diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-07-04 06:39:38 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-03 18:39:38 -0400 |
| commit | 0403bd989f60ab84497eb5e04366496b3c9d2534 (patch) | |
| tree | 24ab2e5052a6d4bffc61bb6771073a2b0f84ec12 /services | |
| parent | ad57be04b87d16ff509da4f1632d444b75eb9efc (diff) | |
| download | gitea-0403bd989f60ab84497eb5e04366496b3c9d2534.tar.gz gitea-0403bd989f60ab84497eb5e04366496b3c9d2534.zip | |
Log the real reason when authentication fails (but don't show the user) (#25414)
Diffstat (limited to 'services')
| -rw-r--r-- | services/auth/source/db/authenticate.go | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go index 773ec601ba..34a0459149 100644 --- a/services/auth/source/db/authenticate.go +++ b/services/auth/source/db/authenticate.go @@ -4,19 +4,54 @@ package db import ( + "fmt" + "code.gitea.io/gitea/models/db" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" ) +// ErrUserPasswordNotSet represents a "ErrUserPasswordNotSet" kind of error. +type ErrUserPasswordNotSet struct { + UID int64 + Name string +} + +func (err ErrUserPasswordNotSet) Error() string { + return fmt.Sprintf("user's password isn't set [uid: %d, name: %s]", err.UID, err.Name) +} + +// Unwrap unwraps this error as a ErrInvalidArgument error +func (err ErrUserPasswordNotSet) Unwrap() error { + return util.ErrInvalidArgument +} + +// ErrUserPasswordInvalid represents a "ErrUserPasswordInvalid" kind of error. +type ErrUserPasswordInvalid struct { + UID int64 + Name string +} + +func (err ErrUserPasswordInvalid) Error() string { + return fmt.Sprintf("user's password is invalid [uid: %d, name: %s]", err.UID, err.Name) +} + +// Unwrap unwraps this error as a ErrInvalidArgument error +func (err ErrUserPasswordInvalid) Unwrap() error { + return util.ErrInvalidArgument +} + // Authenticate authenticates the provided user against the DB func Authenticate(user *user_model.User, login, password string) (*user_model.User, error) { if user == nil { return nil, user_model.ErrUserNotExist{Name: login} } - if !user.IsPasswordSet() || !user.ValidatePassword(password) { - return nil, user_model.ErrUserNotExist{UID: user.ID, Name: user.Name} + if !user.IsPasswordSet() { + return nil, ErrUserPasswordNotSet{UID: user.ID, Name: user.Name} + } else if !user.ValidatePassword(password) { + return nil, ErrUserPasswordInvalid{UID: user.ID, Name: user.Name} } // Update password hash if server password hash algorithm have changed |