liquid_feedback_frontend
view env/ldap/check_credentials.lua @ 1511:f1258993d993
Fixed issue with oauth/session endpoint and samesite cookies
| author | bsw | 
|---|---|
| date | Thu Aug 20 13:44:54 2020 +0200 (2020-08-20) | 
| parents | 58f48a8a202a | 
| children | 
 line source
     1 -- check if credentials (given by a user) are valid to bind to LDAP
     2 -- --------------------------------------------------------------------------
     3 --
     4 -- arguments:
     5 --   dn: The distinguished name to be used fo binding (string, required)
     6 --   password: Password credentials (string, required)
     7 --
     8 -- returns
     9 --   success: true in cases of valid credentials
    10 --            false in cases of invalid credentials
    11 --            nil in undetermined cases, i.e. unavailable LDAP server
    12 --   err: error code in case of errors, otherwise nil (string)
    13 --   err2: error dependent extra error information
    15 function ldap.check_credentials(login, password)
    17   local filter = config.ldap.member.login_filter_map(login)
    18   local ldap_entry, err, err2 = ldap.get_member_entry(filter)
    20   if err == "too_many_entries_found" then
    21     return false, "invalid_credentials"
    22   end
    24   if err then
    25     return nil, err
    26   end
    27   if not ldap_entry then
    28     return false, "invalid_credentials"
    29   end
    31   local dn = ldap_entry.dn
    33   local ldap, err, err2 = ldap.bind(dn, password)
    35   if err == "invalid_credentials" then
    36     return false, "invalid_credentials"
    37   end
    39   if err then
    40     return nil, err, err2
    41   end
    43   ldap:unbind()
    45   return ldap_entry
    47 end
