feat: fix LDAP filter condition will return nil if error happened (#3604)

2025-05-22 18:25:47 +08:00 · 2025-02-21 13:09:39 +08:00 · 2025-02-21 13:09:39 +08:00 · d78e8e9776
commit d78e8e9776
parent d61f9a1856
2 changed files with 12 additions and 7 deletions
--- a/ldap/util.go
+++ b/ldap/util.go
@ -185,12 +185,9 @@ func buildUserFilterCondition(filter interface{}) (builder.Cond, error) {
 		attr := string(f.AttributeDesc())

 		if attr == ldapMemberOfAttr {
-			groupId := string(f.AssertionValue())
-			users, err := object.GetGroupUsers(groupId)
-			if err != nil {
-				return nil, err
-			}
 			var names []string
+			groupId := string(f.AssertionValue())
+			users := object.GetGroupUsersWithoutError(groupId)
 			for _, user := range users {
 				names = append(names, user.Name)
 			}
@ -249,7 +246,7 @@ func buildSafeCondition(filter interface{}) builder.Cond {
 	condition, err := buildUserFilterCondition(filter)
 	if err != nil {
 		log.Printf("err = %v", err.Error())
-		return nil
+		return builder.And(builder.Expr("1 != 1"))
 	}
 	return condition
 }
--- a/object/group.go
+++ b/object/group.go
@ -302,7 +302,10 @@ func GetPaginationGroupUsers(groupId string, offset, limit int, field, value, so

 func GetGroupUsers(groupId string) ([]*User, error) {
 	users := []*User{}
-	owner, _ := util.GetOwnerAndNameFromId(groupId)
+	owner, _, err := util.GetOwnerAndNameFromIdWithError(groupId)
+	if err != nil {
+		return nil, err
+	}
 	names, err := userEnforcer.GetUserNamesByGroupName(groupId)
 	if err != nil {
 		return nil, err
@ -314,6 +317,11 @@ func GetGroupUsers(groupId string) ([]*User, error) {
 	return users, nil
 }

+func GetGroupUsersWithoutError(groupId string) []*User {
+	users, _ := GetGroupUsers(groupId)
+	return users
+}
+
 func ExtendGroupWithUsers(group *Group) error {
 	if group == nil {
 		return nil