Basic Auth now supports LDAP username and password (grafana#6940)

utkarshcmu · torkelo · commit 5777f65d05a8 · 2016-12-13T09:15:52.000+01:00
diff --git a/docs/sources/http_api/auth.md b/docs/sources/http_api/auth.md
@@ -18,7 +18,7 @@ Currently you can authenticate via an `API Token` or via a `Session cookie` (acq
 ## Basic Auth
 
 If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via
-standard basic auth.
+standard basic auth. Basic auth will also authenticate LDAP users.
 
 curl example:
 ```
diff --git a/pkg/middleware/middleware.go b/pkg/middleware/middleware.go
@@ -9,6 +9,7 @@ import (
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/components/apikeygen"
 	"github.com/grafana/grafana/pkg/log"
+	l "github.com/grafana/grafana/pkg/login"
 	"github.com/grafana/grafana/pkg/metrics"
 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
@@ -137,6 +138,7 @@ func initContextWithApiKey(ctx *Context) bool {
 }
 
 func initContextWithBasicAuth(ctx *Context) bool {
+
 	if !setting.BasicAuthEnabled {
 		return false
 	}
@@ -160,9 +162,9 @@ func initContextWithBasicAuth(ctx *Context) bool {
 
 	user := loginQuery.Result
 
-	// validate password
-	if util.EncodePassword(password, user.Salt) != user.Password {
-		ctx.JsonApiErr(401, "Invalid username or password", nil)
+	loginUserQuery := l.LoginUserQuery{Username: username, Password: password, User: user}
+	if err := bus.Dispatch(&loginUserQuery); err != nil {
+		ctx.JsonApiErr(401, "Invalid username or password", err)
 		return true
 	}
 
