From 9ed9f6e4dfbe5a8c9fb1261e7fabe1380acb1997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20Boulanouar?= Date: Wed, 17 May 2017 21:56:41 +0200 Subject: [PATCH 01/21] Update User information in Gitea based on LDAP when login --- models/login_source.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/models/login_source.go b/models/login_source.go index ce03c4154f6d..ebf8b168dd7e 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -403,6 +403,18 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0 + // Update User if exist + isExist, err := IsUserExist(0, sr.Username) + if err != nil { + return nil, err + } else if isExist { + user.LowerName = strings.ToLower(sr.Username) + user.Name = sr.Username + user.FullName = composeFullName(sr.Name, sr.Surname, sr.Username) + user.Email = sr.Mail + user.IsAdmin = sr.IsAdmin + } + if !autoRegister { if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { return user, RewriteAllPublicKeys() From f15fcbfcf1669ae0e3a18b09e549b0dc9062564d Mon Sep 17 00:00:00 2001 From: Remy Boulanouar Date: Thu, 18 May 2017 13:42:17 +0200 Subject: [PATCH 02/21] Update Admin Flag only if exist in settings --- models/login_source.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/models/login_source.go b/models/login_source.go index ebf8b168dd7e..af2a9c4a3293 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -408,11 +408,12 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if err != nil { return nil, err } else if isExist { - user.LowerName = strings.ToLower(sr.Username) - user.Name = sr.Username user.FullName = composeFullName(sr.Name, sr.Surname, sr.Username) user.Email = sr.Mail - user.IsAdmin = sr.IsAdmin + // Change existing admin flag only if AdminFilter option is set + if len(source.LDAP().AdminFilter) > 0 { + user.IsAdmin = sr.IsAdmin + } } if !autoRegister { From 879b5f7b2d8d81af49b8d591157f3a91f574ca65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20Boulanouar?= Date: Mon, 28 Oct 2019 17:24:32 +0100 Subject: [PATCH 03/21] Fix affectation --- models/login_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index af2a9c4a3293..166acd9c3cb5 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -449,7 +449,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR IsAdmin: sr.IsAdmin, } - err := CreateUser(user) + err = CreateUser(user) if err == nil && isAttributeSSHPublicKeySet && addLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { err = RewriteAllPublicKeys() From d0f465e4c4ce130a8e358cd235e4ea3c98aa5cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20Boulanouar?= Date: Mon, 28 Oct 2019 17:25:16 +0100 Subject: [PATCH 04/21] Update models/login_source.go Co-Authored-By: JustKiddingCode --- models/login_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index af2a9c4a3293..7e5331d6a145 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -415,7 +415,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR user.IsAdmin = sr.IsAdmin } } - +updateUserCols(user,"full_name","email","is_admin") if !autoRegister { if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { return user, RewriteAllPublicKeys() From db57637478cb858dd2ba7e6c40259049cda5bf1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20Boulanouar?= Date: Tue, 29 Oct 2019 08:47:38 +0100 Subject: [PATCH 05/21] Better ident --- models/login_source.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index 82de9c8e4fbe..ef606b02266a 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -415,7 +415,8 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR user.IsAdmin = sr.IsAdmin } } -updateUserCols(user,"full_name","email","is_admin") + updateUserCols(user, "full_name", "email", "is_admin") + if !autoRegister { if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { return user, RewriteAllPublicKeys() From e9d9244866060474b81906a650e79351f0b1e195 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20Boulanouar?= Date: Fri, 1 Nov 2019 22:13:52 +0100 Subject: [PATCH 06/21] Apply suggestions from code review Update user information Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com> --- models/login_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index ef606b02266a..a0d4a112531f 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -414,8 +414,8 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if len(source.LDAP().AdminFilter) > 0 { user.IsAdmin = sr.IsAdmin } + UpdateUserCols(user, "full_name", "email", "is_admin") } - updateUserCols(user, "full_name", "email", "is_admin") if !autoRegister { if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { From 89f00069b4593fcc8aaf7161aa4579c693faff44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=CC=81my=20Boulanouar?= Date: Sun, 3 Nov 2019 21:17:48 +0100 Subject: [PATCH 07/21] Make fmt --- models/login_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index a0d4a112531f..453ad57dcae4 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -414,7 +414,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if len(source.LDAP().AdminFilter) > 0 { user.IsAdmin = sr.IsAdmin } - UpdateUserCols(user, "full_name", "email", "is_admin") + UpdateUserCols(user, "full_name", "email", "is_admin") } if !autoRegister { From f30e4a1edd3c0114ffd7d8d4e84b7bd3065bc178 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Wed, 6 Nov 2019 00:27:41 +0100 Subject: [PATCH 08/21] add err handling --- models/login_source.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index 453ad57dcae4..2d32c2da3071 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -414,7 +414,10 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if len(source.LDAP().AdminFilter) > 0 { user.IsAdmin = sr.IsAdmin } - UpdateUserCols(user, "full_name", "email", "is_admin") + if err := UpdateUserCols(user, "full_name", "email", "is_admin"); err != nil { + return nil, err + } + } if !autoRegister { From 1657a6224987b6deea9c49c5869d8258d0b7ba8d Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 7 Nov 2019 16:15:39 +0100 Subject: [PATCH 09/21] if user exist but login is Prohibit return return nil, and Prohibit err --- models/login_source.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/models/login_source.go b/models/login_source.go index 2d32c2da3071..54ddd6826988 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -408,6 +408,9 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if err != nil { return nil, err } else if isExist { + if user.ProhibitLogin { + return nil, ErrUserProhibitLogin{user.ID, user.Name} + } user.FullName = composeFullName(sr.Name, sr.Surname, sr.Username) user.Email = sr.Mail // Change existing admin flag only if AdminFilter option is set From 7ab74eb05218b8912dcd78153f41230365191654 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 7 Nov 2019 16:22:01 +0100 Subject: [PATCH 10/21] keep login speed --- models/login_source.go | 5 +---- models/user.go | 7 +++++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/models/login_source.go b/models/login_source.go index 54ddd6826988..bced2bcee3f0 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -417,10 +417,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if len(source.LDAP().AdminFilter) > 0 { user.IsAdmin = sr.IsAdmin } - if err := UpdateUserCols(user, "full_name", "email", "is_admin"); err != nil { - return nil, err - } - + go UpdateLdapUserAtLogin(user) } if !autoRegister { diff --git a/models/user.go b/models/user.go index 7aa1e143e835..fddd3109ced1 100644 --- a/models/user.go +++ b/models/user.go @@ -1827,3 +1827,10 @@ func SyncExternalUsers() { } } } + +func UpdateLdapUserAtLogin(user *User) (err error) { + if err := UpdateUserCols(user, "full_name", "email", "is_admin"); err != nil { + return err + } + return nil +} From 6c703ff77ee570a776170f215ead8bc14f2ac814 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 7 Nov 2019 16:37:56 +0100 Subject: [PATCH 11/21] User sync is implemented at #1478 - so only make sure that admin acces is drpoed if changed --- models/login_source.go | 10 +++------- models/user.go | 7 ------- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/models/login_source.go b/models/login_source.go index bced2bcee3f0..b6a854e002a3 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -410,14 +410,10 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR } else if isExist { if user.ProhibitLogin { return nil, ErrUserProhibitLogin{user.ID, user.Name} + } else if len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { + // Change existing admin flag only if AdminFilter option is set + go UpdateUserCols(user, "is_admin") } - user.FullName = composeFullName(sr.Name, sr.Surname, sr.Username) - user.Email = sr.Mail - // Change existing admin flag only if AdminFilter option is set - if len(source.LDAP().AdminFilter) > 0 { - user.IsAdmin = sr.IsAdmin - } - go UpdateLdapUserAtLogin(user) } if !autoRegister { diff --git a/models/user.go b/models/user.go index fddd3109ced1..7aa1e143e835 100644 --- a/models/user.go +++ b/models/user.go @@ -1827,10 +1827,3 @@ func SyncExternalUsers() { } } } - -func UpdateLdapUserAtLogin(user *User) (err error) { - if err := UpdateUserCols(user, "full_name", "email", "is_admin"); err != nil { - return err - } - return nil -} From a589d7579726bb05cc8f950c5681129cf6cff26d Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 7 Nov 2019 16:50:51 +0100 Subject: [PATCH 12/21] handle error and still use async task --- models/login_source.go | 2 +- models/user.go | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index b6a854e002a3..46c27456e717 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -412,7 +412,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR return nil, ErrUserProhibitLogin{user.ID, user.Name} } else if len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { // Change existing admin flag only if AdminFilter option is set - go UpdateUserCols(user, "is_admin") + go AsyncUpdateUserCols(user, "is_admin") } } diff --git a/models/user.go b/models/user.go index 7aa1e143e835..ea1aea9dc3c6 100644 --- a/models/user.go +++ b/models/user.go @@ -1033,6 +1033,14 @@ func UpdateUserCols(u *User, cols ...string) error { return updateUserCols(x, u, cols...) } +// AsyncUpdateUserCols is UpdateUserCols with no return value +func AsyncUpdateUserCols(u *User, cols ...string) { + err := updateUserCols(x, u, cols...) + if err != nil { + log.Error("AsyncUpdateUserCols has an error", err) + } +} + func updateUserCols(e Engine, u *User, cols ...string) error { _, err := e.ID(u.ID).Cols(cols...).Update(u) return err From d39606e3784010ece90a2583f8ada3c90675a1cf Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Fri, 8 Nov 2019 22:02:54 +0100 Subject: [PATCH 13/21] no async --- models/login_source.go | 9 +++++---- models/user.go | 8 -------- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/models/login_source.go b/models/login_source.go index 46c27456e717..7c0cb12d9276 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -408,11 +408,12 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if err != nil { return nil, err } else if isExist { - if user.ProhibitLogin { - return nil, ErrUserProhibitLogin{user.ID, user.Name} - } else if len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { + if !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { // Change existing admin flag only if AdminFilter option is set - go AsyncUpdateUserCols(user, "is_admin") + err = UpdateUserCols(user, "is_admin") + if err != nil { + return nil, err + } } } diff --git a/models/user.go b/models/user.go index ea1aea9dc3c6..7aa1e143e835 100644 --- a/models/user.go +++ b/models/user.go @@ -1033,14 +1033,6 @@ func UpdateUserCols(u *User, cols ...string) error { return updateUserCols(x, u, cols...) } -// AsyncUpdateUserCols is UpdateUserCols with no return value -func AsyncUpdateUserCols(u *User, cols ...string) { - err := updateUserCols(x, u, cols...) - if err != nil { - log.Error("AsyncUpdateUserCols has an error", err) - } -} - func updateUserCols(e Engine, u *User, cols ...string) error { _, err := e.ID(u.ID).Cols(cols...).Update(u) return err From 406a7bf8471a6f7af9217624408bb04657be5d81 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Fri, 8 Nov 2019 22:09:49 +0100 Subject: [PATCH 14/21] only update admin if Sync is enabled --- models/login_source.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index 7c0cb12d9276..ef84a2c3fe10 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -408,12 +408,13 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if err != nil { return nil, err } else if isExist { - if !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { + if !user.ProhibitLogin && source.IsSyncEnabled && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { // Change existing admin flag only if AdminFilter option is set err = UpdateUserCols(user, "is_admin") if err != nil { return nil, err } + } } From fb2f9a405b440ac618579434733211d2087bea2f Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Fri, 8 Nov 2019 22:14:26 +0100 Subject: [PATCH 15/21] update two comments --- models/login_source.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index ef84a2c3fe10..0942e5e65530 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -403,7 +404,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0 - // Update User if exist + // Update User admin flag if exist isExist, err := IsUserExist(0, sr.Username) if err != nil { return nil, err From 66d7857025bcb7f33e31578d7c8aed23ab37aedc Mon Sep 17 00:00:00 2001 From: 6543 <24977596+6543@users.noreply.github.com> Date: Sat, 9 Nov 2019 23:43:44 +0100 Subject: [PATCH 16/21] add lafriks suggestions Co-Authored-By: Lauris BH --- models/login_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index 0942e5e65530..fb461b626ede 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -405,7 +405,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0 // Update User admin flag if exist - isExist, err := IsUserExist(0, sr.Username) + if isExist, err := IsUserExist(0, sr.Username); err != nil { if err != nil { return nil, err } else if isExist { From cdb94ca7df98fb31f796775123ebf46e4c2cd882 Mon Sep 17 00:00:00 2001 From: 6543 <24977596+6543@users.noreply.github.com> Date: Sun, 10 Nov 2019 00:15:10 +0100 Subject: [PATCH 17/21] if adminFilter is set - use it Co-Authored-By: Lauris BH --- models/login_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index fb461b626ede..4eafa0ad4c0b 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -409,7 +409,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR if err != nil { return nil, err } else if isExist { - if !user.ProhibitLogin && source.IsSyncEnabled && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { + if !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { // Change existing admin flag only if AdminFilter option is set err = UpdateUserCols(user, "is_admin") if err != nil { From 11dc5d39abd98172fc49b18226472ab65a429cd7 Mon Sep 17 00:00:00 2001 From: 6543 <24977596+6543@users.noreply.github.com> Date: Sun, 10 Nov 2019 00:15:47 +0100 Subject: [PATCH 18/21] Update models/login_source.go well - I should look more detaild at suggestions :D Co-Authored-By: Lauris BH --- models/login_source.go | 1 - 1 file changed, 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index 4eafa0ad4c0b..808fbead626e 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -406,7 +406,6 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR // Update User admin flag if exist if isExist, err := IsUserExist(0, sr.Username); err != nil { - if err != nil { return nil, err } else if isExist { if !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { From c73ce44381861a0250c8941914127d333c46be9c Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sun, 10 Nov 2019 01:50:05 +0100 Subject: [PATCH 19/21] make it work again --- models/login_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/login_source.go b/models/login_source.go index 808fbead626e..3e1035060e4a 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -451,7 +451,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR IsAdmin: sr.IsAdmin, } - err = CreateUser(user) + err := CreateUser(user) if err == nil && isAttributeSSHPublicKeySet && addLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { err = RewriteAllPublicKeys() From 0112c77b05e7b9a34d791f96f4aece3a93acd8c3 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Wed, 13 Nov 2019 10:04:44 +0100 Subject: [PATCH 20/21] set is_admin value to user --- models/login_source.go | 1 + 1 file changed, 1 insertion(+) diff --git a/models/login_source.go b/models/login_source.go index 3e1035060e4a..ab7b0289da86 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -410,6 +410,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR } else if isExist { if !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { // Change existing admin flag only if AdminFilter option is set + user.IsAdmin = sr.IsAdmin err = UpdateUserCols(user, "is_admin") if err != nil { return nil, err From 9d255ed954283cb2753413c6714a9afd26408054 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Wed, 13 Nov 2019 13:39:55 +0100 Subject: [PATCH 21/21] look nicer --- models/login_source.go | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/models/login_source.go b/models/login_source.go index ab7b0289da86..b8441adcc4c7 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -407,15 +407,13 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR // Update User admin flag if exist if isExist, err := IsUserExist(0, sr.Username); err != nil { return nil, err - } else if isExist { - if !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { - // Change existing admin flag only if AdminFilter option is set - user.IsAdmin = sr.IsAdmin - err = UpdateUserCols(user, "is_admin") - if err != nil { - return nil, err - } - + } else if isExist && + !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { + // Change existing admin flag only if AdminFilter option is set + user.IsAdmin = sr.IsAdmin + err = UpdateUserCols(user, "is_admin") + if err != nil { + return nil, err } }