More external ldap fixes after the test tests the correct thing

2021-10-26 18:04:25 +02:00
parent 26dbd50cf2
commit 50ff6b99e0
3 changed files with 8 additions and 12 deletions
--- a/src/routes/accesscontrol.js
+++ b/src/routes/accesscontrol.js
@@ -31,9 +31,9 @@ async function passwordAuth(req, res, next) {

    let [error, user] =  await safe(verifyFunc(username, password, users.AP_WEBADMIN));
    if (error && error.reason === BoxError.NOT_FOUND) {
-        [error, user] = await safe(externalLdap.maybeCreateUser(username.toLowerCase(), password));
+        [error, user] = await safe(externalLdap.maybeCreateUser(username.toLowerCase()));
        if (error) return next(new HttpError(401, 'Unauthorized'));
-        [error] = await safe(externalLdap.verifyPassword(user));
+        [error] = await safe(externalLdap.verifyPassword(user, password));
        if (error) return next(new HttpError(401, 'Unauthorized'));
    }
    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));