feat(auth): make sure local auth and ldap can both work when configured at the same time

This commit is contained in:
kolaente 2025-01-27 15:01:57 +01:00 committed by konrad
parent 71cad7aa13
commit f01dd2ff52
2 changed files with 15 additions and 10 deletions

View File

@ -20,13 +20,11 @@ import (
"net/http" "net/http"
"code.vikunja.io/api/pkg/config" "code.vikunja.io/api/pkg/config"
"code.vikunja.io/api/pkg/modules/auth/ldap"
"code.vikunja.io/api/pkg/modules/keyvalue"
"code.vikunja.io/api/pkg/db" "code.vikunja.io/api/pkg/db"
"code.vikunja.io/api/pkg/models" "code.vikunja.io/api/pkg/models"
"code.vikunja.io/api/pkg/modules/auth" "code.vikunja.io/api/pkg/modules/auth"
"code.vikunja.io/api/pkg/modules/auth/ldap"
"code.vikunja.io/api/pkg/modules/keyvalue"
user2 "code.vikunja.io/api/pkg/user" user2 "code.vikunja.io/api/pkg/user"
"code.vikunja.io/api/pkg/web/handler" "code.vikunja.io/api/pkg/web/handler"
@ -58,12 +56,19 @@ func Login(c echo.Context) (err error) {
var user *user2.User var user *user2.User
if config.AuthLdapEnabled.GetBool() { if config.AuthLdapEnabled.GetBool() {
user, err = ldap.AuthenticateUserInLDAP(s, u.Username, u.Password) user, err = ldap.AuthenticateUserInLDAP(s, u.Username, u.Password)
} else { if err != nil && !user2.IsErrWrongUsernameOrPassword(err) {
user, err = user2.CheckUserCredentials(s, &u) _ = s.Rollback()
return handler.HandleHTTPError(err)
}
} }
if err != nil {
_ = s.Rollback() if user == nil {
return handler.HandleHTTPError(err) // This allows us to still have local users while ldap is enabled
user, err = user2.CheckUserCredentials(s, &u)
if err != nil {
_ = s.Rollback()
return handler.HandleHTTPError(err)
}
} }
if user.Status == user2.StatusDisabled { if user.Status == user2.StatusDisabled {

View File

@ -252,7 +252,7 @@ func registerAPIRoutes(a *echo.Group) {
ur.POST("/user/confirm", apiv1.UserConfirmEmail) ur.POST("/user/confirm", apiv1.UserConfirmEmail)
} }
if config.AuthLdapEnabled.GetBool() { if config.AuthLocalEnabled.GetBool() || config.AuthLdapEnabled.GetBool() {
ur.POST("/login", apiv1.Login) ur.POST("/login", apiv1.Login)
} }