fix ldap sync for disabled users, check if admin username is an email address, rename username to email

This commit is contained in:
Christoph Haas 2021-02-26 23:43:29 +01:00
parent 5bc3aa0036
commit e1c7a43496
4 changed files with 15 additions and 9 deletions

View File

@ -20,9 +20,8 @@
<div class="card-body"> <div class="card-body">
<form class="form-signin" method="post"> <form class="form-signin" method="post">
<div class="form-group"> <div class="form-group">
<label for="inputUsername">Username</label> <label for="inputUsername">Email</label>
<input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter username"> <input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter email">
<small id="usernameHelp" class="form-text text-muted">Please enter your LDAP username, not the email address.</small>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="inputPassword">Password</label> <label for="inputPassword">Password</label>

View File

@ -3,6 +3,7 @@ package password
import ( import (
"fmt" "fmt"
"math/rand" "math/rand"
"regexp"
"strings" "strings"
"time" "time"
@ -14,6 +15,8 @@ import (
"gorm.io/gorm" "gorm.io/gorm"
) )
var emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
// Provider implements a password login method for a database backend. // Provider implements a password login method for a database backend.
type Provider struct { type Provider struct {
db *gorm.DB db *gorm.DB
@ -104,6 +107,10 @@ func (provider Provider) GetUserModel(ctx *authentication.AuthContext) (*authent
} }
func (provider Provider) InitializeAdmin(email, password string) error { func (provider Provider) InitializeAdmin(email, password string) error {
if !emailRegex.MatchString(email) {
return errors.New("admin username must be an email address")
}
admin := users.User{} admin := users.User{}
provider.db.Unscoped().Where("email = ?", email).FirstOrInit(&admin) provider.db.Unscoped().Where("email = ?", email).FirstOrInit(&admin)

View File

@ -60,7 +60,7 @@ type Config struct {
Title string `yaml:"title" envconfig:"WEBSITE_TITLE"` Title string `yaml:"title" envconfig:"WEBSITE_TITLE"`
CompanyName string `yaml:"company" envconfig:"COMPANY_NAME"` CompanyName string `yaml:"company" envconfig:"COMPANY_NAME"`
MailFrom string `yaml:"mailFrom" envconfig:"MAIL_FROM"` MailFrom string `yaml:"mailFrom" envconfig:"MAIL_FROM"`
AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"` AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"` // must be an email address
AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"` AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"` EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"` CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`

View File

@ -93,16 +93,16 @@ func (s *Server) SyncLdapWithUserDatabase() {
} }
} }
if err = s.users.UpdateUser(user); err != nil {
logrus.Errorf("failed to update ldap user %s in database: %v", user.Email, err)
continue
}
if ldapDeactivated { if ldapDeactivated {
if err = s.users.DeleteUser(user); err != nil { if err = s.users.DeleteUser(user); err != nil {
logrus.Errorf("failed to delete deactivated user %s in database: %v", user.Email, err) logrus.Errorf("failed to delete deactivated user %s in database: %v", user.Email, err)
continue continue
} }
} else {
if err = s.users.UpdateUser(user); err != nil {
logrus.Errorf("failed to update ldap user %s in database: %v", user.Email, err)
continue
}
} }
} }
} }