From d8dd271e43550ab043c2db36c274092d7819fcab Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Thu, 10 May 2018 09:46:09 -0700 Subject: MM-4998 Adding LoginIdAttribute to allow LDAP users to change their login ID without losing their account (#8756) * Adding LoginIdAttribute * Modifying LDAP to use loginIDAttribute. * Adding IDAttribute migration and AD objectGUID support. * Removing unused idea. * Fix typo. --- app/login.go | 70 +++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 24 deletions(-) (limited to 'app/login.go') diff --git a/app/login.go b/app/login.go index 43b022749..529e4cb21 100644 --- a/app/login.go +++ b/app/login.go @@ -11,47 +11,69 @@ import ( "github.com/avct/uasurfer" "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/store" ) -func (a *App) AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId string, ldapOnly bool) (*model.User, *model.AppError) { +func (a *App) AuthenticateUserForLogin(id, loginId, password, mfaToken string, ldapOnly bool) (user *model.User, err *model.AppError) { + // Do statistics + defer func() { + if a.Metrics != nil { + if user == nil || err != nil { + a.Metrics.IncrementLoginFail() + } else { + a.Metrics.IncrementLogin() + } + } + }() + if len(password) == 0 { err := model.NewAppError("AuthenticateUserForLogin", "api.user.login.blank_pwd.app_error", nil, "", http.StatusBadRequest) return nil, err } - var user *model.User - var err *model.AppError + // Get the MM user we are trying to login + if user, err = a.GetUserForLogin(id, loginId); err != nil { + return nil, err + } + + // and then authenticate them + if user, err = a.authenticateUser(user, password, mfaToken); err != nil { + return nil, err + } + + return user, nil +} + +func (a *App) GetUserForLogin(id, loginId string) (*model.User, *model.AppError) { + enableUsername := *a.Config().EmailSettings.EnableSignInWithUsername + enableEmail := *a.Config().EmailSettings.EnableSignInWithEmail + // If we are given a userID then fail if we can't find a user with that ID if len(id) != 0 { - if user, err = a.GetUser(id); err != nil { - err.StatusCode = http.StatusBadRequest - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() + if user, err := a.GetUser(id); err != nil { + if err.Id != store.MISSING_ACCOUNT_ERROR { + err.StatusCode = http.StatusInternalServerError + return nil, err + } else { + err.StatusCode = http.StatusBadRequest + return nil, err } - return nil, err - } - } else { - if user, err = a.GetUserForLogin(loginId, ldapOnly); err != nil { - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() - } - return nil, err + } else { + return user, nil } } - // and then authenticate them - if user, err = a.authenticateUser(user, password, mfaToken); err != nil { - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() - } - return nil, err + // Try to get the user by username/email + if result := <-a.Srv.Store.User().GetForLogin(loginId, enableUsername, enableEmail); result.Err == nil { + return result.Data.(*model.User), nil } - if a.Metrics != nil { - a.Metrics.IncrementLogin() + // Try to get the user with LDAP + if user, err := a.Ldap.GetUser(loginId); err == nil { + return user, nil } - return user, nil + return nil, model.NewAppError("GetUserForLogin", "store.sql_user.get_for_login.app_error", nil, "", http.StatusBadRequest) } func (a *App) DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) (*model.Session, *model.AppError) { -- cgit v1.2.3-1-g7c22