Merge pull request #3073 from jimis/fix_ldap

Fix LDAP authentication exception
Ericsson · Dec 15, 2020 · a0f7414 · a0f7414
2 parents 5c72ebb + 6d09116
commit a0f7414
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/web/server/codechecker_server/api/authentication.py b/web/server/codechecker_server/api/authentication.py
@@ -85,28 +85,36 @@ def performLogin(self, auth_method, auth_string):
 
         if auth_method == "Username:Password":
             user_name, _ = auth_string.split(':', 1)
-            LOG.info("'%s' logged in.", user_name)
+            LOG.debug("'%s' logging in...", user_name)
 
             session = self.__manager.create_session(auth_string)
 
             if session:
+                LOG.info("'%s' logged in.", user_name)
                 return session.token
             else:
                 raise codechecker_api_shared.ttypes.RequestFailed(
                     codechecker_api_shared.ttypes.ErrorCode.AUTH_DENIED,
-                    "Invalid credentials supplied. Refusing authentication!")
+                    f"Invalid credentials supplied for user '{user_name}'."
+                    " Refusing authentication!")
 
         raise codechecker_api_shared.ttypes.RequestFailed(
             codechecker_api_shared.ttypes.ErrorCode.AUTH_DENIED,
             "Could not negotiate via common authentication method.")
 
     @timeit
     def destroySession(self):
-        LOG.info("'%s' logged out.", self.getLoggedInUser())
+        user_name = self.getLoggedInUser()
+        LOG.debug("'%s' logging out...", user_name)
+
         token = None
         if self.__auth_session:
             token = self.__auth_session.token
-        return self.__manager.invalidate(token)
+
+        is_logged_out = self.__manager.invalidate(token)
+        if is_logged_out:
+            LOG.info("'%s' logged out.", user_name)
+        return is_logged_out
 
     # ============= Authorization, permission management =============
 

diff --git a/web/server/codechecker_server/auth/cc_ldap.py b/web/server/codechecker_server/auth/cc_ldap.py
@@ -409,9 +409,11 @@ def get_groups(ldap_config, username, credentials):
                               account_scope,
                               user_dn_postfix_preference)
 
-        group_pattern = ldap_config.get('groupPattern', '')
-        if user_dn and group_pattern == '':
-            # User found and there is no group membership pattern to check.
+        group_pattern = ldap_config.get('groupPattern')
+        if user_dn and not group_pattern:
+            LOG.debug("User '%s' found but there is no group_pattern"
+                      " to check LDAP for group membership.",
+                      user_dn)
             return []
         group_pattern = group_pattern.replace('$USERDN$', user_dn)