Trying to fix various issues

connector/ldap/ldap.go

@@ -188,16 +188,17 @@ func parseScope(s string) (int, bool) {
 // Function exists here to allow backward compatibility between old and new
 // group to user matching implementations.
 // See "Config.GroupSearch.UserMatchers" comments for the details
-func (c *ldapConnector) userMatchers() []UserMatcher {
+func userMatchers(c *Config, logger log.Logger) []UserMatcher {
 	if len(c.GroupSearch.UserMatchers) > 0 && c.GroupSearch.UserMatchers[0].UserAttr != "" {
-		return c.GroupSearch.UserMatchers[:]
-	} else {
-		return []UserMatcher{
-			{
-				UserAttr:  c.GroupSearch.UserAttr,
-				GroupAttr: c.GroupSearch.GroupAttr,
-			},
-		}
+		return c.GroupSearch.UserMatchers
+	}
+
+	log.Deprecated(logger, `LDAP: use groupSearch.userMatchers option instead of "userAttr/groupAttr" fields.`)
+	return []UserMatcher{
+		{
+			UserAttr:  c.GroupSearch.UserAttr,
+			GroupAttr: c.GroupSearch.GroupAttr,
+		},
 	}
 }
 
@@ -425,7 +426,7 @@ func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.E
 		},
 	}
 
-	for _, matcher := range c.userMatchers() {
+	for _, matcher := range c.GroupSearch.UserMatchers {
 		req.Attributes = append(req.Attributes, matcher.UserAttr)
 	}
 
@@ -582,19 +583,13 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
 	}
 
 	var groups []*ldap.Entry
-	for _, matcher := range c.userMatchers() {
-		for _, attr := range getAttrs(user, matcher.UserAttr) {
+	for _, matcher := range c.GroupSearch.UserMatchers {
+		for _, attr := range c.getAttrs(user, matcher.UserAttr) {
 			filter := fmt.Sprintf("(%s=%s)", matcher.GroupAttr, ldap.EscapeFilter(attr))
 			if c.GroupSearch.Filter != "" {
 				filter = fmt.Sprintf("(&%s%s)", c.GroupSearch.Filter, filter)
 			}
 
-			req := &ldap.SearchRequest{
-				BaseDN:     c.GroupSearch.BaseDN,
-				Filter:     filter,
-				Scope:      c.groupSearchScope,
-				Attributes: []string{c.GroupSearch.NameAttr},
-			}
 			req := &ldap.SearchRequest{
 				BaseDN:     c.GroupSearch.BaseDN,
 				Filter:     filter,
@@ -622,26 +617,6 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
 			}
 		}
 	}
-			gotGroups := false
-			if err := c.do(ctx, func(conn *ldap.Conn) error {
-				c.logger.Infof("performing ldap search %s %s %s",
-					req.BaseDN, scopeString(req.Scope), req.Filter)
-				resp, err := conn.Search(req)
-				if err != nil {
-					return fmt.Errorf("ldap: search failed: %v", err)
-				}
-				gotGroups = len(resp.Entries) != 0
-				groups = append(groups, resp.Entries...)
-				return nil
-			}); err != nil {
-				return nil, err
-			}
-			if !gotGroups {
-				// TODO(ericchiang): Is this going to spam the logs?
-				c.logger.Errorf("ldap: groups search with filter %q returned no groups", filter)
-			}
-		}
-	}
 
 	groupNames := make([]string, 0, len(groups))
 	for _, group := range groups {

server/handlers.go

@@ -305,6 +305,17 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// getTrueIPAddress takes two values: the immediate remoteAddress of the connection
+// and the X-Real-IP header. Either the real ip header will be taken or the remote
+// address (which usually does not work well).
+func (s *Server) getTrueIPAddress(realIP, remoteAddress string) string {
+	if realIP != "" {
+		return realIP
+	} else {
+		return remoteAddress
+	}
+}
+
 func (s *Server) handlePasswordLogin(w http.ResponseWriter, r *http.Request) {
 	authID := r.URL.Query().Get("state")
 	if authID == "" {

storage/couchbase/couchbase.go

@@ -515,3 +515,35 @@ func (c *conn) GarbageCollect(now time.Time) (result storage.GCResult, err error
 	// nothing here, becuase an expiry time is set for the authrequest and authcode documents using touch
 	return
 }
+
+func (c *conn) CreateDeviceRequest(d storage.DeviceRequest) error {
+	return nil
+}
+func (c *conn) CreateDeviceToken(t storage.DeviceToken) error {
+	return nil
+}
+
+func (c *conn) GetDeviceRequest(userCode string) (storage.DeviceRequest, error) {
+	return storage.DeviceRequest{
+		UserCode:     "",
+		DeviceCode:   "",
+		ClientID:     "",
+		ClientSecret: "",
+		Scopes:       nil,
+		Expiry:       time.Time{},
+	}, nil
+}
+func (c *conn) GetDeviceToken(deviceCode string) (storage.DeviceToken, error) {
+	return storage.DeviceToken{
+		DeviceCode:          "",
+		Status:              "",
+		Token:               "",
+		Expiry:              time.Time{},
+		LastRequestTime:     time.Time{},
+		PollIntervalSeconds: 0,
+		PKCE:                storage.PKCE{},
+	}, nil
+}
+func (c *conn) UpdateDeviceToken(deviceCode string, updater func(old storage.DeviceToken) (storage.DeviceToken, error)) error {
+	return nil
+}

storage/sql/crud.go

@@ -1001,7 +1001,7 @@ func (c *conn) UpdateDeviceToken(deviceCode string, updater func(old storage.Dev
 		_, err = tx.Exec(`
 			update device_token
 			set
-				status = $1, 
+				status = $1,
 				token = $2,
 				last_request = $3,
 				poll_interval = $4,