From fe8851bcfec73538ea454a397d89c8610c946d89 Mon Sep 17 00:00:00 2001
From: Matej Kramny <matejkramny@gmail.com>
Date: Tue, 18 Apr 2017 16:37:44 +0100
Subject: [PATCH] fixes for #310

---
 api/login.go               | 57 ++++++++++++++++----------------------
 api/users.go               |  3 --
 public/html/users/user.pug |  6 ++--
 3 files changed, 26 insertions(+), 40 deletions(-)

diff --git a/api/login.go b/api/login.go
index 9302604c7..e584ed26a 100644
--- a/api/login.go
+++ b/api/login.go
@@ -19,14 +19,10 @@ import (
 )
 
 func ldapAuthentication(auth, password string) (error, db.User) {
-
 	if util.Config.LdapEnable != true {
 		return fmt.Errorf("LDAP not configured"), db.User{}
 	}
 
-	bindusername := util.Config.LdapBindDN
-	bindpassword := util.Config.LdapBindPassword
-
 	l, err := ldap.Dial("tcp", util.Config.LdapServer)
 	if err != nil {
 		return err, db.User{}
@@ -42,7 +38,7 @@ func ldapAuthentication(auth, password string) (error, db.User) {
 	}
 
 	// First bind with a read only user
-	err = l.Bind(bindusername, bindpassword)
+	err = l.Bind(util.Config.LdapBindDN, util.Config.LdapBindPassword)
 	if err != nil {
 		return err, db.User{}
 	}
@@ -97,7 +93,6 @@ func ldapAuthentication(auth, password string) (error, db.User) {
 
 	log.Info("User " + ldapUser.Name + " with email " + ldapUser.Email + " authorized via LDAP correctly")
 	return nil, ldapUser
-
 }
 
 func login(w http.ResponseWriter, r *http.Request) {
@@ -112,17 +107,32 @@ func login(w http.ResponseWriter, r *http.Request) {
 
 	login.Auth = strings.ToLower(login.Auth)
 
-	ldapErr, ldapUser := ldapAuthentication(login.Auth, login.Password)
-
-	if util.Config.LdapEnable == true && ldapErr != nil {
-		log.Info(ldapErr.Error())
-	}
-
+	var user db.User
 	q := sq.Select("*").
 		From("user")
 
-	var user db.User
-	if ldapErr != nil {
+	if util.Config.LdapEnable {
+		ldapErr, ldapUser := ldapAuthentication(login.Auth, login.Password)
+		if ldapErr != nil {
+			log.Info(ldapErr.Error())
+		}
+
+		// Check if that user already exist in database
+		q = q.Where("username=? and external=true", ldapUser.Username)
+
+		query, args, _ := q.ToSql()
+		if err := db.Mysql.SelectOne(&user, query, args...); err != nil {
+			if err == sql.ErrNoRows {
+				// Create new user
+				user = ldapUser
+				if err := db.Mysql.Insert(&user); err != nil {
+					panic(err)
+				}
+			} else if err != nil {
+				panic(err)
+			}
+		}
+	} else {
 		// Perform normal authorization
 		_, err := mail.ParseAddress(login.Auth)
 		if err == nil {
@@ -132,7 +142,6 @@ func login(w http.ResponseWriter, r *http.Request) {
 		}
 
 		query, args, _ := q.ToSql()
-
 		if err := db.Mysql.SelectOne(&user, query, args...); err != nil {
 			if err == sql.ErrNoRows {
 				w.WriteHeader(http.StatusBadRequest)
@@ -147,24 +156,6 @@ func login(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusBadRequest)
 			return
 		}
-	} else {
-		// Check if that user already exist in database
-		q = q.Where("username=? and external=true", ldapUser.Username)
-
-		query, args, _ := q.ToSql()
-
-		if err := db.Mysql.SelectOne(&user, query, args...); err != nil {
-			if err == sql.ErrNoRows {
-				//Create new user
-				user = ldapUser
-				if err := db.Mysql.Insert(&user); err != nil {
-					panic(err)
-				}
-			} else if err != nil {
-				panic(err)
-			}
-
-		}
 	}
 
 	session := db.Session{
diff --git a/api/users.go b/api/users.go
index 61ba91ff9..318eb668f 100644
--- a/api/users.go
+++ b/api/users.go
@@ -68,9 +68,6 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 		log.Warn("Username is not editable for external LDAP users")
 		w.WriteHeader(http.StatusBadRequest)
 	}
-	if err := mulekick.Bind(w, r, &user); err != nil {
-		return
-	}
 
 	if _, err := db.Mysql.Exec("update user set name=?, username=?, email=?, alert=? where id=?", user.Name, user.Username, user.Email, user.Alert, oldUser.ID); err != nil {
 		panic(err)
diff --git a/public/html/users/user.pug b/public/html/users/user.pug
index 05be659ab..40a0ff839 100644
--- a/public/html/users/user.pug
+++ b/public/html/users/user.pug
@@ -8,15 +8,13 @@
 			.col-sm-8: input.form-control(type="text" placeholder="Your name" ng-model="user.name")
 		.form-group
 			label.control-label.col-sm-4 Username
-			.col-sm-8: input.form-control(type="text" placeholder="Username" ng-model="user.username" ng-if="user.external==false")
-			.col-sm-8: input.form-control(type="text" placeholder="Username" ng-model="user.username" readonly="readonly" ng-if="user.external==true")
+			.col-sm-8: input.form-control(type="text" placeholder="Username" ng-model="user.username" ng-readonly="user.external == true")
 		.form-group
 			label.control-label.col-sm-4 Email
 			.col-sm-8: input.form-control(type="email" placeholder="Email address" ng-model="user.email")
 		.form-group
 			label.control-label.col-sm-4 Password
-			.col-sm-8: input.form-control(type="password" placeholder="Not editable for LDAP user" readonly="readonly" ng-model="user.password" ng-if="user.external==true")
-			.col-sm-8: input.form-control(type="password" placeholder="Enter new password" ng-model="user.password" ng-if="user.external==false")
+			.col-sm-8: input.form-control(type="password" placeholder="Not editable for LDAP user" ng-readonly="user.external == true" ng-model="user.password")
 		.form-group
 			.col-sm-8.col-sm-offset-4: .checkbox: label
 				input(type="checkbox" title="Send email alerts about failed tasks" ng-model="user.alert")