checkLatestReleaseAndCount(t, session, "/user2/repo1", "v0.0.12", i18n.Tr("en", "repo.release.draft"), 10)
- // Check that user3 does not see draft and still see 10 latest releases
- session2 := loginUser(t, "user3")
+ // Check that user4 does not see draft and still see 10 latest releases
+ session2 := loginUser(t, "user4")
checkLatestReleaseAndCount(t, session2, "/user2/repo1", "v0.0.11", i18n.Tr("en", "repo.release.stable"), 10)
}
func TestViewAsRepoAdmin(t *testing.T) {
for user, expectedNoDescription := range map[string]bool{
"user2": true,
- "user3": false,
+ "user4": false,
} {
prepareTestEnv(t)
return fmt.Sprintf("user does not exist [uid: %d, name: %s, keyid: %d]", err.UID, err.Name, err.KeyID)
}
+// ErrUserProhibitLogin represents a "ErrUserProhibitLogin" kind of error.
+type ErrUserProhibitLogin struct {
+ UID int64
+ Name string
+}
+
+// IsErrUserProhibitLogin checks if an error is a ErrUserProhibitLogin
+func IsErrUserProhibitLogin(err error) bool {
+ _, ok := err.(ErrUserProhibitLogin)
+ return ok
+}
+
+func (err ErrUserProhibitLogin) Error() string {
+ return fmt.Sprintf("user is not allowed login [uid: %d, name: %s]", err.UID, err.Name)
+}
+
+// ErrUserInactive represents a "ErrUserInactive" kind of error.
+type ErrUserInactive struct {
+ UID int64
+ Name string
+}
+
+// IsErrUserInactive checks if an error is a ErrUserInactive
+func IsErrUserInactive(err error) bool {
+ _, ok := err.(ErrUserInactive)
+ return ok
+}
+
+func (err ErrUserInactive) Error() string {
+ return fmt.Sprintf("user is inactive [uid: %d, name: %s]", err.UID, err.Name)
+}
+
// ErrEmailAlreadyUsed represents a "EmailAlreadyUsed" kind of error.
type ErrEmailAlreadyUsed struct {
Email string
return nil, ErrLoginSourceNotActived
}
+ var err error
switch source.Type {
case LoginLDAP, LoginDLDAP:
- return LoginViaLDAP(user, login, password, source, autoRegister)
+ user, err = LoginViaLDAP(user, login, password, source, autoRegister)
case LoginSMTP:
- return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
+ user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
case LoginPAM:
- return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
+ user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
+ default:
+ return nil, ErrUnsupportedLoginType
+ }
+
+ if err != nil {
+ return nil, err
+ }
+
+ if !user.IsActive {
+ return nil, ErrUserInactive{user.ID, user.Name}
+ } else if user.ProhibitLogin {
+ return nil, ErrUserProhibitLogin{user.ID, user.Name}
}
- return nil, ErrUnsupportedLoginType
+ return user, nil
}
// UserSignIn validates user name and password.
switch user.LoginType {
case LoginNoType, LoginPlain, LoginOAuth2:
if user.IsPasswordSet() && user.ValidatePassword(password) {
+ if !user.IsActive {
+ return nil, ErrUserInactive{user.ID, user.Name}
+ } else if user.ProhibitLogin {
+ return nil, ErrUserProhibitLogin{user.ID, user.Name}
+ }
+
return user, nil
}
"net/url"
"code.gitea.io/gitea/modules/auth"
+ "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"github.com/go-macaron/csrf"
macaron "gopkg.in/macaron.v1"
// Check prohibit login users.
if ctx.IsSigned {
-
- if ctx.User.ProhibitLogin {
+ if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
+ ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
+ ctx.HTML(200, "user/auth/activate")
+ return
+ } else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
+ log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login")
return
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/search"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
ctx.HTML(200, user.TplActivate)
+ } else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
+ log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
+ ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
+ ctx.HTML(200, "user/auth/prohibit_login")
} else {
user.Dashboard(ctx)
}
} else if models.IsErrEmailAlreadyUsed(err) {
ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignIn, &form)
log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+ } else if models.IsErrUserProhibitLogin(err) {
+ log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+ ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
+ ctx.HTML(200, "user/auth/prohibit_login")
+ } else if models.IsErrUserInactive(err) {
+ if setting.Service.RegisterEmailConfirm {
+ ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
+ ctx.HTML(200, TplActivate)
+ } else {
+ log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+ ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
+ ctx.HTML(200, "user/auth/prohibit_login")
+ }
} else {
ctx.ServerError("UserSignIn", err)
}