Adds UI integration (needs a lot more work)

frontend/src/metabase/auth/auth.js

@@ -6,6 +6,7 @@ import { push } from "react-router-redux";
 import MetabaseCookies from "metabase/lib/cookies";
 import MetabaseUtils from "metabase/lib/utils";
 import MetabaseAnalytics from "metabase/lib/analytics";
+import MetabaseSettings from "metabase/lib/settings.js";
 
 import { clearGoogleAuthCredentials } from "metabase/lib/auth";
 
@@ -19,12 +20,14 @@ export const LOGIN = "metabase/auth/LOGIN";
 export const login = createThunkAction(LOGIN, function(credentials, redirectUrl) {
     return async function(dispatch, getState) {
 
-        if (!MetabaseUtils.validEmail(credentials.email)) {
+        if (!MetabaseSettings.ldapEnabled() && !MetabaseUtils.validEmail(credentials.email)) {
             return {'data': {'errors': {'email': "Please enter a valid formatted email address."}}};
         }
 
         try {
-            let newSession = await SessionApi.create(credentials);
+            let newSession = MetabaseSettings.ldapEnabled()
+                ? await SessionApi.createWithLdap(credentials)
+                : await SessionApi.create(credentials);
 
             // since we succeeded, lets set the session cookie
             MetabaseCookies.setSessionCookie(newSession.id);

frontend/src/metabase/auth/containers/LoginApp.jsx

@@ -42,9 +42,11 @@ export default class LoginApp extends Component {
     validateForm() {
         let { credentials } = this.state;
 
-        let valid = true;
+        let valid = Settings.ldapEnabled()
+            ? !!credentials.username
+            : !!credentials.email;
 
-        if (!credentials.email || !credentials.password) {
+        if (!credentials.password) {
             valid = false;
         }
 
@@ -128,11 +130,19 @@ export default class LoginApp extends Component {
 
                             <FormMessage formError={loginError && loginError.data.message ? loginError : null} ></FormMessage>
 
-                            <FormField key="email" fieldName="email" formError={loginError}>
-                                <FormLabel title={"Email address"}  fieldName={"email"} formError={loginError} />
-                                <input className="Form-input Form-offset full py1" name="email" placeholder="youlooknicetoday@email.com" type="text" onChange={(e) => this.onChange("email", e.target.value)} autoFocus />
-                                <span className="Form-charm"></span>
-                            </FormField>
+                            { Settings.ldapEnabled() ? (
+                                <FormField key="username" fieldName="username" formError={loginError}>
+                                    <FormLabel title={"Username or Email address"}  fieldName={"username"} formError={loginError} />
+                                    <input className="Form-input Form-offset full py1" name="username" placeholder="youlooknicetoday@email.com" type="text" onChange={(e) => this.onChange("username", e.target.value)} autoFocus />
+                                    <span className="Form-charm"></span>
+                                </FormField>
+                            ) : (
+                                <FormField key="email" fieldName="email" formError={loginError}>
+                                    <FormLabel title={"Email address"}  fieldName={"email"} formError={loginError} />
+                                    <input className="Form-input Form-offset full py1" name="email" placeholder="youlooknicetoday@email.com" type="text" onChange={(e) => this.onChange("email", e.target.value)} autoFocus />
+                                    <span className="Form-charm"></span>
+                                </FormField>
+                            )}
 
                             <FormField key="password" fieldName="password" formError={loginError}>
                                 <FormLabel title={"Password"}  fieldName={"password"} formError={loginError} />
@@ -150,7 +160,9 @@ export default class LoginApp extends Component {
                                 <button className={cx("Button Grid-cell", {'Button--primary': this.state.valid})} disabled={!this.state.valid}>
                                     Sign in
                                 </button>
-                                <Link to={"/auth/forgot_password"+(this.state.credentials.email ? "?email="+this.state.credentials.email : "")} className="Grid-cell py2 sm-py0 text-grey-3 md-text-right text-centered flex-full link" onClick={(e) => { window.OSX ? window.OSX.resetPassword() : null }}>I seem to have forgotten my password</Link>
+                                { (!Settings.ldapEnabled()) &&
+                                    <Link to={"/auth/forgot_password"+(this.state.credentials.email ? "?email="+this.state.credentials.email : "")} className="Grid-cell py2 sm-py0 text-grey-3 md-text-right text-centered flex-full link" onClick={(e) => { window.OSX ? window.OSX.resetPassword() : null }}>I seem to have forgotten my password</Link>
+                                }
                             </div>
                         </form>
                     </div>

frontend/src/metabase/lib/settings.js

@@ -51,6 +51,10 @@ const MetabaseSettings = {
         return mb_settings.google_auth_client_id != null;
     },
 
+    ldapEnabled: function() {
+        return mb_settings.ldap_configured;
+    },
+
     newVersionAvailable: function(settings) {
         let versionInfo = _.findWhere(settings, {key: "version-info"}),
             currentVersion = MetabaseSettings.get("version").tag;

frontend/src/metabase/services.js

@@ -172,6 +172,7 @@ export const LabelApi = {
 export const SessionApi = {
     create:                     POST("/api/session"),
     createWithGoogleAuth:       POST("/api/session/google_auth"),
+    createWithLdap:             POST("/api/session/ldap_auth"),
     delete:                   DELETE("/api/session"),
     properties:                  GET("/api/session/properties"),
     forgot_password:            POST("/api/session/forgot_password"),

src/metabase/api/session.clj

@@ -38,6 +38,7 @@
 
 (def ^:private login-throttlers
   {:email      (throttle/make-throttler :email)
+   :username   (throttle/make-throttler :username)
    :ip-address (throttle/make-throttler :email, :attempts-threshold 50)}) ; IP Address doesn't have an actual UI field so just show error by email
 
 (defendpoint POST "/"
@@ -220,8 +221,7 @@
   "The password to bind with.")
 
 (defsetting ldap-base
-  "Search base for users."
-  :default "")
+  "Search base for users.")
 
 (defsetting ldap-user-filter
   "Filter to use for looking up a specific user, the placeholder {login} will be replaced by the user supplied value."
@@ -273,16 +273,15 @@
 
 (defendpoint POST "/ldap_auth"
   "Login with LDAP auth."
-  [:as {{:keys [email password]} :body, remote-address :remote-addr}]
-  {email    su/Email
+  [:as {{:keys [username password]} :body, remote-address :remote-addr}]
+  {username su/NonBlankString
    password su/NonBlankString}
   (throttle/check (login-throttlers :ip-address) remote-address)
-  (throttle/check (login-throttlers :email)      email)
-  (let [user (ldap-auth-user-info email password)]
-    (when (nil? user)
-      (throw (ex-info "Password did not match stored password." {:status-code 400
-                                                                 :errors      {:password "did not match stored password"}})))
-    (ldap-auth-fetch-or-create-user! (:first-name user) (:last-name user) (:email user))))
+  (throttle/check (login-throttlers :username)   username)
+  (if-let [{:keys [first-name last-name email]} (ldap-auth-user-info username password)]
+    (ldap-auth-fetch-or-create-user! first-name last-name email)
+    (throw (ex-info "Password did not match stored password." {:status-code 400
+                                                               :errors      {:password "did not match stored password"}}))))
 
 
 (define-routes)

src/metabase/public_settings.clj

@@ -119,6 +119,7 @@
    :engines               ((resolve 'metabase.driver/available-drivers))
    :ga_code               "UA-60817802-1"
    :google_auth_client_id (setting/get :google-auth-client-id)
+   :ldap_configured       ((resolve 'metabase.api.session/ldap-configured?))
    :has_sample_dataset    (db/exists? 'Database, :is_sample true)
    :map_tile_server_url   (map-tile-server-url)
    :password_complexity   password/active-password-complexity