UniqueSoft/swirl
2
0
Fork 0
mirror of https://github.com/cuigh/swirl synced 2025-04-26 17:11:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix LDAP auth

Browse Source
This commit is contained in:
cuigh 2017-11-09 12:34:45 +08:00
parent 01644c97f4
commit 902c2bca7c
3 changed files with 13 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
biz/user.go
View File

@ -93,7 +93,7 @@ func (b *userBiz) UpdateInfo(user *model.User) (err error) {
return
}
func (b *userBiz) UpdatePassword(id, old_pwd, new_pwd string) (err error) {
func (b *userBiz) UpdatePassword(id, oldPwd, newPwd string) (err error) {
do(func(d dao.Interface) {
var (
user *model.User
@ -105,12 +105,12 @@ func (b *userBiz) UpdatePassword(id, old_pwd, new_pwd string) (err error) {
return
}
if !password.Validate(user.Password, old_pwd, user.Salt) {
if !password.Validate(user.Password, oldPwd, user.Salt) {
err = errors.New("Current password is incorrect")
return
}
pwd, salt, err = password.Get(new_pwd)
pwd, salt, err = password.Get(newPwd)
if err != nil {
return
}
@ -150,7 +150,7 @@ func (b *userBiz) Login(name, pwd string) (token string, err error) {
Type: model.UserTypeLDAP,
LoginName: name,
}
err = b.loginLDAP(user, pwd)
err = b.loginLDAP(d, user, pwd)
} else {
if user.Status == model.UserStatusBlocked {
err = fmt.Errorf("user %s is blocked", name)
@ -160,7 +160,7 @@ func (b *userBiz) Login(name, pwd string) (token string, err error) {
if user.Type == model.UserTypeInternal {
err = b.loginInternal(user, pwd)
} else {
err = b.loginLDAP(user, pwd)
err = b.loginLDAP(d, user, pwd)
}
}
@ -193,7 +193,7 @@ func (b *userBiz) loginInternal(user *model.User, pwd string) error {
return nil
}
func (b *userBiz) loginLDAP(user *model.User, pwd string) error {
func (b *userBiz) loginLDAP(d dao.Interface, user *model.User, pwd string) error {
setting, err := Setting.Get()
if err != nil {
return err
@ -224,25 +224,22 @@ func (b *userBiz) loginLDAP(user *model.User, pwd string) error {
// If user wasn't exist, we need create it
req := ldap.NewSearchRequest(
setting.LDAP.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", setting.LDAP.LoginAttr, user.LoginName),
[]string{"dn", setting.LDAP.EmailAttr, setting.LDAP.LoginAttr, setting.LDAP.NameAttr},
fmt.Sprintf("(&(objectClass=organizationalPerson)(userPrincipalName=%s))", user.LoginName),
[]string{setting.LDAP.NameAttr, setting.LDAP.EmailAttr},
nil,
)
searchResult, err := l.Search(req)
sr, err := l.Search(req)
if err != nil {
return err
}
if len(searchResult.Entries) == 0 {
if len(sr.Entries) == 0 {
return ErrIncorrectAuth
}
entry := searchResult.Entries[0]
entry := sr.Entries[0]
user.Email = entry.GetAttributeValue(setting.LDAP.EmailAttr)
user.Name = entry.GetAttributeValue(setting.LDAP.NameAttr)
if user.ID == "" {
return b.Create(user, nil)
}
return nil
return b.Create(user, nil)
}
// Identify authenticate user

3
model/setting.go
View File

@ -7,9 +7,8 @@ type Setting struct {
Enabled bool `bson:"enabled" json:"enabled,omitempty"`
Address string `bson:"address" json:"address,omitempty"`
BaseDN string `bson:"base_dn" json:"base_dn,omitempty"`
EmailAttr string `bson:"email_attr" json:"email_attr,omitempty"`
LoginAttr string `bson:"login_attr" json:"login_attr,omitempty"`
NameAttr string `bson:"name_attr" json:"name_attr,omitempty"`
EmailAttr string `bson:"email_attr" json:"email_attr,omitempty"`
} `bson:"ldap" json:"ldap,omitempty"`
TimeZone struct {
Name string `bson:"name" json:"name,omitempty"` // Asia/Shanghai

12
views/system/setting/index.jet
View File

@ -77,18 +77,6 @@
</div>
</div>
</div>
<div class="field is-horizontal">
<div class="field-label is-normal">
<label class="label">Login name attribute</label>
</div>
<div class="field-body">
<div class="field">
<div class="control">
<input name="ldap.login_attr" value="{{ .Setting.LDAP.LoginAttr }}" class="input" type="text" placeholder="e.g. cn">
</div>
</div>
</div>
</div>
<div class="field is-horizontal">
<div class="field-label is-normal">
<label class="label">Username attribute</label>