diff options
| author | Adam Strzelecki <ono@java.pl> | 2015-12-01 14:49:49 +0100 |
|---|---|---|
| committer | Adam Strzelecki <ono@java.pl> | 2015-12-02 00:20:14 +0100 |
| commit | 573305f3d3ac55a79639dcb4cc55694ad7a914a5 (patch) | |
| tree | b542b8a5446bcbdd5287212c390d9eb2816290b6 /models/login.go | |
| parent | 7ccce4d1102508cf1f993bde31bf502eb142a991 (diff) | |
| download | gitea-573305f3d3ac55a79639dcb4cc55694ad7a914a5.tar.gz gitea-573305f3d3ac55a79639dcb4cc55694ad7a914a5.zip | |
LDAP: Optional user name attribute specification
Consider following LDAP search query example:
(&(objectClass=Person)(|(uid=%s)(mail=%s)))
Right now on first login attempt Gogs will use the text supplied on login form
as the newly created user name. In example query above the text matches against
both e-mail or user name. So if user puts the e-mail then the new Gogs user
name will be e-mail which may be undesired.
Using optional user name attribute setting we can explicitly say we want Gogs
user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail
to login 1st time, the new account will receive correct user name.
Diffstat (limited to 'models/login.go')
| -rw-r--r-- | models/login.go | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/models/login.go b/models/login.go index 6fde7457ac..1ec5309db4 100644 --- a/models/login.go +++ b/models/login.go @@ -225,16 +225,16 @@ func DeleteSource(source *LoginSource) error { // |_______ \/_______ /\____|__ /____| // \/ \/ \/ -// LoginUserLDAPSource queries if name/passwd can login against the LDAP directory pool, +// LoginUserLDAPSource queries if loginName/passwd can login against the LDAP directory pool, // and create a local user if success when enabled. // It returns the same LoginUserPlain semantic. -func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) { +func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) { cfg := source.Cfg.(*LDAPConfig) directBind := (source.Type == DLDAP) - fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind) + name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind) if !logged { // User not in LDAP, do nothing - return nil, ErrUserNotExist{0, name} + return nil, ErrUserNotExist{0, loginName} } if !autoRegister { @@ -242,6 +242,9 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto } // Fallback. + if len(name) == 0 { + name = loginName + } if len(mail) == 0 { mail = fmt.Sprintf("%s@localhost", name) } @@ -249,10 +252,10 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto u = &User{ LowerName: strings.ToLower(name), Name: name, - FullName: strings.TrimSpace(fn + " " + sn), + FullName: composeFullName(fn, sn, name), LoginType: source.Type, LoginSource: source.ID, - LoginName: name, + LoginName: loginName, Email: mail, IsAdmin: admin, IsActive: true, @@ -260,6 +263,19 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto return u, CreateUser(u) } +func composeFullName(firstName, surename, userName string) string { + switch { + case len(firstName) == 0 && len(surename) == 0: + return userName + case len(firstName) == 0: + return surename + case len(surename) == 0: + return firstName + default: + return firstName + " " + surename + } +} + // _________ __________________________ // / _____/ / \__ ___/\______ \ // \_____ \ / \ / \| | | ___/ |