diff --git a/internal/outpost/flow/executor.go b/internal/outpost/flow/executor.go index d3cac8021..d62fdc8af 100644 --- a/internal/outpost/flow/executor.go +++ b/internal/outpost/flow/executor.go @@ -113,13 +113,13 @@ func (fe *FlowExecutor) CheckApplicationAccess(appSlug string) (bool, error) { acsp := sentry.StartSpan(fe.Context, "authentik.outposts.flow_executor.check_access") defer acsp.Finish() p, _, err := fe.api.CoreApi.CoreApplicationsCheckAccessRetrieve(acsp.Context(), appSlug).Execute() + if err != nil { + return false, fmt.Errorf("failed to check access: %w", err) + } if !p.Passing { fe.log.Info("Access denied for user") return false, nil } - if err != nil { - return false, fmt.Errorf("failed to check access: %w", err) - } fe.log.Debug("User has access") return true, nil } diff --git a/internal/outpost/ldap/search/memory/memory.go b/internal/outpost/ldap/search/memory/memory.go index 4b50d2e40..e4944002d 100644 --- a/internal/outpost/ldap/search/memory/memory.go +++ b/internal/outpost/ldap/search/memory/memory.go @@ -103,6 +103,7 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult, if flags.CanSearch { users = &ms.users } else { + u := make([]api.User, 1) if flags.UserInfo == nil { for i, u := range ms.users { if u.Pk == flags.UserPk { @@ -114,11 +115,9 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult, req.Log().WithField("pk", flags.UserPk).Warning("User with pk is not in local cache") err = fmt.Errorf("failed to get userinfo") } + } else { + u[0] = *flags.UserInfo } - - u := make([]api.User, 1) - u[0] = *flags.UserInfo - users = &u } }