Separate config for DB and LDAP to enable 3-backend setup. Fix Ldap u…

…ser login filter format
robarchibald · Jan 15, 2017 · 27a190f · 27a190f
1 parent 6f945a7
commit 27a190f
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 15 deletions.
diff --git a/backendLDAPLogin.go b/backendLDAPLogin.go
@@ -1,22 +1,24 @@
 package main
 
 import (
+	"fmt"
 	"github.com/robarchibald/onedb"
 	"gopkg.in/ldap.v2"
 	"strconv"
 )
 
 type backendLDAPLogin struct {
-	db     onedb.DBer
-	baseDn string
+	db              onedb.DBer
+	baseDn          string
+	userLoginFilter string
 }
 
-func NewBackendLDAPLogin(server string, port int, bindDn, password, baseDn string) (LoginBackender, error) {
+func NewBackendLDAPLogin(server string, port int, bindDn, password, baseDn, userLoginFilter string) (LoginBackender, error) {
 	db, err := onedb.NewLdap(server, port, bindDn, password)
 	if err != nil {
 		return nil, err
 	}
-	return &backendLDAPLogin{db, baseDn}, nil
+	return &backendLDAPLogin{db, baseDn, userLoginFilter}, nil
 }
 
 type ldapData struct {
@@ -28,7 +30,7 @@ type ldapData struct {
 }
 
 func (l *backendLDAPLogin) GetLogin(email, loginProvider string) (*UserLogin, error) {
-	req := ldap.NewSearchRequest(l.baseDn, ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false, "uid="+email, []string{"uid", "userPassword", "uidNumber", "gidNumber", "homeDirectory"}, nil)
+	req := ldap.NewSearchRequest(l.baseDn, ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false, fmt.Sprintf(l.userLoginFilter, email), []string{"uid", "userPassword", "uidNumber", "gidNumber", "homeDirectory"}, nil)
 	data := &ldapData{}
 	err := l.db.QueryStructRow(req, data)
 	if err != nil {

diff --git a/backendLDAPLogin_test.go b/backendLDAPLogin_test.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"github.com/robarchibald/configReader"
+	"testing"
+)
+
+func TestNewBackendLDAPLogin(t *testing.T) {
+	config := &authConf{}
+	err := configReader.ReadFile("nginxauth.conf", config)
+	if err != nil {
+		t.Fatal("unable to load config file", err)
+	}
+
+	l, err := NewBackendLDAPLogin(config.LdapServer, config.LdapPort, config.LdapBindDn, config.LdapPassword, config.LdapBaseDn, config.LdapUserFilter)
+	if err != nil {
+		t.Fatal("unable to login", err)
+	}
+
+	_, err = l.GetLogin("[email protected]", "")
+	if err == nil {
+		t.Fatal("Expected no results", err)
+	}
+}
diff --git a/nginxauth.go b/nginxauth.go
@@ -14,12 +14,16 @@ import (
 type authConf struct {
 	AuthServerListenPort                     int
 	StoragePrefix                            string
-	BackendType                              string
-	BackendServer                            string
-	BackendPort                              int
-	BackendUser                              string
-	BackendDatabase                          string
-	BackendPassword                          string
+	DbType                                   string
+	DbServer                                 string
+	DbPort                                   int
+	DbUser                                   string
+	DbDatabase                               string
+	DbPassword                               string
+	LdapServer                               string
+	LdapPort                                 int
+	LdapBindDn                               string
+	LdapPassword                             string
 	LdapBaseDn                               string
 	LdapUserFilter                           string
 	GetUserLoginQuery                        string
@@ -88,11 +92,11 @@ func newNginxAuth() (*nginxauth, error) {
 	}
 
 	s := NewBackendRedisSession(config.RedisServer, config.RedisPort, config.RedisPassword, config.RedisMaxIdle, config.RedisMaxConnections, config.StoragePrefix)
-	l, err := NewBackendLDAPLogin(config.BackendServer, config.BackendPort, config.BackendUser, config.BackendPassword, config.LdapBaseDn)
+	l, err := NewBackendLDAPLogin(config.LdapServer, config.LdapPort, config.LdapBindDn, config.LdapPassword, config.LdapBaseDn, config.LdapUserFilter)
 	if err != nil {
 		return nil, err
 	}
-	u, err := newBackendDbUser(config.BackendServer, config.BackendPort, config.BackendUser, config.BackendPassword, config.BackendDatabase, config.GetUserLoginQuery, config.AddUserQuery, config.VerifyEmailQuery, config.UpdateUserQuery)
+	u, err := newBackendDbUser(config.DbServer, config.DbPort, config.DbUser, config.DbPassword, config.DbDatabase, config.GetUserLoginQuery, config.AddUserQuery, config.VerifyEmailQuery, config.UpdateUserQuery)
 	if err != nil {
 		return nil, err
 	}

diff --git a/nginxauth_test.go b/nginxauth_test.go
@@ -6,8 +6,8 @@ import (
 
 func TestNewRestServer(t *testing.T) {
 	_, err := newNginxAuth()
-	if err != nil { // will connect to the docker Postgres db specified in auth.conf
-		t.Error("expected success")
+	if err != nil { // will connect to the docker Postgres db and LDAP server specified in auth.conf
+		t.Error("expected success", err)
 	}
 }