From 13a83d9bba43077de6eeeed21206fafa2168a6fd Mon Sep 17 00:00:00 2001
From: "m.nabokikh" <maksim.nabokikh@flant.com>
Date: Wed, 3 Mar 2021 00:22:44 +0400
Subject: [PATCH 1/2] chore: warning about deprecated LDAP groupSearch fields

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
---
 connector/ldap/ldap.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index d3bc20ab..75a7d284 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -187,11 +187,12 @@ func parseScope(s string) (int, bool) {
 // Function exists here to allow backward compatibility between old and new
 // group to user matching implementations.
 // See "Config.GroupSearch.UserMatchers" comments for the details
-func (c *ldapConnector) userMatchers() []UserMatcher {
+func userMatchers(c *Config, logger log.Logger) []UserMatcher {
 	if len(c.GroupSearch.UserMatchers) > 0 && c.GroupSearch.UserMatchers[0].UserAttr != "" {
 		return c.GroupSearch.UserMatchers
 	}
 
+	logger.Warn(`ldap: fields groupSearch userAttr/groupAttr are deprecated, use groupSearch.userMatchers instead.`)
 	return []UserMatcher{
 		{
 			UserAttr:  c.GroupSearch.UserAttr,
@@ -283,6 +284,9 @@ func (c *Config) openConnector(logger log.Logger) (*ldapConnector, error) {
 	if !ok {
 		return nil, fmt.Errorf("groupSearch.Scope unknown value %q", c.GroupSearch.Scope)
 	}
+
+	// TODO(nabokihms): remove it after deleting deprecated groupSearch options
+	c.GroupSearch.UserMatchers = userMatchers(c, logger)
 	return &ldapConnector{*c, userSearchScope, groupSearchScope, tlsConfig, logger}, nil
 }
 
@@ -417,7 +421,7 @@ func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.E
 		},
 	}
 
-	for _, matcher := range c.userMatchers() {
+	for _, matcher := range c.GroupSearch.UserMatchers {
 		req.Attributes = append(req.Attributes, matcher.UserAttr)
 	}
 
@@ -574,7 +578,7 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
 	}
 
 	var groups []*ldap.Entry
-	for _, matcher := range c.userMatchers() {
+	for _, matcher := range c.GroupSearch.UserMatchers {
 		for _, attr := range getAttrs(user, matcher.UserAttr) {
 			filter := fmt.Sprintf("(%s=%s)", matcher.GroupAttr, ldap.EscapeFilter(attr))
 			if c.GroupSearch.Filter != "" {

From dea1d3383c5f0487d037e86bc476f7c725117609 Mon Sep 17 00:00:00 2001
From: "m.nabokikh" <maksim.nabokikh@flant.com>
Date: Mon, 24 May 2021 19:34:22 +0400
Subject: [PATCH 2/2] Deprecation warning log message

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
---
 connector/ldap/ldap.go       | 2 +-
 pkg/log/deprecated.go        | 5 +++++
 server/deviceflowhandlers.go | 3 ++-
 3 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 pkg/log/deprecated.go

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index 75a7d284..1b995181 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -192,7 +192,7 @@ func userMatchers(c *Config, logger log.Logger) []UserMatcher {
 		return c.GroupSearch.UserMatchers
 	}
 
-	logger.Warn(`ldap: fields groupSearch userAttr/groupAttr are deprecated, use groupSearch.userMatchers instead.`)
+	log.Deprecated(logger, `LDAP: use groupSearch.userMatchers option instead of "userAttr/groupAttr" fields.`)
 	return []UserMatcher{
 		{
 			UserAttr:  c.GroupSearch.UserAttr,
diff --git a/pkg/log/deprecated.go b/pkg/log/deprecated.go
new file mode 100644
index 00000000..f20e8b4c
--- /dev/null
+++ b/pkg/log/deprecated.go
@@ -0,0 +1,5 @@
+package log
+
+func Deprecated(logger Logger, f string, args ...interface{}) {
+	logger.Warnf("Deprecated: "+f, args...)
+}
diff --git a/server/deviceflowhandlers.go b/server/deviceflowhandlers.go
index 5ec7eb8e..fb73f257 100644
--- a/server/deviceflowhandlers.go
+++ b/server/deviceflowhandlers.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/dexidp/dex/pkg/log"
 	"github.com/dexidp/dex/storage"
 )
 
@@ -152,7 +153,7 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *Server) handleDeviceTokenDeprecated(w http.ResponseWriter, r *http.Request) {
-	s.logger.Warn(`The deprecated "/device/token" endpoint was called. It will be removed, use "/token" instead.`)
+	log.Deprecated(s.logger, `The /device/token endpoint was called. It will be removed, use /token instead.`)
 
 	w.Header().Set("Content-Type", "application/json")
 	switch r.Method {