Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-25 08:19:40 +02:00
Code Issues Releases Activity

feat(authentication): add a setting to toggle automatic user provisioning when u… (#2068)

Browse source 
* feat(api): add a setting to toggle automatic user provisioning when using LDAP authentication

* fix(auth): fix an issue with AutoCreateUsers disabled
This commit is contained in:
Anthony Lapenna 2018-07-24 08:49:17 +02:00 committed by GitHub
parent c7cb515035
commit 113da93145
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 44 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

7
api/http/handler/auth/authenticate.go
View file

@ -3,6 +3,7 @@ package auth
import (
"log"
"net/http"
"strings"
"github.com/asaskevich/govalidator"
"github.com/portainer/portainer"
@ -56,8 +57,10 @@ func (handler *Handler) authenticate(w http.ResponseWriter, r *http.Request) *ht
}
if settings.AuthenticationMethod == portainer.AuthenticationLDAP {
if u == nil {
if u == nil && settings.LDAPSettings.AutoCreateUsers {
return handler.authenticateLDAPAndCreateUser(w, payload.Username, payload.Password, &settings.LDAPSettings)
} else if u == nil && !settings.LDAPSettings.AutoCreateUsers {
return &httperror.HandlerError{http.StatusUnprocessableEntity, "Invalid credentials", portainer.ErrUnauthorized}
}
return handler.authenticateLDAP(w, u, payload.Password, &settings.LDAPSettings)
}
@ -167,7 +170,7 @@ func (handler *Handler) addUserIntoTeams(user *portainer.User, settings *portain
func teamExists(teamName string, ldapGroups []string) bool {
for _, group := range ldapGroups {
if group == teamName {
if strings.ToLower(group) == strings.ToLower(teamName) {
return true
}
}

2
api/http/handler/settings/settings_public.go
View file

@ -13,7 +13,6 @@ type publicSettingsResponse struct {
AuthenticationMethod portainer.AuthenticationMethod `json:"AuthenticationMethod"`
AllowBindMountsForRegularUsers bool `json:"AllowBindMountsForRegularUsers"`
AllowPrivilegedModeForRegularUsers bool `json:"AllowPrivilegedModeForRegularUsers"`
SnapshotInterval string `json:"SnapshotInterval"`
}
// GET request on /api/settings/public
@ -28,7 +27,6 @@ func (handler *Handler) settingsPublic(w http.ResponseWriter, r *http.Request) *
AuthenticationMethod: settings.AuthenticationMethod,
AllowBindMountsForRegularUsers: settings.AllowBindMountsForRegularUsers,
AllowPrivilegedModeForRegularUsers: settings.AllowPrivilegedModeForRegularUsers,
SnapshotInterval: settings.SnapshotInterval,
}
return response.JSON(w, publicSettings)