summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
Diffstat (limited to 'models')
-rw-r--r--models/error.go15
-rw-r--r--models/login_source.go27
-rw-r--r--models/user.go9
3 files changed, 37 insertions, 14 deletions
diff --git a/models/error.go b/models/error.go
index a679372737..675b7406b8 100644
--- a/models/error.go
+++ b/models/error.go
@@ -57,6 +57,21 @@ func (err ErrNamePatternNotAllowed) Error() string {
return fmt.Sprintf("name pattern is not allowed [pattern: %s]", err.Pattern)
}
+// ErrNameCharsNotAllowed represents a "character not allowed in name" error.
+type ErrNameCharsNotAllowed struct {
+ Name string
+}
+
+// IsErrNameCharsNotAllowed checks if an error is an ErrNameCharsNotAllowed.
+func IsErrNameCharsNotAllowed(err error) bool {
+ _, ok := err.(ErrNameCharsNotAllowed)
+ return ok
+}
+
+func (err ErrNameCharsNotAllowed) Error() string {
+ return fmt.Sprintf("User name is invalid [%s]: must be valid alpha or numeric or dash(-_) or dot characters", err.Name)
+}
+
// ErrSSHDisabled represents an "SSH disabled" error.
type ErrSSHDisabled struct {
}
diff --git a/models/login_source.go b/models/login_source.go
index f5dae860f8..2774d6f80d 100644
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -12,7 +12,6 @@ import (
"fmt"
"net/smtp"
"net/textproto"
- "regexp"
"strings"
"code.gitea.io/gitea/modules/auth/ldap"
@@ -455,10 +454,6 @@ func composeFullName(firstname, surname, username string) string {
}
}
-var (
- alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
-)
-
// LoginViaLDAP queries if login/password is valid against the LDAP directory pool,
// and create a local user if success when enabled.
func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*User, error) {
@@ -503,10 +498,6 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*Use
if len(sr.Username) == 0 {
sr.Username = login
}
- // Validate username make sure it satisfies requirement.
- if alphaDashDotPattern.MatchString(sr.Username) {
- return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", sr.Username)
- }
if len(sr.Mail) == 0 {
sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)
@@ -666,7 +657,8 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC
// LoginViaPAM queries if login/password is valid against the PAM,
// and create a local user if success when enabled.
func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig) (*User, error) {
- if err := pam.Auth(cfg.ServiceName, login, password); err != nil {
+ pamLogin, err := pam.Auth(cfg.ServiceName, login, password)
+ if err != nil {
if strings.Contains(err.Error(), "Authentication failure") {
return nil, ErrUserNotExist{0, login, 0}
}
@@ -677,14 +669,21 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon
return user, nil
}
+ // Allow PAM sources with `@` in their name, like from Active Directory
+ username := pamLogin
+ idx := strings.Index(pamLogin, "@")
+ if idx > -1 {
+ username = pamLogin[:idx]
+ }
+
user = &User{
- LowerName: strings.ToLower(login),
- Name: login,
- Email: login,
+ LowerName: strings.ToLower(username),
+ Name: username,
+ Email: pamLogin,
Passwd: password,
LoginType: LoginPAM,
LoginSource: sourceID,
- LoginName: login,
+ LoginName: login, // This is what the user typed in
IsActive: true,
}
return user, CreateUser(user)
diff --git a/models/user.go b/models/user.go
index 5031849f90..bf59c1240b 100644
--- a/models/user.go
+++ b/models/user.go
@@ -18,6 +18,7 @@ import (
"image/png"
"os"
"path/filepath"
+ "regexp"
"strconv"
"strings"
"time"
@@ -87,6 +88,9 @@ var (
// ErrUnsupportedLoginType login source is unknown error
ErrUnsupportedLoginType = errors.New("Login source is unknown")
+
+ // Characters prohibited in a user name (anything except A-Za-z0-9_.-)
+ alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
)
// User represents the object of individual and member of organization.
@@ -906,6 +910,11 @@ func isUsableName(names, patterns []string, name string) error {
// IsUsableUsername returns an error when a username is reserved
func IsUsableUsername(name string) error {
+ // Validate username make sure it satisfies requirement.
+ if alphaDashDotPattern.MatchString(name) {
+ // Note: usually this error is normally caught up earlier in the UI
+ return ErrNameCharsNotAllowed{Name: name}
+ }
return isUsableName(reservedUsernames, reservedUserPatterns, name)
}