diff options
| author | Denis Denisov <denji@users.noreply.github.com> | 2016-12-12 02:46:51 +0200 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2016-12-12 08:46:51 +0800 |
| commit | f0a989c1d0843ab47a48be5219470a93a462e302 (patch) | |
| tree | c6bb94aa8dc71559d5f69540a85b3ca928d26b8a /models/login_source.go | |
| parent | abcd39f7d52f6a9498b5f09a1d90c87da7c66909 (diff) | |
| download | gitea-f0a989c1d0843ab47a48be5219470a93a462e302.tar.gz gitea-f0a989c1d0843ab47a48be5219470a93a462e302.zip | |
Correction LDAP validation (#342)
* Correction LDAP username validation
As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it.
* Check for zero length passwords in LDAP module.
According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD.
* Clearing the login/email spaces at the [start/end]
Diffstat (limited to 'models/login_source.go')
| -rw-r--r-- | models/login_source.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/models/login_source.go b/models/login_source.go index 7a5e6083a7..58e0e88b3e 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -548,9 +548,9 @@ func ExternalUserLogin(user *User, login, password string, source *LoginSource, func UserSignIn(username, password string) (*User, error) { var user *User if strings.Contains(username, "@") { - user = &User{Email: strings.ToLower(username)} + user = &User{Email: strings.ToLower(strings.TrimSpace(username))} } else { - user = &User{LowerName: strings.ToLower(username)} + user = &User{LowerName: strings.ToLower(strings.TrimSpace(username))} } hasUser, err := x.Get(user) |