From 5777f65d05a8dc141c34e470ef1d5fe956f8173c Mon Sep 17 00:00:00 2001 From: Utkarsh Bhatnagar Date: Tue, 13 Dec 2016 00:15:52 -0800 Subject: [PATCH] Basic Auth now supports LDAP username and password (#6940) --- docs/sources/http_api/auth.md | 2 +- pkg/middleware/middleware.go | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/sources/http_api/auth.md b/docs/sources/http_api/auth.md index becc3758830..aaeda1105b1 100644 --- a/docs/sources/http_api/auth.md +++ b/docs/sources/http_api/auth.md @@ -18,7 +18,7 @@ Currently you can authenticate via an `API Token` or via a `Session cookie` (acq ## Basic Auth If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via -standard basic auth. +standard basic auth. Basic auth will also authenticate LDAP users. curl example: ``` diff --git a/pkg/middleware/middleware.go b/pkg/middleware/middleware.go index 7a64656b0ee..4b59fada62e 100644 --- a/pkg/middleware/middleware.go +++ b/pkg/middleware/middleware.go @@ -9,6 +9,7 @@ import ( "github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/components/apikeygen" "github.com/grafana/grafana/pkg/log" + l "github.com/grafana/grafana/pkg/login" "github.com/grafana/grafana/pkg/metrics" m "github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/setting" @@ -137,6 +138,7 @@ func initContextWithApiKey(ctx *Context) bool { } func initContextWithBasicAuth(ctx *Context) bool { + if !setting.BasicAuthEnabled { return false } @@ -160,9 +162,9 @@ func initContextWithBasicAuth(ctx *Context) bool { user := loginQuery.Result - // validate password - if util.EncodePassword(password, user.Salt) != user.Password { - ctx.JsonApiErr(401, "Invalid username or password", nil) + loginUserQuery := l.LoginUserQuery{Username: username, Password: password, User: user} + if err := bus.Dispatch(&loginUserQuery); err != nil { + ctx.JsonApiErr(401, "Invalid username or password", err) return true }