Skip to content

Commit

Permalink
do not cache invalid session goauthentik#9972
Browse files Browse the repository at this point in the history
  • Loading branch information
calbrecht committed Jun 10, 2024
1 parent f96fec8 commit eb685f9
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions internal/outpost/ldap/bind/memory/memory.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
log "github.com/sirupsen/logrus"
"goauthentik.io/internal/outpost/ldap/bind"
"goauthentik.io/internal/outpost/ldap/bind/direct"
"goauthentik.io/internal/outpost/ldap/flags"
"goauthentik.io/internal/outpost/ldap/server"
)

Expand Down Expand Up @@ -54,15 +55,15 @@ func (sb *SessionBinder) Bind(username string, req *bind.Request) (ldap.LDAPResu
result, err := sb.DirectBinder.Bind(username, req)
// Only cache the result if there's been an error
if err == nil {
flags := sb.si.GetFlags(req.BindDN)
if flags == nil {
flag := sb.si.GetFlags(req.BindDN)
if flag == nil || (flag.UserInfo == nil && flag.UserPk == flags.InvalidUserPK) {
sb.log.Error("user flags not set after bind")
return result, err
}
sb.sessions.Set(Credentials{
DN: req.BindDN,
Password: req.BindPW,
}, result, time.Until(flags.Session.Expires))
}, result, time.Until(flag.Session.Expires))
}
return result, err
}

0 comments on commit eb685f9

Please sign in to comment.