LDAP: Fixing sync issues (#19446)

The arching goal of this commit is to enable single user synchronisation with LDAP. Also, it included minor fixes of style, error messages and minor bug fixing. The changes are: - bug: The `multildap` package has its own errors when the user is not found. We fixed the conditional branch on this error by asserting on the `multildap` errors as opposed to the `ldap` one - bug: The previous interface usage of `RevokeAllUserTokens` did not work as expected. This replaces the manual injection of the service by leveraging the service injected as part of the `server` struct. - chore: Better error messages around not finding the user in LDAP. - fix: Enable the single sync button and disable it when we receive an error from LDAP. Please note, that you can enable it by dispatching the error. This allows you to try again without having to reload the page. - fix: Move the sync info to the top, then move the sync button above that information and clearfix to have more harmony with the UI.
2025-07-29 15:42:06 +08:00 · 2019-11-07 14:31:44 +01:00
parent 9de1fa0213
commit e4afc8d518
4 changed files with 32 additions and 39 deletions
--- a/pkg/api/ldap_debug_test.go
+++ b/pkg/api/ldap_debug_test.go
@ -1,7 +1,6 @@
 package api

 import (
-	"context"
 	"errors"
 	"net/http"
 	"net/http/httptest"
@ -9,6 +8,7 @@ import (

 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/services/auth"
 	"github.com/grafana/grafana/pkg/services/ldap"
 	"github.com/grafana/grafana/pkg/services/multildap"
 	"github.com/grafana/grafana/pkg/setting"
@ -20,9 +20,6 @@ type LDAPMock struct {
 	Results []*models.ExternalUserInfo
 }

-type TokenServiceMock struct {
-}
-
 var userSearchResult *models.ExternalUserInfo
 var userSearchConfig ldap.ServerConfig
 var userSearchError error
@ -46,10 +43,6 @@ func (m *LDAPMock) User(login string) (*models.ExternalUserInfo, ldap.ServerConf
 	return userSearchResult, userSearchConfig, userSearchError
 }

-func (ts *TokenServiceMock) RevokeAllUserTokens(ctx context.Context, userId int64) error {
-	return nil
-}
-
 //***
 // GetUserFromLDAP tests
 //***
@ -391,7 +384,7 @@ func postSyncUserWithLDAPContext(t *testing.T, requestURL string) *scenarioConte
 	setting.LDAPEnabled = true
 	defer func() { setting.LDAPEnabled = ldap }()

-	hs := &HTTPServer{Cfg: setting.NewCfg()}
+	hs := &HTTPServer{Cfg: setting.NewCfg(), AuthTokenService: auth.NewFakeUserAuthTokenService()}

 	sc.defaultHandler = Wrap(func(c *models.ReqContext) Response {
 		sc.context = c
@ -490,7 +483,7 @@ func TestPostSyncUserWithLDAPAPIEndpoint_WhenGrafanaAdmin(t *testing.T) {
 		return &LDAPMock{}
 	}

-	userSearchError = ldap.ErrCouldNotFindUser
+	userSearchError = multildap.ErrDidNotFindUser

 	admin := setting.AdminUser
 	setting.AdminUser = "ldap-daniel"
@ -516,7 +509,7 @@ func TestPostSyncUserWithLDAPAPIEndpoint_WhenGrafanaAdmin(t *testing.T) {

 	expected := `
 	{
-		"error": "Can't find user in LDAP",
+		"error": "Did not find a user",
 		"message": "Refusing to sync grafana super admin \"ldap-daniel\" - it would be disabled"
 	}
 	`
@ -529,8 +522,6 @@ func TestPostSyncUserWithLDAPAPIEndpoint_WhenUserNotInLDAP(t *testing.T) {
 		return &ldap.Config{}, nil
 	}

-	tokenService = &TokenServiceMock{}
-
 	newLDAP = func(_ []*ldap.ServerConfig) multildap.IMultiLDAP {
 		return &LDAPMock{}
 	}
@ -563,11 +554,11 @@ func TestPostSyncUserWithLDAPAPIEndpoint_WhenUserNotInLDAP(t *testing.T) {

 	sc := postSyncUserWithLDAPContext(t, "/api/admin/ldap/sync/34")

-	assert.Equal(t, http.StatusOK, sc.resp.Code)
+	assert.Equal(t, http.StatusBadRequest, sc.resp.Code)

 	expected := `
 	{
-		"message": "User disabled without any updates in the information"
+		"message": "User not found in LDAP. Disabled the user without updating information"
 	}
 	`