Fix ldap loginname (#18789)

* Use email_address table to check user's email when login with email adress

* Update services/auth/signin.go

* Fix test

* Fix test

* Fix logging in with ldap username != loginname

* Fix if user does not exist yet

* Make more clear this is loginName

* Fix formatting

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
pull/18807/head
Johan Van de Wauw 3 years ago committed by GitHub
parent 1ab88da0e4
commit 0cc2675c44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      integrations/signin_test.go
  2. 14
      models/user/user_test.go
  3. 9
      services/auth/signin.go
  4. 8
      services/auth/source/ldap/source_authenticate.go

@ -51,8 +51,6 @@ func TestSignin(t *testing.T) {
{username: "wrongUsername", password: "password", message: i18n.Tr("en", "form.username_password_incorrect")}, {username: "wrongUsername", password: "password", message: i18n.Tr("en", "form.username_password_incorrect")},
{username: "user15", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")}, {username: "user15", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")},
{username: "user1@example.com", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")}, {username: "user1@example.com", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")},
// test for duplicate email
{username: "user2@example.com", password: "password", message: i18n.Tr("en", "form.email_been_used")},
} }
for _, s := range samples { for _, s := range samples {

@ -235,6 +235,20 @@ func TestCreateUserInvalidEmail(t *testing.T) {
assert.True(t, IsErrEmailInvalid(err)) assert.True(t, IsErrEmailInvalid(err))
} }
func TestCreateUserEmailAlreadyUsed(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
// add new user with user2's email
user.Name = "testuser"
user.LowerName = strings.ToLower(user.Name)
user.ID = 0
err := CreateUser(user)
assert.Error(t, err)
assert.True(t, IsErrEmailAlreadyUsed(err))
}
func TestGetUserIDsByNames(t *testing.T) { func TestGetUserIDsByNames(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase()) assert.NoError(t, unittest.PrepareTestDatabase())

@ -24,17 +24,18 @@ import (
func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) { func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) {
var user *user_model.User var user *user_model.User
if strings.Contains(username, "@") { if strings.Contains(username, "@") {
user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))} emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))}
// check same email // check same email
cnt, err := db.Count(user) has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
if cnt > 1 { if !has {
return nil, nil, user_model.ErrEmailAlreadyUsed{ return nil, nil, user_model.ErrEmailAddressNotExist{
Email: user.Email, Email: user.Email,
} }
} }
user = &user_model.User{ID: emailAddress.UID}
} else { } else {
trimmedUsername := strings.TrimSpace(username) trimmedUsername := strings.TrimSpace(username)
if len(trimmedUsername) == 0 { if len(trimmedUsername) == 0 {

@ -20,10 +20,14 @@ import (
// Authenticate queries if login/password is valid against the LDAP directory pool, // Authenticate queries if login/password is valid against the LDAP directory pool,
// and create a local user if success when enabled. // and create a local user if success when enabled.
func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) { func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP) loginName := userName
if user != nil {
loginName = user.LoginName
}
sr := source.SearchEntry(loginName, password, source.authSource.Type == auth.DLDAP)
if sr == nil { if sr == nil {
// User not in LDAP, do nothing // User not in LDAP, do nothing
return nil, user_model.ErrUserNotExist{Name: userName} return nil, user_model.ErrUserNotExist{Name: loginName}
} }
isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0 isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0

Loading…
Cancel
Save