Browse Source
Fix ldap loginname (#18789) (#18804)
* Use email_address table to check user's email when login with email adress * Update services/auth/signin.go * Fix test * Fix test * Fix logging in with ldap username != loginname * Fix if user does not exist yet * Make more clear this is loginName * Fix formatting Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Johan Van de Wauw <johan@gisky.be> Co-authored-by: zeripath <art27@cantab.net>tags/v1.16.2
Lunny Xiao
2 years ago
4 changed files with 25 additions and 8 deletions
+ 0
- 2
integrations/signin_test.go
View File
| @@ -51,8 +51,6 @@ func TestSignin(t *testing.T) { | |||
| {username: "wrongUsername", password: "password", message: i18n.Tr("en", "form.username_password_incorrect")}, | |||
| {username: "user15", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")}, | |||
| {username: "user1@example.com", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")}, | |||
| // test for duplicate email | |||
| {username: "user2@example.com", password: "password", message: i18n.Tr("en", "form.email_been_used")}, | |||
| } | |||
| for _, s := range samples { | |||
+ 14
- 0
models/user/user_test.go
View File
| @@ -235,6 +235,20 @@ func TestCreateUserInvalidEmail(t *testing.T) { | |||
| assert.True(t, IsErrEmailInvalid(err)) | |||
| } | |||
| func TestCreateUserEmailAlreadyUsed(t *testing.T) { | |||
| assert.NoError(t, unittest.PrepareTestDatabase()) | |||
| user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) | |||
| // add new user with user2's email | |||
| user.Name = "testuser" | |||
| user.LowerName = strings.ToLower(user.Name) | |||
| user.ID = 0 | |||
| err := CreateUser(user) | |||
| assert.Error(t, err) | |||
| assert.True(t, IsErrEmailAlreadyUsed(err)) | |||
| } | |||
| func TestGetUserIDsByNames(t *testing.T) { | |||
| assert.NoError(t, unittest.PrepareTestDatabase()) | |||
+ 5
- 4
services/auth/signin.go
View File
| @@ -24,17 +24,18 @@ import ( | |||
| func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) { | |||
| var user *user_model.User | |||
| if strings.Contains(username, "@") { | |||
| user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))} | |||
| emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))} | |||
| // check same email | |||
| cnt, err := db.Count(user) | |||
| has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress) | |||
| if err != nil { | |||
| return nil, nil, err | |||
| } | |||
| if cnt > 1 { | |||
| return nil, nil, user_model.ErrEmailAlreadyUsed{ | |||
| if !has { | |||
| return nil, nil, user_model.ErrEmailAddressNotExist{ | |||
| Email: user.Email, | |||
| } | |||
| } | |||
| user = &user_model.User{ID: emailAddress.UID} | |||
| } else { | |||
| trimmedUsername := strings.TrimSpace(username) | |||
| if len(trimmedUsername) == 0 { | |||
+ 6
- 2
services/auth/source/ldap/source_authenticate.go
View File
| @@ -19,10 +19,14 @@ import ( | |||
| // Authenticate queries if login/password is valid against the LDAP directory pool, | |||
| // and create a local user if success when enabled. | |||
| func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) { | |||
| sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP) | |||
| loginName := userName | |||
| if user != nil { | |||
| loginName = user.LoginName | |||
| } | |||
| sr := source.SearchEntry(loginName, password, source.authSource.Type == auth.DLDAP) | |||
| if sr == nil { | |||
| // User not in LDAP, do nothing | |||
| return nil, user_model.ErrUserNotExist{Name: userName} | |||
| return nil, user_model.ErrUserNotExist{Name: loginName} | |||
| } | |||
| isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0 | |||
Loading…