fix(web/panettone): unbind LDAP connections after auth r/3777

unbind & close the stream of newly created LDAP connections after
auth, which might prevent some of the resource leaking we've got going
on

i did actually verify in sly that this still works. yay.

Change-Id: I92c8ca20de642585ae4c24aa455d051ee6e44a87
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5193
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>

1 files changed, 10 insertions, 10 deletions

diff --git a/web/panettone/src/authentication.lisp b/web/panettone/src/authentication.lisp
index c3353450201d..3d4a3510ea05 100644
--- a/web/panettone/src/authentication.lisp
+++ b/web/panettone/src/authentication.lisp
@@ -103,13 +103,13 @@ instance of `user'"
 request against the ldap server at *ldap*. Returns the user if authentication is
 successful, `nil' otherwise"
   (when-let ((user (if (typep user-or-username 'user) user-or-username
-                       (find-user user-or-username))))
-    (let ((dn (dn user)))
-      (let ((code-sym
-              (nth-value 1 (ldap:bind
-                            (ldap:new-ldap :host (ldap:host *ldap*)
-                                           :port (ldap:port *ldap*)
-                                           :user dn
-                                           :pass password)))))
-        (when (equalp code-sym 'trivial-ldap:success)
-          user)))))
+                     (find-user user-or-username))))
+    (let* ((dn (dn user))
+           (conn (ldap:new-ldap :host (ldap:host *ldap*)
+                                :port (ldap:port *ldap*)
+                                :user dn
+                                :pass password))
+           (code-sym (nth-value 1 (unwind-protect (ldap:bind conn)
+                                    (ldap:unbind conn)))))
+      (when (equalp code-sym 'trivial-ldap:success)
+        user))))