diff options
Diffstat (limited to 'api')
| -rw-r--r-- | api/user.go | 9 | ||||
| -rw-r--r-- | api/user_test.go | 17 |
2 files changed, 22 insertions, 4 deletions
diff --git a/api/user.go b/api/user.go index 60162d8f1..c53a643c7 100644 --- a/api/user.go +++ b/api/user.go @@ -436,6 +436,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { password := props["password"] mfaToken := props["token"] deviceId := props["device_id"] + ldapOnly := props["ldap_only"] == "true" if len(password) == 0 { c.Err = model.NewLocAppError("login", "api.user.login.blank_pwd.app_error", nil, "") @@ -460,7 +461,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { } else { c.LogAudit("attempt") - if user, err = getUserForLogin(loginId); err != nil { + if user, err = getUserForLogin(loginId, ldapOnly); err != nil { c.LogAudit("failure") c.Err = err return @@ -485,13 +486,13 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(user.ToJson())) } -func getUserForLogin(loginId string) (*model.User, *model.AppError) { +func getUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppError) { ldapAvailable := *utils.Cfg.LdapSettings.Enable && einterfaces.GetLdapInterface() != nil if result := <-Srv.Store.User().GetForLogin( loginId, - *utils.Cfg.EmailSettings.EnableSignInWithUsername, - *utils.Cfg.EmailSettings.EnableSignInWithEmail, + *utils.Cfg.EmailSettings.EnableSignInWithUsername && !onlyLdap, + *utils.Cfg.EmailSettings.EnableSignInWithEmail && !onlyLdap, ldapAvailable, ); result.Err != nil { diff --git a/api/user_test.go b/api/user_test.go index 1a3b36d4b..9dd57dc20 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -204,6 +204,23 @@ func TestLogin(t *testing.T) { } } +func TestLoginByLdap(t *testing.T) { + th := Setup() + Client := th.CreateClient() + + team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} + rteam, _ := Client.CreateTeam(&team) + + user := model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Username: "corey" + model.NewId(), Password: "pwd"} + ruser, _ := Client.CreateUser(&user, "") + LinkUserToTeam(ruser.Data.(*model.User), rteam.Data.(*model.Team)) + store.Must(Srv.Store.User().VerifyEmail(ruser.Data.(*model.User).Id)) + + if _, err := Client.LoginByLdap(ruser.Data.(*model.User).Id, user.Password); err == nil { + t.Fatal("should've failed to log in with non-ldap user") + } +} + func TestLoginWithDeviceId(t *testing.T) { th := Setup().InitBasic() Client := th.BasicClient |