Fix LDAP with valid old password login (#497)
هذا الالتزام موجود في:
Thomas Miceli
@@ -2,6 +2,7 @@ package auth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
"github.com/thomiceli/opengist/internal/auth/ldap"
|
"github.com/thomiceli/opengist/internal/auth/ldap"
|
||||||
passwordpkg "github.com/thomiceli/opengist/internal/auth/password"
|
passwordpkg "github.com/thomiceli/opengist/internal/auth/password"
|
||||||
@@ -124,15 +125,24 @@ func ProcessLogin(ctx *context.Context) error {
|
|||||||
return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
|
return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if ldap.Enabled() {
|
localUser, err := db.GetUserByUsername(dto.Username)
|
||||||
if user, err = tryLdapLogin(ctx, dto.Username, dto.Password); err != nil {
|
hasLocalPassword := err == nil && localUser.Password != ""
|
||||||
return err
|
|
||||||
}
|
if hasLocalPassword {
|
||||||
}
|
|
||||||
if user == nil {
|
|
||||||
if user, err = tryDbLogin(ctx, dto.Username, dto.Password); user == nil {
|
if user, err = tryDbLogin(ctx, dto.Username, dto.Password); user == nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if ldap.Enabled() {
|
||||||
|
if user, err = tryLdapLogin(ctx, dto.Username, dto.Password); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if user == nil {
|
||||||
|
if user, err = tryDbLogin(ctx, dto.Username, dto.Password); user == nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// handle MFA
|
// handle MFA
|
||||||
|
|||||||
المرجع في مشكلة جديدة
حظر مستخدم