From c0155f7cc9c20b319d64dcfc28b9080e009a56a9 Mon Sep 17 00:00:00 2001 From: zeripath Date: Thu, 31 Mar 2022 14:20:25 +0100 Subject: [PATCH] Restore user autoregistration with email addresses (#19261) Backport #19261 Unfortunately #18789 disabled autoregistration using email addresses as they would be shortcut to email address does not exist. This PR attempts to restore autoregistration by allowing an unknown email address to percolate through to the autoregistration path of UserSignin. Fix #19256 Signed-off-by: Andrew Thornton --- services/auth/signin.go | 68 +++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 29 deletions(-) diff --git a/services/auth/signin.go b/services/auth/signin.go index aa9a9660c039..3ccf68c3a7ea 100644 --- a/services/auth/signin.go +++ b/services/auth/signin.go @@ -23,19 +23,23 @@ import ( // UserSignIn validates user name and password. func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) { var user *user_model.User + isEmail := false if strings.Contains(username, "@") { + isEmail = true emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))} // check same email - has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress) + has, err := db.GetEngine(db.DefaultContext).Get(&emailAddress) if err != nil { return nil, nil, err } - if !has { - return nil, nil, user_model.ErrEmailAddressNotExist{ - Email: username, + if has { + if !emailAddress.IsActivated { + return nil, nil, user_model.ErrEmailAddressNotExist{ + Email: username, + } } + user = &user_model.User{ID: emailAddress.UID} } - user = &user_model.User{ID: emailAddress.UID} } else { trimmedUsername := strings.TrimSpace(username) if len(trimmedUsername) == 0 { @@ -45,38 +49,40 @@ func UserSignIn(username, password string) (*user_model.User, *auth.Source, erro user = &user_model.User{LowerName: strings.ToLower(trimmedUsername)} } - hasUser, err := user_model.GetUser(user) - if err != nil { - return nil, nil, err - } - - if hasUser { - source, err := auth.GetSourceByID(user.LoginSource) + if user != nil { + hasUser, err := user_model.GetUser(user) if err != nil { return nil, nil, err } - if !source.IsActive { - return nil, nil, oauth2.ErrAuthSourceNotActived - } + if hasUser { + source, err := auth.GetSourceByID(user.LoginSource) + if err != nil { + return nil, nil, err + } - authenticator, ok := source.Cfg.(PasswordAuthenticator) - if !ok { - return nil, nil, smtp.ErrUnsupportedLoginType - } + if !source.IsActive { + return nil, nil, oauth2.ErrAuthSourceNotActived + } - user, err := authenticator.Authenticate(user, user.LoginName, password) - if err != nil { - return nil, nil, err - } + authenticator, ok := source.Cfg.(PasswordAuthenticator) + if !ok { + return nil, nil, smtp.ErrUnsupportedLoginType + } - // WARN: DON'T check user.IsActive, that will be checked on reqSign so that - // user could be hint to resend confirm email. - if user.ProhibitLogin { - return nil, nil, user_model.ErrUserProhibitLogin{UID: user.ID, Name: user.Name} - } + user, err := authenticator.Authenticate(user, user.LoginName, password) + if err != nil { + return nil, nil, err + } - return user, source, nil + // WARN: DON'T check user.IsActive, that will be checked on reqSign so that + // user could be hint to resend confirm email. + if user.ProhibitLogin { + return nil, nil, user_model.ErrUserProhibitLogin{UID: user.ID, Name: user.Name} + } + + return user, source, nil + } } sources, err := auth.AllActiveSources() @@ -111,5 +117,9 @@ func UserSignIn(username, password string) (*user_model.User, *auth.Source, erro } } + if isEmail { + return nil, nil, user_model.ErrEmailAddressNotExist{Email: username} + } + return nil, nil, user_model.ErrUserNotExist{Name: username} }