summaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2023-07-04 06:39:38 +0800
committerGitHub <noreply@github.com>2023-07-03 18:39:38 -0400
commit0403bd989f60ab84497eb5e04366496b3c9d2534 (patch)
tree24ab2e5052a6d4bffc61bb6771073a2b0f84ec12 /services
parentad57be04b87d16ff509da4f1632d444b75eb9efc (diff)
downloadgitea-0403bd989f60ab84497eb5e04366496b3c9d2534.tar.gz
gitea-0403bd989f60ab84497eb5e04366496b3c9d2534.zip
Log the real reason when authentication fails (but don't show the user) (#25414)
Diffstat (limited to 'services')
-rw-r--r--services/auth/source/db/authenticate.go39
1 files changed, 37 insertions, 2 deletions
diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go
index 773ec601ba..34a0459149 100644
--- a/services/auth/source/db/authenticate.go
+++ b/services/auth/source/db/authenticate.go
@@ -4,19 +4,54 @@
package db
import (
+ "fmt"
+
"code.gitea.io/gitea/models/db"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
)
+// ErrUserPasswordNotSet represents a "ErrUserPasswordNotSet" kind of error.
+type ErrUserPasswordNotSet struct {
+ UID int64
+ Name string
+}
+
+func (err ErrUserPasswordNotSet) Error() string {
+ return fmt.Sprintf("user's password isn't set [uid: %d, name: %s]", err.UID, err.Name)
+}
+
+// Unwrap unwraps this error as a ErrInvalidArgument error
+func (err ErrUserPasswordNotSet) Unwrap() error {
+ return util.ErrInvalidArgument
+}
+
+// ErrUserPasswordInvalid represents a "ErrUserPasswordInvalid" kind of error.
+type ErrUserPasswordInvalid struct {
+ UID int64
+ Name string
+}
+
+func (err ErrUserPasswordInvalid) Error() string {
+ return fmt.Sprintf("user's password is invalid [uid: %d, name: %s]", err.UID, err.Name)
+}
+
+// Unwrap unwraps this error as a ErrInvalidArgument error
+func (err ErrUserPasswordInvalid) Unwrap() error {
+ return util.ErrInvalidArgument
+}
+
// Authenticate authenticates the provided user against the DB
func Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
if user == nil {
return nil, user_model.ErrUserNotExist{Name: login}
}
- if !user.IsPasswordSet() || !user.ValidatePassword(password) {
- return nil, user_model.ErrUserNotExist{UID: user.ID, Name: user.Name}
+ if !user.IsPasswordSet() {
+ return nil, ErrUserPasswordNotSet{UID: user.ID, Name: user.Name}
+ } else if !user.ValidatePassword(password) {
+ return nil, ErrUserPasswordInvalid{UID: user.ID, Name: user.Name}
}
// Update password hash if server password hash algorithm have changed