From 048467e97da5daa062d69196b5ee5af2f9cf5a81 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 29 Aug 2021 21:13:46 +0200 Subject: [PATCH] outpost/ldap: delay user information removal upon closing of connection Signed-off-by: Jens Langhammer --- internal/outpost/ldap/close.go | 32 ++++++++++++++++++++++++++ internal/outpost/ldap/instance_bind.go | 21 ----------------- internal/outpost/ldap/ldap.go | 1 + 3 files changed, 33 insertions(+), 21 deletions(-) create mode 100644 internal/outpost/ldap/close.go diff --git a/internal/outpost/ldap/close.go b/internal/outpost/ldap/close.go new file mode 100644 index 000000000..7fc8989cd --- /dev/null +++ b/internal/outpost/ldap/close.go @@ -0,0 +1,32 @@ +package ldap + +import ( + "net" + "time" +) + +func (ls *LDAPServer) Close(boundDN string, conn net.Conn) error { + for _, p := range ls.providers { + p.delayDeleteUserInfo(boundDN) + } + return nil +} + +func (pi *ProviderInstance) delayDeleteUserInfo(dn string) { + ticker := time.NewTicker(30 * time.Second) + quit := make(chan struct{}) + go func() { + for { + select { + case <-ticker.C: + pi.boundUsersMutex.Lock() + delete(pi.boundUsers, dn) + pi.boundUsersMutex.Unlock() + close(quit) + case <-quit: + ticker.Stop() + return + } + } + }() +} diff --git a/internal/outpost/ldap/instance_bind.go b/internal/outpost/ldap/instance_bind.go index 83a364c03..d0df7c2a2 100644 --- a/internal/outpost/ldap/instance_bind.go +++ b/internal/outpost/ldap/instance_bind.go @@ -4,7 +4,6 @@ import ( "context" "errors" "strings" - "time" "github.com/getsentry/sentry-go" goldap "github.com/go-ldap/ldap/v3" @@ -83,7 +82,6 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes } uisp.Finish() defer pi.boundUsersMutex.Unlock() - pi.delayDeleteUserInfo(username) return ldap.LDAPResultSuccess, nil } @@ -100,25 +98,6 @@ func (pi *ProviderInstance) SearchAccessCheck(user api.UserSelf) *string { return nil } -func (pi *ProviderInstance) delayDeleteUserInfo(dn string) { - ticker := time.NewTicker(30 * time.Second) - quit := make(chan struct{}) - go func() { - for { - select { - case <-ticker.C: - pi.boundUsersMutex.Lock() - delete(pi.boundUsers, dn) - pi.boundUsersMutex.Unlock() - close(quit) - case <-quit: - ticker.Stop() - return - } - } - }() -} - func (pi *ProviderInstance) TimerFlowCacheExpiry() { fe := outpost.NewFlowExecutor(context.Background(), pi.flowSlug, pi.s.ac.Client.GetConfig(), log.Fields{}) fe.Params.Add("goauthentik.io/outpost/ldap", "true") diff --git a/internal/outpost/ldap/ldap.go b/internal/outpost/ldap/ldap.go index ebfa0e3c0..be3bf8709 100644 --- a/internal/outpost/ldap/ldap.go +++ b/internal/outpost/ldap/ldap.go @@ -83,5 +83,6 @@ func NewServer(ac *ak.APIController) *LDAPServer { ls.defaultCert = &defaultCert s.BindFunc("", ls) s.SearchFunc("", ls) + s.CloseFunc("", ls) return ls }