finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix ldap loginname (#18789)

Browse source 
* Use email_address table to check user's email when login with email adress

* Update services/auth/signin.go

* Fix test

* Fix test

* Fix logging in with ldap username != loginname

* Fix if user does not exist yet

* Make more clear this is loginName

* Fix formatting

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
This commit is contained in:
Johan Van de Wauw 2022-02-18 10:33:00 +01:00 committed by GitHub
parent 1ab88da0e4
commit 0cc2675c44
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
services/auth/signin.go
View file

@ -24,17 +24,18 @@ import (
func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) {
var user *user_model.User
if strings.Contains(username, "@") {
user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))}
emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))}
// check same email
cnt, err := db.Count(user)
has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress)
if err != nil {
return nil, nil, err
}
if cnt > 1 {
return nil, nil, user_model.ErrEmailAlreadyUsed{
if !has {
return nil, nil, user_model.ErrEmailAddressNotExist{
Email: user.Email,
}
}
user = &user_model.User{ID: emailAddress.UID}
} else {
trimmedUsername := strings.TrimSpace(username)
if len(trimmedUsername) == 0 {

8
services/auth/source/ldap/source_authenticate.go
View file

@ -20,10 +20,14 @@ import (
// Authenticate queries if login/password is valid against the LDAP directory pool,
// and create a local user if success when enabled.
func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP)
loginName := userName
if user != nil {
loginName = user.LoginName
}
sr := source.SearchEntry(loginName, password, source.authSource.Type == auth.DLDAP)
if sr == nil {
// User not in LDAP, do nothing
return nil, user_model.ErrUserNotExist{Name: userName}
return nil, user_model.ErrUserNotExist{Name: loginName}
}
isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0