From 25f2362b1390cf86fc94db50e3ab6284001d25ab Mon Sep 17 00:00:00 2001
From: Ivan Procaccini <ivan.procaccini14@imperial.ac.uk>
Date: Tue, 8 Nov 2022 20:01:40 +0000
Subject: [PATCH] Fix: log in as the original user if the impersonator is not
 allowed to impersonate.

---
 app/ldap_authentication/authenticator.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/ldap_authentication/authenticator.py b/app/ldap_authentication/authenticator.py
index d9a316a..aff8c2a 100644
--- a/app/ldap_authentication/authenticator.py
+++ b/app/ldap_authentication/authenticator.py
@@ -80,9 +80,8 @@ class DocLdapAuthenticator(Authenticator):
         users = re.match(IMPERSONATION_PATTERN, username)
         if users:
             impersonator, impersonated = users.groups()
-            if impersonator in IMPERSONATORS:
-                username = impersonator
-                logging_in_as = impersonated
+            username = impersonator
+            logging_in_as = impersonated if impersonator in IMPERSONATORS else impersonator
         connection = ldap.initialize(self.server_url)
         connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
         connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
-- 
GitLab