From f2c4ff7518cc72e999d9f94277ef6dd5c7fb1214 Mon Sep 17 00:00:00 2001 From: Vitaly Kornilov Date: Sat, 25 Jul 2020 00:13:04 +0300 Subject: [PATCH] :bug: System start and stop without LDAP connection --- backend/src/uxbox/http/auth/ldap.clj | 84 +++++++++++++++------------- 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/backend/src/uxbox/http/auth/ldap.clj b/backend/src/uxbox/http/auth/ldap.clj index 2263c02a39..351b851e9a 100644 --- a/backend/src/uxbox/http/auth/ldap.clj +++ b/backend/src/uxbox/http/auth/ldap.clj @@ -6,52 +6,58 @@ [uxbox.common.exceptions :as ex] [uxbox.config :as cfg] [uxbox.services.mutations :as sm] - [uxbox.http.session :as session])) + [uxbox.http.session :as session] + [clojure.tools.logging :as log])) (defn replace-several [s & {:as replacements}] (reduce-kv clojure.string/replace s replacements)) -(defstate ldap-pool - :start (client/connect (merge - {:host {:address (:ldap-auth-host cfg/config) - :port (:ldap-auth-port cfg/config)}} - (-> cfg/config - (select-keys [:ldap-auth-ssl - :ldap-auth-starttls - :ldap-bind-dn - :ldap-bind-password]) - (set/rename-keys {:ldap-auth-ssl :ssl? - :ldap-auth-starttls :startTLS? - :ldap-bind-dn :bind-dn - :ldap-bind-password :password})))) - :stop (client/close ldap-pool)) +(defstate *ldap-pool + :start (delay + (try + (client/connect (merge {:host {:address (:ldap-auth-host cfg/config) + :port (:ldap-auth-port cfg/config)}} + (-> cfg/config + (select-keys [:ldap-auth-ssl + :ldap-auth-starttls + :ldap-bind-dn + :ldap-bind-password]) + (set/rename-keys {:ldap-auth-ssl :ssl? + :ldap-auth-starttls :startTLS? + :ldap-bind-dn :bind-dn + :ldap-bind-password :password})))) + (catch Exception e + (log/errorf e "Cannot connect to LDAP %s:%s" + (:ldap-auth-host cfg/config) (:ldap-auth-port cfg/config))))) + :stop (when (realized? *ldap-pool) + (some-> *ldap-pool deref (client/close)))) (defn- auth-with-ldap [username password] - (let [conn (client/get-connection ldap-pool) - user-search-query (replace-several (:ldap-auth-user-query cfg/config) - "$username" username) - user-attributes (-> cfg/config - (select-keys [:ldap-auth-username-attribute - :ldap-auth-email-attribute - :ldap-auth-fullname-attribute - :ldap-auth-avatar-attribute]) - vals)] - (try - (when-some [user-entry (-> conn - (client/search - (:ldap-auth-base-dn cfg/config) - {:filter user-search-query - :sizelimit 1 - :attributes user-attributes}) - first)] - (when-not (client/bind? conn (:dn user-entry) password) - (ex/raise :type :authentication - :code ::wrong-credentials)) - (set/rename-keys user-entry {(keyword (:ldap-auth-avatar-attribute cfg/config)) :photo - (keyword (:ldap-auth-fullname-attribute cfg/config)) :fullname - (keyword (:ldap-auth-email-attribute cfg/config)) :email})) - (finally (client/release-connection ldap-pool conn))))) + (when-let [conn (some-> *ldap-pool deref (client/get-connection))] + (let [user-search-query (replace-several (:ldap-auth-user-query cfg/config) + "$username" username) + user-attributes (-> cfg/config + (select-keys [:ldap-auth-username-attribute + :ldap-auth-email-attribute + :ldap-auth-fullname-attribute + :ldap-auth-avatar-attribute]) + vals)] + (try + (when-some [user-entry (-> conn + (client/search + (:ldap-auth-base-dn cfg/config) + {:filter user-search-query + :sizelimit 1 + :attributes user-attributes}) + first)] + (when-not (client/bind? conn (:dn user-entry) password) + (ex/raise :type :authentication + :code ::wrong-credentials)) + (set/rename-keys user-entry {(keyword (:ldap-auth-avatar-attribute cfg/config)) :photo + (keyword (:ldap-auth-fullname-attribute cfg/config)) :fullname + (keyword (:ldap-auth-email-attribute cfg/config)) :email})) + (finally (client/release-connection @*ldap-pool conn)))))) (defn auth [req] (let [data (:body-params req)