Basic Auth now supports LDAP username and password (#6940)

5777f65d · Utkarsh Bhatnagar · Torkel Ödegaard · 0841e841 · 5777f65d · 5777f65d
Commit 5777f65d authored Dec 13, 2016 by Utkarsh Bhatnagar Committed by Torkel Ödegaard Dec 13, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

docs/sources/http_api/auth.md
+1 -1

pkg/middleware/middleware.go
+5 -3

No files found.
--- a/docs/sources/http_api/auth.md
+++ b/docs/sources/http_api/auth.md
@@ -18,7 +18,7 @@ Currently you can authenticate via an `API Token` or via a `Session cookie` (acq
 ## Basic Auth

 If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via
-standard basic auth.
+standard basic auth. Basic auth will also authenticate LDAP users.

 curl example:
 ```

--- a/pkg/middleware/middleware.go
+++ b/pkg/middleware/middleware.go
@@ -9,6 +9,7 @@ import (
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/components/apikeygen"
 	"github.com/grafana/grafana/pkg/log"
+	l "github.com/grafana/grafana/pkg/login"
 	"github.com/grafana/grafana/pkg/metrics"
 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
@@ -137,6 +138,7 @@ func initContextWithApiKey(ctx *Context) bool {
 }

 func initContextWithBasicAuth(ctx *Context) bool {
+
 	if !setting.BasicAuthEnabled {
 		return false
 	}
@@ -160,9 +162,9 @@ func initContextWithBasicAuth(ctx *Context) bool {

 	user := loginQuery.Result

-	// validate password
-	if util.EncodePassword(password, user.Salt) != user.Password {
-		ctx.JsonApiErr(401, "Invalid username or password", nil)
+	loginUserQuery := l.LoginUserQuery{Username: username, Password: password, User: user}
+	if err := bus.Dispatch(&loginUserQuery); err != nil {
+		ctx.JsonApiErr(401, "Invalid username or password", err)
 		return true
 	}