MirrorMirror
/
lufi
mirror of https://framagit.org/fiat-tux/hat-softwares/lufi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix ldap filtering

This commit is contained in:
popi 2017-06-22 23:05:17 +02:00
parent 6f88225661
commit 14cc832552
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/Lufi.pm
View File

@ -11,6 +11,7 @@ $ENV{MOJO_MAX_WEBSOCKET_SIZE} = 100485760; # 10 * 1024 * 1024 = 10MiB
# This method will run once at server start # This method will run once at server start
sub startup { sub startup {
my $self = shift; my $self = shift;
my $entry = undef;
my $config = $self->plugin('Config' => { my $config = $self->plugin('Config' => {
default => { default => {
@ -96,7 +97,14 @@ sub startup {
return undef; return undef;
} }
# Now we know that the user exists # we filtered out, but did we actually get a non-empty result?
$entry = $mesg->shift_entry;
if (!defined $entry) {
$c->app->log->info("[LDAP authentication failed] - User $username filtered out, IP: ".$c->ip);
return undef;
}
# Now we know that the user exists, and that he is authorized by the filter
$mesg = $ldap->bind('uid='.$username.$c->config->{ldap}->{bind_dn}, $mesg = $ldap->bind('uid='.$username.$c->config->{ldap}->{bind_dn},
password => $password password => $password
); );
@ -277,9 +285,12 @@ sub startup {
if($c->authenticate($login, $pwd)) { if($c->authenticate($login, $pwd)) {
$c->redirect_to('index'); $c->redirect_to('index');
} else { } elsif (defined $entry) {
$c->stash(msg => $c->l('Please, check your credentials: unable to authenticate.')); $c->stash(msg => $c->l('Please, check your credentials: unable to authenticate.'));
$c->render(template => 'login'); $c->render(template => 'login');
} else {
$c->stash(msg => $c->l('Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there\'s a glitch in the matrix.'));
$c->render(template => 'login');
} }
}); });
# Logout page # Logout page