UniqueSoft/swirl
2
0
Fork 0
mirror of https://github.com/cuigh/swirl synced 2025-06-26 18:16:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix LDAP auth

Browse Source
This commit is contained in:
cuigh 2017-11-09 12:34:45 +08:00
parent 01644c97f4
commit 902c2bca7c
3 changed files with 13 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
biz/user.go
View File

@ -93,7 +93,7 @@ func (b *userBiz) UpdateInfo(user *model.User) (err error) {
return return
} }
func (b *userBiz) UpdatePassword(id, old_pwd, new_pwd string) (err error) { func (b *userBiz) UpdatePassword(id, oldPwd, newPwd string) (err error) {
do(func(d dao.Interface) { do(func(d dao.Interface) {
var ( var (
user *model.User user *model.User
@ -105,12 +105,12 @@ func (b *userBiz) UpdatePassword(id, old_pwd, new_pwd string) (err error) {
return return
} }
if !password.Validate(user.Password, old_pwd, user.Salt) { if !password.Validate(user.Password, oldPwd, user.Salt) {
err = errors.New("Current password is incorrect") err = errors.New("Current password is incorrect")
return return
} }
pwd, salt, err = password.Get(new_pwd) pwd, salt, err = password.Get(newPwd)
if err != nil { if err != nil {
return return
} }
@ -150,7 +150,7 @@ func (b *userBiz) Login(name, pwd string) (token string, err error) {
Type: model.UserTypeLDAP, Type: model.UserTypeLDAP,
LoginName: name, LoginName: name,
} }
err = b.loginLDAP(user, pwd) err = b.loginLDAP(d, user, pwd)
} else { } else {
if user.Status == model.UserStatusBlocked { if user.Status == model.UserStatusBlocked {
err = fmt.Errorf("user %s is blocked", name) err = fmt.Errorf("user %s is blocked", name)
@ -160,7 +160,7 @@ func (b *userBiz) Login(name, pwd string) (token string, err error) {
if user.Type == model.UserTypeInternal { if user.Type == model.UserTypeInternal {
err = b.loginInternal(user, pwd) err = b.loginInternal(user, pwd)
} else { } else {
err = b.loginLDAP(user, pwd) err = b.loginLDAP(d, user, pwd)
} }
} }
@ -193,7 +193,7 @@ func (b *userBiz) loginInternal(user *model.User, pwd string) error {
return nil return nil
} }
func (b *userBiz) loginLDAP(user *model.User, pwd string) error { func (b *userBiz) loginLDAP(d dao.Interface, user *model.User, pwd string) error {
setting, err := Setting.Get() setting, err := Setting.Get()
if err != nil { if err != nil {
return err return err
@ -224,25 +224,22 @@ func (b *userBiz) loginLDAP(user *model.User, pwd string) error {
// If user wasn't exist, we need create it // If user wasn't exist, we need create it
req := ldap.NewSearchRequest( req := ldap.NewSearchRequest(
setting.LDAP.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, setting.LDAP.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", setting.LDAP.LoginAttr, user.LoginName), fmt.Sprintf("(&(objectClass=organizationalPerson)(userPrincipalName=%s))", user.LoginName),
[]string{"dn", setting.LDAP.EmailAttr, setting.LDAP.LoginAttr, setting.LDAP.NameAttr}, []string{setting.LDAP.NameAttr, setting.LDAP.EmailAttr},
nil, nil,
) )
searchResult, err := l.Search(req) sr, err := l.Search(req)
if err != nil { if err != nil {
return err return err
} }
if len(searchResult.Entries) == 0 { if len(sr.Entries) == 0 {
return ErrIncorrectAuth return ErrIncorrectAuth
} }
entry := searchResult.Entries[0] entry := sr.Entries[0]
user.Email = entry.GetAttributeValue(setting.LDAP.EmailAttr) user.Email = entry.GetAttributeValue(setting.LDAP.EmailAttr)
user.Name = entry.GetAttributeValue(setting.LDAP.NameAttr) user.Name = entry.GetAttributeValue(setting.LDAP.NameAttr)
if user.ID == "" { return b.Create(user, nil)
return b.Create(user, nil)
}
return nil
} }
// Identify authenticate user // Identify authenticate user

3
model/setting.go
View File

@ -7,9 +7,8 @@ type Setting struct {
Enabled bool `bson:"enabled" json:"enabled,omitempty"` Enabled bool `bson:"enabled" json:"enabled,omitempty"`
Address string `bson:"address" json:"address,omitempty"` Address string `bson:"address" json:"address,omitempty"`
BaseDN string `bson:"base_dn" json:"base_dn,omitempty"` BaseDN string `bson:"base_dn" json:"base_dn,omitempty"`
EmailAttr string `bson:"email_attr" json:"email_attr,omitempty"`
LoginAttr string `bson:"login_attr" json:"login_attr,omitempty"`
NameAttr string `bson:"name_attr" json:"name_attr,omitempty"` NameAttr string `bson:"name_attr" json:"name_attr,omitempty"`
EmailAttr string `bson:"email_attr" json:"email_attr,omitempty"`
} `bson:"ldap" json:"ldap,omitempty"` } `bson:"ldap" json:"ldap,omitempty"`
TimeZone struct { TimeZone struct {
Name string `bson:"name" json:"name,omitempty"` // Asia/Shanghai Name string `bson:"name" json:"name,omitempty"` // Asia/Shanghai

12
views/system/setting/index.jet
View File

@ -77,18 +77,6 @@
</div> </div>
</div> </div>
</div> </div>
<div class="field is-horizontal">
<div class="field-label is-normal">
<label class="label">Login name attribute</label>
</div>
<div class="field-body">
<div class="field">
<div class="control">
<input name="ldap.login_attr" value="{{ .Setting.LDAP.LoginAttr }}" class="input" type="text" placeholder="e.g. cn">
</div>
</div>
</div>
</div>
<div class="field is-horizontal"> <div class="field is-horizontal">
<div class="field-label is-normal"> <div class="field-label is-normal">
<label class="label">Username attribute</label> <label class="label">Username attribute</label>