feat(auth): make sure local auth and ldap can both work when configured at the same time

This commit is contained in:
kolaente 2025-01-27 15:01:57 +01:00 committed by konrad
parent 71cad7aa13
commit f01dd2ff52
2 changed files with 15 additions and 10 deletions

View File

@ -20,13 +20,11 @@ import (
"net/http"
"code.vikunja.io/api/pkg/config"
"code.vikunja.io/api/pkg/modules/auth/ldap"
"code.vikunja.io/api/pkg/modules/keyvalue"
"code.vikunja.io/api/pkg/db"
"code.vikunja.io/api/pkg/models"
"code.vikunja.io/api/pkg/modules/auth"
"code.vikunja.io/api/pkg/modules/auth/ldap"
"code.vikunja.io/api/pkg/modules/keyvalue"
user2 "code.vikunja.io/api/pkg/user"
"code.vikunja.io/api/pkg/web/handler"
@ -58,12 +56,19 @@ func Login(c echo.Context) (err error) {
var user *user2.User
if config.AuthLdapEnabled.GetBool() {
user, err = ldap.AuthenticateUserInLDAP(s, u.Username, u.Password)
} else {
user, err = user2.CheckUserCredentials(s, &u)
if err != nil && !user2.IsErrWrongUsernameOrPassword(err) {
_ = s.Rollback()
return handler.HandleHTTPError(err)
}
}
if err != nil {
_ = s.Rollback()
return handler.HandleHTTPError(err)
if user == nil {
// This allows us to still have local users while ldap is enabled
user, err = user2.CheckUserCredentials(s, &u)
if err != nil {
_ = s.Rollback()
return handler.HandleHTTPError(err)
}
}
if user.Status == user2.StatusDisabled {

View File

@ -252,7 +252,7 @@ func registerAPIRoutes(a *echo.Group) {
ur.POST("/user/confirm", apiv1.UserConfirmEmail)
}
if config.AuthLdapEnabled.GetBool() {
if config.AuthLocalEnabled.GetBool() || config.AuthLdapEnabled.GetBool() {
ur.POST("/login", apiv1.Login)
}