Fixed Change Password Bug

2023-07-25 15:01:20 +02:00 · 2023-07-25 15:01:20 +02:00 · 6033c90d96
commit 6033c90d96
parent 020dc0f6d4
1 changed files with 113 additions and 125 deletions
--- a/session.go
+++ b/session.go
@ -10,7 +10,10 @@ import (

 func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 	var login_info *LoginInfo
-
+	l, err := ldapOpen(w)
+	if l == nil {
+		return nil
+	}
 	session, err := store.Get(r, SESSION_NAME)
 	if err == nil {
 		username, ok := session.Values["login_username"]
@ -23,53 +26,39 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 				Username: username.(string),
 				Password: password.(string),
 			}
-		} else {
-			return nil
+			if err != nil {
+				log.Printf("checkLogin ldapOpen : %v", err)
+				log.Printf("checkLogin ldapOpen : %v", session)
+				log.Printf("checkLogin ldapOpen : %v", session.Values)
+				return nil
+			}
+			err = bind(User{
+				DN:       login_info.DN,
+				Password: login_info.Password,
+			}, config, l)
+			if err != nil {
+				delete(session.Values, "login_username")
+				delete(session.Values, "login_password")
+				delete(session.Values, "login_dn")
+
+				err = session.Save(r, w)
+				if err != nil {
+					http.Error(w, err.Error(), http.StatusInternalServerError)
+					return nil
+				}
+				return checkLogin(w, r)
+			}
 		}
 	}
-
-	l, err := ldapOpen(w)
-	if l == nil {
-		return nil
-	}
-
-	if err != nil {
-		log.Printf("checkLogin ldapOpen : %v", err)
-		log.Printf("checkLogin ldapOpen : %v", session)
-		log.Printf("checkLogin ldapOpen : %v", session.Values)
-		return nil
-	}
-
-	err = bind(User{
-		DN:       login_info.DN,
-		Password: login_info.Password,
-	}, config, l)
-
-	if err != nil {
-		delete(session.Values, "login_username")
-		delete(session.Values, "login_password")
-		delete(session.Values, "login_dn")
-
-		err = session.Save(r, w)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return nil
-		}
-		return checkLogin(w, r)
-	}
-
 	ldapUser, err := get(User{
 		DN: login_info.DN,
 		CN: login_info.Username,
 	}, config, l)
-
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return nil
 	}
-
 	userEntry := ldapUser.UserEntry
-
 	loginStatus := &LoginStatus{
 		Info:      login_info,
 		conn:      l,
@ -77,97 +66,96 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 		CanAdmin:  ldapUser.CanAdmin,
 		CanInvite: ldapUser.CanInvite,
 	}
-
-	/*
-
-		requestKind := "(objectClass=organizationalPerson)"
-		if strings.EqualFold(login_info.DN, config.AdminAccount) {
-			requestKind = "(objectclass=*)"
-		}
-		searchRequest := ldap.NewSearchRequest(
-			login_info.DN,
-			ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
-			requestKind,
-			[]string{
-				"dn",
-				"displayname",
-				"givenname",
-				"sn",
-				"mail",
-				"cn",
-				"memberof",
-				"description",
-				"garage_s3_access_key",
-			},
-			nil)
-		//			FIELD_NAME_DIRECTORY_VISIBILITY,
-		//			FIELD_NAME_PROFILE_PICTURE,
-
-		sr, err := l.Search(searchRequest)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return nil
-		}
-
-		if len(sr.Entries) != 1 {
-			http.Error(w, fmt.Sprintf("Unable to find entry for %s", login_info.DN), http.StatusInternalServerError)
-			return nil
-		}
-
-		loginStatus.UserEntry = sr.Entries[0]
-
-		loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
-		loginStatus.CanInvite = false
-
-		groups := []EntryName{}
-		searchRequest = ldap.NewSearchRequest(
-			config.GroupBaseDN,
-			ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-			fmt.Sprintf("(&(objectClass=groupOfNames)(member=%s))", login_info.DN),
-			[]string{"dn", "displayName", "cn", "description"},
-			nil)
-		// // log.Printf(fmt.Sprintf("708: %v",searchRequest))
-		sr, err = l.Search(searchRequest)
-		// if err != nil {
-		// 	http.Error(w, err.Error(), http.StatusInternalServerError)
-		// 	return
-		// }
-		//// log.Printf(fmt.Sprintf("303: %v",sr.Entries))
-		for _, ent := range sr.Entries {
-			// log.Printf(fmt.Sprintf("305: %v",ent.DN))
-			groups = append(groups, EntryName{
-				DN:   ent.DN,
-				Name: ent.GetAttributeValue("cn"),
-			})
-			// log.Printf(fmt.Sprintf("310: %v",config.GroupCanInvite))
-			if config.GroupCanInvite != "" && strings.EqualFold(ent.DN, config.GroupCanInvite) {
-				loginStatus.CanInvite = true
-			}
-			// log.Printf(fmt.Sprintf("314: %v",config.GroupCanAdmin))
-			if config.GroupCanAdmin != "" && strings.EqualFold(ent.DN, config.GroupCanAdmin) {
-				loginStatus.CanAdmin = true
-			}
-		}
-
-		// for _, attr := range loginStatus.UserEntry.Attributes {
-		// 	if strings.EqualFold(attr.Name, "memberof") {
-		// 		for _, group := range attr.Values {
-		// 			if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
-		// 				loginStatus.CanInvite = true
-		// 			}
-		// 			if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
-		// 				loginStatus.CanAdmin = true
-		// 			}
-		// 		}
-		// 	}
-		// }
-
-		return loginStatus
-	*/
-
 	return loginStatus
 }

+/*
+
+	requestKind := "(objectClass=organizationalPerson)"
+	if strings.EqualFold(login_info.DN, config.AdminAccount) {
+		requestKind = "(objectclass=*)"
+	}
+	searchRequest := ldap.NewSearchRequest(
+		login_info.DN,
+		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
+		requestKind,
+		[]string{
+			"dn",
+			"displayname",
+			"givenname",
+			"sn",
+			"mail",
+			"cn",
+			"memberof",
+			"description",
+			"garage_s3_access_key",
+		},
+		nil)
+	//			FIELD_NAME_DIRECTORY_VISIBILITY,
+	//			FIELD_NAME_PROFILE_PICTURE,
+
+	sr, err := l.Search(searchRequest)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return nil
+	}
+
+	if len(sr.Entries) != 1 {
+		http.Error(w, fmt.Sprintf("Unable to find entry for %s", login_info.DN), http.StatusInternalServerError)
+		return nil
+	}
+
+	loginStatus.UserEntry = sr.Entries[0]
+
+	loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
+	loginStatus.CanInvite = false
+
+	groups := []EntryName{}
+	searchRequest = ldap.NewSearchRequest(
+		config.GroupBaseDN,
+		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+		fmt.Sprintf("(&(objectClass=groupOfNames)(member=%s))", login_info.DN),
+		[]string{"dn", "displayName", "cn", "description"},
+		nil)
+	// // log.Printf(fmt.Sprintf("708: %v",searchRequest))
+	sr, err = l.Search(searchRequest)
+	// if err != nil {
+	// 	http.Error(w, err.Error(), http.StatusInternalServerError)
+	// 	return
+	// }
+	//// log.Printf(fmt.Sprintf("303: %v",sr.Entries))
+	for _, ent := range sr.Entries {
+		// log.Printf(fmt.Sprintf("305: %v",ent.DN))
+		groups = append(groups, EntryName{
+			DN:   ent.DN,
+			Name: ent.GetAttributeValue("cn"),
+		})
+		// log.Printf(fmt.Sprintf("310: %v",config.GroupCanInvite))
+		if config.GroupCanInvite != "" && strings.EqualFold(ent.DN, config.GroupCanInvite) {
+			loginStatus.CanInvite = true
+		}
+		// log.Printf(fmt.Sprintf("314: %v",config.GroupCanAdmin))
+		if config.GroupCanAdmin != "" && strings.EqualFold(ent.DN, config.GroupCanAdmin) {
+			loginStatus.CanAdmin = true
+		}
+	}
+
+	// for _, attr := range loginStatus.UserEntry.Attributes {
+	// 	if strings.EqualFold(attr.Name, "memberof") {
+	// 		for _, group := range attr.Values {
+	// 			if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
+	// 				loginStatus.CanInvite = true
+	// 			}
+	// 			if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
+	// 				loginStatus.CanAdmin = true
+	// 			}
+	// 		}
+	// 	}
+	// }
+
+	return loginStatus
+*/
+
 func logout(w http.ResponseWriter, r *http.Request) error {
 	session, err := store.Get(r, SESSION_NAME)
 	if err != nil {