diff options
| author | Christopher Speller <crspeller@gmail.com> | 2018-05-10 09:46:09 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-10 09:46:09 -0700 |
| commit | d8dd271e43550ab043c2db36c274092d7819fcab (patch) | |
| tree | e297c0534a9684d57fc254281cf5cbc3d7c08e0f /app/login.go | |
| parent | db6b8f6238853c6e7e48dc8015a0b25f97ee232a (diff) | |
| download | chat-d8dd271e43550ab043c2db36c274092d7819fcab.tar.gz chat-d8dd271e43550ab043c2db36c274092d7819fcab.tar.bz2 chat-d8dd271e43550ab043c2db36c274092d7819fcab.zip | |
MM-4998 Adding LoginIdAttribute to allow LDAP users to change their login ID without losing their account (#8756)
* Adding LoginIdAttribute
* Modifying LDAP to use loginIDAttribute.
* Adding IDAttribute migration and AD objectGUID support.
* Removing unused idea.
* Fix typo.
Diffstat (limited to 'app/login.go')
| -rw-r--r-- | app/login.go | 70 |
1 files changed, 46 insertions, 24 deletions
diff --git a/app/login.go b/app/login.go index 43b022749..529e4cb21 100644 --- a/app/login.go +++ b/app/login.go @@ -11,47 +11,69 @@ import ( "github.com/avct/uasurfer" "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/store" ) -func (a *App) AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId string, ldapOnly bool) (*model.User, *model.AppError) { +func (a *App) AuthenticateUserForLogin(id, loginId, password, mfaToken string, ldapOnly bool) (user *model.User, err *model.AppError) { + // Do statistics + defer func() { + if a.Metrics != nil { + if user == nil || err != nil { + a.Metrics.IncrementLoginFail() + } else { + a.Metrics.IncrementLogin() + } + } + }() + if len(password) == 0 { err := model.NewAppError("AuthenticateUserForLogin", "api.user.login.blank_pwd.app_error", nil, "", http.StatusBadRequest) return nil, err } - var user *model.User - var err *model.AppError + // Get the MM user we are trying to login + if user, err = a.GetUserForLogin(id, loginId); err != nil { + return nil, err + } + + // and then authenticate them + if user, err = a.authenticateUser(user, password, mfaToken); err != nil { + return nil, err + } + + return user, nil +} + +func (a *App) GetUserForLogin(id, loginId string) (*model.User, *model.AppError) { + enableUsername := *a.Config().EmailSettings.EnableSignInWithUsername + enableEmail := *a.Config().EmailSettings.EnableSignInWithEmail + // If we are given a userID then fail if we can't find a user with that ID if len(id) != 0 { - if user, err = a.GetUser(id); err != nil { - err.StatusCode = http.StatusBadRequest - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() + if user, err := a.GetUser(id); err != nil { + if err.Id != store.MISSING_ACCOUNT_ERROR { + err.StatusCode = http.StatusInternalServerError + return nil, err + } else { + err.StatusCode = http.StatusBadRequest + return nil, err } - return nil, err - } - } else { - if user, err = a.GetUserForLogin(loginId, ldapOnly); err != nil { - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() - } - return nil, err + } else { + return user, nil } } - // and then authenticate them - if user, err = a.authenticateUser(user, password, mfaToken); err != nil { - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() - } - return nil, err + // Try to get the user by username/email + if result := <-a.Srv.Store.User().GetForLogin(loginId, enableUsername, enableEmail); result.Err == nil { + return result.Data.(*model.User), nil } - if a.Metrics != nil { - a.Metrics.IncrementLogin() + // Try to get the user with LDAP + if user, err := a.Ldap.GetUser(loginId); err == nil { + return user, nil } - return user, nil + return nil, model.NewAppError("GetUserForLogin", "store.sql_user.get_for_login.app_error", nil, "", http.StatusBadRequest) } func (a *App) DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) (*model.Session, *model.AppError) { |