MT#59447 admin user LDAP authentication #1

Change-Id: Ic31236d933f022b567c74998959267ef9a549b7e
5 months ago · de0595c089
parent 358139edee
commit de0595c089
5 changed files with 9 additions and 4 deletions
--- a/lib/NGCP/Panel/Controller/API/Admins.pm
+++ b/lib/NGCP/Panel/Controller/API/Admins.pm
@ -58,6 +58,7 @@ sub create_item {
    my $item;
    try {
        my $pass = delete $resource->{password};
+        $resource->{auth_mode} ||= 'local';
        $item = $c->model('DB')->resultset('admins')->create($resource);
        NGCP::Panel::Utils::Admin::insert_password_journal(
            $c, $item, $pass
--- a/lib/NGCP/Panel/Controller/Administrator.pm
+++ b/lib/NGCP/Panel/Controller/Administrator.pm
@ -150,6 +150,7 @@ sub create :Chained('list_admin') :PathPart('create') :Args(0) :AllowedRole(admi
            }
            my $password = delete $form->values->{password};
            $form->values->{md5pass} = undef;
+            $form->values->{auth_mode} ||= 'local';
            $form->values->{saltedpass} = NGCP::Panel::Utils::Auth::generate_salted_hash($password);

            if ($form->values->{role_id}) {
@ -281,6 +282,7 @@ sub edit :Chained('base') :PathPart('edit') :Args(0) {
            } else {
                $form->values->{role_id} = NGCP::Panel::Utils::UserRole::resolve_role_id($c, $form->values);
            }
+            $form->values->{auth_mode} ||= 'local';

            $c->stash->{administrator}->update($form->values);
            delete $c->session->{created_objects}->{reseller};
--- a/lib/NGCP/Panel/Form/Administrator/Reseller.pm
+++ b/lib/NGCP/Panel/Form/Administrator/Reseller.pm
@ -13,7 +13,7 @@ has_field 'login' => (type => 'Text', required => 1, minlength => 5, maxlength =
 has_field 'auth_mode' => (
    type => 'Select',
    label => 'Authentication Mode',
-    required => 1, 
+    required => 0,
    options => [
        { value => 'local', label => 'local' },
        { value => 'ldap', label => 'LDAP' },
--- a/lib/NGCP/Panel/Role/API/Admins.pm
+++ b/lib/NGCP/Panel/Role/API/Admins.pm
@ -208,6 +208,7 @@ sub update_item {
        $resource = $old_resource;
        $resource->{is_active} = $active;
    }
+    $resource->{auth_mode} ||= 'local';

    $item->update($resource);

--- a/lib/NGCP/Panel/Utils/Auth.pm
+++ b/lib/NGCP/Panel/Utils/Auth.pm
@ -10,7 +10,7 @@ use UUID;
 use NGCP::Panel::Utils::Ldap qw(
    auth_ldap_simple
    get_user_dn
-            
+
    $ldapconnecterror
    $ldapnouserdn
    $ldapauthfailed
@ -71,7 +71,7 @@ sub get_usr_salted_pass {

 sub perform_auth {
    my ($c, $user, $pass, $realm, $bcrypt_realm) = @_;
-    
+
    my $res;
    my $log_failed_login_attempt = 1;

@ -106,7 +106,7 @@ sub perform_auth {
                    }
                }, $bcrypt_realm
            );
-        } elsif (defined $dbadmin) { # we already know if the username is wrong, no need to check again
+        } else {
            # check md5 and migrate over to bcrypt on success
            $c->log->debug("login via md5");
            $res = $c->authenticate(
@ -142,6 +142,7 @@ sub perform_auth {
            $log_failed_login_attempt = 0; # do not log failed attempt if there was an ldap error
        } else {
            $res = 1;
+            $c->set_authenticated($dbadmin); # logs the user in and calls persist_user
        }
    }