Fix LDAP with valid old password login (#497)

2025-08-14 11:10:45 +02:00
parent bb1991f3ca
commit a7a25c4100
1 changed files with 16 additions and 6 deletions
--- a/internal/web/handlers/auth/password.go
+++ b/internal/web/handlers/auth/password.go
@@ -2,6 +2,7 @@ package auth

 import (
 	"errors"
+
 	"github.com/rs/zerolog/log"
 	"github.com/thomiceli/opengist/internal/auth/ldap"
 	passwordpkg "github.com/thomiceli/opengist/internal/auth/password"
@@ -124,15 +125,24 @@ func ProcessLogin(ctx *context.Context) error {
 		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
 	}

-	if ldap.Enabled() {
-		if user, err = tryLdapLogin(ctx, dto.Username, dto.Password); err != nil {
-			return err
-		}
-	}
-	if user == nil {
+	localUser, err := db.GetUserByUsername(dto.Username)
+	hasLocalPassword := err == nil && localUser.Password != ""
+
+	if hasLocalPassword {
 		if user, err = tryDbLogin(ctx, dto.Username, dto.Password); user == nil {
 			return err
 		}
+	} else {
+		if ldap.Enabled() {
+			if user, err = tryLdapLogin(ctx, dto.Username, dto.Password); err != nil {
+				return err
+			}
+		}
+		if user == nil {
+			if user, err = tryDbLogin(ctx, dto.Username, dto.Password); user == nil {
+				return err
+			}
+		}
 	}

 	// handle MFA