Core: only try local auth if a user has the "database" auth provider set
This commit attempts to resolve issue #1501; currently, quassel will
always attempt to do local authentication, and *then* try LDAP auth. This
makes it difficult to migrate a core from local auth to LDAP auth; users
who have local passwords can always use those passwords to log in, and there
is not a simple way to migrate them to non-local auth.
There is an "authenticator" column in the database for each user, but it
is currently only used to stop passwords from being changed for LDAP users.
This commit modifies the login flow to first check that database field--
if authenticator is not "Database", we don't try local authentication and
proceed directly to non-local authentication.
This is a bit clumsy-- I added a method to the core to look up a user's
authenticator by string. But there's no way to map that to the actual
authenticator object, because we only store one configured authenticator
per core-- so we then just check if that authenticator is "Database" or
not. I think this is something that should be improved in the future,
but as a quick fix to #1501 this is probably good enough.
projects / quassel.git / commit