fix(storage): mysql timestamp parsed incorrectly (#4230)

The timestamps in MySQL were not being parsed correctly. The driver treats all timestamp and datetime objects the same which is not correct.
pull/4231/head
James Elliott 2022-10-22 15:25:12 +11:00 committed by GitHub
parent 8e99cfd22f
commit 1d821a0d3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 40 additions and 25 deletions

View File

@ -396,13 +396,13 @@ authentication_backend:
# base_dn: dc=example,dc=com # base_dn: dc=example,dc=com
## The attribute holding the username of the user. This attribute is used to populate the username in the session ## The attribute holding the username of the user. This attribute is used to populate the username in the session
## information. It was introduced due to #561 to handle case insensitive search queries. For you information, ## information. For your information, Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this ## uses 'uid'. Beware that this attribute holds the unique identifiers for the users binding the user and the
## attribute holds the unique identifiers for the users binding the user and the configuration stored in database. ## configuration stored in database. Therefore only single value attributes are allowed and the value must never be
## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user ## changed once attributed to a user otherwise it would break the configuration for that user. Technically,
## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also ## non-unique attributes like 'mail' can also be used but we don't recommend using them, we instead advise to use
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above ## a filter to perform alternative lookups and the attributes mentioned above (sAMAccountName and uid) to
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt. ## follow https://www.ietf.org/rfc/rfc2307.txt.
# username_attribute: uid # username_attribute: uid
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users. ## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.

View File

@ -396,13 +396,13 @@ authentication_backend:
# base_dn: dc=example,dc=com # base_dn: dc=example,dc=com
## The attribute holding the username of the user. This attribute is used to populate the username in the session ## The attribute holding the username of the user. This attribute is used to populate the username in the session
## information. It was introduced due to #561 to handle case insensitive search queries. For you information, ## information. For your information, Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this ## uses 'uid'. Beware that this attribute holds the unique identifiers for the users binding the user and the
## attribute holds the unique identifiers for the users binding the user and the configuration stored in database. ## configuration stored in database. Therefore only single value attributes are allowed and the value must never be
## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user ## changed once attributed to a user otherwise it would break the configuration for that user. Technically,
## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also ## non-unique attributes like 'mail' can also be used but we don't recommend using them, we instead advise to use
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above ## a filter to perform alternative lookups and the attributes mentioned above (sAMAccountName and uid) to
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt. ## follow https://www.ietf.org/rfc/rfc2307.txt.
# username_attribute: uid # username_attribute: uid
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users. ## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.

View File

@ -40,6 +40,10 @@ const (
OAuth2SessionTypeOpenIDConnect OAuth2SessionType = "openid connect" OAuth2SessionTypeOpenIDConnect OAuth2SessionType = "openid connect"
) )
const (
sqlNetworkTypeTCP = "tcp"
)
const ( const (
encryptionNameCheck = "check" encryptionNameCheck = "check"
) )

View File

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"time" "time"
"github.com/go-sql-driver/mysql"
_ "github.com/go-sql-driver/mysql" // Load the MySQL Driver used in the connection string. _ "github.com/go-sql-driver/mysql" // Load the MySQL Driver used in the connection string.
"github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/configuration/schema"
@ -30,21 +31,31 @@ func NewMySQLProvider(config *schema.Configuration) (provider *MySQLProvider) {
} }
func dataSourceNameMySQL(config schema.MySQLStorageConfiguration) (dataSourceName string) { func dataSourceNameMySQL(config schema.MySQLStorageConfiguration) (dataSourceName string) {
dataSourceName = fmt.Sprintf("%s:%s", config.Username, config.Password) dconfig := mysql.NewConfig()
if dataSourceName != "" { switch {
dataSourceName += "@" case config.Port == 0:
dconfig.Net = sqlNetworkTypeTCP
dconfig.Addr = fmt.Sprintf("%s:%d", config.Host, 3306)
default:
dconfig.Net = sqlNetworkTypeTCP
dconfig.Addr = fmt.Sprintf("%s:%d", config.Host, config.Port)
} }
address := config.Host switch config.Port {
if config.Port > 0 { case 0:
address += fmt.Sprintf(":%d", config.Port) dconfig.Addr = config.Host
default:
dconfig.Addr = fmt.Sprintf("%s:%d", config.Host, config.Port)
} }
dataSourceName += fmt.Sprintf("tcp(%s)/%s", address, config.Database) dconfig.DBName = config.Database
dconfig.User = config.Username
dconfig.Passwd = config.Password
dconfig.Timeout = config.Timeout
dconfig.MultiStatements = true
dconfig.ParseTime = true
dconfig.Loc = time.Local
dataSourceName += "?" return dconfig.FormatDSN()
dataSourceName += fmt.Sprintf("timeout=%ds&multiStatements=true&parseTime=true", int32(config.Timeout/time.Second))
return dataSourceName
} }