Feature: Add "Authentication Method" to allow existing users to sign in with LDAP (#2143)

* adds authentication method for users * fix db migration with postgres * tests for auth method * update migration ids * hide auth method on user creation form * (docs): Added documentation for the new authentication method * update migration * add to auto-form instead of having hidden fields
2026-01-28 19:43:11 -05:00 · 2023-02-26 13:12:16 -06:00
parent 39012adcc1
commit 2e6ad5da8e
24 changed files with 213 additions and 24 deletions
--- a/mealie/core/security/security.py
+++ b/mealie/core/security/security.py
@@ -6,6 +6,7 @@ from jose import jwt

 from mealie.core.config import get_app_settings
 from mealie.core.security.hasher import get_hasher
+from mealie.db.models.users.users import AuthMethod
 from mealie.repos.all_repositories import get_repositories
 from mealie.repos.repository_factory import AllRepositories
 from mealie.schema.user import PrivateUser
@@ -115,6 +116,7 @@ def user_from_ldap(db: AllRepositories, username: str, password: str) -> Private
                "full_name": full_name,
                "email": email,
                "admin": False,
+                "auth_method": AuthMethod.LDAP,
            },
        )

@@ -134,7 +136,7 @@ def authenticate_user(session, email: str, password: str) -> PrivateUser | bool:

    if not user:
        user = db.users.get_one(email, "username", any_case=True)
-    if settings.LDAP_AUTH_ENABLED and (not user or user.password == "LDAP"):
+    if settings.LDAP_AUTH_ENABLED and (not user or user.password == "LDAP" or user.auth_method == AuthMethod.LDAP):
        return user_from_ldap(db, email, password)
    if not user:
        # To prevent user enumeration we perform the verify_password computation to ensure