Merge pull request #2026 from flant/ldap-groups-user-matcher-warning

chore: warning about deprecated LDAP groupSearch fields
2021-12-11 13:26:30 +04:00 · 2021-12-11 13:26:30 +04:00 · 9d3471e39b
commit 9d3471e39b
parent 79233f41ef dea1d3383c
3 changed files with 14 additions and 4 deletions
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@ -187,11 +187,12 @@ func parseScope(s string) (int, bool) {
 // Function exists here to allow backward compatibility between old and new
 // group to user matching implementations.
 // See "Config.GroupSearch.UserMatchers" comments for the details
-func (c *ldapConnector) userMatchers() []UserMatcher {
+func userMatchers(c *Config, logger log.Logger) []UserMatcher {
 	if len(c.GroupSearch.UserMatchers) > 0 && c.GroupSearch.UserMatchers[0].UserAttr != "" {
 		return c.GroupSearch.UserMatchers
 	}
 	log.Deprecated(logger, `LDAP: use groupSearch.userMatchers option instead of "userAttr/groupAttr" fields.`)
 	return []UserMatcher{
 		{
 			UserAttr:  c.GroupSearch.UserAttr,
@ -283,6 +284,9 @@ func (c *Config) openConnector(logger log.Logger) (*ldapConnector, error) {
 	if !ok {
 		return nil, fmt.Errorf("groupSearch.Scope unknown value %q", c.GroupSearch.Scope)
 	}
 	// TODO(nabokihms): remove it after deleting deprecated groupSearch options
 	c.GroupSearch.UserMatchers = userMatchers(c, logger)
 	return &ldapConnector{*c, userSearchScope, groupSearchScope, tlsConfig, logger}, nil
 }
@ -418,7 +422,7 @@ func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.E
 		},
 	}
-	for _, matcher := range c.userMatchers() {
+	for _, matcher := range c.GroupSearch.UserMatchers {
 		req.Attributes = append(req.Attributes, matcher.UserAttr)
 	}
@ -575,7 +579,7 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
 	}
 	var groups []*ldap.Entry
-	for _, matcher := range c.userMatchers() {
+	for _, matcher := range c.GroupSearch.UserMatchers {
 		for _, attr := range getAttrs(user, matcher.UserAttr) {
 			filter := fmt.Sprintf("(%s=%s)", matcher.GroupAttr, ldap.EscapeFilter(attr))
 			if c.GroupSearch.Filter != "" {
--- a/pkg/log/deprecated.go
+++ b/pkg/log/deprecated.go
@ -0,0 +1,5 @@
 package log
 func Deprecated(logger Logger, f string, args ...interface{}) {
 	logger.Warnf("Deprecated: "+f, args...)
 }
--- a/server/deviceflowhandlers.go
+++ b/server/deviceflowhandlers.go
@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"
 	"github.com/dexidp/dex/pkg/log"
 	"github.com/dexidp/dex/storage"
 )
@ -152,7 +153,7 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
 }
 func (s *Server) handleDeviceTokenDeprecated(w http.ResponseWriter, r *http.Request) {
-	s.logger.Warn(`The deprecated "/device/token" endpoint was called. It will be removed, use "/token" instead.`)
+	log.Deprecated(s.logger, `The /device/token endpoint was called. It will be removed, use /token instead.`)
 	w.Header().Set("Content-Type", "application/json")
 	switch r.Method {