diff options
| author | konstpic <156318483+konstpic@users.noreply.github.com> | 2025-09-28 22:00:16 +0300 |
|---|---|---|
| committer | mhsanaei <ho3ein.sanaei@gmail.com> | 2025-09-28 22:04:54 +0300 |
| commit | 28a17a80ec0c4a0f82e8acfca351651d762b3ec9 (patch) | |
| tree | 7902b7b4cba04bce816ad17c9490f7228574a096 /web/service/user.go | |
| parent | 30565833889171afe5c934f97bc0e767534e8310 (diff) | |
feat: add ldap component (#3568)
* add ldap component
* fix: fix russian comments, tls cert verify default true
* feat: remove replaces go mod for local dev
Diffstat (limited to 'web/service/user.go')
| -rw-r--r-- | web/service/user.go | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/web/service/user.go b/web/service/user.go index f42c3cf8..87c46bf2 100644 --- a/web/service/user.go +++ b/web/service/user.go @@ -7,7 +7,7 @@ import ( "github.com/mhsanaei/3x-ui/v2/database/model" "github.com/mhsanaei/3x-ui/v2/logger" "github.com/mhsanaei/3x-ui/v2/util/crypto" - + ldaputil "github.com/mhsanaei/3x-ui/v2/util/ldap" "github.com/xlzd/gotp" "gorm.io/gorm" ) @@ -49,9 +49,38 @@ func (s *UserService) CheckUser(username string, password string, twoFactorCode return nil } - if !crypto.CheckPasswordHash(user.Password, password) { - return nil - } + // If LDAP enabled and local password check fails, attempt LDAP auth + if !crypto.CheckPasswordHash(user.Password, password) { + ldapEnabled, _ := s.settingService.GetLdapEnable() + if !ldapEnabled { + return nil + } + + host, _ := s.settingService.GetLdapHost() + port, _ := s.settingService.GetLdapPort() + useTLS, _ := s.settingService.GetLdapUseTLS() + bindDN, _ := s.settingService.GetLdapBindDN() + ldapPass, _ := s.settingService.GetLdapPassword() + baseDN, _ := s.settingService.GetLdapBaseDN() + userFilter, _ := s.settingService.GetLdapUserFilter() + userAttr, _ := s.settingService.GetLdapUserAttr() + + cfg := ldaputil.Config{ + Host: host, + Port: port, + UseTLS: useTLS, + BindDN: bindDN, + Password: ldapPass, + BaseDN: baseDN, + UserFilter: userFilter, + UserAttr: userAttr, + } + ok, err := ldaputil.AuthenticateUser(cfg, username, password) + if err != nil || !ok { + return nil + } + // On successful LDAP auth, continue 2FA checks below + } twoFactorEnable, err := s.settingService.GetTwoFactorEnable() if err != nil { |