outpost/ldap: delay user information removal upon closing of connection

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 21:13:46 +02:00 · 2021-08-29 21:13:46 +02:00 · 048467e97d
parent cc2cd6919f
commit 048467e97d
3 changed files with 33 additions and 21 deletions
--- a/internal/outpost/ldap/close.go
+++ b/internal/outpost/ldap/close.go
@ -0,0 +1,32 @@
 package ldap
 import (
 	"net"
 	"time"
 )
 func (ls *LDAPServer) Close(boundDN string, conn net.Conn) error {
 	for _, p := range ls.providers {
 		p.delayDeleteUserInfo(boundDN)
 	}
 	return nil
 }
 func (pi *ProviderInstance) delayDeleteUserInfo(dn string) {
 	ticker := time.NewTicker(30 * time.Second)
 	quit := make(chan struct{})
 	go func() {
 		for {
 			select {
 			case <-ticker.C:
 				pi.boundUsersMutex.Lock()
 				delete(pi.boundUsers, dn)
 				pi.boundUsersMutex.Unlock()
 				close(quit)
 			case <-quit:
 				ticker.Stop()
 				return
 			}
 		}
 	}()
 }
--- a/internal/outpost/ldap/instance_bind.go
+++ b/internal/outpost/ldap/instance_bind.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"strings"
 	"time"
 	"github.com/getsentry/sentry-go"
 	goldap "github.com/go-ldap/ldap/v3"
@ -83,7 +82,6 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
 	}
 	uisp.Finish()
 	defer pi.boundUsersMutex.Unlock()
 	pi.delayDeleteUserInfo(username)
 	return ldap.LDAPResultSuccess, nil
 }
@ -100,25 +98,6 @@ func (pi *ProviderInstance) SearchAccessCheck(user api.UserSelf) *string {
 	return nil
 }
 func (pi *ProviderInstance) delayDeleteUserInfo(dn string) {
 	ticker := time.NewTicker(30 * time.Second)
 	quit := make(chan struct{})
 	go func() {
 		for {
 			select {
 			case <-ticker.C:
 				pi.boundUsersMutex.Lock()
 				delete(pi.boundUsers, dn)
 				pi.boundUsersMutex.Unlock()
 				close(quit)
 			case <-quit:
 				ticker.Stop()
 				return
 			}
 		}
 	}()
 }
 func (pi *ProviderInstance) TimerFlowCacheExpiry() {
 	fe := outpost.NewFlowExecutor(context.Background(), pi.flowSlug, pi.s.ac.Client.GetConfig(), log.Fields{})
 	fe.Params.Add("goauthentik.io/outpost/ldap", "true")
--- a/internal/outpost/ldap/ldap.go
+++ b/internal/outpost/ldap/ldap.go
@ -83,5 +83,6 @@ func NewServer(ac *ak.APIController) *LDAPServer {
 	ls.defaultCert = &defaultCert
 	s.BindFunc("", ls)
 	s.SearchFunc("", ls)
 	s.CloseFunc("", ls)
 	return ls
 }