- bool result = ldapAuth(username, password);
- if (!result)
- {
- return UserId();
- }
-
- // If auth succeeds, but the user has not logged into quassel previously, make
- // a new user for them and return that ID.
- // Users created via LDAP have empty usernames.
- UserId quasselID = Core::validateUser(username, QString());
- if (!quasselID.isValid())
- {
- return Core::addUser(username, QString());
- }
- return quasselID;
+ bool result = ldapAuth(username, password);
+ if (!result) {
+ return UserId();
+ }
+
+ // LDAP is case-insensitive, thus we will lowercase the username, in spite of
+ // a better solution :(
+ const QString lUsername = username.toLower();
+
+ // If auth succeeds, but the user has not logged into quassel previously, make
+ // a new user for them and return that ID.
+ // Users created via LDAP have empty passwords, but authenticator column = LDAP.
+ // On the other hand, if auth succeeds and the user already exists, do a final
+ // cross-check to confirm we're using the right auth provider.
+ UserId quasselId = Core::validateUser(lUsername, QString());
+ if (!quasselId.isValid()) {
+ return Core::addUser(lUsername, QString(), backendId());
+ }
+ else if (!(Core::checkAuthProvider(quasselId, backendId()))) {
+ return 0;
+ }
+ return quasselId;