gered/nginx-ldap-auth
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2023-07-11. You can view files and clone it, but cannot push or open issues or pull requests.
nginx-ldap-auth/rule/service.go
Tiago Augusto Pimenta 7bf37b35a5 Fix #11 no group wrong password fix
2019-03-25 21:39:29 -03:00

75 lines
1.5 KiB
Go
Raw Permalink Blame History

package rule
import (
"log"
"sort"
"github.com/tiagoapimenta/nginx-ldap-auth/data"
"github.com/tiagoapimenta/nginx-ldap-auth/group"
"github.com/tiagoapimenta/nginx-ldap-auth/user"
)
type Service struct {
storage *data.Storage
user *user.Service
group *group.Service
required []string
}
func NewService(storage *data.Storage, userService *user.Service, groupService *group.Service, required []string) *Service {
return &Service{
storage: storage,
user: userService,
group: groupService,
required: required,
}
}
func (p *Service) Validate(username, password string) bool {
ok, found := p.storage.Get(username, password)
if found {
return ok
}
ok, err := p.validate(username, password)
if err != nil {
log.Printf("Could not validate user %s: %v\n", username, err)
return false
}
p.storage.Put(username, password, ok)
return ok
}
func (p *Service) validate(username, password string) (bool, error) {
ok, id, err := p.user.Find(username)
if !ok && err != nil {
return false, err
} else if err != nil {
return false, nil
}
ok, err = p.user.Login(id, password)
if !ok && err != nil {
return false, err
}
if !ok || err != nil || p.required == nil || len(p.required) == 0 {
return err == nil, nil
}
groups, err := p.group.Find(id)
if err != nil {
return false, err
}
for _, group := range p.required {
pos := sort.SearchStrings(groups, group)
if pos >= len(groups) || groups[pos] != group {
return false, nil
}
}
return true, nil
}
Reference in a new issue View git blame Copy permalink