fix ldap sync for disabled users, check if admin username is an email address, rename username to email
This commit is contained in:
parent
5bc3aa0036
commit
e1c7a43496
|
@ -20,9 +20,8 @@
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<form class="form-signin" method="post">
|
<form class="form-signin" method="post">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="inputUsername">Username</label>
|
<label for="inputUsername">Email</label>
|
||||||
<input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter username">
|
<input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter email">
|
||||||
<small id="usernameHelp" class="form-text text-muted">Please enter your LDAP username, not the email address.</small>
|
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="inputPassword">Password</label>
|
<label for="inputPassword">Password</label>
|
||||||
|
|
|
@ -3,6 +3,7 @@ package password
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
"math/rand"
|
||||||
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -14,6 +15,8 @@ import (
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
|
||||||
|
|
||||||
// Provider implements a password login method for a database backend.
|
// Provider implements a password login method for a database backend.
|
||||||
type Provider struct {
|
type Provider struct {
|
||||||
db *gorm.DB
|
db *gorm.DB
|
||||||
|
@ -104,6 +107,10 @@ func (provider Provider) GetUserModel(ctx *authentication.AuthContext) (*authent
|
||||||
}
|
}
|
||||||
|
|
||||||
func (provider Provider) InitializeAdmin(email, password string) error {
|
func (provider Provider) InitializeAdmin(email, password string) error {
|
||||||
|
if !emailRegex.MatchString(email) {
|
||||||
|
return errors.New("admin username must be an email address")
|
||||||
|
}
|
||||||
|
|
||||||
admin := users.User{}
|
admin := users.User{}
|
||||||
provider.db.Unscoped().Where("email = ?", email).FirstOrInit(&admin)
|
provider.db.Unscoped().Where("email = ?", email).FirstOrInit(&admin)
|
||||||
|
|
||||||
|
|
|
@ -60,7 +60,7 @@ type Config struct {
|
||||||
Title string `yaml:"title" envconfig:"WEBSITE_TITLE"`
|
Title string `yaml:"title" envconfig:"WEBSITE_TITLE"`
|
||||||
CompanyName string `yaml:"company" envconfig:"COMPANY_NAME"`
|
CompanyName string `yaml:"company" envconfig:"COMPANY_NAME"`
|
||||||
MailFrom string `yaml:"mailFrom" envconfig:"MAIL_FROM"`
|
MailFrom string `yaml:"mailFrom" envconfig:"MAIL_FROM"`
|
||||||
AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"`
|
AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"` // must be an email address
|
||||||
AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
|
AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
|
||||||
EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
|
EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
|
||||||
CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
|
CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
|
||||||
|
|
|
@ -93,16 +93,16 @@ func (s *Server) SyncLdapWithUserDatabase() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err = s.users.UpdateUser(user); err != nil {
|
||||||
|
logrus.Errorf("failed to update ldap user %s in database: %v", user.Email, err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
if ldapDeactivated {
|
if ldapDeactivated {
|
||||||
if err = s.users.DeleteUser(user); err != nil {
|
if err = s.users.DeleteUser(user); err != nil {
|
||||||
logrus.Errorf("failed to delete deactivated user %s in database: %v", user.Email, err)
|
logrus.Errorf("failed to delete deactivated user %s in database: %v", user.Email, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
if err = s.users.UpdateUser(user); err != nil {
|
|
||||||
logrus.Errorf("failed to update ldap user %s in database: %v", user.Email, err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue