Fix LDAP auth: user never updated if inactive

2024-05-10 07:54:54 +00:00 · 2022-10-14 17:00:20 +02:00
parent 658c9347f3
commit 174ba6cf0f
1 changed files with 10 additions and 8 deletions
--- a/netbox/netbox/api/authentication.py
+++ b/netbox/netbox/api/authentication.py
@ -58,22 +58,24 @@ class TokenAuthentication(authentication.TokenAuthentication):
        if token.is_expired:
            raise exceptions.AuthenticationFailed("Token expired")

-        if not token.user.is_active:
-            raise exceptions.AuthenticationFailed("User inactive")
-
+        user = token.user
        # When LDAP authentication is active try to load user data from LDAP directory
        if settings.REMOTE_AUTH_BACKEND == 'netbox.authentication.LDAPBackend':
            from netbox.authentication import LDAPBackend
            ldap_backend = LDAPBackend()

            # Load from LDAP if FIND_GROUP_PERMS is active
-            if ldap_backend.settings.FIND_GROUP_PERMS:
-                user = ldap_backend.populate_user(token.user.username)
+            # Always query LDAP when user is not active, otherwise it is never activated again
+            if ldap_backend.settings.FIND_GROUP_PERMS or not token.user.is_active:
+                ldap_user = ldap_backend.populate_user(token.user.username)
                # If the user is found in the LDAP directory use it, if not fallback to the local user
-                if user:
-                    return user, token
+                if ldap_user:
+                    user = ldap_user

-        return token.user, token
+        if not user.is_active:
+            raise exceptions.AuthenticationFailed("User inactive")
+
+        return user, token


 class TokenPermissions(DjangoObjectPermissions):