diff options
Diffstat (limited to 'models')
-rw-r--r-- | models/error.go | 15 | ||||
-rw-r--r-- | models/login_source.go | 27 | ||||
-rw-r--r-- | models/user.go | 9 |
3 files changed, 37 insertions, 14 deletions
diff --git a/models/error.go b/models/error.go index a679372737..675b7406b8 100644 --- a/models/error.go +++ b/models/error.go @@ -57,6 +57,21 @@ func (err ErrNamePatternNotAllowed) Error() string { return fmt.Sprintf("name pattern is not allowed [pattern: %s]", err.Pattern) } +// ErrNameCharsNotAllowed represents a "character not allowed in name" error. +type ErrNameCharsNotAllowed struct { + Name string +} + +// IsErrNameCharsNotAllowed checks if an error is an ErrNameCharsNotAllowed. +func IsErrNameCharsNotAllowed(err error) bool { + _, ok := err.(ErrNameCharsNotAllowed) + return ok +} + +func (err ErrNameCharsNotAllowed) Error() string { + return fmt.Sprintf("User name is invalid [%s]: must be valid alpha or numeric or dash(-_) or dot characters", err.Name) +} + // ErrSSHDisabled represents an "SSH disabled" error. type ErrSSHDisabled struct { } diff --git a/models/login_source.go b/models/login_source.go index f5dae860f8..2774d6f80d 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -12,7 +12,6 @@ import ( "fmt" "net/smtp" "net/textproto" - "regexp" "strings" "code.gitea.io/gitea/modules/auth/ldap" @@ -455,10 +454,6 @@ func composeFullName(firstname, surname, username string) string { } } -var ( - alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`) -) - // LoginViaLDAP queries if login/password is valid against the LDAP directory pool, // and create a local user if success when enabled. func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*User, error) { @@ -503,10 +498,6 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*Use if len(sr.Username) == 0 { sr.Username = login } - // Validate username make sure it satisfies requirement. - if alphaDashDotPattern.MatchString(sr.Username) { - return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", sr.Username) - } if len(sr.Mail) == 0 { sr.Mail = fmt.Sprintf("%s@localhost", sr.Username) @@ -666,7 +657,8 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC // LoginViaPAM queries if login/password is valid against the PAM, // and create a local user if success when enabled. func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig) (*User, error) { - if err := pam.Auth(cfg.ServiceName, login, password); err != nil { + pamLogin, err := pam.Auth(cfg.ServiceName, login, password) + if err != nil { if strings.Contains(err.Error(), "Authentication failure") { return nil, ErrUserNotExist{0, login, 0} } @@ -677,14 +669,21 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon return user, nil } + // Allow PAM sources with `@` in their name, like from Active Directory + username := pamLogin + idx := strings.Index(pamLogin, "@") + if idx > -1 { + username = pamLogin[:idx] + } + user = &User{ - LowerName: strings.ToLower(login), - Name: login, - Email: login, + LowerName: strings.ToLower(username), + Name: username, + Email: pamLogin, Passwd: password, LoginType: LoginPAM, LoginSource: sourceID, - LoginName: login, + LoginName: login, // This is what the user typed in IsActive: true, } return user, CreateUser(user) diff --git a/models/user.go b/models/user.go index 5031849f90..bf59c1240b 100644 --- a/models/user.go +++ b/models/user.go @@ -18,6 +18,7 @@ import ( "image/png" "os" "path/filepath" + "regexp" "strconv" "strings" "time" @@ -87,6 +88,9 @@ var ( // ErrUnsupportedLoginType login source is unknown error ErrUnsupportedLoginType = errors.New("Login source is unknown") + + // Characters prohibited in a user name (anything except A-Za-z0-9_.-) + alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`) ) // User represents the object of individual and member of organization. @@ -906,6 +910,11 @@ func isUsableName(names, patterns []string, name string) error { // IsUsableUsername returns an error when a username is reserved func IsUsableUsername(name string) error { + // Validate username make sure it satisfies requirement. + if alphaDashDotPattern.MatchString(name) { + // Note: usually this error is normally caught up earlier in the UI + return ErrNameCharsNotAllowed{Name: name} + } return isUsableName(reservedUsernames, reservedUserPatterns, name) } |