From f6e225293d76817fac2c227075c4b5ce5f029950 Mon Sep 17 00:00:00 2001
From: Clark Andrianasolo <clark.andrianasolo@rudder.io>
Date: Thu, 18 Apr 2024 15:15:05 +0200
Subject: [PATCH] Fixes #24749:  Disabled LDAP users can still login and use
 Rudder

---
 .../main/scala/bootstrap/liftweb/AppConfigAuth.scala   | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/AppConfigAuth.scala b/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/AppConfigAuth.scala
index 146f299f23..d4949a3298 100644
--- a/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/AppConfigAuth.scala
+++ b/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/AppConfigAuth.scala
@@ -329,7 +329,7 @@ class AppConfigAuth extends ApplicationContextAware {
    * Map an user from XML user config file
    */
   @Bean def rudderXMLUserDetails: UserDetailsContextMapper = {
-    new RudderXmlUserDetailsContextMapper(RudderConfig.rudderUserListProvider)
+    new RudderXmlUserDetailsContextMapper(rudderUserDetailsService)
   }
 
   // userSessionLogEvent must not be lazy, because not used by anybody directly
@@ -432,7 +432,7 @@ class RudderInMemoryUserDetailsService(val authConfigProvider: UserDetailListPro
 /**
  * Spring context mapper
  */
-class RudderXmlUserDetailsContextMapper(authConfigProvider: UserDetailListProvider) extends UserDetailsContextMapper {
+class RudderXmlUserDetailsContextMapper(userDetailsService: UserDetailsService) extends UserDetailsContextMapper {
   // we are not able to try to save user in the XML file
   def mapUserToContext(user: UserDetails, ctx: DirContextAdapter): Unit = ()
 
@@ -441,11 +441,7 @@ class RudderXmlUserDetailsContextMapper(authConfigProvider: UserDetailListProvid
       username:    String,
       authorities: Collection[? <: GrantedAuthority]
   ): UserDetails = {
-    authConfigProvider.authConfig.users
-      .getOrElse(
-        username,
-        RudderUserDetail(RudderAccount.User(username, ""), UserStatus.Disabled, Set(Role.NoRights), ApiAuthorization.None)
-      )
+    userDetailsService.loadUserByUsername(username)
   }
 }