refactor: remove init functions from methods

Dockerfile

@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.2.18-alpine AS frontend-builder
+FROM oven/bun:1.2.17-alpine AS frontend-builder
 
 WORKDIR /frontend
 

cmd/root.go

@@ -13,7 +13,6 @@ import (
 	"tinyauth/internal/docker"
 	"tinyauth/internal/handlers"
 	"tinyauth/internal/hooks"
-	"tinyauth/internal/ldap"
 	"tinyauth/internal/providers"
 	"tinyauth/internal/server"
 	"tinyauth/internal/types"
@@ -59,6 +58,10 @@ var rootCmd = &cobra.Command{
 		users, err := utils.GetUsers(config.Users, config.UsersFile)
 		HandleError(err, "Failed to parse users")
 
+		if len(users) == 0 && !utils.OAuthConfigured(config) {
+			HandleError(errors.New("no users or OAuth configured"), "No users or OAuth configured")
+		}
+
 		// Get domain
 		log.Debug().Msg("Getting domain")
 		domain, err := utils.GetUpperDomain(config.AppURL)
@@ -140,35 +143,8 @@ var rootCmd = &cobra.Command{
 		docker, err := docker.NewDocker()
 		HandleError(err, "Failed to initialize docker")
 
-		// Create LDAP service if configured
-		var ldapService *ldap.LDAP
-
-		if config.LdapAddress != "" {
-			log.Info().Msg("Using LDAP for authentication")
-
-			ldapConfig := types.LdapConfig{
-				Address:      config.LdapAddress,
-				BindDN:       config.LdapBindDN,
-				BindPassword: config.LdapBindPassword,
-				BaseDN:       config.LdapBaseDN,
-				Insecure:     config.LdapInsecure,
-				SearchFilter: config.LdapSearchFilter,
-			}
-
-			// Create LDAP service
-			ldapService, err = ldap.NewLDAP(ldapConfig)
-			HandleError(err, "Failed to create LDAP service")
-		} else {
-			log.Info().Msg("LDAP not configured, using local users or OAuth")
-		}
-
-		// Check if we have any users configured
-		if len(users) == 0 && !utils.OAuthConfigured(config) && ldapService == nil {
-			HandleError(errors.New("err no users"), "Unable to find a source of users")
-		}
-
 		// Create auth service
-		auth := auth.NewAuth(authConfig, docker, ldapService)
+		auth := auth.NewAuth(authConfig, docker)
 
 		// Create OAuth providers service
 		providers := providers.NewProviders(oauthConfig)
@@ -245,12 +221,6 @@ func init() {
 	rootCmd.Flags().String("app-title", "Tinyauth", "Title of the app.")
 	rootCmd.Flags().String("forgot-password-message", "You can reset your password by changing the `USERS` environment variable.", "Message to show on the forgot password page.")
 	rootCmd.Flags().String("background-image", "/background.jpg", "Background image URL for the login page.")
-	rootCmd.Flags().String("ldap-address", "", "LDAP server address (e.g. ldap://localhost:389).")
-	rootCmd.Flags().String("ldap-bind-dn", "", "LDAP bind DN (e.g. uid=user,dc=example,dc=com).")
-	rootCmd.Flags().String("ldap-bind-password", "", "LDAP bind password.")
-	rootCmd.Flags().String("ldap-base-dn", "", "LDAP base DN (e.g. dc=example,dc=com).")
-	rootCmd.Flags().Bool("ldap-insecure", false, "Skip certificate verification for the LDAP server.")
-	rootCmd.Flags().String("ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup.")
 
 	// Bind flags to environment
 	viper.BindEnv("port", "PORT")
@@ -286,12 +256,6 @@ func init() {
 	viper.BindEnv("login-max-retries", "LOGIN_MAX_RETRIES")
 	viper.BindEnv("forgot-password-message", "FORGOT_PASSWORD_MESSAGE")
 	viper.BindEnv("background-image", "BACKGROUND_IMAGE")
-	viper.BindEnv("ldap-address", "LDAP_ADDRESS")
-	viper.BindEnv("ldap-bind-dn", "LDAP_BIND_DN")
-	viper.BindEnv("ldap-bind-password", "LDAP_BIND_PASSWORD")
-	viper.BindEnv("ldap-base-dn", "LDAP_BASE_DN")
-	viper.BindEnv("ldap-insecure", "LDAP_INSECURE")
-	viper.BindEnv("ldap-search-filter", "LDAP_SEARCH_FILTER")
 
 	// Bind flags to viper
 	viper.BindPFlags(rootCmd.Flags())

frontend/src/pages/login-page.tsx

@@ -162,9 +162,9 @@ export const LoginPage = () => {
           />
         )}
         {configuredProviders.length == 0 && (
-          <p className="text-center text-red-600 max-w-sm">
+          <h3 className="text-center text-xl text-red-600">
             {t("failedToFetchProvidersTitle")}
-          </p>
+          </h3>
         )}
       </CardContent>
     </Card>

go.mod

@@ -16,13 +16,11 @@ require (
 )
 
 require (
-	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
 	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
-	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
@@ -62,7 +60,6 @@ require (
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/gin-contrib/sse v1.0.0 // indirect
-	github.com/go-ldap/ldap/v3 v3.4.11
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect

go.sum

@@ -1,13 +1,9 @@
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
-github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
@@ -94,10 +90,6 @@ github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E
 github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
 github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
 github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
-github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
-github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
-github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -134,22 +126,8 @@ github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzq
 github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
-github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
-github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
-github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
-github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
-github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
-github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg=
-github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo=
-github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o=
-github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
-github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8=
-github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
-github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
-github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=

internal/auth/auth.go

@@ -7,7 +7,6 @@ import (
 	"sync"
 	"time"
 	"tinyauth/internal/docker"
-	"tinyauth/internal/ldap"
 	"tinyauth/internal/types"
 	"tinyauth/internal/utils"
 
@@ -23,10 +22,9 @@ type Auth struct {
 	LoginAttempts map[string]*types.LoginAttempt
 	LoginMutex    sync.RWMutex
 	Store         *sessions.CookieStore
-	LDAP          *ldap.LDAP
 }
 
-func NewAuth(config types.AuthConfig, docker *docker.Docker, ldap *ldap.LDAP) *Auth {
+func NewAuth(config types.AuthConfig, docker *docker.Docker) *Auth {
 	// Create cookie store
 	store := sessions.NewCookieStore([]byte(config.HMACSecret), []byte(config.EncryptionSecret))
 
@@ -44,7 +42,6 @@ func NewAuth(config types.AuthConfig, docker *docker.Docker, ldap *ldap.LDAP) *A
 		Docker:        docker,
 		LoginAttempts: make(map[string]*types.LoginAttempt),
 		Store:         store,
-		LDAP:          ldap,
 	}
 }
 
@@ -71,97 +68,14 @@ func (auth *Auth) GetSession(c *gin.Context) (*sessions.Session, error) {
 	return session, nil
 }
 
-func (auth *Auth) SearchUser(username string) types.UserSearch {
+func (auth *Auth) GetUser(username string) *types.User {
 	// Loop through users and return the user if the username matches
-	log.Debug().Str("username", username).Msg("Searching for user")
-
-	if auth.GetLocalUser(username).Username != "" {
-		log.Debug().Str("username", username).Msg("Found local user")
-
-		// If user found, return a user with the username and type "local"
-		return types.UserSearch{
-			Username: username,
-			Type:     "local",
-		}
-	}
-
-	// If no user found, check LDAP
-	if auth.LDAP != nil {
-		log.Debug().Str("username", username).Msg("Checking LDAP for user")
-
-		userDN, err := auth.LDAP.Search(username)
-		if err != nil {
-			log.Warn().Err(err).Str("username", username).Msg("Failed to find user in LDAP")
-			return types.UserSearch{}
-		}
-
-		// If user found in LDAP, return a user with the DN as username
-		return types.UserSearch{
-			Username: userDN,
-			Type:     "ldap",
-		}
-	}
-
-	return types.UserSearch{}
-}
-
-func (auth *Auth) VerifyUser(search types.UserSearch, password string) bool {
-	// Authenticate the user based on the type
-	switch search.Type {
-	case "local":
-		// Get local user
-		user := auth.GetLocalUser(search.Username)
-
-		// Check if password is correct
-		return auth.CheckPassword(user, password)
-	case "ldap":
-		// If LDAP is configured, bind to the LDAP server with the user DN and password
-		if auth.LDAP != nil {
-			log.Debug().Str("username", search.Username).Msg("Binding to LDAP for user authentication")
-
-			// Bind to the LDAP server
-			err := auth.LDAP.Bind(search.Username, password)
-			if err != nil {
-				log.Warn().Err(err).Str("username", search.Username).Msg("Failed to bind to LDAP")
-				return false
-			}
-
-			// If bind is successful, rebind with the LDAP bind user
-			err = auth.LDAP.Bind(auth.LDAP.Config.BindDN, auth.LDAP.Config.BindPassword)
-			if err != nil {
-				log.Error().Err(err).Msg("Failed to rebind with service account after user authentication")
-				// Consider closing the connection or creating a new one
-				return false
-			}
-
-			log.Debug().Str("username", search.Username).Msg("LDAP authentication successful")
-
-			// Return true if the bind was successful
-			return true
-		}
-	default:
-		log.Warn().Str("type", search.Type).Msg("Unknown user type for authentication")
-		return false
-	}
-
-	// If no user found or authentication failed, return false
-	log.Warn().Str("username", search.Username).Msg("User authentication failed")
-	return false
-}
-
-func (auth *Auth) GetLocalUser(username string) types.User {
-	// Loop through users and return the user if the username matches
-	log.Debug().Str("username", username).Msg("Searching for local user")
-
 	for _, user := range auth.Config.Users {
 		if user.Username == username {
-			return user
+			return &user
 		}
 	}
-
+	return nil
-	// If no user found, return an empty user
-	log.Warn().Str("username", username).Msg("Local user not found")
-	return types.User{}
 }
 
 func (auth *Auth) CheckPassword(user types.User, password string) bool {
@@ -361,7 +275,7 @@ func (auth *Auth) GetSessionCookie(c *gin.Context) (types.SessionCookie, error)
 
 func (auth *Auth) UserAuthConfigured() bool {
 	// If there are users, return true
-	return len(auth.Config.Users) > 0 || auth.LDAP != nil
+	return len(auth.Config.Users) > 0
 }
 
 func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, labels types.Labels) bool {

internal/auth/auth_test.go

@@ -18,7 +18,7 @@ func TestLoginRateLimiting(t *testing.T) {
 	// Initialize a new auth service with 3 max retries and 5 seconds timeout
 	config.LoginMaxRetries = 3
 	config.LoginTimeout = 5
-	authService := auth.NewAuth(config, &docker.Docker{}, nil)
+	authService := auth.NewAuth(config, &docker.Docker{})
 
 	// Test identifier
 	identifier := "test_user"
@@ -62,7 +62,7 @@ func TestLoginRateLimiting(t *testing.T) {
 	// Reinitialize auth service with a shorter timeout for testing
 	config.LoginTimeout = 1
 	config.LoginMaxRetries = 3
-	authService = auth.NewAuth(config, &docker.Docker{}, nil)
+	authService = auth.NewAuth(config, &docker.Docker{})
 
 	// Add enough failed attempts to lock the account
 	for i := 0; i < 3; i++ {
@@ -87,7 +87,7 @@ func TestLoginRateLimiting(t *testing.T) {
 	t.Log("Testing disabled rate limiting")
 	config.LoginMaxRetries = 0
 	config.LoginTimeout = 0
-	authService = auth.NewAuth(config, &docker.Docker{}, nil)
+	authService = auth.NewAuth(config, &docker.Docker{})
 
 	for i := 0; i < 10; i++ {
 		authService.RecordLoginAttempt(identifier, false)
@@ -103,7 +103,7 @@ func TestConcurrentLoginAttempts(t *testing.T) {
 	// Initialize a new auth service with 2 max retries and 5 seconds timeout
 	config.LoginMaxRetries = 2
 	config.LoginTimeout = 5
-	authService := auth.NewAuth(config, &docker.Docker{}, nil)
+	authService := auth.NewAuth(config, &docker.Docker{})
 
 	// Test multiple identifiers
 	identifiers := []string{"user1", "user2", "user3"}

internal/handlers/handlers.go

@@ -362,13 +362,11 @@ func (h *Handlers) LoginHandler(c *gin.Context) {
 		return
 	}
 
-	// Search for a user based on username
+	// Get user based on username
-	userSearch := h.Auth.SearchUser(login.Username)
+	user := h.Auth.GetUser(login.Username)
-
-	log.Debug().Interface("userSearch", userSearch).Msg("Searching for user")
 
 	// User does not exist
-	if userSearch.Type == "" {
+	if user == nil {
 		log.Debug().Str("username", login.Username).Msg("User not found")
 		// Record failed login attempt
 		h.Auth.RecordLoginAttempt(rateIdentifier, false)
@@ -382,7 +380,7 @@ func (h *Handlers) LoginHandler(c *gin.Context) {
 	log.Debug().Msg("Got user")
 
 	// Check if password is correct
-	if !h.Auth.VerifyUser(userSearch, login.Password) {
+	if !h.Auth.CheckPassword(*user, login.Password) {
 		log.Debug().Str("username", login.Username).Msg("Password incorrect")
 		// Record failed login attempt
 		h.Auth.RecordLoginAttempt(rateIdentifier, false)
@@ -398,34 +396,28 @@ func (h *Handlers) LoginHandler(c *gin.Context) {
 	// Record successful login attempt (will reset failed attempt counter)
 	h.Auth.RecordLoginAttempt(rateIdentifier, true)
 
-	// Check if user is using TOTP
+	// Check if user has totp enabled
-	if userSearch.Type == "local" {
+	if user.TotpSecret != "" {
-		// Get local user
+		log.Debug().Msg("Totp enabled")
-		localUser := h.Auth.GetLocalUser(login.Username)
 
-		// Check if TOTP is enabled
+		// Set totp pending cookie
-		if localUser.TotpSecret != "" {
+		h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-			log.Debug().Msg("Totp enabled")
+			Username:    login.Username,
+			Name:        utils.Capitalize(login.Username),
+			Email:       fmt.Sprintf("%s@%s", strings.ToLower(login.Username), h.Config.Domain),
+			Provider:    "username",
+			TotpPending: true,
+		})
 
-			// Set totp pending cookie
+		// Return totp required
-			h.Auth.CreateSessionCookie(c, &types.SessionCookie{
+		c.JSON(200, gin.H{
-				Username:    login.Username,
+			"status":      200,
-				Name:        utils.Capitalize(login.Username),
+			"message":     "Waiting for totp",
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(login.Username), h.Config.Domain),
+			"totpPending": true,
-				Provider:    "username",
+		})
-				TotpPending: true,
-			})
 
-			// Return totp required
+		// Stop further processing
-			c.JSON(200, gin.H{
+		return
-				"status":      200,
-				"message":     "Waiting for totp",
-				"totpPending": true,
-			})
-
-			// Stop further processing
-			return
-		}
 	}
 
 	// Create session cookie with username as provider
@@ -477,7 +469,17 @@ func (h *Handlers) TotpHandler(c *gin.Context) {
 	}
 
 	// Get user
-	user := h.Auth.GetLocalUser(userContext.Username)
+	user := h.Auth.GetUser(userContext.Username)
+
+	// Check if user exists
+	if user == nil {
+		log.Debug().Msg("User not found")
+		c.JSON(401, gin.H{
+			"status":  401,
+			"message": "Unauthorized",
+		})
+		return
+	}
 
 	// Check if totp is correct
 	ok := totp.Validate(totpReq.Code, user.TotpSecret)

internal/hooks/hooks.go

@@ -35,49 +35,30 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 	if basic != nil {
 		log.Debug().Msg("Got basic auth")
 
-		// Search for a user based on username
+		// Get user
-		userSearch := hooks.Auth.SearchUser(basic.Username)
+		user := hooks.Auth.GetUser(basic.Username)
 
-		if userSearch.Type == "" {
+		// Check we have a user
+		if user == nil {
 			log.Error().Str("username", basic.Username).Msg("User does not exist")
 
 			// Return empty context
 			return types.UserContext{}
 		}
 
-		// Verify the user
+		// Check if the user has a correct password
-		if !hooks.Auth.VerifyUser(userSearch, basic.Password) {
+		if hooks.Auth.CheckPassword(*user, basic.Password) {
-			log.Error().Str("username", basic.Username).Msg("Password incorrect")
+			// Return user context since we are logged in with basic auth
-
-			// Return empty context
-			return types.UserContext{}
-		}
-
-		// Get the user type
-		if userSearch.Type == "ldap" {
-			log.Debug().Msg("User is LDAP")
-
 			return types.UserContext{
 				Username:    basic.Username,
 				Name:        utils.Capitalize(basic.Username),
 				Email:       fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain),
 				IsLoggedIn:  true,
 				Provider:    "basic",
-				TotpEnabled: false,
+				TotpEnabled: user.TotpSecret != "",
 			}
 		}
 
-		user := hooks.Auth.GetLocalUser(basic.Username)
-
-		return types.UserContext{
-			Username:    basic.Username,
-			Name:        utils.Capitalize(basic.Username),
-			Email:       fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain),
-			IsLoggedIn:  true,
-			Provider:    "basic",
-			TotpEnabled: user.TotpSecret != "",
-		}
-
 	}
 
 	// Check cookie error after basic auth
@@ -104,25 +85,18 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 	if cookie.Provider == "username" {
 		log.Debug().Msg("Provider is username")
 
-		// Search for the user with the username
+		// Check if user exists
-		userSearch := hooks.Auth.SearchUser(cookie.Username)
+		if hooks.Auth.GetUser(cookie.Username) != nil {
+			log.Debug().Msg("User exists")
 
-		if userSearch.Type == "" {
+			// It exists so we are logged in
-			log.Error().Str("username", cookie.Username).Msg("User does not exist")
+			return types.UserContext{
-
+				Username:   cookie.Username,
-			// Return empty context
+				Name:       cookie.Name,
-			return types.UserContext{}
+				Email:      cookie.Email,
-		}
+				IsLoggedIn: true,
-
+				Provider:   "username",
-		log.Debug().Str("type", userSearch.Type).Msg("User exists")
+			}
-
-		// It exists so we are logged in
-		return types.UserContext{
-			Username:   cookie.Username,
-			Name:       cookie.Name,
-			Email:      cookie.Email,
-			IsLoggedIn: true,
-			Provider:   "username",
 		}
 	}
 

internal/ldap/ldap.go

@@ -1,77 +0,0 @@
-package ldap
-
-import (
-	"crypto/tls"
-	"fmt"
-	"tinyauth/internal/types"
-
-	ldapgo "github.com/go-ldap/ldap/v3"
-)
-
-type LDAP struct {
-	Config types.LdapConfig
-	Conn   *ldapgo.Conn
-	BaseDN string
-}
-
-func NewLDAP(config types.LdapConfig) (*LDAP, error) {
-	// Connect to the LDAP server
-	conn, err := ldapgo.DialURL(config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
-		InsecureSkipVerify: config.Insecure,
-		MinVersion:         tls.VersionTLS12,
-	}))
-	if err != nil {
-		return nil, err
-	}
-
-	// Bind to the LDAP server with the provided credentials
-	err = conn.Bind(config.BindDN, config.BindPassword)
-	if err != nil {
-		return nil, err
-	}
-
-	return &LDAP{
-		Config: config,
-		Conn:   conn,
-		BaseDN: config.BaseDN,
-	}, nil
-}
-
-func (l *LDAP) Search(username string) (string, error) {
-	// Escape the username to prevent LDAP injection
-	escapedUsername := ldapgo.EscapeFilter(username)
-	filter := fmt.Sprintf(l.Config.SearchFilter, escapedUsername)
-
-	// Create a search request to find the user by username
-	searchRequest := ldapgo.NewSearchRequest(
-		l.BaseDN,
-		ldapgo.ScopeWholeSubtree, ldapgo.NeverDerefAliases, 0, 0, false,
-		filter,
-		[]string{"dn"},
-		nil,
-	)
-
-	// Perform the search
-	searchResult, err := l.Conn.Search(searchRequest)
-	if err != nil {
-		return "", err
-	}
-
-	if len(searchResult.Entries) != 1 {
-		return "", fmt.Errorf("err multiple or no entries found for user %s", username)
-	}
-
-	// User found, return the distinguished name (DN)
-	userDN := searchResult.Entries[0].DN
-
-	return userDN, nil
-}
-
-func (l *LDAP) Bind(userDN string, password string) error {
-	// Bind to the LDAP server with the user's DN and password
-	err := l.Conn.Bind(userDN, password)
-	if err != nil {
-		return err
-	}
-	return nil
-}

internal/server/server_test.go

@@ -84,7 +84,7 @@ func getServer(t *testing.T) *server.Server {
 			Password: user.Password,
 		},
 	}
-	auth := auth.NewAuth(authConfig, docker, nil)
+	auth := auth.NewAuth(authConfig, docker)
 
 	// Create providers service
 	providers := providers.NewProviders(types.OAuthConfig{})

internal/types/config.go

@@ -36,12 +36,6 @@ type Config struct {
 	LoginMaxRetries         int    `mapstructure:"login-max-retries"`
 	FogotPasswordMessage    string `mapstructure:"forgot-password-message" validate:"required"`
 	BackgroundImage         string `mapstructure:"background-image" validate:"required"`
-	LdapAddress             string `mapstructure:"ldap-address"`
-	LdapBindDN              string `mapstructure:"ldap-bind-dn"`
-	LdapBindPassword        string `mapstructure:"ldap-bind-password"`
-	LdapBaseDN              string `mapstructure:"ldap-base-dn"`
-	LdapInsecure            bool   `mapstructure:"ldap-insecure"`
-	LdapSearchFilter        string `mapstructure:"ldap-search-filter"`
 }
 
 // Server configuration
@@ -128,13 +122,3 @@ type Labels struct {
 	OAuth   OAuthLabels
 	IP      IPLabels
 }
-
-// Ldap config is a struct that contains the configuration for the LDAP service
-type LdapConfig struct {
-	Address      string
-	BindDN       string
-	BindPassword string
-	BaseDN       string
-	Insecure     bool
-	SearchFilter string
-}

internal/types/types.go

@@ -12,12 +12,6 @@ type User struct {
 	TotpSecret string
 }
 
-// UserSearch is the response of the get user
-type UserSearch struct {
-	Username string
-	Type     string // "local", "ldap" or empty
-}
-
 // Users is a list of users
 type Users []User