Prevent panic on prohibited user login with oauth2 (#18562)

There was an unfortunate regression in #17962 where following detection of the
UserProhibitLogin error the err is cast to a pointer by mistake.

This causes a panic due to an interface error.

Fix #18561

Signed-off-by: Andrew Thornton <art27@cantab.net>

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index a8a132bc941a2356a13d53c9d99535afc0253bab..64e9c5c208225accf309d278c2015ddabb8690a5 100644 (file)
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -822,7 +822,7 @@ func SignInOAuthCallback(ctx *context.Context) {
        u, gothUser, err := oAuth2UserLoginCallback(authSource, ctx.Req, ctx.Resp)
        if err != nil {
                if user_model.IsErrUserProhibitLogin(err) {
-                       uplerr := err.(*user_model.ErrUserProhibitLogin)
+                       uplerr := err.(user_model.ErrUserProhibitLogin)
                        log.Info("Failed authentication attempt for %s from %s: %v", uplerr.Name, ctx.RemoteAddr(), err)
                        ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
                        ctx.HTML(http.StatusOK, "user/auth/prohibit_login")