github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-15 20:07:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #59 from rchincha/ldap

Browse Source 
authN: first try local htpasswd then LDAP
This commit is contained in:
Tycho Andersen
2020-01-15 09:57:46 -08:00
committed by GitHub
parent 17ac1be723 d64a3e33cc
commit 92d8f7c866
1 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/auth.go
+13 -15
View File
@@ -142,7 +142,17 @@ func BasicAuthHandler(c *Controller) mux.MiddlewareFunc {
username := pair[0]
passphrase := pair[1]
// prefer LDAP if configured
// first, HTTPPassword authN (which is local)
passphraseHash, ok := credMap[username]
if ok {
if err := bcrypt.CompareHashAndPassword([]byte(passphraseHash), []byte(passphrase)); err == nil {
// Process request
next.ServeHTTP(w, r)
return
}
}
// next, LDAP if configured (network-based which can lose connectivity)
if c.Config.HTTP.Auth != nil && c.Config.HTTP.Auth.LDAP != nil {
ok, _, err := ldapClient.Authenticate(username, passphrase)
if ok && err == nil {
@@ -152,20 +162,8 @@ func BasicAuthHandler(c *Controller) mux.MiddlewareFunc {
}
}
// fallback to HTTPPassword
passphraseHash, ok := credMap[username]
if !ok {
authFail(w, realm, delay)
return
}
if err := bcrypt.CompareHashAndPassword([]byte(passphraseHash), []byte(passphrase)); err != nil {
authFail(w, realm, delay)
return
}
// Process request
next.ServeHTTP(w, r)
authFail(w, realm, delay)
return
})
}
}