routers/repo/setting.go: fix LDAP cannot validate password #1006

release/v1.15
Unknwon 2015-03-05 19:20:27 -05:00
parent e3d73d9b24
commit 18c0697329
2 changed files with 67 additions and 61 deletions

View File

@ -169,13 +169,12 @@ func UserSignIn(uname, passwd string) (*User, error) {
// For plain login, user must exist to reach this line.
// Now verify password.
if u.LoginType == PLAIN {
newUser := &User{Passwd: passwd, Salt: u.Salt}
newUser.EncodePasswd()
if u.Passwd != newUser.Passwd {
if !u.ValidtePassword(passwd) {
return nil, ErrUserNotExist
}
return u, nil
} else {
}
if !has {
var sources []LoginSource
if err = x.UseBool().Find(&sources,
@ -223,7 +222,6 @@ func UserSignIn(uname, passwd string) (*User, error) {
source.Id, source.Cfg.(*SMTPConfig), false)
}
return nil, ErrUnsupportedLoginType
}
}
// Query if name/passwd can login against the LDAP directory pool

View File

@ -111,10 +111,18 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
} else if !isExist {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil)
return
} else if !ctx.User.ValidtePassword(ctx.Query("password")) {
}
if _, err = models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
if err == models.ErrUserNotExist {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
} else {
ctx.Handle(500, "UserSignIn", err)
}
return
} else if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil {
}
if err = models.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository); err != nil {
if err == models.ErrRepoAlreadyExist {
ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil)
} else {
@ -136,15 +144,15 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
ctx.Error(404)
return
}
if !ctx.User.ValidtePassword(ctx.Query("password")) {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
return
}
if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
if err == models.ErrUserNotExist {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
} else {
if !ctx.Repo.Owner.ValidtePassword(ctx.Query("password")) {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
return
ctx.Handle(500, "UserSignIn", err)
}
return
}
if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil {