Fix "user has been dropped" issue

2024-11-19 06:01:57 +00:00 · 2020-10-03 17:31:02 +04:00 · 2020-10-03 17:31:02 +04:00 · 82475088f9
commit 82475088f9
parent 76aee5e5bb
2 changed files with 5 additions and 16 deletions
--- a/src/Access/LDAPAccessStorage.cpp
+++ b/src/Access/LDAPAccessStorage.cpp
@ -29,11 +29,11 @@ LDAPAccessStorage::LDAPAccessStorage(const String & storage_name_, AccessControl

 void LDAPAccessStorage::setConfiguration(AccessControlManager * access_control_manager_, const Poco::Util::AbstractConfiguration & config, const String & prefix)
 {
+    std::scoped_lock lock(mutex);
+
    // TODO: switch to passing config as a ConfigurationView and remove this extra prefix once a version of Poco with proper implementation is available.
    const String prefix_str = (prefix.empty() ? "" : prefix + ".");

-    std::scoped_lock lock(mutex);
-
    const bool has_server = config.has(prefix_str + "server");
    const bool has_roles = config.has(prefix_str + "roles");

@ -235,21 +235,10 @@ UUID LDAPAccessStorage::loginImpl(const String & user_name, const String & passw
        auto id = memory_storage.find<User>(user_name);
        if (id)
        {
-            // We try to re-authenticate the existing user, and if not successful, we will remove it, since that would mean
-            // something changed and the user we authenticated previously cannot be authenticated anymore.
            auto user = memory_storage.tryRead<User>(*id);
-            try
-            {
            if (user && isAddressAllowedImpl(*user, address) && isPasswordCorrectImpl(*user, password, external_authenticators))
                return *id;
        }
-            catch (...)
-            {
-                memory_storage.remove(*id);
-                throw;
-            }
-            memory_storage.remove(*id);
-        }
        else
        {
            // User does not exist, so we create one, and will add it if authentication is successful.
--- a/src/Access/LDAPClient.cpp
+++ b/src/Access/LDAPClient.cpp
@ -284,7 +284,7 @@ bool LDAPSimpleAuthClient::check()
    std::scoped_lock lock(ldap_global_mutex);

    if (params.user.empty())
-        throw Exception("LDAP authentication of a user with an empty name is not allowed", ErrorCodes::BAD_ARGUMENTS);
+        throw Exception("LDAP authentication of a user with empty name is not allowed", ErrorCodes::BAD_ARGUMENTS);

    if (params.password.empty())
        return false; // Silently reject authentication attempt if the password is empty as if it didn't match.