Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-09 22:31:50 -05:00
Code Issues Activity

🐛 Don't cache ldap connection.

Browse source
This commit is contained in:
Andrey Antukh 2021-03-05 08:58:57 +01:00
parent 2de16985d3
commit 5ae823b25c
1 changed files with 25 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
backend/src/app/rpc/mutations/ldap.clj
View file

@ -19,8 +19,9 @@
[clojure.string] [clojure.string]
[clojure.tools.logging :as log])) [clojure.tools.logging :as log]))
(def cpool
(delay (defn ^java.lang.AutoCloseable connect
[]
(let [params {:ssl? (cfg/get :ldap-ssl) (let [params {:ssl? (cfg/get :ldap-ssl)
:startTLS? (cfg/get :ldap-starttls) :startTLS? (cfg/get :ldap-starttls)
:bind-dn (cfg/get :ldap-bind-dn) :bind-dn (cfg/get :ldap-bind-dn)
@ -28,11 +29,12 @@
:host {:address (cfg/get :ldap-host) :host {:address (cfg/get :ldap-host)
:port (cfg/get :ldap-port)}}] :port (cfg/get :ldap-port)}}]
(try (try
(ldap/connect params) (#'ldap/create-connection params)
(catch Exception e (catch Exception e
(log/errorf e "cannot connect to LDAP %s:%s" (ex/raise :type :restriction
(get-in params [:host :address]) :code :ldap-disabled
(get-in params [:host :port]))))))) :hint "ldap disabled or unable to connect"
:cause e)))))
;; --- Mutation: login-with-ldap ;; --- Mutation: login-with-ldap
@ -48,12 +50,7 @@
(sv/defmethod ::login-with-ldap {:auth false :rlimit :password} (sv/defmethod ::login-with-ldap {:auth false :rlimit :password}
[{:keys [pool session tokens] :as cfg} {:keys [email password invitation-token] :as params}] [{:keys [pool session tokens] :as cfg} {:keys [email password invitation-token] :as params}]
(when-not @cpool (let [info (authenticate params)
(ex/raise :type :restriction
:code :ldap-disabled
:hint "ldap disabled or unable to connect"))
(let [info (authenticate @cpool params)
cfg (assoc cfg :conn pool)] cfg (assoc cfg :conn pool)]
(when-not info (when-not info
(ex/raise :type :validation (ex/raise :type :validation
@ -96,10 +93,11 @@
(first (ldap/search cpool base-dn params)))) (first (ldap/search cpool base-dn params))))
(defn- authenticate (defn- authenticate
[cpool {:keys [password] :as params}] [{:keys [password] :as params}]
(when-let [{:keys [dn] :as luser} (get-ldap-user cpool params)] (with-open [conn (connect)]
(when (ldap/bind? cpool dn password) (when-let [{:keys [dn] :as luser} (get-ldap-user conn params)]
(when (ldap/bind? conn dn password)
{:photo (get luser (keyword (cfg/get :ldap-attrs-photo))) {:photo (get luser (keyword (cfg/get :ldap-attrs-photo)))
:fullname (get luser (keyword (cfg/get :ldap-attrs-fullname))) :fullname (get luser (keyword (cfg/get :ldap-attrs-fullname)))
:email (get luser (keyword (cfg/get :ldap-attrs-email))) :email (get luser (keyword (cfg/get :ldap-attrs-email)))
:backend "ldap"}))) :backend "ldap"}))))