Fix: Refactor user account cache loading logic

This commit simplifies the cache loading logic by ensuring the user account is updated in Redis before querying cache names. It introduces a check for Redis errors and ensures known user details are only processed once, improving efficiency and clarity. Signed-off-by: Christian Roessner <c@roessner.co>
croessner · Nov 14, 2024 · d36f508 · d36f508
1 parent 279ca40
commit d36f508
Showing 1 changed file with 26 additions and 18 deletions.
diff --git a/server/core/cache.go b/server/core/cache.go
@@ -38,35 +38,43 @@ func cachePassDB(auth *AuthState) (passDBResult *PassDBResult, err error) {
 
 	passDBResult = &PassDBResult{}
 
-	cacheNames := backend.GetCacheNames(auth.Protocol.Get(), global.CacheAll)
+	accountName, err = auth.updateUserAccountInRedis()
+	if err != nil {
+		return
+	}
 
-	for _, cacheName := range cacheNames.GetStringSlice() {
-		accountName, err = auth.updateUserAccountInRedis()
-		if err != nil {
-			return
-		}
+	if accountName != "" {
+		cacheNames := backend.GetCacheNames(auth.Protocol.Get(), global.CacheAll)
 
-		if accountName != "" {
+		for _, cacheName := range cacheNames.GetStringSlice() {
 			redisPosUserKey := config.LoadableConfig.Server.Redis.Prefix + "ucp:" + cacheName + ":" + accountName
 
 			ppc = &backend.PositivePasswordCache{}
 
-			if _, err = backend.LoadCacheFromRedis(auth.HTTPClientContext, redisPosUserKey, ppc); err != nil {
+			isRedisErr := false
+
+			if isRedisErr, err = backend.LoadCacheFromRedis(auth.HTTPClientContext, redisPosUserKey, ppc); err != nil {
 				return
 			}
-		}
 
-		if ppc != nil {
+			// The user was not found for the current cache name
+			if isRedisErr {
+				continue
+			}
+
+			passDBResult.UserFound = true
+			passDBResult.AccountField = ppc.AccountField
+			passDBResult.TOTPSecretField = ppc.TOTPSecretField
+			passDBResult.UniqueUserIDField = ppc.UniqueUserIDField
+			passDBResult.DisplayNameField = ppc.DisplayNameField
+			passDBResult.Backend = ppc.Backend
+			passDBResult.Attributes = ppc.Attributes
+
 			if auth.NoAuth || ppc.Password == util.GetHash(util.PreparePassword(auth.Password)) {
-				passDBResult.UserFound = true
-				passDBResult.AccountField = ppc.AccountField
-				passDBResult.TOTPSecretField = ppc.TOTPSecretField
-				passDBResult.UniqueUserIDField = ppc.UniqueUserIDField
-				passDBResult.DisplayNameField = ppc.DisplayNameField
 				passDBResult.Authenticated = true
-				passDBResult.Backend = ppc.Backend
-				passDBResult.Attributes = ppc.Attributes
 			}
+
+			break
 		}
 	}
 
@@ -75,7 +83,7 @@ func cachePassDB(auth *AuthState) (passDBResult *PassDBResult, err error) {
 			auth.loadPasswordHistoryFromRedis(key)
 		}
 
-		// Prevent password lookups for already known wrong passwords.
+		// Prevent password lookups for already known wrong passwords (And the user is unknown in the entire system)
 		if auth.PasswordHistory != nil {
 			passwordHash := util.GetHash(util.PreparePassword(auth.Password))
 			if _, foundPassword := (*auth.PasswordHistory)[passwordHash]; foundPassword {