Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username

*: don't error out if a username doesn't exist in the backing connector
This commit is contained in:
Eric Chiang 2016-11-01 16:06:40 -07:00 committed by GitHub
commit 799b3f3ef5
3 changed files with 13 additions and 7 deletions

View file

@ -310,7 +310,9 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
switch n := len(resp.Entries); n { switch n := len(resp.Entries); n {
case 0: case 0:
return fmt.Errorf("ldap: no results returned for filter: %q", filter) log.Printf("ldap: no results returned for filter: %q", filter)
incorrectPass = true
return nil
case 1: case 1:
default: default:
return fmt.Errorf("ldap: filter returned multiple (%d) results: %q", n, filter) return fmt.Errorf("ldap: filter returned multiple (%d) results: %q", n, filter)
@ -335,6 +337,9 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
if err != nil { if err != nil {
return connector.Identity{}, false, err return connector.Identity{}, false, err
} }
if incorrectPass {
return connector.Identity{}, false, nil
}
// Encode entry for follow up requests such as the groups query and // Encode entry for follow up requests such as the groups query and
// refresh attempts. // refresh attempts.
@ -364,7 +369,7 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
return connector.Identity{}, false, err return connector.Identity{}, false, err
} }
return ident, !incorrectPass, nil return ident, true, nil
} }
func (c *ldapConnector) Groups(ident connector.Identity) ([]string, error) { func (c *ldapConnector) Groups(ident connector.Identity) ([]string, error) {

View file

@ -218,8 +218,9 @@ func (db passwordDB) Login(email, password string) (connector.Identity, bool, er
if err != nil { if err != nil {
if err != storage.ErrNotFound { if err != storage.ErrNotFound {
log.Printf("get password: %v", err) log.Printf("get password: %v", err)
return connector.Identity{}, false, err
} }
return connector.Identity{}, false, err return connector.Identity{}, false, nil
} }
if err := bcrypt.CompareHashAndPassword(p.Hash, []byte(password)); err != nil { if err := bcrypt.CompareHashAndPassword(p.Hash, []byte(password)); err != nil {
return connector.Identity{}, false, nil return connector.Identity{}, false, nil

View file

@ -657,10 +657,10 @@ func TestPasswordDB(t *testing.T) {
}, },
}, },
{ {
name: "unknown user", name: "unknown user",
username: "john@example.com", username: "john@example.com",
password: pw, password: pw,
wantErr: true, wantInvalid: true,
}, },
{ {
name: "invalid password", name: "invalid password",