outpost/ldap: fix errors with new UserSelf serializer

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-05 18:16:06 +02:00
parent 6fe5175f21
commit 6af2c6a014
3 changed files with 15 additions and 6 deletions

View file

@ -75,7 +75,7 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
pi.boundUsersMutex.Lock() pi.boundUsersMutex.Lock()
cs := pi.SearchAccessCheck(userInfo.User) cs := pi.SearchAccessCheck(userInfo.User)
pi.boundUsers[req.BindDN] = UserFlags{ pi.boundUsers[req.BindDN] = UserFlags{
UserInfo: userInfo.User, UserPk: userInfo.User.Pk,
CanSearch: cs != nil, CanSearch: cs != nil,
} }
if pi.boundUsers[req.BindDN].CanSearch { if pi.boundUsers[req.BindDN].CanSearch {
@ -88,7 +88,7 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
} }
// SearchAccessCheck Check if the current user is allowed to search // SearchAccessCheck Check if the current user is allowed to search
func (pi *ProviderInstance) SearchAccessCheck(user api.User) *string { func (pi *ProviderInstance) SearchAccessCheck(user api.UserSelf) *string {
for _, group := range user.Groups { for _, group := range user.Groups {
for _, allowedGroup := range pi.searchAllowedGroups { for _, allowedGroup := range pi.searchAllowedGroups {
pi.log.WithField("userGroup", group.Pk).WithField("allowedGroup", allowedGroup).Trace("Checking search access") pi.log.WithField("userGroup", group.Pk).WithField("allowedGroup", allowedGroup).Trace("Checking search access")

View file

@ -11,9 +11,17 @@ import (
"goauthentik.io/api" "goauthentik.io/api"
) )
func (pi *ProviderInstance) SearchMe(user api.User) (ldap.ServerSearchResult, error) { func (pi *ProviderInstance) SearchMe(req SearchRequest, f UserFlags) (ldap.ServerSearchResult, error) {
if f.UserInfo == nil {
u, _, err := pi.s.ac.Client.CoreApi.CoreUsersRetrieve(req.ctx, f.UserInfo.Pk).Execute()
if err != nil {
req.log.WithError(err).Warning("Failed to get user info")
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Failed to get userinfo")
}
f.UserInfo = &u
}
entries := make([]*ldap.Entry, 1) entries := make([]*ldap.Entry, 1)
entries[0] = pi.UserEntry(user) entries[0] = pi.UserEntry(*f.UserInfo)
return ldap.ServerSearchResult{Entries: entries, Referrals: []string{}, Controls: []ldap.Control{}, ResultCode: ldap.LDAPResultSuccess}, nil return ldap.ServerSearchResult{Entries: entries, Referrals: []string{}, Controls: []ldap.Control{}, ResultCode: ldap.LDAPResultSuccess}, nil
} }
@ -42,7 +50,7 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
} }
if !flags.CanSearch { if !flags.CanSearch {
pi.log.Debug("User can't search, showing info about user") pi.log.Debug("User can't search, showing info about user")
return pi.SearchMe(flags.UserInfo) return pi.SearchMe(req, flags)
} }
accsp.Finish() accsp.Finish()

View file

@ -39,7 +39,8 @@ type ProviderInstance struct {
} }
type UserFlags struct { type UserFlags struct {
UserInfo api.User UserInfo *api.User
UserPk int32
CanSearch bool CanSearch bool
} }