From 93043d278e27f0f6acd8a4ce69b45025470f78ab Mon Sep 17 00:00:00 2001
From: rbsolis <bob.solis@gmail.com>
Date: Mon, 4 Mar 2019 11:44:38 +0100
Subject: [PATCH] erase check ldap user when forceLdapAuthentication is true

---
 auth_graph/check.js | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/auth_graph/check.js b/auth_graph/check.js
index a5f7b01..c508c6d 100644
--- a/auth_graph/check.js
+++ b/auth_graph/check.js
@@ -140,7 +140,7 @@ module.exports.password = function (req, res, next) {
       var user = data.rows[0];
 
       // Check LDAP USER if necessary
-      if (user.ldap && ldapopts && ldapopts.forceLdapAuthentication === true) {
+      if (ldapopts && ldapopts.forceLdapAuthentication === true) {
         authLdapUser(password, email, function(err, ldapuser) {
           if (err) {
             return next(invalidLdapUser());
@@ -162,8 +162,22 @@ module.exports.password = function (req, res, next) {
         });
       } else {
 
-        if (!user.ldap && ldapopts && ldapopts.forceLdapAuthentication === true) {
-          return next(invalidUserPassword());
+        if (user.ldap && ldapopts) {
+
+          authLdapUser(password, email, function(err, ldapuser) {
+            if (err) {
+              return next(invalidLdapUser());
+            }
+            return createdbUserFromLdapUser(ldapuser, password, email, function(err, resUser) {
+              if (err) {
+                return next(err);
+              }
+              res.user = resUser;
+              return next();
+            });
+
+          });
+
         }
 
         // Check PASSWORD