address comments

2020-10-07 23:39:38 +02:00 · 2020-10-07 23:39:38 +02:00 · f40634aa97
commit f40634aa97
parent ccba8163c9
2 changed files with 49 additions and 44 deletions
--- a/plume-models/src/config.rs
+++ b/plume-models/src/config.rs
@ -268,7 +268,7 @@ fn get_ldap_config() -> Option<LdapConfig> {
            user_name_attr,
            mail_attr,
        })
-    } else if addr.is_some() && base_dn.is_some() {
+    } else if addr.is_some() || base_dn.is_some() {
        panic!("Invalid LDAP configuration : both LDAP_ADDR and LDAP_BASE_DN must be set")
    } else {
        None
--- a/plume-models/src/users.rs
+++ b/plume-models/src/users.rs
@ -294,13 +294,21 @@ impl User {
    }

    fn ldap_register(conn: &Connection, name: &str, password: &str) -> Result<User> {
-        if let Some(ldap) = CONFIG.ldap.as_ref() {
+        if CONFIG.ldap.is_none() {
+            return Err(Error::NotFound);
+        }
+        let ldap = CONFIG.ldap.as_ref().unwrap();
+
        let mut ldap_conn = LdapConn::new(&ldap.addr).map_err(|_| Error::NotFound)?;
        let ldap_name = format!("{}={},{}", ldap.user_name_attr, name, ldap.base_dn);
        let bind = ldap_conn
            .simple_bind(&ldap_name, password)
            .map_err(|_| Error::NotFound)?;
-            if bind.success().is_ok() {
+
+        if bind.success().is_err() {
+            return Err(Error::NotFound);
+        }
+
        let search = ldap_conn
            .search(
                &ldap_name,
@ -329,12 +337,6 @@ impl User {
        }
        let _ = ldap_conn.unbind();
        Err(Error::NotFound)
-            } else {
-                Err(Error::NotFound)
-            }
-        } else {
-            Err(Error::NotFound)
-        }
    }

    fn ldap_login(&self, password: &str) -> bool {
@ -360,9 +362,10 @@ impl User {

    pub fn login(conn: &Connection, ident: &str, password: &str) -> Result<User> {
        let local_id = Instance::get_local()?.id;
-        let user = User::find_by_email(conn, ident)
-            .or_else(|_| User::find_by_name(conn, ident, local_id))
-            .and_then(|u| {
+        let user = match User::find_by_email(conn, ident) {
+            Ok(user) => Ok(user),
+            _  => User::find_by_name(conn, ident, local_id),
+        }.and_then(|u| {
                if u.instance_id == local_id {
                    Ok(u)
                } else {
@ -390,6 +393,8 @@ impl User {
                if let Ok(user) = User::ldap_register(conn, ident, password) {
                    return Ok(user);
                }
+                // if no user was found, and we were unable to auto-register from ldap
+                // fake-verify a password, and return an error.
                let other = User::get(&*conn, 1)
                    .expect("No user is registered")
                    .hashed_password;