Refactor LDAP SearchEntry return type

Author: lafriks

models/login_source.go

@@ -405,8 +405,8 @@ func composeFullName(firstname, surname, username string) string {
 // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
 func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
-	username, fn, sn, mail, isAdmin, succeed := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)
-	if !succeed {
+	sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)
+	if sr == nil {
 		// User not in LDAP, do nothing
 		return nil, ErrUserNotExist{0, login, 0}
 	}
@@ -416,28 +416,28 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR
 	}
 
 	// Fallback.
-	if len(username) == 0 {
-		username = login
+	if len(sr.Username) == 0 {
+		sr.Username = login
 	}
 	// Validate username make sure it satisfies requirement.
-	if binding.AlphaDashDotPattern.MatchString(username) {
-		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", username)
+	if binding.AlphaDashDotPattern.MatchString(sr.Username) {
+		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", sr.Username)
 	}
 
-	if len(mail) == 0 {
-		mail = fmt.Sprintf("%s@localhost", username)
+	if len(sr.Mail) == 0 {
+		sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)
 	}
 
 	user = &User{
-		LowerName:   strings.ToLower(username),
-		Name:        username,
-		FullName:    composeFullName(fn, sn, username),
-		Email:       mail,
+		LowerName:   strings.ToLower(sr.Username),
+		Name:        sr.Username,
+		FullName:    composeFullName(sr.Name, sr.Surname, sr.Username),
+		Email:       sr.Mail,
 		LoginType:   source.Type,
 		LoginSource: source.ID,
 		LoginName:   login,
 		IsActive:    true,
-		IsAdmin:     isAdmin,
+		IsAdmin:     sr.IsAdmin,
 	}
 	return user, CreateUser(user)
 }

modules/auth/ldap/ldap.go

@@ -47,6 +47,15 @@ type Source struct {
 	Enabled           bool   // if this source is disabled
 }
 
+// SearchResult : user data
+type SearchResult struct {
+	Username string // Username
+	Name     string // Name
+	Surname  string // Surname
+	Mail     string // E-mail address
+	IsAdmin  bool   // if user is administrator
+}
+
 func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
 	// See http://tools.ietf.org/search/rfc4515
 	badCharacters := "\x00()*\\"
@@ -150,17 +159,17 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error {
 }
 
 // SearchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
+func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResult {
 	// See https://tools.ietf.org/search/rfc4513#section-5.1.2
 	if len(passwd) == 0 {
 		log.Debug("Auth. failed for %s, password cannot be empty")
-		return "", "", "", "", false, false
+		return nil
 	}
 	l, err := dial(ls)
 	if err != nil {
 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
 		ls.Enabled = false
-		return "", "", "", "", false, false
+		return nil
 	}
 	defer l.Close()
 
@@ -171,29 +180,29 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		var ok bool
 		userDN, ok = ls.sanitizedUserDN(name)
 		if !ok {
-			return "", "", "", "", false, false
+			return nil
 		}
 	} else {
 		log.Trace("LDAP will use BindDN.")
 
 		var found bool
 		userDN, found = ls.findUserDN(l, name)
 		if !found {
-			return "", "", "", "", false, false
+			return nil
 		}
 	}
 
 	if directBind || !ls.AttributesInBind {
 		// binds user (checking password) before looking-up attributes in user context
 		err = bindUser(l, userDN, passwd)
 		if err != nil {
-			return "", "", "", "", false, false
+			return nil
 		}
 	}
 
 	userFilter, ok := ls.sanitizedUserQuery(name)
 	if !ok {
-		return "", "", "", "", false, false
+		return nil
 	}
 
 	log.Trace("Fetching attributes '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, userFilter, userDN)
@@ -205,15 +214,15 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 	sr, err := l.Search(search)
 	if err != nil {
 		log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
-		return "", "", "", "", false, false
+		return nil
 	} else if len(sr.Entries) < 1 {
 		if directBind {
 			log.Error(4, "User filter inhibited user login.")
 		} else {
 			log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
 		}
 
-		return "", "", "", "", false, false
+		return nil
 	}
 
 	username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
@@ -243,9 +252,15 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		// binds user (checking password) after looking-up attributes in BindDN context
 		err = bindUser(l, userDN, passwd)
 		if err != nil {
-			return "", "", "", "", false, false
+			return nil
 		}
 	}
 
-	return username, firstname, surname, mail, isAdmin, true
+	return &SearchResult{
+		Username: username,
+		Name:     firstname,
+		Surname:  surname,
+		Mail:     mail,
+		IsAdmin:  isAdmin,
+	}
 }