rawlinp commented on a change in pull request #6671:
URL: https://github.com/apache/trafficcontrol/pull/6671#discussion_r835676499
##########
File path: traffic_ops/traffic_ops_golang/auth/authorize.go
##########
@@ -197,15 +217,26 @@ func GetUserUcdn(form PasswordForm, db *sqlx.DB, ctx
context.Context) (string, e
func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, ctx
context.Context) (bool, error, error) {
var hashedPassword string
-
- err := db.GetContext(ctx, &hashedPassword, "SELECT local_passwd FROM
tm_user WHERE username=$1", form.Username)
- if err != nil {
- if err == context.DeadlineExceeded || err == context.Canceled {
- return false, nil, err
+ if usersCacheIsEnabled() {
+ u, exists := getUserFromCache(form.Username)
+ if !exists {
+ return false, fmt.Errorf("user '%s' not found in
cache", form.Username), nil
+ }
+ if u.LocalPasswd == nil {
+ return false, nil, nil
Review comment:
I don't think so, because this means the user doesn't have a local
password, which is normal behavior if a user is LDAP-only. The original code
(and non-usersCache path) will log this non-error, but I didn't feel like
correcting that path since it means checking a different sql error and making
that conditional more complex.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
