindPassword)
 	if err != nil {
 		return err, db.User{}
 	}
@ -97,7 +93,6 @@ func ldapAuthentication(auth, password string) (error, db.User) {

 	log.Info("User " + ldapUser.Name + " with email " + ldapUser.Email + " authorized via LDAP correctly")
 	return nil, ldapUser
-
 }

 func login(w http.ResponseWriter, r *http.Request) {
@ -112,17 +107,32 @@ func login(w http.ResponseWriter, r *http.Request) {

 	login.Auth = strings.ToLower(login.Auth)

-	ldapErr, ldapUser := ldapAuthentication(login.Auth, login.Password)
-
-	if util.Config.LdapEnable == true && ldapErr != nil {
-		log.Info(ldapErr.Error())
-	}
-
+	var user db.User
 	q := sq.Select("*").
 		From("user")

-	var user db.User
-	if ldapErr != nil {
+	if util.Config.LdapEnable {
+		ldapErr, ldapUser := ldapAuthentication(login.Auth, login.Password)
+		if ldapErr != nil {
+			log.Info(ldapErr.Error())
+		}
+
+		// Check if that user already exist in database
+		q = q.Where("username=? and external=true", ldapUser.Username)
+
+		query, args, _ := q.ToSql()
+		if err := db.Mysql.SelectOne(&user, query, args...); err != nil {
+			if err == sql.ErrNoRows {
+				// Create new user
+				user = ldapUser
+				if err := db.Mysql.Insert(&user); err != nil {
+					panic(err)
+				}
+			} else if err != nil {
+				panic(err)
+			}
+		}
+	} else {
 		// Perform normal authorization
 		_, err := mail.ParseAddress(login.Auth)
 		if err == nil {
@ -132,7 +142,6 @@ func login(w http.ResponseWriter, r *http.Request) {
 		}

 		query, args, _ := q.ToSql()
-
 		if err := db.Mysql.SelectOne(&user, query, args...); err != nil {
 			if err == sql.ErrNoRows {
 				w.WriteHeader(http.StatusBadRequest)
@ -147,24 +156,6 @@ func login(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusBadRequest)
 			return
 		}
-	} else {
-		// Check if that user already exist in database
-		q = q.Where("username=? and external=true", ldapUser.Username)
-
-		query, args, _ := q.ToSql()
-
-		if err := db.Mysql.SelectOne(&user, query, args...); err != nil {
-			if err == sql.ErrNoRows {
-				//Create new user
-				user = ldapUser
-				if err := db.Mysql.Insert(&user); err != nil {
-					panic(err)
-				}
-			} else if err != nil {
-				panic(err)
-			}
-
-		}
 	}

 	session := db.Session{
--- a/api/users.go
+++ b/api/users.go
@ -68,9 +68,6 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 		log.Warn("Username is not editable for external LDAP users")
 		w.WriteHeader(http.StatusBadRequest)
 	}
-	if err := mulekick.Bind(w, r, &user); err != nil {
-		return
-	}

 	if _, err := db.Mysql.Exec("update user set name=?, username=?, email=?, alert=? where id=?", user.Name, user.Username, user.Email, user.Alert, oldUser.ID); err != nil {
 		panic(err)
--- a/public/html/users/user.pug
+++ b/public/html/users/user.pug
@ -8,15 +8,13 @@
 			.col-sm-8: input.form-control(type="text" placeholder="Your name" ng-model="user.name")
 		.form-group
 			label.control-label.col-sm-4 Username
-			.col-sm-8: input.form-control(type="text" placeholder="Username" ng-model="user.username" ng-if="user.external==false")
-			.col-sm-8: input.form-control(type="text" placeholder="Username" ng-model="user.username" readonly="readonly" ng-if="user.external==true")
+			.col-sm-8: input.form-control(type="text" placeholder="Username" ng-model="user.username" ng-readonly="user.external == true")
 		.form-group
 			label.control-label.col-sm-4 Email
 			.col-sm-8: input.form-control(type="email" placeholder="Email address" ng-model="user.email")
 		.form-group
 			label.control-label.col-sm-4 Password
-			.col-sm-8: input.form-control(type="password" placeholder="Not editable for LDAP user" readonly="readonly" ng-model="user.password" ng-if="user.external==true")
-			.col-sm-8: input.form-control(type="password" placeholder="Enter new password" ng-model="user.password" ng-if="user.external==false")
+			.col-sm-8: input.form-control(type="password" placeholder="Not editable for LDAP user" ng-readonly="user.external == true" ng-model="user.password")
 		.form-group
 			.col-sm-8.col-sm-offset-4: .checkbox: label
 				input(type="checkbox" title="Send email alerts about failed tasks" ng-model="user.alert")