From 1079fcfc32d6f4fd2ccc793aad042fdb446de20b Mon Sep 17 00:00:00 2001 From: Lars Kruse Date: Tue, 21 Jan 2025 23:05:42 +0100 Subject: [PATCH] fix re-usage of SSO-based accounts for LDAP login In pull request #6903 the SSO_LDAP_USE_SAME_UID field was introduced. But this change only took care for the following order of login actitivies: 1. login via LDAP -> account is created 2. login via SSO -> account is re-used The opposite order of login activities (first SSO, later LDAP) failed with the following error message: > [ERROR] seahub.base.accounts:1004 authenticate ldap user 123...789@auth.local not found. The introduction of SSO_LDAP_USE_SAME_UID lacked the fallback procedure from LDAP to SSO. This commit fixes that issue. --- seahub/base/accounts.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py index 5c3f4f5f2fa..4a80e0a3bc9 100644 --- a/seahub/base/accounts.py +++ b/seahub/base/accounts.py @@ -63,6 +63,8 @@ UNUSABLE_PASSWORD = '!' # This will never be a valid hash +SSO_LDAP_USE_SAME_UID = getattr(settings, 'SSO_LDAP_USE_SAME_UID', False) + def default_ldap_role_mapping(role): return role @@ -964,6 +966,8 @@ def authenticate(self, ldap_user=None, password=None): # search user from ldap server try: auth_user = SocialAuthUser.objects.filter(username=ldap_user, provider=LDAP_PROVIDER).first() + if not auth_user and SSO_LDAP_USE_SAME_UID: + auth_user = SocialAuthUser.objects.filter(username=ldap_user).first() if auth_user: login_attr = auth_user.uid else: @@ -977,6 +981,8 @@ def authenticate(self, ldap_user=None, password=None): except Exception as e: if ENABLE_MULTI_LDAP: auth_user = SocialAuthUser.objects.filter(username=ldap_user, provider=MULTI_LDAP_1_PROVIDER).first() + if not auth_user and SSO_LDAP_USE_SAME_UID: + auth_user = SocialAuthUser.objects.filter(username=ldap_user).first() if auth_user: login_attr = auth_user.uid else: