Updated LDAP to make it better

ldap.go

@@ -21,7 +21,7 @@ func ldapInit() {
 		},
 	})
 	registerSetting(settingModule{
-		Name:         "LDAP<sup>BETA</sup>",
+		Name:         "LDAP",
 		Desc:         "Allows external account access to system",
 		IconPath:     "SystemAO/advance/img/small_icon.png",
 		Group:        "Security",

mod/auth/ldap/ldap.go

@@ -139,9 +139,12 @@ func (ldap *ldapHandler) convertGroup(ldapUser *ldap.Entry) UserAccount {
 }
 
 func (ldap *ldapHandler) NightlySync() {
-	err := ldap.SynchronizeUserFromLDAP()
-	if err != nil {
-		log.Println(err)
+	checkLDAPenabled := ldap.readSingleConfig("enabled")
+	if checkLDAPenabled != "false" {
+		err := ldap.SynchronizeUserFromLDAP()
+		if err != nil {
+			log.Println(err)
+		}
 	}
 }
 

mod/auth/ldap/ldapreader/reader.go

@@ -28,7 +28,7 @@ func NewLDAPReader(username string, password string, server string, basedn strin
 }
 
 func (handler *LdapReader) GetUser(username string) (*ldap.Entry, error) {
-	returnVal, err := handler.retrieveInformation("uid="+username+","+handler.basedn, "(objectClass=person)", ldap.ScopeBaseObject, handler.username, handler.password)
+	returnVal, err := handler.retrieveInformation("uid="+username+","+handler.basedn, "(objectClass=person)", ldap.ScopeWholeSubtree, handler.username, handler.password)
 	if err != nil {
 		return nil, err
 	}
@@ -85,18 +85,13 @@ func (handler *LdapReader) retrieveInformation(dn string, filter string, typeOfS
 		nil,
 	)
 	result, err := ldapURL.Search(searchReq)
-	/*
-		if err == nil {
-			result.PrettyPrint(4)
-		}
-	*/
 	if err != nil {
-		return nil, fmt.Errorf("Search Error: %s", err)
+		return nil, fmt.Errorf("search Error: %s", err)
 	}
 
 	if len(result.Entries) > 0 {
 		return result.Entries, nil
 	} else {
-		return nil, fmt.Errorf("Couldn't fetch search entries")
+		return nil, fmt.Errorf("couldn't fetch search entries")
 	}
 }

mod/auth/ldap/web_admin.go

@@ -2,9 +2,11 @@ package ldap
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 	"regexp"
 	"strconv"
+	"strings"
 
 	"imuslab.com/arozos/mod/auth/ldap/ldapreader"
 	"imuslab.com/arozos/mod/common"
@@ -125,17 +127,15 @@ func (ldap *ldapHandler) TestConnection(w http.ResponseWriter, r *http.Request)
 	common.SendJSONResponse(w, string(accountJSON))
 }
 
-func (ldap *ldapHandler) checkCurrUserAdmin(w http.ResponseWriter, r *http.Request) bool {
+func (ldap *ldapHandler) checkCurrUserAdmin(w http.ResponseWriter, r *http.Request) (bool, error) {
 	//check current user is admin and new update will remove it or not
 	currentLoggedInUser, err := ldap.userHandler.GetUserInfoFromRequest(w, r)
 	if err != nil {
-		common.SendErrorResponse(w, "Error while getting user info")
-		return false
+		return false, err
 	}
 	ldapCurrUserInfo, err := ldap.ldapreader.GetUser(currentLoggedInUser.Username)
 	if err != nil {
-		common.SendErrorResponse(w, "Error while getting user info from LDAP")
-		return false
+		return false, errors.New(err.Error() + ", probably due to your account is not in the LDAP server")
 	}
 	isAdmin := false
 	//get the croups out from LDAP group list
@@ -153,19 +153,25 @@ func (ldap *ldapHandler) checkCurrUserAdmin(w http.ResponseWriter, r *http.Reque
 			}
 		}
 	}
-	return isAdmin
+	return isAdmin, nil
 }
 
 func (ldap *ldapHandler) SynchronizeUser(w http.ResponseWriter, r *http.Request) {
 	//check if suer is admin before executing the command
 	//if user is admin then check if user will lost him/her's admin access
-	consistencyCheck := ldap.checkCurrUserAdmin(w, r)
+	consistencyCheck, err := ldap.checkCurrUserAdmin(w, r)
+	if err != nil {
+		// escape " symbol manually
+		errorMsg := strings.ReplaceAll(err.Error(), "\"", "\\\"")
+		common.SendErrorResponse(w, errorMsg)
+		return
+	}
 	if !consistencyCheck {
 		common.SendErrorResponse(w, "You will no longer become the admin after synchronizing, synchronize terminated")
 		return
 	}
 
-	err := ldap.SynchronizeUserFromLDAP()
+	err = ldap.SynchronizeUserFromLDAP()
 	if err != nil {
 		common.SendErrorResponse(w, err.Error())
 		return

web/SystemAO/advance/ldap.html

@@ -59,7 +59,10 @@
                 <i class="key icon"></i>
                 <div class="content">
                     LDAP Access
-                    <div class="sub header">Allow external account to access ArozOS with LDAP</div>
+                    <div class="sub header">Allow external account to access ArozOS with LDAP
+                        <br>
+                        <i class="info circle icon"></i> Your current account MUST exist inside the LDAP server; otherwise synchronize function will not work properly.
+                    </div>
                 </div>
             </div>
         </div>
@@ -167,16 +170,30 @@
             $("#test_btn").text("Testing...");
             $.get("../../system/auth/ldap/config/testConnection")
                 .done(function(data) {
+                    $("#information").html("");
                     if (data.error != undefined) {
                         if (data.error != "") {
-                            alert(data.error);
+                            $("#information").append(`
+                            <tr>
+                                <td data-label="information" colspan="3">` + data.error + `</td>
+                            </tr>
+                        `);
+                            $("#testConnection").show("fast");
+                            $("#test_btn").text("Test connection");
+                            return;
                         }
                     }
                     if (data.userinfo == null) {
-                        alert("No entries was found");
+                        $("#information").append(`
+                            <tr>
+                                <td data-label="information" colspan="3">No entries was found.</td>
+                            </tr>
+                        `);
+                        $("#testConnection").show("fast");
+                        $("#test_btn").text("Test connection");
+                        return;
                     }
                     //OK!
-                    $("#information").html("");
                     $(data.userinfo).each(function(index, element) {
                         $("#information").append(`
                             <tr>