From e11b96b03f16a115006109a340f9dee580bcfcfb Mon Sep 17 00:00:00 2001 From: rbsolis Date: Fri, 15 Feb 2019 16:22:28 +0100 Subject: [PATCH] Updated ldap to not use password urbo check if ldap forced user. I have put the log info temporally to check better ldap result. Will be remove after testing. --- auth_graph/check.js | 53 ++++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 22 deletions(-) diff --git a/auth_graph/check.js b/auth_graph/check.js index 21a5a05..a5f7b01 100644 --- a/auth_graph/check.js +++ b/auth_graph/check.js @@ -145,33 +145,42 @@ module.exports.password = function (req, res, next) { if (err) { return next(invalidLdapUser()); } - var um = new usersmodel(); - um.editHashedPassword(user.users_id, password, function(err, done) { - user.id = user.users_id; - delete user.password; - delete user.users_id; - res.user = user; - return next(); - }); + log.info('ldapuser -- ', ldapuser); + if (ldapuser != null ) { + var um = new usersmodel(); + um.editHashedPassword(user.users_id, password, function(err, done) { + user.id = user.users_id; + delete user.password; + delete user.users_id; + res.user = user; + return next(); + }); + } + else { + return next(invalidLdapUser()); + } }); - } + } else { - if (!user.ldap && ldapopts && ldapopts.forceLdapAuthentication === true) { - return next(invalidUserPassword()); - } + if (!user.ldap && ldapopts && ldapopts.forceLdapAuthentication === true) { + return next(invalidUserPassword()); + } - // Check PASSWORD - else if (user.password === password) { - user.id = user.users_id; - delete user.password; - delete user.users_id; - res.user = user; - return next(); - } + // Check PASSWORD + else if (user.password === password && !user.ldap) { + user.id = user.users_id; + delete user.password; + delete user.users_id; + res.user = user; + return next(); + } + + else { + return next(invalidUserPassword()); + } - else { - return next(invalidUserPassword()); } + } });