From: Ben Rosser <rosser.bjr@gmail.com>
Date: Thu, 14 Feb 2019 16:28:02 +0000 (-0500)
Subject: Core: in LDAP authenticator, don't try database auth with blank password
X-Git-Tag: test-travis-01~53
X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=45645a28bdc5b6c1052b3e4cebf8cc80832d205a

Core: in LDAP authenticator, don't try database auth with blank password

In the LDAP authenticator, we were trying to do database auth against
the core with a blank password (QString()), after LDAP auth has succeeded.
This was done because there was not another way to retrieve a quassel
UserId object for a given string username.

However, if we want to support migrating a user from Database to LDAP
auth, this causes problems-- we'd need to set the password column to
whatever an empty QString() maps to in the hashing algorithm.

It seems much simpler to just add a new method to core.h to look up
a UserId object in the current storage provider when we pass it
a string username. Then we can just call that method in the LDAP
authenticator.
---

diff --git a/src/core/core.h b/src/core/core.h
index 994e473b..ef04b77d 100644
--- a/src/core/core.h
+++ b/src/core/core.h
@@ -127,7 +127,7 @@ public:
 
     //! Gets the authenticator configured for a user.
     /**
-     * \param userid The user's name as a QString.
+     * \param userName The user's name as a QString.
      * \return String value corresponding to the user's configure dauthenticator.
      */
     static inline QString getUserAuthenticator(const QString& userName)
@@ -135,6 +135,16 @@ public:
         return instance()->_storage->getUserAuthenticator(instance()->_storage->getUserId(userName));
     }
 
+    //! Gets the user ID mapped to a username. This is necessary so that non-database auth methods can log in users properly.
+    /**
+     * \param userName The user's name as a QString.
+     * \return userId  The user's ID.
+     */
+    static inline UserId getUserId(const QString& userName)
+    {
+        return instance()->_storage->getUserId(userName);
+    }
+
     //! Change a user's password
     /**
      * \param userId     The user's ID
diff --git a/src/core/ldapauthenticator.cpp b/src/core/ldapauthenticator.cpp
index 82ae5b46..02f927d0 100644
--- a/src/core/ldapauthenticator.cpp
+++ b/src/core/ldapauthenticator.cpp
@@ -128,7 +128,7 @@ UserId LdapAuthenticator::validateUser(const QString& username, const QString& p
     // Users created via LDAP have empty passwords, but authenticator column = LDAP.
     // On the other hand, if auth succeeds and the user already exists, do a final
     // cross-check to confirm we're using the right auth provider.
-    UserId quasselId = Core::validateUser(lUsername, QString());
+    UserId quasselId = Core::getUserId(lUsername);
     if (!quasselId.isValid()) {
         return Core::addUser(lUsername, QString(), backendId());
     }