chore: remove temp lint file

fix: ensure unix socket shutdown doesn't run twice
tests: use filepath join instead of path join
2026-05-12 07:18:11 +00:00 · 2026-05-10 16:04:22 +03:00 · 2026-05-10 16:03:39 +03:00 · 2026-05-09 17:18:58 +03:00 · 2026-05-09 17:00:02 +03:00 · 2026-05-09 14:00:58 +03:00
7 changed files with 11 additions and 24 deletions
@@ -38,6 +38,6 @@ jobs:
          retention-days: 5

      - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
+        uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4
        with:
          sarif_file: results.sarif
@@ -65,7 +65,7 @@ Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You ma

 A big thank you to the following people for providing me with more coffee:

-<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="64px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/Lancelot-Enguerrand"><img src="https:&#x2F;&#x2F;github.com&#x2F;Lancelot-Enguerrand.png" width="64px" alt="User avatar: Lancelot-Enguerrand" /></a>&nbsp;&nbsp;<a href="https://github.com/allgoewer"><img src="https:&#x2F;&#x2F;github.com&#x2F;allgoewer.png" width="64px" alt="User avatar: allgoewer" /></a>&nbsp;&nbsp;<a href="https://github.com/NEANC"><img src="https:&#x2F;&#x2F;github.com&#x2F;NEANC.png" width="64px" alt="User avatar: NEANC" /></a>&nbsp;&nbsp;<a href="https://github.com/ax-mad"><img src="https:&#x2F;&#x2F;github.com&#x2F;ax-mad.png" width="64px" alt="User avatar: ax-mad" /></a>&nbsp;&nbsp;<a href="https://github.com/stegratech"><img src="https:&#x2F;&#x2F;github.com&#x2F;stegratech.png" width="64px" alt="User avatar: stegratech" /></a>&nbsp;&nbsp;<a href="https://github.com/apearson"><img src="https:&#x2F;&#x2F;github.com&#x2F;apearson.png" width="64px" alt="User avatar: apearson" /></a>&nbsp;&nbsp;<!-- sponsors -->
+<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="64px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/Lancelot-Enguerrand"><img src="https:&#x2F;&#x2F;github.com&#x2F;Lancelot-Enguerrand.png" width="64px" alt="User avatar: Lancelot-Enguerrand" /></a>&nbsp;&nbsp;<a href="https://github.com/allgoewer"><img src="https:&#x2F;&#x2F;github.com&#x2F;allgoewer.png" width="64px" alt="User avatar: allgoewer" /></a>&nbsp;&nbsp;<a href="https://github.com/NEANC"><img src="https:&#x2F;&#x2F;github.com&#x2F;NEANC.png" width="64px" alt="User avatar: NEANC" /></a>&nbsp;&nbsp;<a href="https://github.com/ax-mad"><img src="https:&#x2F;&#x2F;github.com&#x2F;ax-mad.png" width="64px" alt="User avatar: ax-mad" /></a>&nbsp;&nbsp;<a href="https://github.com/stegratech"><img src="https:&#x2F;&#x2F;github.com&#x2F;stegratech.png" width="64px" alt="User avatar: stegratech" /></a>&nbsp;&nbsp;<!-- sponsors -->

 ## Acknowledgements

@@ -189,9 +189,6 @@ func (controller *UserController) loginHandler(c *gin.Context) {

 	if search.Type == model.UserLDAP {
 		sessionCookie.Provider = "ldap"
-		if search.Email != "" {
-			sessionCookie.Email = search.Email
-		}
 	}

 	cookie, err := controller.auth.CreateSession(c, sessionCookie)
@@ -160,12 +160,7 @@ func (m *ContextMiddleware) cookieAuth(ctx context.Context, uuid string) (*model

 		userContext.LDAP.Groups = user.Groups
 		userContext.LDAP.Name = utils.Capitalize(userContext.LDAP.Username)
-
 		userContext.LDAP.Email = utils.CompileUserEmail(userContext.LDAP.Username, m.runtime.CookieDomain)
-		if search.Email != "" {
-			userContext.LDAP.Email = search.Email
-		}
-
 	case model.ProviderOAuth:
 		_, exists := m.broker.GetService(userContext.OAuth.ID)

@@ -243,15 +238,11 @@ func (m *ContextMiddleware) basicAuth(username string, password string) (*model.
 			BaseContext: model.BaseContext{
 				Username: username,
 				Name:     utils.Capitalize(username),
+				Email:    utils.CompileUserEmail(username, m.runtime.CookieDomain),
 			},
 			Groups: user.Groups,
 		}
 		userContext.Provider = model.ProviderLDAP
-
-		userContext.LDAP.Email = utils.CompileUserEmail(username, m.runtime.CookieDomain)
-		if search.Email != "" {
-			userContext.LDAP.Email = search.Email
-		}
 	}

 	userContext.Authenticated = true
@@ -21,6 +21,5 @@ type LocalUser struct {

 type UserSearch struct {
 	Username string
-	Email    string // used for LDAP, we can't throw it to LDAPUser because it would need another cache or an LDAP lookup every time
 	Type     UserSearchType
 }
@@ -130,7 +130,7 @@ func (auth *AuthService) SearchUser(username string) (*model.UserSearch, error)
 	}

 	if auth.ldap != nil {
-		userDN, email, err := auth.ldap.GetUserInfo(username)
+		userDN, err := auth.ldap.GetUserDN(username)

 		if err != nil {
 			return nil, fmt.Errorf("failed to get ldap user: %w", err)
@@ -138,7 +138,6 @@ func (auth *AuthService) SearchUser(username string) (*model.UserSearch, error)

 		return &model.UserSearch{
 			Username: userDN,
-			Email:    email,
 			Type:     model.UserLDAP,
 		}, nil
 	}
@@ -134,7 +134,8 @@ func (ldap *LdapService) connect() (*ldapgo.Conn, error) {
 	return ldap.conn, nil
 }

-func (ldap *LdapService) GetUserInfo(username string) (dn string, email string, err error) {
+func (ldap *LdapService) GetUserDN(username string) (string, error) {
+	// Escape the username to prevent LDAP injection
 	escapedUsername := ldapgo.EscapeFilter(username)
 	filter := fmt.Sprintf(ldap.config.LDAP.SearchFilter, escapedUsername)

@@ -142,7 +143,7 @@ func (ldap *LdapService) GetUserInfo(username string) (dn string, email string,
 		ldap.config.LDAP.BaseDN,
 		ldapgo.ScopeWholeSubtree, ldapgo.NeverDerefAliases, 0, 0, false,
 		filter,
-		[]string{"dn", "mail"},
+		[]string{"dn"},
 		nil,
 	)

@@ -151,15 +152,15 @@ func (ldap *LdapService) GetUserInfo(username string) (dn string, email string,

 	searchResult, err := ldap.conn.Search(searchRequest)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	if len(searchResult.Entries) != 1 {
-		return "", "", fmt.Errorf("multiple or no entries found for user %s", username)
+		return "", fmt.Errorf("multiple or no entries found for user %s", username)
 	}

-	entry := searchResult.Entries[0]
-	return entry.DN, entry.GetAttributeValue("mail"), nil
+	userDN := searchResult.Entries[0].DN
+	return userDN, nil
 }

 func (ldap *LdapService) GetUserGroups(userDN string) ([]string, error) {
Author	SHA1	Message	Date
Stavros	d38784715d	chore: remove temp lint file	2026-05-10 16:04:22 +03:00
Stavros	11b6155b9e	fix: ensure unix socket shutdown doesn't run twice	2026-05-10 16:03:39 +03:00
Stavros	e739aa8fd0	tests: use filepath join instead of path join	2026-05-09 17:18:58 +03:00
Stavros	d5009070e3	fix: coderabbit comments	2026-05-09 17:00:02 +03:00
Stavros	548d97fa62	tests: fix don't try to test logger with char size	2026-05-09 14:00:58 +03:00
Stavros	3d9c81d7a0	fix: assign public key correctly in oidc server	2026-05-09 13:56:28 +03:00
Stavros	4e760e8397	feat: add option to enable or disable concurrent listeners	2026-05-09 13:52:49 +03:00
Stavros	02b48aa165	fix: fix typos	2026-05-09 13:42:44 +03:00
Stavros	886f9a84d6	tests: fix context tests	2026-05-09 13:38:04 +03:00
Stavros	74aca0f521	tests: fix service tests	2026-05-09 13:34:34 +03:00
Stavros	a76141a99d	tests: fix middleware tests	2026-05-09 13:32:08 +03:00
Stavros	c7e9fade03	tests: use require instead of assert where previous step is required	2026-05-09 13:28:22 +03:00
Stavros	9fccb63097	tests: fix controller tests	2026-05-09 13:17:35 +03:00
Stavros	8c8d56f87c	refactor: simplify middleware, controller and service init	2026-05-09 12:24:10 +03:00
Stavros	71ddfbbdba	feat: use sync groups for better cancellation	2026-05-08 18:08:27 +03:00
Stavros	b73a9db061	fix: improve logging in routines	2026-05-08 17:43:20 +03:00
Stavros	0958c3b864	refactor: rework cli logging	2026-05-08 17:22:21 +03:00
Stavros	e214d6d8d4	refactor: rework logging and cancellation in services	2026-05-08 17:18:39 +03:00
Stavros	55b53c77bf	refactor: rework logging and config in middlewares	2026-05-08 16:42:49 +03:00
Stavros	112a30f6b2	refactor: rework logging and config in controllers	2026-05-08 16:39:01 +03:00
Stavros	592c221b2d	refactor: use one struct for context handling and cancellation	2026-05-07 22:31:51 +03:00
Stavros	cc357f35ef	feat: add new logger	2026-05-07 19:14:05 +03:00