feat: allow multiple auth sources per user (#500,#477) (#612)

* feat: allow multiple auth sources per user (#500,#477) * only override isAdmin flag if it is provided by the authentication source
2026-01-29 06:36:24 +00:00 · 2026-01-21 22:22:22 +01:00
parent d2fe267be7
commit e0f6c1d04b
44 changed files with 1158 additions and 798 deletions
--- a/internal/app/auth/auth_ldap.go
+++ b/internal/app/auth/auth_ldap.go
@@ -127,18 +127,26 @@ func (l LdapAuthenticator) GetUserInfo(_ context.Context, userId domain.UserIden

 // ParseUserInfo parses the user information from the LDAP server into a domain.AuthenticatorUserInfo struct.
 func (l LdapAuthenticator) ParseUserInfo(raw map[string]any) (*domain.AuthenticatorUserInfo, error) {
-	isAdmin, err := internal.LdapIsMemberOf(raw[l.cfg.FieldMap.GroupMembership].([][]byte), l.cfg.ParsedAdminGroupDN)
-	if err != nil {
-		return nil, fmt.Errorf("failed to check admin group: %w", err)
+	isAdmin := false
+	adminInfoAvailable := false
+	if l.cfg.FieldMap.GroupMembership != "" {
+		adminInfoAvailable = true
+		var err error
+		isAdmin, err = internal.LdapIsMemberOf(raw[l.cfg.FieldMap.GroupMembership].([][]byte), l.cfg.ParsedAdminGroupDN)
+		if err != nil {
+			return nil, fmt.Errorf("failed to check admin group: %w", err)
+		}
 	}
+
 	userInfo := &domain.AuthenticatorUserInfo{
-		Identifier: domain.UserIdentifier(internal.MapDefaultString(raw, l.cfg.FieldMap.UserIdentifier, "")),
-		Email:      internal.MapDefaultString(raw, l.cfg.FieldMap.Email, ""),
-		Firstname:  internal.MapDefaultString(raw, l.cfg.FieldMap.Firstname, ""),
-		Lastname:   internal.MapDefaultString(raw, l.cfg.FieldMap.Lastname, ""),
-		Phone:      internal.MapDefaultString(raw, l.cfg.FieldMap.Phone, ""),
-		Department: internal.MapDefaultString(raw, l.cfg.FieldMap.Department, ""),
-		IsAdmin:    isAdmin,
+		Identifier:         domain.UserIdentifier(internal.MapDefaultString(raw, l.cfg.FieldMap.UserIdentifier, "")),
+		Email:              internal.MapDefaultString(raw, l.cfg.FieldMap.Email, ""),
+		Firstname:          internal.MapDefaultString(raw, l.cfg.FieldMap.Firstname, ""),
+		Lastname:           internal.MapDefaultString(raw, l.cfg.FieldMap.Lastname, ""),
+		Phone:              internal.MapDefaultString(raw, l.cfg.FieldMap.Phone, ""),
+		Department:         internal.MapDefaultString(raw, l.cfg.FieldMap.Department, ""),
+		IsAdmin:            isAdmin,
+		AdminInfoAvailable: adminInfoAvailable,
 	}

 	return userInfo, nil