diff --git a/access.lua b/access.lua index d1f9eb5..b22a9f7 100644 --- a/access.lua +++ b/access.lua @@ -145,6 +145,23 @@ function has_access (user, url) end function authenticate (user, password) + if string.find(user, "@") then + ldap = lualdap.open_simple("localhost") + for dn, attribs in ldap:search { + base = "ou=users,dc=yunohost,dc=org", + scope = "onelevel", + sizelimit = 1, + filter = "(mail="..user..")", + attrs = {"uid"} + } do + if attribs["uid"] then + user = attribs["uid"] + else + return false + end + end + ldap:close() + end connected = lualdap.open_simple ( "localhost", "uid=".. user ..",ou=users,dc=yunohost,dc=org", @@ -154,9 +171,10 @@ function authenticate (user, password) cache:flush_expired() if connected then cache:add(user.."-password", password, oneweek) + return user + else + return false end - - return connected end function set_headers (user) @@ -479,9 +497,10 @@ function do_login () local args = ngx.req.get_post_args() local uri_args = ngx.req.get_uri_args() - if authenticate(args.user, args.password) then + user = authenticate(args.user, args.password) + if user then ngx.status = ngx.HTTP_CREATED - set_auth_cookie(args.user, ngx.var.host) + set_auth_cookie(user, ngx.var.host) if uri_args.r then return redirect(portal_url.."?r="..uri_args.r) else @@ -641,7 +660,8 @@ local auth_header = ngx.req.get_headers()["Authorization"] if auth_header then _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$") _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$") - if authenticate(user, password) then + user = authenticate(user, password) + if user then set_headers(user) return pass() end