This reverts commit c230d49d7c.
This reenables an edge case where an admin might want to reset, with
the default auth provider, the password of an externally-provided
user so they could "unlock" the account while it was failing. There
might be minor security implications to this, but the malicious
actor would need FS access to do it (as they would with any password
resets) so it's probably best to keep it as-is.
Removing this in the first place was due to a misunderstanding
anyways so no harm.
Implements the InvalidAuthProvider, which acts as a fallback if a
configured authentication provider, e.g. LDAP, is unavailable due
to a load failure or removal. Until the user or the authentication
plugin is corrected, this will cause users with the missing provider
to be locked out, while throwing errors in the logs about the issue.
Fixes#1445 part 2
Pass back the Username directive returned by an AuthenticationProvider
to the calling code, so we may override the user-provided Username
value if the authentication provider passes this back. Useful for
instance in an LDAP scenario where what the user types may not
necessarily be the "username" that is mapped in the system, e.g.
the user providing 'mail' while 'uid' is the "username" value.
Could also then be extensible to other authentication providers
as well, should they wish to do a similar thing.
This makes resolving dependencies from the container much easier as
you cannot resolve with primitives parameters in a way that is any
more readable.
The aim of this commit is to change as little as possible with the end
result, loggers that were newed up for the parent object were given the same
name. Objects that used the base or app loggers, were given a new logger with
an appropriate name.
Also removed some unused dependencies.
Bond_009
Joshua M. Boniface
DrPandemic
bugfixin
LogicalPhallacy
Phallacy
Claus Vium
Vasily
Claus Vium
Erwin de Haan
William Taylor