diff options
author | Unknwon <u@gogs.io> | 2015-03-05 19:20:27 -0500 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2015-03-05 19:20:27 -0500 |
commit | 18c06973292a3d20b8ad72575c819fbe3287a9ad (patch) | |
tree | aee9bcfd564a76fb2b81951d7725e9847e53f8f1 | |
parent | e3d73d9b244174def7c5c73289c2c141fe6f652a (diff) | |
download | gitea-18c06973292a3d20b8ad72575c819fbe3287a9ad.tar.gz gitea-18c06973292a3d20b8ad72575c819fbe3287a9ad.zip |
routers/repo/setting.go: fix LDAP cannot validate password #1006
-rw-r--r-- | models/login.go | 88 | ||||
-rw-r--r-- | routers/repo/setting.go | 28 |
2 files changed, 61 insertions, 55 deletions
diff --git a/models/login.go b/models/login.go index 1dc1b6cad3..e00d59b0ed 100644 --- a/models/login.go +++ b/models/login.go @@ -169,61 +169,59 @@ func UserSignIn(uname, passwd string) (*User, error) { // For plain login, user must exist to reach this line. // Now verify password. if u.LoginType == PLAIN { - newUser := &User{Passwd: passwd, Salt: u.Salt} - newUser.EncodePasswd() - if u.Passwd != newUser.Passwd { + if !u.ValidtePassword(passwd) { return nil, ErrUserNotExist } return u, nil - } else { - if !has { - var sources []LoginSource - if err = x.UseBool().Find(&sources, - &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil { - return nil, err - } + } + + if !has { + var sources []LoginSource + if err = x.UseBool().Find(&sources, + &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil { + return nil, err + } - for _, source := range sources { - if source.Type == LDAP { - u, err := LoginUserLdapSource(nil, uname, passwd, - source.Id, source.Cfg.(*LDAPConfig), true) - if err == nil { - return u, nil - } - log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err) - } else if source.Type == SMTP { - u, err := LoginUserSMTPSource(nil, uname, passwd, - source.Id, source.Cfg.(*SMTPConfig), true) - if err == nil { - return u, nil - } - log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err) + for _, source := range sources { + if source.Type == LDAP { + u, err := LoginUserLdapSource(nil, uname, passwd, + source.Id, source.Cfg.(*LDAPConfig), true) + if err == nil { + return u, nil + } + log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err) + } else if source.Type == SMTP { + u, err := LoginUserSMTPSource(nil, uname, passwd, + source.Id, source.Cfg.(*SMTPConfig), true) + if err == nil { + return u, nil } + log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err) } - - return nil, ErrUserNotExist } - var source LoginSource - hasSource, err := x.Id(u.LoginSource).Get(&source) - if err != nil { - return nil, err - } else if !hasSource { - return nil, ErrLoginSourceNotExist - } else if !source.IsActived { - return nil, ErrLoginSourceNotActived - } + return nil, ErrUserNotExist + } - switch u.LoginType { - case LDAP: - return LoginUserLdapSource(u, u.LoginName, passwd, - source.Id, source.Cfg.(*LDAPConfig), false) - case SMTP: - return LoginUserSMTPSource(u, u.LoginName, passwd, - source.Id, source.Cfg.(*SMTPConfig), false) - } - return nil, ErrUnsupportedLoginType + var source LoginSource + hasSource, err := x.Id(u.LoginSource).Get(&source) + if err != nil { + return nil, err + } else if !hasSource { + return nil, ErrLoginSourceNotExist + } else if !source.IsActived { + return nil, ErrLoginSourceNotActived + } + + switch u.LoginType { + case LDAP: + return LoginUserLdapSource(u, u.LoginName, passwd, + source.Id, source.Cfg.(*LDAPConfig), false) + case SMTP: + return LoginUserSMTPSource(u, u.LoginName, passwd, + source.Id, source.Cfg.(*SMTPConfig), false) } + return nil, ErrUnsupportedLoginType } // Query if name/passwd can login against the LDAP directory pool diff --git a/routers/repo/setting.go b/routers/repo/setting.go index 5cd39ada2c..5b9b672c04 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -111,10 +111,18 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) { } else if !isExist { ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil) return - } else if !ctx.User.ValidtePassword(ctx.Query("password")) { - ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil) + } + + if _, err = models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil { + if err == models.ErrUserNotExist { + ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil) + } else { + ctx.Handle(500, "UserSignIn", err) + } return - } else if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil { + } + + if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil { if err == models.ErrRepoAlreadyExist { ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil) } else { @@ -136,15 +144,15 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) { ctx.Error(404) return } - if !ctx.User.ValidtePassword(ctx.Query("password")) { - ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil) - return - } - } else { - if !ctx.Repo.Owner.ValidtePassword(ctx.Query("password")) { + } + + if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil { + if err == models.ErrUserNotExist { ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil) - return + } else { + ctx.Handle(500, "UserSignIn", err) } + return } if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil { |