Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username
*: don't error out if a username doesn't exist in the backing connector
This commit is contained in:
commit
799b3f3ef5
@ -310,7 +310,9 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
|
|||||||
|
|
||||||
switch n := len(resp.Entries); n {
|
switch n := len(resp.Entries); n {
|
||||||
case 0:
|
case 0:
|
||||||
return fmt.Errorf("ldap: no results returned for filter: %q", filter)
|
log.Printf("ldap: no results returned for filter: %q", filter)
|
||||||
|
incorrectPass = true
|
||||||
|
return nil
|
||||||
case 1:
|
case 1:
|
||||||
default:
|
default:
|
||||||
return fmt.Errorf("ldap: filter returned multiple (%d) results: %q", n, filter)
|
return fmt.Errorf("ldap: filter returned multiple (%d) results: %q", n, filter)
|
||||||
@ -335,6 +337,9 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return connector.Identity{}, false, err
|
return connector.Identity{}, false, err
|
||||||
}
|
}
|
||||||
|
if incorrectPass {
|
||||||
|
return connector.Identity{}, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Encode entry for follow up requests such as the groups query and
|
// Encode entry for follow up requests such as the groups query and
|
||||||
// refresh attempts.
|
// refresh attempts.
|
||||||
@ -364,7 +369,7 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
|
|||||||
return connector.Identity{}, false, err
|
return connector.Identity{}, false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return ident, !incorrectPass, nil
|
return ident, true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *ldapConnector) Groups(ident connector.Identity) ([]string, error) {
|
func (c *ldapConnector) Groups(ident connector.Identity) ([]string, error) {
|
||||||
|
@ -218,8 +218,9 @@ func (db passwordDB) Login(email, password string) (connector.Identity, bool, er
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
if err != storage.ErrNotFound {
|
if err != storage.ErrNotFound {
|
||||||
log.Printf("get password: %v", err)
|
log.Printf("get password: %v", err)
|
||||||
|
return connector.Identity{}, false, err
|
||||||
}
|
}
|
||||||
return connector.Identity{}, false, err
|
return connector.Identity{}, false, nil
|
||||||
}
|
}
|
||||||
if err := bcrypt.CompareHashAndPassword(p.Hash, []byte(password)); err != nil {
|
if err := bcrypt.CompareHashAndPassword(p.Hash, []byte(password)); err != nil {
|
||||||
return connector.Identity{}, false, nil
|
return connector.Identity{}, false, nil
|
||||||
|
@ -657,10 +657,10 @@ func TestPasswordDB(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "unknown user",
|
name: "unknown user",
|
||||||
username: "john@example.com",
|
username: "john@example.com",
|
||||||
password: pw,
|
password: pw,
|
||||||
wantErr: true,
|
wantInvalid: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "invalid password",
|
name: "invalid password",
|
||||||
|
Reference in New Issue
Block a user