Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix LDAP authentication exception #3073

Merged
merged 2 commits into from
Dec 15, 2020
Merged

Fix LDAP authentication exception #3073

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f455dcc
[server] Fix exception when groupPattern is null
jimis Dec 3, 2020
6d09116
[server] Do not log 'logged in' before actually logging in
jimis Dec 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions web/server/codechecker_server/api/authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,28 +85,36 @@ def performLogin(self, auth_method, auth_string):

if auth_method == "Username:Password":
user_name, _ = auth_string.split(':', 1)
LOG.info("'%s' logged in.", user_name)
LOG.debug("'%s' logging in...", user_name)

session = self.__manager.create_session(auth_string)

if session:
LOG.info("'%s' logged in.", user_name)
return session.token
else:
raise codechecker_api_shared.ttypes.RequestFailed(
codechecker_api_shared.ttypes.ErrorCode.AUTH_DENIED,
"Invalid credentials supplied. Refusing authentication!")
f"Invalid credentials supplied for user '{user_name}'."
" Refusing authentication!")

raise codechecker_api_shared.ttypes.RequestFailed(
codechecker_api_shared.ttypes.ErrorCode.AUTH_DENIED,
"Could not negotiate via common authentication method.")

@timeit
def destroySession(self):
LOG.info("'%s' logged out.", self.getLoggedInUser())
user_name = self.getLoggedInUser()
LOG.debug("'%s' logging out...", user_name)

token = None
if self.__auth_session:
token = self.__auth_session.token
return self.__manager.invalidate(token)

is_logged_out = self.__manager.invalidate(token)
if is_logged_out:
LOG.info("'%s' logged out.", user_name)
return is_logged_out

# ============= Authorization, permission management =============

Expand Down
8 changes: 5 additions & 3 deletions web/server/codechecker_server/auth/cc_ldap.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -409,9 +409,11 @@ def get_groups(ldap_config, username, credentials):
account_scope,
user_dn_postfix_preference)

group_pattern = ldap_config.get('groupPattern', '')
if user_dn and group_pattern == '':
# User found and there is no group membership pattern to check.
group_pattern = ldap_config.get('groupPattern')
if user_dn and not group_pattern:
LOG.debug("User '%s' found but there is no group_pattern"
" to check LDAP for group membership.",
user_dn)
return []
jimis marked this conversation as resolved.
Show resolved Hide resolved
group_pattern = group_pattern.replace('$USERDN$', user_dn)

Expand Down