feat: fix bug that unable to query webauthnCredentials when db is mssql or postgres in GetUserByWebauthID() (#3712 )

feat: Casdoor's LDAP client supports LDAP server's self-signed certificates now (#3709 )
feat: check application existence in object.AddUser() (#3686 )
2025-08-28 20:41:34 +08:00 · 2025-04-08 17:51:32 +08:00 · 2025-04-07 02:02:32 +08:00 · 2025-04-05 16:38:20 +08:00
6 changed files with 66 additions and 22 deletions
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -27,10 +27,10 @@ type LdapResp struct {
 	ExistUuids []string          `json:"existUuids"`
 }

-//type LdapRespGroup struct {
+// type LdapRespGroup struct {
 //	GroupId   string
 //	GroupName string
-//}
+// }

 type LdapSyncResp struct {
 	Exist  []object.LdapUser `json:"exist"`
@@ -61,18 +61,18 @@ func (c *ApiController) GetLdapUsers() {
 	}
 	defer conn.Close()

-	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
-	//if err != nil {
+	// groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
+	// if err != nil {
 	//  c.ResponseError(err.Error())
 	//	return
-	//}
+	// }

-	//for _, group := range groupsMap {
+	// for _, group := range groupsMap {
 	//	resp.Groups = append(resp.Groups, LdapRespGroup{
 	//		GroupId:   group.GidNumber,
 	//		GroupName: group.Cn,
 	//	})
-	//}
+	// }

 	users, err := conn.GetLdapUsers(ldapServer)
 	if err != nil {
@@ -269,7 +269,11 @@ func (c *ApiController) SyncLdapUsers() {
 		return
 	}

-	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)
+	exist, failed, err := object.SyncLdapUsers(owner, users, ldapId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}

 	c.ResponseOk(&LdapSyncResp{
 		Exist:  exist,
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -23,17 +23,18 @@ type Ldap struct {
 	Owner       string `xorm:"varchar(100)" json:"owner"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	ServerName   string   `xorm:"varchar(100)" json:"serverName"`
-	Host         string   `xorm:"varchar(100)" json:"host"`
-	Port         int      `xorm:"int" json:"port"`
-	EnableSsl    bool     `xorm:"bool" json:"enableSsl"`
-	Username     string   `xorm:"varchar(100)" json:"username"`
-	Password     string   `xorm:"varchar(100)" json:"password"`
-	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
-	Filter       string   `xorm:"varchar(200)" json:"filter"`
-	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
-	DefaultGroup string   `xorm:"varchar(100)" json:"defaultGroup"`
-	PasswordType string   `xorm:"varchar(100)" json:"passwordType"`
+	ServerName          string   `xorm:"varchar(100)" json:"serverName"`
+	Host                string   `xorm:"varchar(100)" json:"host"`
+	Port                int      `xorm:"int" json:"port"`
+	EnableSsl           bool     `xorm:"bool" json:"enableSsl"`
+	AllowSelfSignedCert bool     `xorm:"bool" json:"allowSelfSignedCert"`
+	Username            string   `xorm:"varchar(100)" json:"username"`
+	Password            string   `xorm:"varchar(100)" json:"password"`
+	BaseDn              string   `xorm:"varchar(100)" json:"baseDn"`
+	Filter              string   `xorm:"varchar(200)" json:"filter"`
+	FilterFields        []string `xorm:"varchar(100)" json:"filterFields"`
+	DefaultGroup        string   `xorm:"varchar(100)" json:"defaultGroup"`
+	PasswordType        string   `xorm:"varchar(100)" json:"passwordType"`

 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
@@ -150,7 +151,7 @@ func UpdateLdap(ldap *Ldap) (bool, error) {
 	}

 	affected, err := ormer.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group", "password_type").Update(ldap)
+		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group", "password_type", "allow_self_signed_cert").Update(ldap)
 	if err != nil {
 		return false, nil
 	}
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@@ -106,6 +106,12 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) e
 		}

 		existed, failed, err := SyncLdapUsers(ldap.Owner, AutoAdjustLdapUser(users), ldap.Id)
+		if err != nil {
+			conn.Close()
+			logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
+			continue
+		}
+
 		if len(failed) != 0 {
 			logs.Warning(fmt.Sprintf("ldap autosync,%d new users,but %d user failed during :", len(users)-len(existed)-len(failed), len(failed)), failed)
 			logs.Warning(err.Error())
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@@ -16,6 +16,7 @@ package object

 import (
 	"crypto/md5"
+	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -64,8 +65,11 @@ type LdapUser struct {

 func (ldap *Ldap) GetLdapConn() (c *LdapConn, err error) {
 	var conn *goldap.Conn
+	tlsConfig := tls.Config{
+		InsecureSkipVerify: ldap.AllowSelfSignedCert,
+	}
 	if ldap.EnableSsl {
-		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), &tlsConfig)
 	} else {
 		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
 	}
--- a/object/user.go
+++ b/object/user.go
@@ -461,7 +461,16 @@ func GetUserByEmail(owner string, email string) (*User, error) {

 func GetUserByWebauthID(webauthId string) (*User, error) {
 	user := User{}
-	existed, err := ormer.Engine.Where("webauthnCredentials LIKE ?", "%"+webauthId+"%").Get(&user)
+	existed := false
+	var err error
+
+	if ormer.driverName == "postgres" {
+		existed, err = ormer.Engine.Where(builder.Like{"\"webauthnCredentials\"", webauthId}).Get(&user)
+	} else if ormer.driverName == "mssql" {
+		existed, err = ormer.Engine.Where("CAST(webauthnCredentials AS VARCHAR(MAX)) like ?", "%"+webauthId+"%").Get(&user)
+	} else {
+		existed, err = ormer.Engine.Where("webauthnCredentials like ?", "%"+webauthId+"%").Get(&user)
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -834,6 +843,16 @@ func AddUser(user *User) (bool, error) {
 		return false, fmt.Errorf("the organization: %s is not found", user.Owner)
 	}

+	if user.Owner != "built-in" {
+		applicationCount, err := GetOrganizationApplicationCount(organization.Owner, organization.Name, "", "")
+		if err != nil {
+			return false, err
+		}
+		if applicationCount == 0 {
+			return false, fmt.Errorf("The organization: %s should have one application at least", organization.Owner)
+		}
+	}
+
 	if organization.DefaultPassword != "" && user.Password == "123" {
 		user.Password = organization.DefaultPassword
 	}
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -170,6 +170,16 @@ class LdapEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Allow self-signed certificate"), i18next.t("ldap:Allow self-signed certificate - Tooltip"))} :
+          </Col>
+          <Col span={21} >
+            <Switch checked={this.state.ldap.allowSelfSignedCert} onChange={checked => {
+              this.updateLdapField("allowSelfSignedCert", checked);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}}>
          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
            {Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :
Author	SHA1	Message	Date
DacongDA	b3bafe8402	feat: fix bug that unable to query webauthnCredentials when db is mssql or postgres in GetUserByWebauthID() (#3712 )	2025-04-08 17:51:32 +08:00
DacongDA	f04a431d85	feat: Casdoor's LDAP client supports LDAP server's self-signed certificates now (#3709 )	2025-04-07 02:02:32 +08:00
WindSpiritSR	952538916d	feat: check application existence in object.AddUser() (#3686 )	2025-04-05 16:38:20 +08:00