Fix LDAP login: ensure password encoding and include user in response

- Fix password encoding: Convert password to UTF-8 bytes for LDAP protocol compatibility
- Add 'user' field to TokenResponse schema for frontend compatibility
- Update login endpoint to populate user object in response
- Resolves 'Invalid Protocol Password' error on LDAP login attempts

The issue was that frontend expected response.user but backend only returned
individual fields (user_id, username, role), causing localStorage assignment to fail.
This commit is contained in:
2026-04-26 13:13:55 +03:00
parent 904e3442b0
commit 51716faf87
5 changed files with 22 additions and 17 deletions

View File

@@ -67,7 +67,9 @@ def authenticate_ldap(username, password):
user_dn = config["user_template"].format(username=safe_username_rdn)
log.debug(f"LDAP: Attempting bind for DN: {user_dn}")
conn = ldap3.Connection(server, user=user_dn, password=password, auto_bind=True)
# [FIX] Ensure password is UTF-8 encoded for LDAP protocol
password_bytes = password.encode('utf-8') if isinstance(password, str) else password
conn = ldap3.Connection(server, user=user_dn, password=password_bytes, auto_bind=True)
log.debug(f"LDAP: Bind successful for {user_dn}")
# Search for the user to get their CANONICAL DN
@@ -250,7 +252,8 @@ def login(request: Request, form_data: schemas.UserLogin, db: Session = Depends(
token_type="bearer",
user_id=user.id,
username=user.username,
role=user.role
role=user.role,
user=schemas.User(id=user.id, username=user.username, role=user.role, origin=user.origin)
)

View File

@@ -42,3 +42,4 @@ class TokenResponse(BaseModel):
user_id: int
username: str
role: str
user: Optional['User'] = None # For frontend compatibility