| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 |
- package login
- import (
- "github.com/grafana/grafana/pkg/bus"
- "github.com/grafana/grafana/pkg/infra/log"
- "github.com/grafana/grafana/pkg/models"
- "github.com/grafana/grafana/pkg/services/ldap"
- "github.com/grafana/grafana/pkg/services/multildap"
- "github.com/grafana/grafana/pkg/setting"
- "github.com/grafana/grafana/pkg/util/errutil"
- )
- // getLDAPConfig gets LDAP config
- var getLDAPConfig = multildap.GetConfig
- // isLDAPEnabled checks if LDAP is enabled
- var isLDAPEnabled = multildap.IsEnabled
- // newLDAP creates multiple LDAP instance
- var newLDAP = multildap.New
- // logger for the LDAP auth
- var logger = log.New("login.ldap")
- // loginUsingLDAP logs in user using LDAP. It returns whether LDAP is enabled and optional error and query arg will be
- // populated with the logged in user if successful.
- var loginUsingLDAP = func(query *models.LoginUserQuery) (bool, error) {
- enabled := isLDAPEnabled()
- if !enabled {
- return false, nil
- }
- config, err := getLDAPConfig()
- if err != nil {
- return true, errutil.Wrap("Failed to get LDAP config", err)
- }
- externalUser, err := newLDAP(config.Servers).Login(query)
- if err != nil {
- if err == ldap.ErrCouldNotFindUser {
- // Ignore the error since user might not be present anyway
- DisableExternalUser(query.Username)
- return true, ldap.ErrInvalidCredentials
- }
- return true, err
- }
- upsert := &models.UpsertUserCommand{
- ExternalUser: externalUser,
- SignupAllowed: setting.LDAPAllowSignup,
- }
- err = bus.Dispatch(upsert)
- if err != nil {
- return true, err
- }
- query.User = upsert.Result
- return true, nil
- }
- // DisableExternalUser marks external user as disabled in Grafana db
- func DisableExternalUser(username string) error {
- // Check if external user exist in Grafana
- userQuery := &models.GetExternalUserInfoByLoginQuery{
- LoginOrEmail: username,
- }
- if err := bus.Dispatch(userQuery); err != nil {
- return err
- }
- userInfo := userQuery.Result
- if !userInfo.IsDisabled {
- logger.Debug(
- "Disabling external user",
- "user",
- userQuery.Result.Login,
- )
- // Mark user as disabled in grafana db
- disableUserCmd := &models.DisableUserCommand{
- UserId: userQuery.Result.UserId,
- IsDisabled: true,
- }
- if err := bus.Dispatch(disableUserCmd); err != nil {
- logger.Debug(
- "Error disabling external user",
- "user",
- userQuery.Result.Login,
- "message",
- err.Error(),
- )
- return err
- }
- }
- return nil
- }
|
