* Use email_address table to check user's email when login with email adress * Update services/auth/signin.go * Fix test * Fix test * Fix logging in with ldap username != loginname * Fix if user does not exist yet * Make more clear this is loginName * Fix formatting Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Johan Van de Wauw <johan@gisky.be> Co-authored-by: zeripath <art27@cantab.net>tags/v1.16.2
@@ -51,8 +51,6 @@ func TestSignin(t *testing.T) { | |||
{username: "wrongUsername", password: "password", message: i18n.Tr("en", "form.username_password_incorrect")}, | |||
{username: "user15", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")}, | |||
{username: "user1@example.com", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")}, | |||
// test for duplicate email | |||
{username: "user2@example.com", password: "password", message: i18n.Tr("en", "form.email_been_used")}, | |||
} | |||
for _, s := range samples { |
@@ -235,6 +235,20 @@ func TestCreateUserInvalidEmail(t *testing.T) { | |||
assert.True(t, IsErrEmailInvalid(err)) | |||
} | |||
func TestCreateUserEmailAlreadyUsed(t *testing.T) { | |||
assert.NoError(t, unittest.PrepareTestDatabase()) | |||
user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) | |||
// add new user with user2's email | |||
user.Name = "testuser" | |||
user.LowerName = strings.ToLower(user.Name) | |||
user.ID = 0 | |||
err := CreateUser(user) | |||
assert.Error(t, err) | |||
assert.True(t, IsErrEmailAlreadyUsed(err)) | |||
} | |||
func TestGetUserIDsByNames(t *testing.T) { | |||
assert.NoError(t, unittest.PrepareTestDatabase()) | |||
@@ -24,17 +24,18 @@ import ( | |||
func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) { | |||
var user *user_model.User | |||
if strings.Contains(username, "@") { | |||
user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))} | |||
emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))} | |||
// check same email | |||
cnt, err := db.Count(user) | |||
has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress) | |||
if err != nil { | |||
return nil, nil, err | |||
} | |||
if cnt > 1 { | |||
return nil, nil, user_model.ErrEmailAlreadyUsed{ | |||
if !has { | |||
return nil, nil, user_model.ErrEmailAddressNotExist{ | |||
Email: user.Email, | |||
} | |||
} | |||
user = &user_model.User{ID: emailAddress.UID} | |||
} else { | |||
trimmedUsername := strings.TrimSpace(username) | |||
if len(trimmedUsername) == 0 { |
@@ -19,10 +19,14 @@ import ( | |||
// Authenticate queries if login/password is valid against the LDAP directory pool, | |||
// and create a local user if success when enabled. | |||
func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) { | |||
sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP) | |||
loginName := userName | |||
if user != nil { | |||
loginName = user.LoginName | |||
} | |||
sr := source.SearchEntry(loginName, password, source.authSource.Type == auth.DLDAP) | |||
if sr == nil { | |||
// User not in LDAP, do nothing | |||
return nil, user_model.ErrUserNotExist{Name: userName} | |||
return nil, user_model.ErrUserNotExist{Name: loginName} | |||
} | |||
isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0 |