outpost/ldap: delay user information removal upon closing of connection

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 21:13:46 +02:00 · 2021-08-29 21:13:46 +02:00 · 048467e97d
parent cc2cd6919f
commit 048467e97d
3 changed files with 33 additions and 21 deletions
--- a/internal/outpost/ldap/close.go
+++ b/internal/outpost/ldap/close.go
@ -0,0 +1,32 @@
+package ldap
+
+import (
+	"net"
+	"time"
+)
+
+func (ls *LDAPServer) Close(boundDN string, conn net.Conn) error {
+	for _, p := range ls.providers {
+		p.delayDeleteUserInfo(boundDN)
+	}
+	return nil
+}
+
+func (pi *ProviderInstance) delayDeleteUserInfo(dn string) {
+	ticker := time.NewTicker(30 * time.Second)
+	quit := make(chan struct{})
+	go func() {
+		for {
+			select {
+			case <-ticker.C:
+				pi.boundUsersMutex.Lock()
+				delete(pi.boundUsers, dn)
+				pi.boundUsersMutex.Unlock()
+				close(quit)
+			case <-quit:
+				ticker.Stop()
+				return
+			}
+		}
+	}()
+}
--- a/internal/outpost/ldap/instance_bind.go
+++ b/internal/outpost/ldap/instance_bind.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"strings"
-	"time"

 	"github.com/getsentry/sentry-go"
 	goldap "github.com/go-ldap/ldap/v3"
@ -83,7 +82,6 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
 	}
 	uisp.Finish()
 	defer pi.boundUsersMutex.Unlock()
-	pi.delayDeleteUserInfo(username)
 	return ldap.LDAPResultSuccess, nil
 }

@ -100,25 +98,6 @@ func (pi *ProviderInstance) SearchAccessCheck(user api.UserSelf) *string {
 	return nil
 }

-func (pi *ProviderInstance) delayDeleteUserInfo(dn string) {
-	ticker := time.NewTicker(30 * time.Second)
-	quit := make(chan struct{})
-	go func() {
-		for {
-			select {
-			case <-ticker.C:
-				pi.boundUsersMutex.Lock()
-				delete(pi.boundUsers, dn)
-				pi.boundUsersMutex.Unlock()
-				close(quit)
-			case <-quit:
-				ticker.Stop()
-				return
-			}
-		}
-	}()
-}
-
 func (pi *ProviderInstance) TimerFlowCacheExpiry() {
 	fe := outpost.NewFlowExecutor(context.Background(), pi.flowSlug, pi.s.ac.Client.GetConfig(), log.Fields{})
 	fe.Params.Add("goauthentik.io/outpost/ldap", "true")
--- a/internal/outpost/ldap/ldap.go
+++ b/internal/outpost/ldap/ldap.go
@ -83,5 +83,6 @@ func NewServer(ac *ak.APIController) *LDAPServer {
 	ls.defaultCert = &defaultCert
 	s.BindFunc("", ls)
 	s.SearchFunc("", ls)
+	s.CloseFunc("", ls)
 	return ls
 }