88fa7e37dc
* outpost: promote session end signal to non-provider specific Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement server-side logout in ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix previous import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use better retry logic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * log Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make more generic if we switch from ws to something else Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make it possible to e2e test WS Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ldap session id Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ok I actually need to go to bed this took me an hour to fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format; add ldap test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix leftover state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove thread Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use ws base for radius Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate test utils Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing super calls Signed-off-by: Jens Langhammer <jens@goauthentik.io> * websocket tests with browser 🎉 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add proxy test for sign out Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix install_id issue with channels tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy basic auth test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * big code dedupe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow passing go build args Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve waiting for outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite ldap tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ok actually fix the tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * undo a couple things that need more time to cook Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix session id for ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing createTimestamp and modifyTimestamp ldap attributes closes #10474 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
63 lines
1.7 KiB
Go
63 lines
1.7 KiB
Go
package ldap
|
|
|
|
import (
|
|
"net"
|
|
"time"
|
|
|
|
"beryju.io/ldap"
|
|
"github.com/getsentry/sentry-go"
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
log "github.com/sirupsen/logrus"
|
|
"goauthentik.io/internal/outpost/ldap/bind"
|
|
"goauthentik.io/internal/outpost/ldap/metrics"
|
|
)
|
|
|
|
func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) {
|
|
req, span := bind.NewRequest(bindDN, bindPW, conn)
|
|
selectedApp := ""
|
|
defer func() {
|
|
span.Finish()
|
|
metrics.Requests.With(prometheus.Labels{
|
|
"outpost_name": ls.ac.Outpost.Name,
|
|
"type": "bind",
|
|
"app": selectedApp,
|
|
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
|
req.Log().WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Bind request")
|
|
}()
|
|
|
|
defer func() {
|
|
err := recover()
|
|
if err == nil {
|
|
return
|
|
}
|
|
log.WithError(err.(error)).Error("recover in bind request")
|
|
sentry.CaptureException(err.(error))
|
|
}()
|
|
|
|
for _, instance := range ls.providers {
|
|
username, err := instance.binder.GetUsername(bindDN)
|
|
if err == nil {
|
|
selectedApp = instance.GetAppSlug()
|
|
c, err := instance.binder.Bind(username, req)
|
|
if c == ldap.LDAPResultSuccess {
|
|
f := instance.GetFlags(req.BindDN)
|
|
ls.connectionsSync.Lock()
|
|
ls.connections[f.SessionID()] = conn
|
|
ls.connectionsSync.Unlock()
|
|
}
|
|
return c, err
|
|
} else {
|
|
req.Log().WithError(err).Debug("Username not for instance")
|
|
}
|
|
}
|
|
req.Log().WithField("request", "bind").Warning("No provider found for request")
|
|
metrics.RequestsRejected.With(prometheus.Labels{
|
|
"outpost_name": ls.ac.Outpost.Name,
|
|
"type": "bind",
|
|
"reason": "no_provider",
|
|
"app": "",
|
|
}).Inc()
|
|
|
|
return ldap.LDAPResultInsufficientAccessRights, nil
|
|
}
|