Restore PAM user autocreation functionality (#15825)

* Restore PAM user autocreation functionality PAM autoregistration of users currently fails due to email invalidity. This PR adds a new setting to PAM to allow an email domain to be set or just sets the email to the noreply address and if that fails falls back to uuid@localhost Fix #15702 Signed-off-by: Andrew Thornton <art27@cantab.net> * As per KN4CKER Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-13 23:11:47 +01:00 · 2021-05-13 23:11:47 +01:00 · d234d37aa8
commit d234d37aa8
parent 9545c345a8
6 changed files with 24 additions and 1 deletions
--- a/models/login_source.go
+++ b/models/login_source.go
@ -21,6 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
+	gouuid "github.com/google/uuid"
 	jsoniter "github.com/json-iterator/go"

 	"xorm.io/xorm"
@ -116,6 +117,7 @@ func (cfg *SMTPConfig) ToDB() ([]byte, error) {
 // PAMConfig holds configuration for the PAM login source.
 type PAMConfig struct {
 	ServiceName string // pam service (e.g. system-auth)
+	EmailDomain string
 }

 // FromDB fills up a PAMConfig from serialized format.
@ -696,15 +698,26 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon

 	// Allow PAM sources with `@` in their name, like from Active Directory
 	username := pamLogin
+	email := pamLogin
 	idx := strings.Index(pamLogin, "@")
 	if idx > -1 {
 		username = pamLogin[:idx]
 	}
+	if ValidateEmail(email) != nil {
+		if cfg.EmailDomain != "" {
+			email = fmt.Sprintf("%s@%s", username, cfg.EmailDomain)
+		} else {
+			email = fmt.Sprintf("%s@%s", username, setting.Service.NoReplyAddress)
+		}
+		if ValidateEmail(email) != nil {
+			email = gouuid.New().String() + "@localhost"
+		}
+	}

 	user = &User{
 		LowerName:   strings.ToLower(username),
 		Name:        username,
-		Email:       pamLogin,
+		Email:       email,
 		Passwd:      password,
 		LoginType:   LoginPAM,
 		LoginSource: sourceID,