mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username 

*: don't error out if a username doesn't exist in the backing connector
pull/661/head
Eric Chiang 10 years ago committed by GitHub
parent
90e613b328 57a59d4631
commit
799b3f3ef5
3 changed files with 13 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      connector/ldap/ldap.go
  2. 3
      server/server.go
  3. 8
      server/server_test.go

9
connector/ldap/ldap.go
Unescape View File

@ -310,7 +310,9 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
switch n := len(resp.Entries); n {
case 0:
return fmt.Errorf("ldap: no results returned for filter: %q", filter)
log.Printf("ldap: no results returned for filter: %q", filter)
incorrectPass = true
return nil
case 1:
default:
return fmt.Errorf("ldap: filter returned multiple (%d) results: %q", n, filter)
@ -335,6 +337,9 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
if err != nil {
return connector.Identity{}, false, err
}
if incorrectPass {
return connector.Identity{}, false, nil
}
// Encode entry for follow up requests such as the groups query and
// refresh attempts.
@ -364,7 +369,7 @@ func (c *ldapConnector) Login(username, password string) (ident connector.Identi
return connector.Identity{}, false, err
}
return ident, !incorrectPass, nil
return ident, true, nil
}
func (c *ldapConnector) Groups(ident connector.Identity) ([]string, error) {

3
server/server.go
Unescape View File

@ -218,8 +218,9 @@ func (db passwordDB) Login(email, password string) (connector.Identity, bool, er
if err != nil {
if err != storage.ErrNotFound {
log.Printf("get password: %v", err)
return connector.Identity{}, false, err
}
return connector.Identity{}, false, err
return connector.Identity{}, false, nil
}
if err := bcrypt.CompareHashAndPassword(p.Hash, []byte(password)); err != nil {
return connector.Identity{}, false, nil

8
server/server_test.go
Unescape View File

@ -657,10 +657,10 @@ func TestPasswordDB(t *testing.T) {
},
},
{
name: "unknown user",
username: "john@example.com",
password: pw,
wantErr: true,
name: "unknown user",
username: "john@example.com",
password: pw,
wantInvalid: true,
},
{
name: "invalid password",

Write Preview
Loading…
Cancel
Save