aboutsummaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorJimmy Praet <jimmy.praet@telenet.be>2022-04-29 21:38:11 +0200
committerGitHub <noreply@github.com>2022-04-29 15:38:11 -0400
commit5aebc4f000354d9fa448033445c6f313f4c6ab08 (patch)
treec081c5eff890a454b4c4c3a6aa9d1329eba09052 /services
parent219c87e7d889f5c62097968e5ec8ad04f244cd3c (diff)
downloadgitea-5aebc4f000354d9fa448033445c6f313f4c6ab08.tar.gz
gitea-5aebc4f000354d9fa448033445c6f313f4c6ab08.zip
Respect DefaultUserIsRestricted system default when creating new user (#19310)
* Apply DefaultUserIsRestricted in CreateUser * Enforce system defaults in CreateUser Allow for overwrites with CreateUserOverwriteOptions * Fix compilation errors * Add "restricted" option to create user command * Add "restricted" option to create user admin api * Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed * Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed" This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033.
Diffstat (limited to 'services')
-rw-r--r--services/auth/reverseproxy.go13
-rw-r--r--services/auth/source/ldap/source_authenticate.go25
-rw-r--r--services/auth/source/ldap/source_sync.go25
-rw-r--r--services/auth/source/pam/source_authenticate.go7
-rw-r--r--services/auth/source/smtp/source_authenticate.go6
-rw-r--r--services/auth/sspi_windows.go26
6 files changed, 61 insertions, 41 deletions
diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go
index 1b151f6504..299d7abd34 100644
--- a/services/auth/reverseproxy.go
+++ b/services/auth/reverseproxy.go
@@ -12,6 +12,7 @@ import (
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/mailer"
@@ -105,11 +106,15 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
}
user := &user_model.User{
- Name: username,
- Email: email,
- IsActive: true,
+ Name: username,
+ Email: email,
}
- if err := user_model.CreateUser(user); err != nil {
+
+ overwriteDefault := user_model.CreateUserOverwriteOptions{
+ IsActive: util.OptionalBoolTrue,
+ }
+
+ if err := user_model.CreateUser(user, &overwriteDefault); err != nil {
// FIXME: should I create a system notice?
log.Error("CreateUser: %v", err)
return nil
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index ddd70627ed..d8d11f18e1 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -13,6 +13,7 @@ import (
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization"
user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/services/mailer"
user_service "code.gitea.io/gitea/services/user"
)
@@ -85,19 +86,21 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
}
user = &user_model.User{
- LowerName: strings.ToLower(sr.Username),
- Name: sr.Username,
- FullName: composeFullName(sr.Name, sr.Surname, sr.Username),
- Email: sr.Mail,
- LoginType: source.authSource.Type,
- LoginSource: source.authSource.ID,
- LoginName: userName,
- IsActive: true,
- IsAdmin: sr.IsAdmin,
- IsRestricted: sr.IsRestricted,
+ LowerName: strings.ToLower(sr.Username),
+ Name: sr.Username,
+ FullName: composeFullName(sr.Name, sr.Surname, sr.Username),
+ Email: sr.Mail,
+ LoginType: source.authSource.Type,
+ LoginSource: source.authSource.ID,
+ LoginName: userName,
+ IsAdmin: sr.IsAdmin,
+ }
+ overwriteDefault := &user_model.CreateUserOverwriteOptions{
+ IsRestricted: util.OptionalBoolOf(sr.IsRestricted),
+ IsActive: util.OptionalBoolTrue,
}
- err := user_model.CreateUser(user)
+ err := user_model.CreateUser(user, overwriteDefault)
if err != nil {
return user, err
}
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index 65efed78c1..a245f4c6ff 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -15,6 +15,7 @@ import (
"code.gitea.io/gitea/models/organization"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/util"
user_service "code.gitea.io/gitea/services/user"
)
@@ -102,19 +103,21 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
log.Trace("SyncExternalUsers[%s]: Creating user %s", source.authSource.Name, su.Username)
usr = &user_model.User{
- LowerName: su.LowerName,
- Name: su.Username,
- FullName: fullName,
- LoginType: source.authSource.Type,
- LoginSource: source.authSource.ID,
- LoginName: su.Username,
- Email: su.Mail,
- IsAdmin: su.IsAdmin,
- IsRestricted: su.IsRestricted,
- IsActive: true,
+ LowerName: su.LowerName,
+ Name: su.Username,
+ FullName: fullName,
+ LoginType: source.authSource.Type,
+ LoginSource: source.authSource.ID,
+ LoginName: su.Username,
+ Email: su.Mail,
+ IsAdmin: su.IsAdmin,
+ }
+ overwriteDefault := &user_model.CreateUserOverwriteOptions{
+ IsRestricted: util.OptionalBoolOf(su.IsRestricted),
+ IsActive: util.OptionalBoolTrue,
}
- err = user_model.CreateUser(usr)
+ err = user_model.CreateUser(usr, overwriteDefault)
if err != nil {
log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.authSource.Name, su.Username, err)
diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
index d5bd940996..16ddc0598e 100644
--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@@ -12,6 +12,7 @@ import (
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/auth/pam"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/services/mailer"
"github.com/google/uuid"
@@ -58,10 +59,12 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
LoginType: auth.PAM,
LoginSource: source.authSource.ID,
LoginName: userName, // This is what the user typed in
- IsActive: true,
+ }
+ overwriteDefault := &user_model.CreateUserOverwriteOptions{
+ IsActive: util.OptionalBoolTrue,
}
- if err := user_model.CreateUser(user); err != nil {
+ if err := user_model.CreateUser(user, overwriteDefault); err != nil {
return user, err
}
diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go
index 3be2f1128d..dff24d494e 100644
--- a/services/auth/source/smtp/source_authenticate.go
+++ b/services/auth/source/smtp/source_authenticate.go
@@ -74,10 +74,12 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
LoginType: auth_model.SMTP,
LoginSource: source.authSource.ID,
LoginName: userName,
- IsActive: true,
+ }
+ overwriteDefault := &user_model.CreateUserOverwriteOptions{
+ IsActive: util.OptionalBoolTrue,
}
- if err := user_model.CreateUser(user); err != nil {
+ if err := user_model.CreateUser(user, overwriteDefault); err != nil {
return user, err
}
diff --git a/services/auth/sspi_windows.go b/services/auth/sspi_windows.go
index 63e70e61d4..9bc4041a74 100644
--- a/services/auth/sspi_windows.go
+++ b/services/auth/sspi_windows.go
@@ -16,6 +16,7 @@ import (
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
+ "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth/source/sspi"
"code.gitea.io/gitea/services/mailer"
@@ -187,17 +188,20 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) {
func (s *SSPI) newUser(username string, cfg *sspi.Source) (*user_model.User, error) {
email := gouuid.New().String() + "@localhost.localdomain"
user := &user_model.User{
- Name: username,
- Email: email,
- KeepEmailPrivate: true,
- Passwd: gouuid.New().String(),
- IsActive: cfg.AutoActivateUsers,
- Language: cfg.DefaultLanguage,
- UseCustomAvatar: true,
- Avatar: avatars.DefaultAvatarLink(),
- EmailNotificationsPreference: user_model.EmailNotificationsDisabled,
- }
- if err := user_model.CreateUser(user); err != nil {
+ Name: username,
+ Email: email,
+ Passwd: gouuid.New().String(),
+ Language: cfg.DefaultLanguage,
+ UseCustomAvatar: true,
+ Avatar: avatars.DefaultAvatarLink(),
+ }
+ emailNotificationPreference := user_model.EmailNotificationsDisabled
+ overwriteDefault := &user_model.CreateUserOverwriteOptions{
+ IsActive: util.OptionalBoolOf(cfg.AutoActivateUsers),
+ KeepEmailPrivate: util.OptionalBoolTrue,
+ EmailNotificationsPreference: &emailNotificationPreference,
+ }
+ if err := user_model.CreateUser(user, overwriteDefault); err != nil {
return nil, err
}