fix ldap sync for disabled users, check if admin username is an email address, rename username to email

2021-02-26 23:43:29 +01:00 · 2021-02-26 23:43:29 +01:00 · e1c7a43496
parent 5bc3aa0036
commit e1c7a43496
4 changed files with 15 additions and 9 deletions
--- a/assets/tpl/login.html
+++ b/assets/tpl/login.html
@ -20,9 +20,8 @@
            <div class="card-body">
                <form class="form-signin" method="post">
                    <div class="form-group">
-                        <label for="inputUsername">Username</label>
-                        <input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter username">
-                        <small id="usernameHelp" class="form-text text-muted">Please enter your LDAP username, not the email address.</small>
+                        <label for="inputUsername">Email</label>
+                        <input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter email">
                    </div>
                    <div class="form-group">
                        <label for="inputPassword">Password</label>
--- a/internal/authentication/providers/password/provider.go
+++ b/internal/authentication/providers/password/provider.go
@ -3,6 +3,7 @@ package password
 import (
 	"fmt"
 	"math/rand"
+	"regexp"
 	"strings"
 	"time"

@ -14,6 +15,8 @@ import (
 	"gorm.io/gorm"
 )

+var emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
+
 // Provider implements a password login method for a database backend.
 type Provider struct {
 	db *gorm.DB
@ -104,6 +107,10 @@ func (provider Provider) GetUserModel(ctx *authentication.AuthContext) (*authent
 }

 func (provider Provider) InitializeAdmin(email, password string) error {
+	if !emailRegex.MatchString(email) {
+		return errors.New("admin username must be an email address")
+	}
+
 	admin := users.User{}
 	provider.db.Unscoped().Where("email = ?", email).FirstOrInit(&admin)

--- a/internal/common/configuration.go
+++ b/internal/common/configuration.go
@ -60,7 +60,7 @@ type Config struct {
 		Title             string `yaml:"title" envconfig:"WEBSITE_TITLE"`
 		CompanyName       string `yaml:"company" envconfig:"COMPANY_NAME"`
 		MailFrom          string `yaml:"mailFrom" envconfig:"MAIL_FROM"`
-		AdminUser         string `yaml:"adminUser" envconfig:"ADMIN_USER"`
+		AdminUser         string `yaml:"adminUser" envconfig:"ADMIN_USER"` // must be an email address
 		AdminPassword     string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
 		EditableKeys      bool   `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
 		CreateDefaultPeer bool   `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
--- a/internal/server/ldapsync.go
+++ b/internal/server/ldapsync.go
@ -93,16 +93,16 @@ func (s *Server) SyncLdapWithUserDatabase() {
 					}
 				}

+				if err = s.users.UpdateUser(user); err != nil {
+					logrus.Errorf("failed to update ldap user %s in database: %v", user.Email, err)
+					continue
+				}
+
 				if ldapDeactivated {
 					if err = s.users.DeleteUser(user); err != nil {
 						logrus.Errorf("failed to delete deactivated user %s in database: %v", user.Email, err)
 						continue
 					}
-				} else {
-					if err = s.users.UpdateUser(user); err != nil {
-						logrus.Errorf("failed to update ldap user %s in database: %v", user.Email, err)
-						continue
-					}
 				}
 			}
 		}