mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-13 10:35:33 +00:00
routers/repo/setting.go: fix LDAP cannot validate password #1006
This commit is contained in:
parent
e3d73d9b24
commit
18c0697329
2 changed files with 67 additions and 61 deletions
100
models/login.go
100
models/login.go
|
@ -169,61 +169,59 @@ func UserSignIn(uname, passwd string) (*User, error) {
|
||||||
// For plain login, user must exist to reach this line.
|
// For plain login, user must exist to reach this line.
|
||||||
// Now verify password.
|
// Now verify password.
|
||||||
if u.LoginType == PLAIN {
|
if u.LoginType == PLAIN {
|
||||||
newUser := &User{Passwd: passwd, Salt: u.Salt}
|
if !u.ValidtePassword(passwd) {
|
||||||
newUser.EncodePasswd()
|
|
||||||
if u.Passwd != newUser.Passwd {
|
|
||||||
return nil, ErrUserNotExist
|
return nil, ErrUserNotExist
|
||||||
}
|
}
|
||||||
return u, nil
|
return u, nil
|
||||||
} else {
|
|
||||||
if !has {
|
|
||||||
var sources []LoginSource
|
|
||||||
if err = x.UseBool().Find(&sources,
|
|
||||||
&LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, source := range sources {
|
|
||||||
if source.Type == LDAP {
|
|
||||||
u, err := LoginUserLdapSource(nil, uname, passwd,
|
|
||||||
source.Id, source.Cfg.(*LDAPConfig), true)
|
|
||||||
if err == nil {
|
|
||||||
return u, nil
|
|
||||||
}
|
|
||||||
log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err)
|
|
||||||
} else if source.Type == SMTP {
|
|
||||||
u, err := LoginUserSMTPSource(nil, uname, passwd,
|
|
||||||
source.Id, source.Cfg.(*SMTPConfig), true)
|
|
||||||
if err == nil {
|
|
||||||
return u, nil
|
|
||||||
}
|
|
||||||
log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil, ErrUserNotExist
|
|
||||||
}
|
|
||||||
|
|
||||||
var source LoginSource
|
|
||||||
hasSource, err := x.Id(u.LoginSource).Get(&source)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
} else if !hasSource {
|
|
||||||
return nil, ErrLoginSourceNotExist
|
|
||||||
} else if !source.IsActived {
|
|
||||||
return nil, ErrLoginSourceNotActived
|
|
||||||
}
|
|
||||||
|
|
||||||
switch u.LoginType {
|
|
||||||
case LDAP:
|
|
||||||
return LoginUserLdapSource(u, u.LoginName, passwd,
|
|
||||||
source.Id, source.Cfg.(*LDAPConfig), false)
|
|
||||||
case SMTP:
|
|
||||||
return LoginUserSMTPSource(u, u.LoginName, passwd,
|
|
||||||
source.Id, source.Cfg.(*SMTPConfig), false)
|
|
||||||
}
|
|
||||||
return nil, ErrUnsupportedLoginType
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !has {
|
||||||
|
var sources []LoginSource
|
||||||
|
if err = x.UseBool().Find(&sources,
|
||||||
|
&LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, source := range sources {
|
||||||
|
if source.Type == LDAP {
|
||||||
|
u, err := LoginUserLdapSource(nil, uname, passwd,
|
||||||
|
source.Id, source.Cfg.(*LDAPConfig), true)
|
||||||
|
if err == nil {
|
||||||
|
return u, nil
|
||||||
|
}
|
||||||
|
log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err)
|
||||||
|
} else if source.Type == SMTP {
|
||||||
|
u, err := LoginUserSMTPSource(nil, uname, passwd,
|
||||||
|
source.Id, source.Cfg.(*SMTPConfig), true)
|
||||||
|
if err == nil {
|
||||||
|
return u, nil
|
||||||
|
}
|
||||||
|
log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil, ErrUserNotExist
|
||||||
|
}
|
||||||
|
|
||||||
|
var source LoginSource
|
||||||
|
hasSource, err := x.Id(u.LoginSource).Get(&source)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
} else if !hasSource {
|
||||||
|
return nil, ErrLoginSourceNotExist
|
||||||
|
} else if !source.IsActived {
|
||||||
|
return nil, ErrLoginSourceNotActived
|
||||||
|
}
|
||||||
|
|
||||||
|
switch u.LoginType {
|
||||||
|
case LDAP:
|
||||||
|
return LoginUserLdapSource(u, u.LoginName, passwd,
|
||||||
|
source.Id, source.Cfg.(*LDAPConfig), false)
|
||||||
|
case SMTP:
|
||||||
|
return LoginUserSMTPSource(u, u.LoginName, passwd,
|
||||||
|
source.Id, source.Cfg.(*SMTPConfig), false)
|
||||||
|
}
|
||||||
|
return nil, ErrUnsupportedLoginType
|
||||||
}
|
}
|
||||||
|
|
||||||
// Query if name/passwd can login against the LDAP directory pool
|
// Query if name/passwd can login against the LDAP directory pool
|
||||||
|
|
|
@ -111,10 +111,18 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
|
||||||
} else if !isExist {
|
} else if !isExist {
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil)
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil)
|
||||||
return
|
return
|
||||||
} else if !ctx.User.ValidtePassword(ctx.Query("password")) {
|
}
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
|
|
||||||
|
if _, err = models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
|
||||||
|
if err == models.ErrUserNotExist {
|
||||||
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
|
||||||
|
} else {
|
||||||
|
ctx.Handle(500, "UserSignIn", err)
|
||||||
|
}
|
||||||
return
|
return
|
||||||
} else if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil {
|
}
|
||||||
|
|
||||||
|
if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil {
|
||||||
if err == models.ErrRepoAlreadyExist {
|
if err == models.ErrRepoAlreadyExist {
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil)
|
ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil)
|
||||||
} else {
|
} else {
|
||||||
|
@ -136,15 +144,15 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
|
||||||
ctx.Error(404)
|
ctx.Error(404)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !ctx.User.ValidtePassword(ctx.Query("password")) {
|
}
|
||||||
|
|
||||||
|
if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
|
||||||
|
if err == models.ErrUserNotExist {
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
|
||||||
return
|
} else {
|
||||||
}
|
ctx.Handle(500, "UserSignIn", err)
|
||||||
} else {
|
|
||||||
if !ctx.Repo.Owner.ValidtePassword(ctx.Query("password")) {
|
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil {
|
if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue