chore(auth): do not authenticate against external sources on dummy login
This commit is contained in:
parent
f88e527fe4
commit
434eed2217
@ -105,7 +105,6 @@ authenticate creds@Creds{..} = liftHandler . runDB . withReaderT projectBackend
|
||||
excRecovery . ServerError $ mr cExc
|
||||
]
|
||||
|
||||
-- | Authenticate already existing ExternalUser entries only
|
||||
acceptExisting :: SqlPersistT (HandlerFor UniWorX) (AuthenticationResult UniWorX)
|
||||
acceptExisting = do
|
||||
res <- maybe (UserError $ IdentifierNotFound credsIdent) (Authenticated . entityKey) <$> getBy uAuth
|
||||
@ -121,19 +120,21 @@ authenticate creds@Creds{..} = liftHandler . runDB . withReaderT projectBackend
|
||||
|
||||
$logDebugS "Auth" $ tshow Creds{..}
|
||||
|
||||
flip catches excHandlers $ case userAuthConf of
|
||||
UserAuthConfSingleSource (AuthSourceConfAzureAdV2 upsertUserAzureConf)
|
||||
| Just upsertMode' <- upsertMode -> do
|
||||
upsertUserAzureData <- azureUser upsertUserAzureConf Creds{..}
|
||||
$logDebugS "AuthAzure" $ "Successful Azure lookup: " <> tshow upsertUserAzureData
|
||||
Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataAzure{..}
|
||||
UserAuthConfSingleSource (AuthSourceConfLdap upsertUserLdapConf)
|
||||
| Just upsertMode' <- upsertMode -> do
|
||||
ldapPool <- fmap (fromMaybe $ error "No LDAP Pool") . getsYesod $ view _appLdapPool
|
||||
upsertUserLdapData <- ldapUser ldapPool Creds{..}
|
||||
$logDebugS "AuthLDAP" $ "Successful LDAP lookup: " <> tshow upsertUserLdapData
|
||||
Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataLdap{..}
|
||||
_other
|
||||
flip catches excHandlers $ if
|
||||
| not isDummy, not isOther
|
||||
, UserAuthConfSingleSource (AuthSourceConfAzureAdV2 upsertUserAzureConf) <- userAuthConf
|
||||
, Just upsertMode' <- upsertMode -> do
|
||||
upsertUserAzureData <- azureUser upsertUserAzureConf Creds{..}
|
||||
$logDebugS "AuthAzure" $ "Successful Azure lookup: " <> tshow upsertUserAzureData
|
||||
Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataAzure{..}
|
||||
| not isDummy, not isOther
|
||||
, UserAuthConfSingleSource (AuthSourceConfLdap upsertUserLdapConf) <- userAuthConf
|
||||
, Just upsertMode' <- upsertMode -> do
|
||||
ldapPool <- fmap (fromMaybe $ error "No LDAP Pool") . getsYesod $ view _appLdapPool
|
||||
upsertUserLdapData <- ldapUser ldapPool Creds{..}
|
||||
$logDebugS "AuthLDAP" $ "Successful LDAP lookup: " <> tshow upsertUserLdapData
|
||||
Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataLdap{..}
|
||||
| otherwise
|
||||
-> acceptExisting
|
||||
|
||||
|
||||
@ -150,7 +151,6 @@ data UserConversionException
|
||||
deriving anyclass (Exception)
|
||||
|
||||
|
||||
-- TODO: this is probably not a sane traversal anymore...
|
||||
_upsertUserMode :: Traversal' (Creds UniWorX) UpsertUserMode
|
||||
_upsertUserMode mMode cs@Creds{..}
|
||||
| credsPlugin == apDummy = setMode <$> mMode (UpsertUserLoginDummy $ CI.mk credsIdent)
|
||||
@ -159,15 +159,15 @@ _upsertUserMode mMode cs@Creds{..}
|
||||
| otherwise = setMode <$> mMode (UpsertUserLoginOther $ CI.mk credsIdent)
|
||||
where
|
||||
setMode UpsertUserLogin{..} | upsertUserSource `elem` loginAPs
|
||||
= cs{ credsPlugin = upsertUserSource }
|
||||
= cs { credsPlugin = upsertUserSource }
|
||||
setMode UpsertUserLoginDummy{..}
|
||||
= cs{ credsPlugin = apDummy
|
||||
, credsIdent = CI.original upsertUserIdent
|
||||
}
|
||||
= cs { credsPlugin = apDummy
|
||||
, credsIdent = CI.original upsertUserIdent
|
||||
}
|
||||
setMode UpsertUserLoginOther{..}
|
||||
= cs{ credsPlugin = bool defaultOther credsPlugin (credsPlugin `notElem` [apDummy, apLdap, apAzure])
|
||||
, credsIdent = CI.original upsertUserIdent
|
||||
}
|
||||
= cs { credsPlugin = bool defaultOther credsPlugin (credsPlugin `notElem` [apDummy, apLdap, apAzure])
|
||||
, credsIdent = CI.original upsertUserIdent
|
||||
}
|
||||
setMode _ = cs
|
||||
|
||||
loginAPs = [ apAzure, apLdap ]
|
||||
|
||||
Reference in New Issue
Block a user