* Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]tags/v1.0.0
func UserSignIn(username, password string) (*User, error) { | func UserSignIn(username, password string) (*User, error) { | ||||
var user *User | var user *User | ||||
if strings.Contains(username, "@") { | if strings.Contains(username, "@") { | ||||
user = &User{Email: strings.ToLower(username)} | |||||
user = &User{Email: strings.ToLower(strings.TrimSpace(username))} | |||||
} else { | } else { | ||||
user = &User{LowerName: strings.ToLower(username)} | |||||
user = &User{LowerName: strings.ToLower(strings.TrimSpace(username))} | |||||
} | } | ||||
hasUser, err := x.Get(user) | hasUser, err := x.Get(user) |
// SearchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter | // SearchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter | ||||
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) { | func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) { | ||||
// See https://tools.ietf.org/search/rfc4513#section-5.1.2 | |||||
if len(passwd) == 0 { | |||||
log.Debug("Auth. failed for %s, password cannot be empty") | |||||
return "", "", "", "", false, false | |||||
} | |||||
l, err := dial(ls) | l, err := dial(ls) | ||||
if err != nil { | if err != nil { | ||||
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) | log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) |