(search config.UserSearch, password string)
| 145 | } |
| 146 | |
| 147 | func (auth *AuthService) VerifyUser(search config.UserSearch, password string) bool { |
| 148 | switch search.Type { |
| 149 | case "local": |
| 150 | user := auth.GetLocalUser(search.Username) |
| 151 | return auth.CheckPassword(user, password) |
| 152 | case "ldap": |
| 153 | if auth.ldap.IsConfigured() { |
| 154 | err := auth.ldap.Bind(search.Username, password) |
| 155 | if err != nil { |
| 156 | tlog.App.Warn().Err(err).Str("username", search.Username).Msg("Failed to bind to LDAP") |
| 157 | return false |
| 158 | } |
| 159 | |
| 160 | err = auth.ldap.BindService(true) |
| 161 | if err != nil { |
| 162 | tlog.App.Error().Err(err).Msg("Failed to rebind with service account after user authentication") |
| 163 | return false |
| 164 | } |
| 165 | |
| 166 | return true |
| 167 | } |
| 168 | default: |
| 169 | tlog.App.Debug().Str("type", search.Type).Msg("Unknown user type for authentication") |
| 170 | return false |
| 171 | } |
| 172 | |
| 173 | tlog.App.Warn().Str("username", search.Username).Msg("User authentication failed") |
| 174 | return false |
| 175 | } |
| 176 | |
| 177 | func (auth *AuthService) GetLocalUser(username string) config.User { |
| 178 | for _, user := range auth.config.Users { |
no test coverage detected