Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP Authentication #346

Open
wants to merge 79 commits into
base: master
Choose a base branch
from
Open

LDAP Authentication #346

Show file tree
Hide file tree
Changes from 28 commits
Commits
Show all changes
79 commits
Select commit Hold shift + click to select a range
cf3f666
Added LDAP link
Aug 5, 2023
c5b35a6
Added LDAP config template
Aug 5, 2023
ae9f95a
Added LDAP route
Aug 5, 2023
13bb999
Made TLS checkbox work.
Aug 6, 2023
830ab09
Fixed typo
Aug 6, 2023
98be763
Added saving of LDAP settings
Aug 6, 2023
1fab192
Added TODO
Aug 6, 2023
23e797e
Addd default value for LDAP config page
Aug 6, 2023
6b2f853
Removed eURL file
Aug 6, 2023
6602495
Added a way of disabling LDAP auth
Aug 6, 2023
6c8f5fa
Added go-ldap dep
Aug 6, 2023
fdb2ec6
Added LDAP auth if there is a user
Aug 6, 2023
d833859
Added LDAP user creation
Aug 6, 2023
79b28ef
Fixed ineffassign to
Aug 6, 2023
9c56bf6
Fixed for LDAP connection
Aug 6, 2023
1fd8c9b
Fix else if (`gocritic`)
Aug 6, 2023
23d23c7
Fixed r param `revive`
Aug 6, 2023
80f5fac
Added `c.DB.SetSetting` (`errcheck`)
Aug 6, 2023
e5f815c
Fixed filter labels
Aug 6, 2023
a558947
Fixed `SetSetting` err checking
Aug 6, 2023
c317046
Merge branch 'sentriz:master' into ldap_auth
betapictoris Aug 15, 2023
fc08e0a
Merge branch 'sentriz:master' into ldap_auth
betapictoris Sep 5, 2023
46dac6d
Check errors in ldap do handler
betapictoris Sep 9, 2023
94027dc
Fixed variable defs
betapictoris Sep 9, 2023
e7d6fda
Fixed bug where two requests got merged
betapictoris Sep 9, 2023
7de6cf1
Fixed use of `newLDAPUser`
betapictoris Sep 9, 2023
238856a
Fixed `newLDAPUser` def
betapictoris Sep 9, 2023
9e5b8d4
Fixed `newLDAPUser` being reset
betapictoris Sep 9, 2023
d6d51ed
Update username error message to match Subsonic API
betapictoris Oct 27, 2023
38ea72b
Only try to login if there is exactly 1 user, otherwise return an error.
betapictoris Oct 27, 2023
667cf73
Extract out LDAP connection creation
betapictoris Oct 27, 2023
a99d63a
Fixed nil password causing invalid dereferences
betapictoris Oct 27, 2023
c03e104
Fixed merge conflicts
betapictoris Oct 29, 2023
a24b7c0
Merge branch `master` into `ldap_auth`
betapictoris Nov 10, 2023
e770eaa
Fixed old references to use the new style
betapictoris Nov 10, 2023
7558bb3
Merge branch 'master' into ldap_auth
betapictoris Nov 12, 2023
322aa07
Made `WithUser` middleware private
betapictoris Nov 30, 2023
4799fb2
Update `go-ldap/ldap` to v3
betapictoris Dec 1, 2023
df42923
Made LDAP query log message match others
betapictoris Dec 9, 2023
7c6e195
Simplified code using gofmt
betapictoris Dec 9, 2023
84e29da
Merge branch 'master' into ldap_auth
betapictoris Dec 9, 2023
0514996
Used `log` to log instead of `fmt`
betapictoris Dec 9, 2023
90b5324
`gofmt` handlers
betapictoris Dec 9, 2023
f8b0fbb
Merge branch 'ldap_auth' into master
betapictoris Feb 15, 2024
e944817
Merge with upstream
betapictoris Feb 15, 2024
408d325
Move LDAP into a seperate file
betapictoris Feb 18, 2024
6301cb2
Fix `User` struct from having `not null` passwords
betapictoris Feb 18, 2024
fdceb55
Removed unused logs
betapictoris Feb 18, 2024
f6ecd6d
Added dashboard login for LDAP users
betapictoris Feb 18, 2024
bc62b21
Lower-cased and removed punctuation for errors
betapictoris Feb 18, 2024
683525a
Removed unused password parameter from `createUserFromLDAP`
betapictoris Feb 18, 2024
ac31258
Removed unnecessary trailing newline
betapictoris Feb 18, 2024
8793a36
Rewrote if-else to switch for LDAP results
betapictoris Feb 18, 2024
0d85e0c
Stopped opening up a second connection when creating a user from LDAP
betapictoris Feb 18, 2024
8d4c22a
Merge branch 'master' into ldap_auth
betapictoris Feb 22, 2024
9a97fa4
Merge branch 'master' into ldap_auth
betapictoris Feb 23, 2024
02fd314
Merge branch 'sentriz:master' into ldap_auth
betapictoris Feb 28, 2024
c531666
Bump LDAP deps
betapictoris Apr 1, 2024
3cf6d0a
Added LDAP config
betapictoris Apr 1, 2024
dc3682d
Removed LDAP web UI
betapictoris Apr 1, 2024
8ba05ef
Reverted home template
betapictoris Apr 1, 2024
6bf39cc
Removed LDAP config from admin templates
betapictoris Apr 1, 2024
6d7c605
Merge branch 'master' into ldap_auth
betapictoris Apr 1, 2024
6eddc2a
Made withUser return a middleware and take dbc
betapictoris Apr 7, 2024
995c566
Readded gofeed dep
betapictoris Apr 7, 2024
b36f26e
Have LDAP read from config
betapictoris Apr 7, 2024
6ca68b2
Only allow use of subsonic API with one auth method
betapictoris Apr 7, 2024
5638ef5
Added LDAP admin filter
betapictoris Apr 7, 2024
fccf016
Added LDAP password cache
betapictoris Apr 7, 2024
f5195f1
Fix password check for local users
betapictoris Apr 7, 2024
0f7e24b
Fixed filter params
betapictoris Apr 8, 2024
e2415e9
Do session change on failed LDAP check
betapictoris Apr 9, 2024
dc98b6a
Merge branch 'sentriz:master' into ldap_auth
betapictoris Apr 9, 2024
f812c15
Merge branch 'master' into ldap_auth
betapictoris Jun 11, 2024
7159e1c
fix: Fixed conf music path check
betapictoris Jun 26, 2024
4c5c015
go mod tidy
betapictoris Jun 26, 2024
758c4c7
lint: Fixed ineffassign on Add
betapictoris Jun 26, 2024
21b562b
style: Made invalid auth chain less chain-y
betapictoris Jun 26, 2024
d9facdc
Merge branch 'master' into ldap_auth
betapictoris Sep 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ require (
github.com/PuerkitoBio/goquery v1.8.1 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/go-ldap/ldap v3.0.3+incompatible // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/swag v0.21.1 // indirect
github.com/gorilla/context v1.1.1 // indirect
Expand All @@ -66,6 +67,7 @@ require (
golang.org/x/image v0.5.0 // indirect
golang.org/x/sys v0.5.0 // indirect
golang.org/x/text v0.7.0 // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
Expand Down
4 changes: 4 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBd
github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
github.com/go-ldap/ldap v3.0.3+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
Expand Down Expand Up @@ -207,6 +209,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
Expand Down
4 changes: 3 additions & 1 deletion server/ctrladmin/adminui/pages/home.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,9 @@
{{ end }}
{{ end }}
{{ if .User.IsAdmin }}
<div class="col-span-full">{{ component "link" (props . "To" (path "/admin/create_user")) }}create new{{ end }}</div>
<div class="col-span-full">{{ component "link" (props . "To" (path
"/admin/create_user")) }}create new{{ end }} {{component "link"
(props . "To" (path "/admin/ldap")) }}LDAP{{ end }}</div>
{{ end }}
</div>
{{ end }}
Expand Down
68 changes: 68 additions & 0 deletions server/ctrladmin/adminui/pages/ldap.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{{ component "layout" . }}
{{ component "layout_user" . }}

{{ component "block" (props .
"Icon" "user"
"Name" "configuring LDAP"
) }}
<form class="flex flex-col gap-2 items-end" action="{{ path
"/admin/ldap_do" }}" method="post">
<p>Leave the server empty to disable LDAP.</p>
<input
type="username"
id="bind_user"
name="bind_user"
placeholder="bind username"
value={{ default "" .CurrentBindUID }}
>
<input
type="password"
id="bind_user_password"
name="bind_user_password"
placeholder="bind password"
>

<input
type="text"
id="fqdn"
name="fqdn"
placeholder="LDAP server"
value={{ default "" .CurrentFQDN }}
>

<input
type="number"
id="port"
name="port"
placeholder="port"
value={{ default "389" .CurrentPort }}
>

<select name="tls" id="tls">
<option value="true">TLS</option>
<option value="false" {{ .CurrentNoTLS }}>None</option>
</select>

<input
type="text"
id="base_dn"
name="base_dn"
placeholder="Base DN"
value={{ default "" .CurrentBaseDN }}
>

<input
type="text"
id="filter"
name="filter"
placeholder="filter"
value={{ default "" .CurrentFilter }}
>


<input type="submit" value="update">
</form>
{{ end }}

{{ end }}
{{ end }}
7 changes: 7 additions & 0 deletions server/ctrladmin/ctrl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,13 @@ type templateData struct {
Podcasts []*db.Podcast
InternetRadioStations []*db.InternetRadioStation

CurrentBindUID string
CurrentFQDN string
CurrentPort string
CurrentNoTLS string
CurrentBaseDN string
CurrentFilter string

// avatar
Avatar []byte
}
Expand Down
119 changes: 119 additions & 0 deletions server/ctrladmin/handlers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,125 @@ func (c *Controller) ServeUnlinkListenBrainzDo(r *http.Request) *Response {
return &Response{redirect: "/admin/home"}
}

func (c *Controller) ServeLDAPConfig(_ *http.Request) *Response {
betapictoris marked this conversation as resolved.
Show resolved Hide resolved
data := &templateData{}

data.CurrentBindUID, _ = c.DB.GetSetting("ldap_bind_user")
data.CurrentFQDN, _ = c.DB.GetSetting("ldap_fqdn")
data.CurrentPort, _ = c.DB.GetSetting("ldap_port")
data.CurrentBaseDN, _ = c.DB.GetSetting("ldap_base_dn")
data.CurrentFilter, _ = c.DB.GetSetting("ldap_filter")

// This is to fix the fact that select boxes are strange.
currentTLS, _ := c.DB.GetSetting("ldap_tls")
data.CurrentNoTLS = "selected"

if currentTLS == "true" {
data.CurrentNoTLS = ""
}

return &Response{
template: "ldap.tmpl",
data: data,
}
}

func (c *Controller) ServeLDAPConfigDo(r *http.Request) *Response {
bindUID := r.FormValue("bind_user")
bindPSWD := r.FormValue("bind_user_password") // TODO: Secure this better.
fqdn := r.FormValue("fqdn")
port := r.FormValue("port")
tls := r.FormValue("tls")
baseDN := r.FormValue("base_dn")
filter := r.FormValue("filter")

if bindUID == "" || bindPSWD == ""|| port == "" || baseDN == "" || filter == "" {
return &Response{
redirect: r.Referer(),
flashW: []string{"please provide a bind username and password, port, base CN, and filter"},
}
}

err := c.DB.SetSetting("ldap_bind_user", bindUID)
if err != nil {
log.Println("Failed to set bind user:", err)

return &Response{
redirect: r.Referer(),
flashW: []string{"Failed to set bind user."},
}
}

err = c.DB.SetSetting("ldap_bind_user_password", bindPSWD)
if err != nil {
log.Println("Failed to set bind user password:", err)

return &Response{
redirect: r.Referer(),
flashW: []string{"Failed to set bind user password."},
}
}

err = c.DB.SetSetting("ldap_fqdn", fqdn)
if err != nil {
log.Println("Failed to set server:", err)

return &Response{
redirect: r.Referer(),
flashW: []string{"Failed to set server."},
}
}

err = c.DB.SetSetting("ldap_port", port)
if err != nil {
log.Println("Failed to set port:", err)

return &Response{
redirect: r.Referer(),
flashW: []string{"Failed to set port."},
}
}

err = c.DB.SetSetting("ldap_tls", tls)
if err != nil {
log.Println("Failed to set TLS:", err)

return &Response{
redirect: r.Referer(),
flashW: []string{"Failed to set TLS."},
}
}

err = c.DB.SetSetting("ldap_base_dn", baseDN)
if err != nil {
log.Println("Failed to set base DN:", err)

return &Response{
redirect: r.Referer(),
flashW: []string{"Failed to set base DN."},
}
}

err = c.DB.SetSetting("ldap_filter", filter)
if err != nil {
log.Println("Failed to set filter:", err)

return &Response{
redirect: r.Referer(),
flashW: []string{"Failed to set filter."},
}
}

if fqdn == "" {
return &Response{
redirect: "/admin/home",
flashW: []string{"LDAP server was left empty, LDAP authentication will be disabled."},
}
}

return &Response{redirect: "/admin/home"}
}

func (c *Controller) ServeChangeUsername(r *http.Request) *Response {
user, err := selectedUserIfAdmin(c, r)
if err != nil {
Expand Down
Loading