aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorUnknwon <u@gogs.io>2015-03-05 19:20:27 -0500
committerUnknwon <u@gogs.io>2015-03-05 19:20:27 -0500
commit18c06973292a3d20b8ad72575c819fbe3287a9ad (patch)
treeaee9bcfd564a76fb2b81951d7725e9847e53f8f1
parente3d73d9b244174def7c5c73289c2c141fe6f652a (diff)
downloadgitea-18c06973292a3d20b8ad72575c819fbe3287a9ad.tar.gz
gitea-18c06973292a3d20b8ad72575c819fbe3287a9ad.zip
routers/repo/setting.go: fix LDAP cannot validate password #1006
-rw-r--r--models/login.go88
-rw-r--r--routers/repo/setting.go28
2 files changed, 61 insertions, 55 deletions
diff --git a/models/login.go b/models/login.go
index 1dc1b6cad3..e00d59b0ed 100644
--- a/models/login.go
+++ b/models/login.go
@@ -169,61 +169,59 @@ func UserSignIn(uname, passwd string) (*User, error) {
// For plain login, user must exist to reach this line.
// Now verify password.
if u.LoginType == PLAIN {
- newUser := &User{Passwd: passwd, Salt: u.Salt}
- newUser.EncodePasswd()
- if u.Passwd != newUser.Passwd {
+ if !u.ValidtePassword(passwd) {
return nil, ErrUserNotExist
}
return u, nil
- } else {
- if !has {
- var sources []LoginSource
- if err = x.UseBool().Find(&sources,
- &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {
- return nil, err
- }
+ }
+
+ if !has {
+ var sources []LoginSource
+ if err = x.UseBool().Find(&sources,
+ &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {
+ return nil, err
+ }
- for _, source := range sources {
- if source.Type == LDAP {
- u, err := LoginUserLdapSource(nil, uname, passwd,
- source.Id, source.Cfg.(*LDAPConfig), true)
- if err == nil {
- return u, nil
- }
- log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err)
- } else if source.Type == SMTP {
- u, err := LoginUserSMTPSource(nil, uname, passwd,
- source.Id, source.Cfg.(*SMTPConfig), true)
- if err == nil {
- return u, nil
- }
- log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)
+ for _, source := range sources {
+ if source.Type == LDAP {
+ u, err := LoginUserLdapSource(nil, uname, passwd,
+ source.Id, source.Cfg.(*LDAPConfig), true)
+ if err == nil {
+ return u, nil
+ }
+ log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err)
+ } else if source.Type == SMTP {
+ u, err := LoginUserSMTPSource(nil, uname, passwd,
+ source.Id, source.Cfg.(*SMTPConfig), true)
+ if err == nil {
+ return u, nil
}
+ log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)
}
-
- return nil, ErrUserNotExist
}
- var source LoginSource
- hasSource, err := x.Id(u.LoginSource).Get(&source)
- if err != nil {
- return nil, err
- } else if !hasSource {
- return nil, ErrLoginSourceNotExist
- } else if !source.IsActived {
- return nil, ErrLoginSourceNotActived
- }
+ return nil, ErrUserNotExist
+ }
- switch u.LoginType {
- case LDAP:
- return LoginUserLdapSource(u, u.LoginName, passwd,
- source.Id, source.Cfg.(*LDAPConfig), false)
- case SMTP:
- return LoginUserSMTPSource(u, u.LoginName, passwd,
- source.Id, source.Cfg.(*SMTPConfig), false)
- }
- return nil, ErrUnsupportedLoginType
+ var source LoginSource
+ hasSource, err := x.Id(u.LoginSource).Get(&source)
+ if err != nil {
+ return nil, err
+ } else if !hasSource {
+ return nil, ErrLoginSourceNotExist
+ } else if !source.IsActived {
+ return nil, ErrLoginSourceNotActived
+ }
+
+ switch u.LoginType {
+ case LDAP:
+ return LoginUserLdapSource(u, u.LoginName, passwd,
+ source.Id, source.Cfg.(*LDAPConfig), false)
+ case SMTP:
+ return LoginUserSMTPSource(u, u.LoginName, passwd,
+ source.Id, source.Cfg.(*SMTPConfig), false)
}
+ return nil, ErrUnsupportedLoginType
}
// Query if name/passwd can login against the LDAP directory pool
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 5cd39ada2c..5b9b672c04 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -111,10 +111,18 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
} else if !isExist {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil)
return
- } else if !ctx.User.ValidtePassword(ctx.Query("password")) {
- ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
+ }
+
+ if _, err = models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
+ if err == models.ErrUserNotExist {
+ ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
+ } else {
+ ctx.Handle(500, "UserSignIn", err)
+ }
return
- } else if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil {
+ }
+
+ if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil {
if err == models.ErrRepoAlreadyExist {
ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil)
} else {
@@ -136,15 +144,15 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
ctx.Error(404)
return
}
- if !ctx.User.ValidtePassword(ctx.Query("password")) {
- ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
- return
- }
- } else {
- if !ctx.Repo.Owner.ValidtePassword(ctx.Query("password")) {
+ }
+
+ if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
+ if err == models.ErrUserNotExist {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
- return
+ } else {
+ ctx.Handle(500, "UserSignIn", err)
}
+ return
}
if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil {