tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-11-03 21:08:25 +00:00
Code Releases Activity

Move user password verification after checking his groups on ldap auth (#19587)

Browse Source 
In case the binded user can not access its own attributes.

Signed-off-by: Gwilherm Folliot <gwilherm55fo@gmail.com>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
Gwilherm Folliot
2022-05-03 14:41:11 +02:00
committed by GitHub
parent 772ad761eb
commit b7abb31b7b
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
services/auth/source/ldap/source_search.go
View File

@@ -433,14 +433,6 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
isRestricted = checkRestricted(l, ls, userDN) isRestricted = checkRestricted(l, ls, userDN)
} }
if !directBind && ls.AttributesInBind {
// binds user (checking password) after looking-up attributes in BindDN context
err = bindUser(l, userDN, passwd)
if err != nil {
return nil
}
}
if isAtributeAvatarSet { if isAtributeAvatarSet {
Avatar = sr.Entries[0].GetRawAttributeValue(ls.AttributeAvatar) Avatar = sr.Entries[0].GetRawAttributeValue(ls.AttributeAvatar)
} }
@@ -451,6 +443,14 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
teamsToAdd, teamsToRemove = ls.getMappedMemberships(l, uid) teamsToAdd, teamsToRemove = ls.getMappedMemberships(l, uid)
} }
if !directBind && ls.AttributesInBind {
// binds user (checking password) after looking-up attributes in BindDN context
err = bindUser(l, userDN, passwd)
if err != nil {
return nil
}
}
return &SearchResult{ return &SearchResult{
LowerName: strings.ToLower(username), LowerName: strings.ToLower(username),
Username: username, Username: username,