feat(app): chnaged users table
Build and Push Docker image / build-and-push (push) Successful in 3m1s
Details
Build and Push Docker image / build-and-push (push) Successful in 3m1s
Details
in the past ldapUsers had their own table (ldapUsers) and guest users the (guestUsers) table. They are now stored in the same table but with a REALM field BREAKING CHANGE: ldap users are now stored in the "users" table
This commit is contained in:
parent
1c78615597
commit
4d31f8de68
|
@ -44,7 +44,7 @@ func UserIsInAdminGroup(app *pocketbase.PocketBase, c echo.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// return error if user is not in admin group
|
// return error if user is not in admin group
|
||||||
return apis.NewUnauthorizedError("Unauthorized: user must be in admin group for ldap search", nil)
|
return apis.NewUnauthorizedError("Unauthorized", nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// initLdapLogin
|
// initLdapLogin
|
||||||
|
@ -138,7 +138,6 @@ func initLdapSearch(app *pocketbase.PocketBase, e *core.ServeEvent) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Connect to the LDAP server
|
// Connect to the LDAP server
|
||||||
|
|
||||||
conn, err := ldap.DialURL(os.Getenv("LDAP_URL"))
|
conn, err := ldap.DialURL(os.Getenv("LDAP_URL"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return apis.NewBadRequestError("unable to connect to ldap server", err)
|
return apis.NewBadRequestError("unable to connect to ldap server", err)
|
||||||
|
|
|
@ -122,6 +122,7 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error {
|
||||||
record.Set("dn", ldapUser.dn)
|
record.Set("dn", ldapUser.dn)
|
||||||
record.Set("cn", ldapUser.cn)
|
record.Set("cn", ldapUser.cn)
|
||||||
record.Set("memberOf", memberOfGroupIds)
|
record.Set("memberOf", memberOfGroupIds)
|
||||||
|
record.Set("REALM", ldapUser.REALM)
|
||||||
|
|
||||||
if err := app.Dao().SaveRecord(record); err != nil {
|
if err := app.Dao().SaveRecord(record); err != nil {
|
||||||
return fmt.Errorf("failed to upsert user with dn: %s - %w", ldapUser.dn, err)
|
return fmt.Errorf("failed to upsert user with dn: %s - %w", ldapUser.dn, err)
|
||||||
|
|
|
@ -169,6 +169,7 @@ func syncLdapUsers(app *pocketbase.PocketBase, ldapClient *ldap.Conn) SyncResult
|
||||||
cn: entry.GetAttributeValue("cn"),
|
cn: entry.GetAttributeValue("cn"),
|
||||||
msSFU30NisDomain: entry.GetAttributeValue("msSFU30NisDomain"),
|
msSFU30NisDomain: entry.GetAttributeValue("msSFU30NisDomain"),
|
||||||
memberOf: entry.GetAttributeValues("memberOf"),
|
memberOf: entry.GetAttributeValues("memberOf"),
|
||||||
|
REALM: "LDAP",
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errors = append(errors, err)
|
errors = append(errors, err)
|
||||||
|
|
|
@ -10,6 +10,7 @@ type LDAPUser struct {
|
||||||
cn string
|
cn string
|
||||||
msSFU30NisDomain string // must be STUVE
|
msSFU30NisDomain string // must be STUVE
|
||||||
memberOf []string
|
memberOf []string
|
||||||
|
REALM string
|
||||||
}
|
}
|
||||||
|
|
||||||
type LDAPGroup struct {
|
type LDAPGroup struct {
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
"github.com/pocketbase/pocketbase/tools/types"
|
"github.com/pocketbase/pocketbase/tools/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
const ldapUsersTableName string = "ldap_users"
|
const ldapUsersTableName string = "users"
|
||||||
const ldapGroupsTableName string = "ldap_groups"
|
const ldapGroupsTableName string = "ldap_groups"
|
||||||
const ldapSyncLogsTableName string = "ldap_sync_logs"
|
const ldapSyncLogsTableName string = "ldap_sync_logs"
|
||||||
|
|
||||||
|
@ -124,17 +124,17 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
|
||||||
form := forms.NewCollectionUpsert(app, collection)
|
form := forms.NewCollectionUpsert(app, collection)
|
||||||
form.Name = ldapUsersTableName // collection name
|
form.Name = ldapUsersTableName // collection name
|
||||||
form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
|
form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
|
||||||
form.ListRule = nil // list rule (only user self can list their own data
|
form.ListRule = nil // list rule (only admins can list)
|
||||||
form.ViewRule = nil // view rule (only user self can view their own data)
|
form.ViewRule = nil // view rule (only admins can view)
|
||||||
form.CreateRule = nil // create rule (anyone can create)
|
form.CreateRule = nil // create rule (only admins can create)
|
||||||
form.UpdateRule = nil // update rule (anyone can update)
|
form.UpdateRule = nil // update rule (only admins can update)
|
||||||
form.DeleteRule = nil // delete rule (anyone can delete)
|
form.DeleteRule = nil // delete rule (only admins can delete)
|
||||||
|
|
||||||
// add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function
|
// add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function
|
||||||
form.Schema.AddField(&schema.SchemaField{
|
form.Schema.AddField(&schema.SchemaField{
|
||||||
Name: "cn",
|
Name: "cn",
|
||||||
Type: schema.FieldTypeText,
|
Type: schema.FieldTypeText,
|
||||||
Required: true,
|
Required: false,
|
||||||
Presentable: true,
|
Presentable: true,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -142,28 +142,28 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
|
||||||
form.Schema.AddField(&schema.SchemaField{
|
form.Schema.AddField(&schema.SchemaField{
|
||||||
Name: "objectGUID",
|
Name: "objectGUID",
|
||||||
Type: schema.FieldTypeText,
|
Type: schema.FieldTypeText,
|
||||||
Required: true,
|
Required: false,
|
||||||
})
|
})
|
||||||
|
|
||||||
// add distinguished name field
|
// add distinguished name field
|
||||||
form.Schema.AddField(&schema.SchemaField{
|
form.Schema.AddField(&schema.SchemaField{
|
||||||
Name: "dn",
|
Name: "dn",
|
||||||
Type: schema.FieldTypeText,
|
Type: schema.FieldTypeText,
|
||||||
Required: true,
|
Required: false,
|
||||||
})
|
})
|
||||||
|
|
||||||
// add surname field
|
// add surname field
|
||||||
form.Schema.AddField(&schema.SchemaField{
|
form.Schema.AddField(&schema.SchemaField{
|
||||||
Name: "sn",
|
Name: "sn",
|
||||||
Type: schema.FieldTypeText,
|
Type: schema.FieldTypeText,
|
||||||
Required: true,
|
Required: false,
|
||||||
})
|
})
|
||||||
|
|
||||||
// add given name field
|
// add given name field
|
||||||
form.Schema.AddField(&schema.SchemaField{
|
form.Schema.AddField(&schema.SchemaField{
|
||||||
Name: "givenName",
|
Name: "givenName",
|
||||||
Type: schema.FieldTypeText,
|
Type: schema.FieldTypeText,
|
||||||
Required: true,
|
Required: false,
|
||||||
})
|
})
|
||||||
|
|
||||||
// add account expires field
|
// add account expires field
|
||||||
|
@ -173,6 +173,13 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
|
||||||
Required: false,
|
Required: false,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// add account expires field
|
||||||
|
form.Schema.AddField(&schema.SchemaField{
|
||||||
|
Name: "REALM",
|
||||||
|
Type: schema.FieldTypeDate,
|
||||||
|
Required: true,
|
||||||
|
})
|
||||||
|
|
||||||
// add groups field
|
// add groups field
|
||||||
form.Schema.AddField(&schema.SchemaField{
|
form.Schema.AddField(&schema.SchemaField{
|
||||||
Name: "memberOf",
|
Name: "memberOf",
|
||||||
|
@ -186,8 +193,9 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
|
||||||
|
|
||||||
// create index on username
|
// create index on username
|
||||||
form.Indexes = types.JsonArray[string]{
|
form.Indexes = types.JsonArray[string]{
|
||||||
"CREATE UNIQUE INDEX idx_ldapUsers_cn ON " + ldapGroupsTableName + " (cn)",
|
"CREATE UNIQUE INDEX idx_users_username ON " + ldapGroupsTableName + " (username, REALM)", // username must be unique for each realm
|
||||||
"CREATE UNIQUE INDEX idx_ldapUsers_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
|
"CREATE UNIQUE INDEX idx_users_cn ON " + ldapGroupsTableName + " (cn)",
|
||||||
|
"CREATE UNIQUE INDEX idx_users_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
|
||||||
}
|
}
|
||||||
|
|
||||||
return form.Submit()
|
return form.Submit()
|
||||||
|
|
Loading…
Reference in New Issue