From f01dd2ff52befad8698efeac03c9e9958276f0e6 Mon Sep 17 00:00:00 2001 From: kolaente Date: Mon, 27 Jan 2025 15:01:57 +0100 Subject: [PATCH] feat(auth): make sure local auth and ldap can both work when configured at the same time --- pkg/routes/api/v1/login.go | 23 ++++++++++++++--------- pkg/routes/routes.go | 2 +- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/pkg/routes/api/v1/login.go b/pkg/routes/api/v1/login.go index c00ac25a0..3b1b07ab7 100644 --- a/pkg/routes/api/v1/login.go +++ b/pkg/routes/api/v1/login.go @@ -20,13 +20,11 @@ import ( "net/http" "code.vikunja.io/api/pkg/config" - "code.vikunja.io/api/pkg/modules/auth/ldap" - - "code.vikunja.io/api/pkg/modules/keyvalue" - "code.vikunja.io/api/pkg/db" "code.vikunja.io/api/pkg/models" "code.vikunja.io/api/pkg/modules/auth" + "code.vikunja.io/api/pkg/modules/auth/ldap" + "code.vikunja.io/api/pkg/modules/keyvalue" user2 "code.vikunja.io/api/pkg/user" "code.vikunja.io/api/pkg/web/handler" @@ -58,12 +56,19 @@ func Login(c echo.Context) (err error) { var user *user2.User if config.AuthLdapEnabled.GetBool() { user, err = ldap.AuthenticateUserInLDAP(s, u.Username, u.Password) - } else { - user, err = user2.CheckUserCredentials(s, &u) + if err != nil && !user2.IsErrWrongUsernameOrPassword(err) { + _ = s.Rollback() + return handler.HandleHTTPError(err) + } } - if err != nil { - _ = s.Rollback() - return handler.HandleHTTPError(err) + + if user == nil { + // This allows us to still have local users while ldap is enabled + user, err = user2.CheckUserCredentials(s, &u) + if err != nil { + _ = s.Rollback() + return handler.HandleHTTPError(err) + } } if user.Status == user2.StatusDisabled { diff --git a/pkg/routes/routes.go b/pkg/routes/routes.go index 3cfe46cc4..20c35c1c2 100644 --- a/pkg/routes/routes.go +++ b/pkg/routes/routes.go @@ -252,7 +252,7 @@ func registerAPIRoutes(a *echo.Group) { ur.POST("/user/confirm", apiv1.UserConfirmEmail) } - if config.AuthLdapEnabled.GetBool() { + if config.AuthLocalEnabled.GetBool() || config.AuthLdapEnabled.GetBool() { ur.POST("/login", apiv1.Login) }