Browse Source

routers/repo/setting.go: fix LDAP cannot validate password #1006

pull/1001/merge
Unknwon 10 years ago
parent
commit
18c0697329
  1. 88
      models/login.go
  2. 28
      routers/repo/setting.go

88
models/login.go

@ -169,61 +169,59 @@ func UserSignIn(uname, passwd string) (*User, error) {
// For plain login, user must exist to reach this line. // For plain login, user must exist to reach this line.
// Now verify password. // Now verify password.
if u.LoginType == PLAIN { if u.LoginType == PLAIN {
newUser := &User{Passwd: passwd, Salt: u.Salt} if !u.ValidtePassword(passwd) {
newUser.EncodePasswd()
if u.Passwd != newUser.Passwd {
return nil, ErrUserNotExist return nil, ErrUserNotExist
} }
return u, nil return u, nil
} else { }
if !has {
var sources []LoginSource if !has {
if err = x.UseBool().Find(&sources, var sources []LoginSource
&LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil { if err = x.UseBool().Find(&sources,
return nil, err &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {
} return nil, err
}
for _, source := range sources { for _, source := range sources {
if source.Type == LDAP { if source.Type == LDAP {
u, err := LoginUserLdapSource(nil, uname, passwd, u, err := LoginUserLdapSource(nil, uname, passwd,
source.Id, source.Cfg.(*LDAPConfig), true) source.Id, source.Cfg.(*LDAPConfig), true)
if err == nil { if err == nil {
return u, nil return u, nil
} }
log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err) log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err)
} else if source.Type == SMTP { } else if source.Type == SMTP {
u, err := LoginUserSMTPSource(nil, uname, passwd, u, err := LoginUserSMTPSource(nil, uname, passwd,
source.Id, source.Cfg.(*SMTPConfig), true) source.Id, source.Cfg.(*SMTPConfig), true)
if err == nil { if err == nil {
return u, nil return u, nil
}
log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)
} }
log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)
} }
return nil, ErrUserNotExist
} }
var source LoginSource return nil, ErrUserNotExist
hasSource, err := x.Id(u.LoginSource).Get(&source) }
if err != nil {
return nil, err
} else if !hasSource {
return nil, ErrLoginSourceNotExist
} else if !source.IsActived {
return nil, ErrLoginSourceNotActived
}
switch u.LoginType { var source LoginSource
case LDAP: hasSource, err := x.Id(u.LoginSource).Get(&source)
return LoginUserLdapSource(u, u.LoginName, passwd, if err != nil {
source.Id, source.Cfg.(*LDAPConfig), false) return nil, err
case SMTP: } else if !hasSource {
return LoginUserSMTPSource(u, u.LoginName, passwd, return nil, ErrLoginSourceNotExist
source.Id, source.Cfg.(*SMTPConfig), false) } else if !source.IsActived {
} return nil, ErrLoginSourceNotActived
return nil, ErrUnsupportedLoginType }
switch u.LoginType {
case LDAP:
return LoginUserLdapSource(u, u.LoginName, passwd,
source.Id, source.Cfg.(*LDAPConfig), false)
case SMTP:
return LoginUserSMTPSource(u, u.LoginName, passwd,
source.Id, source.Cfg.(*SMTPConfig), false)
} }
return nil, ErrUnsupportedLoginType
} }
// Query if name/passwd can login against the LDAP directory pool // Query if name/passwd can login against the LDAP directory pool

28
routers/repo/setting.go

@ -111,10 +111,18 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
} else if !isExist { } else if !isExist {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil) ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil)
return return
} else if !ctx.User.ValidtePassword(ctx.Query("password")) { }
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
if _, err = models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
if err == models.ErrUserNotExist {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
} else {
ctx.Handle(500, "UserSignIn", err)
}
return return
} else if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil { }
if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil {
if err == models.ErrRepoAlreadyExist { if err == models.ErrRepoAlreadyExist {
ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil) ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil)
} else { } else {
@ -136,15 +144,15 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
ctx.Error(404) ctx.Error(404)
return return
} }
if !ctx.User.ValidtePassword(ctx.Query("password")) { }
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
return if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
} if err == models.ErrUserNotExist {
} else {
if !ctx.Repo.Owner.ValidtePassword(ctx.Query("password")) {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil) ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
return } else {
ctx.Handle(500, "UserSignIn", err)
} }
return
} }
if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil { if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil {

Loading…
Cancel
Save