aboutsummaryrefslogtreecommitdiffstats
path: root/services/auth/source/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'services/auth/source/ldap')
-rw-r--r--services/auth/source/ldap/source.go5
-rw-r--r--services/auth/source/ldap/source_authenticate.go12
-rw-r--r--services/auth/source/ldap/source_search.go33
-rw-r--r--services/auth/source/ldap/source_sync.go20
-rw-r--r--services/auth/source/ldap/util.go6
5 files changed, 42 insertions, 34 deletions
diff --git a/services/auth/source/ldap/source.go b/services/auth/source/ldap/source.go
index dc4cb2c940..963cdba7c2 100644
--- a/services/auth/source/ldap/source.go
+++ b/services/auth/source/ldap/source.go
@@ -56,8 +56,7 @@ type Source struct {
UserUID string // User Attribute listed in Group
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
- // reference to the authSource
- authSource *auth.Source
+ authSource *auth.Source // reference to the authSource
}
// FromDB fills up a LDAPConfig from serialized format.
@@ -107,7 +106,7 @@ func (source *Source) UseTLS() bool {
// ProvidesSSHKeys returns if this source provides SSH Keys
func (source *Source) ProvidesSSHKeys() bool {
- return len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
+ return strings.TrimSpace(source.AttributeSSHPublicKey) != ""
}
// SetAuthSource sets the related AuthSource
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index 01cb743720..020e5784dc 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -31,13 +31,13 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
return nil, user_model.ErrUserNotExist{Name: loginName}
}
// Fallback.
- if len(sr.Username) == 0 {
+ if sr.Username == "" {
sr.Username = userName
}
- if len(sr.Mail) == 0 {
+ if sr.Mail == "" {
sr.Mail = fmt.Sprintf("%s@localhost.local", sr.Username)
}
- isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
+ isAttributeSSHPublicKeySet := strings.TrimSpace(source.AttributeSSHPublicKey) != ""
// Update User admin flag if exist
if isExist, err := user_model.IsUserExist(ctx, 0, sr.Username); err != nil {
@@ -51,11 +51,11 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
}
if user != nil && !user.ProhibitLogin {
opts := &user_service.UpdateOptions{}
- if len(source.AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
+ if source.AdminFilter != "" && user.IsAdmin != sr.IsAdmin {
// Change existing admin flag only if AdminFilter option is set
opts.IsAdmin = optional.Some(sr.IsAdmin)
}
- if !sr.IsAdmin && len(source.RestrictedFilter) > 0 && user.IsRestricted != sr.IsRestricted {
+ if !sr.IsAdmin && source.RestrictedFilter != "" && user.IsRestricted != sr.IsRestricted {
// Change existing restricted flag only if RestrictedFilter option is set
opts.IsRestricted = optional.Some(sr.IsRestricted)
}
@@ -99,7 +99,7 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
return user, err
}
}
- if len(source.AttributeAvatar) > 0 {
+ if source.AttributeAvatar != "" {
if err := user_service.UploadAvatar(ctx, user, sr.Avatar); err != nil {
return user, err
}
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
index b20c90e791..fa2c45ce4a 100644
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -147,7 +147,7 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error {
}
func checkAdmin(l *ldap.Conn, ls *Source, userDN string) bool {
- if len(ls.AdminFilter) == 0 {
+ if ls.AdminFilter == "" {
return false
}
log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, userDN)
@@ -169,7 +169,7 @@ func checkAdmin(l *ldap.Conn, ls *Source, userDN string) bool {
}
func checkRestricted(l *ldap.Conn, ls *Source, userDN string) bool {
- if len(ls.RestrictedFilter) == 0 {
+ if ls.RestrictedFilter == "" {
return false
}
if ls.RestrictedFilter == "*" {
@@ -250,8 +250,17 @@ func (source *Source) getUserAttributeListedInGroup(entry *ldap.Entry) string {
// SearchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (source *Source) SearchEntry(name, passwd string, directBind bool) *SearchResult {
+ if MockedSearchEntry != nil {
+ return MockedSearchEntry(source, name, passwd, directBind)
+ }
+ return realSearchEntry(source, name, passwd, directBind)
+}
+
+var MockedSearchEntry func(source *Source, name, passwd string, directBind bool) *SearchResult
+
+func realSearchEntry(source *Source, name, passwd string, directBind bool) *SearchResult {
// See https://tools.ietf.org/search/rfc4513#section-5.1.2
- if len(passwd) == 0 {
+ if passwd == "" {
log.Debug("Auth. failed for %s, password cannot be empty", name)
return nil
}
@@ -323,17 +332,17 @@ func (source *Source) SearchEntry(name, passwd string, directBind bool) *SearchR
return nil
}
- isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
- isAtributeAvatarSet := len(strings.TrimSpace(source.AttributeAvatar)) > 0
+ isAttributeSSHPublicKeySet := strings.TrimSpace(source.AttributeSSHPublicKey) != ""
+ isAttributeAvatarSet := strings.TrimSpace(source.AttributeAvatar) != ""
attribs := []string{source.AttributeUsername, source.AttributeName, source.AttributeSurname, source.AttributeMail}
- if len(strings.TrimSpace(source.UserUID)) > 0 {
+ if strings.TrimSpace(source.UserUID) != "" {
attribs = append(attribs, source.UserUID)
}
if isAttributeSSHPublicKeySet {
attribs = append(attribs, source.AttributeSSHPublicKey)
}
- if isAtributeAvatarSet {
+ if isAttributeAvatarSet {
attribs = append(attribs, source.AttributeAvatar)
}
@@ -375,7 +384,7 @@ func (source *Source) SearchEntry(name, passwd string, directBind bool) *SearchR
isRestricted = checkRestricted(l, source, userDN)
}
- if isAtributeAvatarSet {
+ if isAttributeAvatarSet {
Avatar = sr.Entries[0].GetRawAttributeValue(source.AttributeAvatar)
}
@@ -440,14 +449,14 @@ func (source *Source) SearchEntries() ([]*SearchResult, error) {
userFilter := fmt.Sprintf(source.Filter, "*")
- isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
- isAtributeAvatarSet := len(strings.TrimSpace(source.AttributeAvatar)) > 0
+ isAttributeSSHPublicKeySet := strings.TrimSpace(source.AttributeSSHPublicKey) != ""
+ isAttributeAvatarSet := strings.TrimSpace(source.AttributeAvatar) != ""
attribs := []string{source.AttributeUsername, source.AttributeName, source.AttributeSurname, source.AttributeMail, source.UserUID}
if isAttributeSSHPublicKeySet {
attribs = append(attribs, source.AttributeSSHPublicKey)
}
- if isAtributeAvatarSet {
+ if isAttributeAvatarSet {
attribs = append(attribs, source.AttributeAvatar)
}
@@ -503,7 +512,7 @@ func (source *Source) SearchEntries() ([]*SearchResult, error) {
user.SSHPublicKey = v.GetAttributeValues(source.AttributeSSHPublicKey)
}
- if isAtributeAvatarSet {
+ if isAttributeAvatarSet {
user.Avatar = v.GetRawAttributeValue(source.AttributeAvatar)
}
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index a6d6d2a0f2..e817bf1fa9 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -25,7 +25,7 @@ import (
func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
log.Trace("Doing: SyncExternalUsers[%s]", source.authSource.Name)
- isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
+ isAttributeSSHPublicKeySet := strings.TrimSpace(source.AttributeSSHPublicKey) != ""
var sshKeysNeedUpdate bool
// Find all users with this login type - FIXME: Should this be an iterator?
@@ -86,26 +86,26 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
return db.ErrCancelledf("During update of %s before completed update of users", source.authSource.Name)
default:
}
- if len(su.Username) == 0 && len(su.Mail) == 0 {
+ if su.Username == "" && su.Mail == "" {
continue
}
var usr *user_model.User
- if len(su.Username) > 0 {
+ if su.Username != "" {
usr = usernameUsers[su.LowerName]
}
- if usr == nil && len(su.Mail) > 0 {
+ if usr == nil && su.Mail != "" {
usr = mailUsers[strings.ToLower(su.Mail)]
}
if usr != nil {
keepActiveUsers.Add(usr.ID)
- } else if len(su.Username) == 0 {
+ } else if su.Username == "" {
// we cannot create the user if su.Username is empty
continue
}
- if len(su.Mail) == 0 {
+ if su.Mail == "" {
su.Mail = fmt.Sprintf("%s@localhost.local", su.Username)
}
@@ -141,7 +141,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
}
}
- if err == nil && len(source.AttributeAvatar) > 0 {
+ if err == nil && source.AttributeAvatar != "" {
_ = user_service.UploadAvatar(ctx, usr, su.Avatar)
}
} else if updateExisting {
@@ -151,8 +151,8 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
}
// Check if user data has changed
- if (len(source.AdminFilter) > 0 && usr.IsAdmin != su.IsAdmin) ||
- (len(source.RestrictedFilter) > 0 && usr.IsRestricted != su.IsRestricted) ||
+ if (source.AdminFilter != "" && usr.IsAdmin != su.IsAdmin) ||
+ (source.RestrictedFilter != "" && usr.IsRestricted != su.IsRestricted) ||
!strings.EqualFold(usr.Email, su.Mail) ||
usr.FullName != fullName ||
!usr.IsActive {
@@ -180,7 +180,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
}
if usr.IsUploadAvatarChanged(su.Avatar) {
- if err == nil && len(source.AttributeAvatar) > 0 {
+ if err == nil && source.AttributeAvatar != "" {
_ = user_service.UploadAvatar(ctx, usr, su.Avatar)
}
}
diff --git a/services/auth/source/ldap/util.go b/services/auth/source/ldap/util.go
index bd11e2d119..05ae32c0fd 100644
--- a/services/auth/source/ldap/util.go
+++ b/services/auth/source/ldap/util.go
@@ -6,11 +6,11 @@ package ldap
// composeFullName composes a firstname surname or username
func composeFullName(firstname, surname, username string) string {
switch {
- case len(firstname) == 0 && len(surname) == 0:
+ case firstname == "" && surname == "":
return username
- case len(firstname) == 0:
+ case firstname == "":
return surname
- case len(surname) == 0:
+ case surname == "":
return firstname
default:
return firstname + " " + surname
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 15:43:01 +0000