From 902c2bca7ce49a1ee77a906634d8826700e17f35 Mon Sep 17 00:00:00 2001 From: cuigh Date: Thu, 9 Nov 2017 12:34:45 +0800 Subject: [PATCH] Fix LDAP auth --- biz/user.go | 27 ++++++++++++--------------- model/setting.go | 3 +-- views/system/setting/index.jet | 12 ------------ 3 files changed, 13 insertions(+), 29 deletions(-) diff --git a/biz/user.go b/biz/user.go index b7ce0de..61edff8 100644 --- a/biz/user.go +++ b/biz/user.go @@ -93,7 +93,7 @@ func (b *userBiz) UpdateInfo(user *model.User) (err error) { return } -func (b *userBiz) UpdatePassword(id, old_pwd, new_pwd string) (err error) { +func (b *userBiz) UpdatePassword(id, oldPwd, newPwd string) (err error) { do(func(d dao.Interface) { var ( user *model.User @@ -105,12 +105,12 @@ func (b *userBiz) UpdatePassword(id, old_pwd, new_pwd string) (err error) { return } - if !password.Validate(user.Password, old_pwd, user.Salt) { + if !password.Validate(user.Password, oldPwd, user.Salt) { err = errors.New("Current password is incorrect") return } - pwd, salt, err = password.Get(new_pwd) + pwd, salt, err = password.Get(newPwd) if err != nil { return } @@ -150,7 +150,7 @@ func (b *userBiz) Login(name, pwd string) (token string, err error) { Type: model.UserTypeLDAP, LoginName: name, } - err = b.loginLDAP(user, pwd) + err = b.loginLDAP(d, user, pwd) } else { if user.Status == model.UserStatusBlocked { err = fmt.Errorf("user %s is blocked", name) @@ -160,7 +160,7 @@ func (b *userBiz) Login(name, pwd string) (token string, err error) { if user.Type == model.UserTypeInternal { err = b.loginInternal(user, pwd) } else { - err = b.loginLDAP(user, pwd) + err = b.loginLDAP(d, user, pwd) } } @@ -193,7 +193,7 @@ func (b *userBiz) loginInternal(user *model.User, pwd string) error { return nil } -func (b *userBiz) loginLDAP(user *model.User, pwd string) error { +func (b *userBiz) loginLDAP(d dao.Interface, user *model.User, pwd string) error { setting, err := Setting.Get() if err != nil { return err @@ -224,25 +224,22 @@ func (b *userBiz) loginLDAP(user *model.User, pwd string) error { // If user wasn't exist, we need create it req := ldap.NewSearchRequest( setting.LDAP.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, - fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", setting.LDAP.LoginAttr, user.LoginName), - []string{"dn", setting.LDAP.EmailAttr, setting.LDAP.LoginAttr, setting.LDAP.NameAttr}, + fmt.Sprintf("(&(objectClass=organizationalPerson)(userPrincipalName=%s))", user.LoginName), + []string{setting.LDAP.NameAttr, setting.LDAP.EmailAttr}, nil, ) - searchResult, err := l.Search(req) + sr, err := l.Search(req) if err != nil { return err } - if len(searchResult.Entries) == 0 { + if len(sr.Entries) == 0 { return ErrIncorrectAuth } - entry := searchResult.Entries[0] + entry := sr.Entries[0] user.Email = entry.GetAttributeValue(setting.LDAP.EmailAttr) user.Name = entry.GetAttributeValue(setting.LDAP.NameAttr) - if user.ID == "" { - return b.Create(user, nil) - } - return nil + return b.Create(user, nil) } // Identify authenticate user diff --git a/model/setting.go b/model/setting.go index e23e83a..00ff018 100644 --- a/model/setting.go +++ b/model/setting.go @@ -7,9 +7,8 @@ type Setting struct { Enabled bool `bson:"enabled" json:"enabled,omitempty"` Address string `bson:"address" json:"address,omitempty"` BaseDN string `bson:"base_dn" json:"base_dn,omitempty"` - EmailAttr string `bson:"email_attr" json:"email_attr,omitempty"` - LoginAttr string `bson:"login_attr" json:"login_attr,omitempty"` NameAttr string `bson:"name_attr" json:"name_attr,omitempty"` + EmailAttr string `bson:"email_attr" json:"email_attr,omitempty"` } `bson:"ldap" json:"ldap,omitempty"` TimeZone struct { Name string `bson:"name" json:"name,omitempty"` // Asia/Shanghai diff --git a/views/system/setting/index.jet b/views/system/setting/index.jet index b9603b4..27b5e82 100644 --- a/views/system/setting/index.jet +++ b/views/system/setting/index.jet @@ -77,18 +77,6 @@ -
-
- -
-
-
-
- -
-
-
-