Do not try to recreate ldap user if they are already created (#9900)

zeripath · techknowlogick · web-flow · commit a315e091e4b0 · 2020-01-21T18:49:30.000Z
* Do not try to recreate ldap user if they are already created

* just remove autoregister

Co-authored-by: techknowlogick &lt;matti@mdranta.net&gt;
diff --git a/models/login_source.go b/models/login_source.go
@@ -461,7 +461,7 @@ var (
 
 // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
-func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
+func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*User, error) {
 	sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)
 	if sr == nil {
 		// User not in LDAP, do nothing
@@ -491,7 +491,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR
 		}
 	}
 
-	if !autoRegister {
+	if user != nil {
 		if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
 			return user, RewriteAllPublicKeys()
 		}
@@ -602,7 +602,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
 
 // LoginViaSMTP queries if login/password is valid against the SMTP,
 // and create a local user if success when enabled.
-func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
+func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig) (*User, error) {
 	// Verify allowed domains.
 	if len(cfg.AllowedDomains) > 0 {
 		idx := strings.Index(login, "@")
@@ -633,7 +633,7 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC
 		return nil, err
 	}
 
-	if !autoRegister {
+	if user != nil {
 		return user, nil
 	}
 
@@ -665,15 +665,15 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC
 
 // LoginViaPAM queries if login/password is valid against the PAM,
 // and create a local user if success when enabled.
-func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
+func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig) (*User, error) {
 	if err := pam.Auth(cfg.ServiceName, login, password); err != nil {
 		if strings.Contains(err.Error(), "Authentication failure") {
 			return nil, ErrUserNotExist{0, login, 0}
 		}
 		return nil, err
 	}
 
-	if !autoRegister {
+	if user != nil {
 		return user, nil
 	}
 
@@ -691,19 +691,19 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon
 }
 
 // ExternalUserLogin attempts a login using external source types.
-func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
+func ExternalUserLogin(user *User, login, password string, source *LoginSource) (*User, error) {
 	if !source.IsActived {
 		return nil, ErrLoginSourceNotActived
 	}
 
 	var err error
 	switch source.Type {
 	case LoginLDAP, LoginDLDAP:
-		user, err = LoginViaLDAP(user, login, password, source, autoRegister)
+		user, err = LoginViaLDAP(user, login, password, source)
 	case LoginSMTP:
-		user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
+		user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig))
 	case LoginPAM:
-		user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
+		user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig))
 	default:
 		return nil, ErrUnsupportedLoginType
 	}
@@ -783,7 +783,7 @@ func UserSignIn(username, password string) (*User, error) {
 				return nil, ErrLoginSourceNotExist{user.LoginSource}
 			}
 
-			return ExternalUserLogin(user, user.LoginName, password, &source, false)
+			return ExternalUserLogin(user, user.LoginName, password, &source)
 		}
 	}
 
@@ -797,7 +797,7 @@ func UserSignIn(username, password string) (*User, error) {
 			// don't try to authenticate against OAuth2 and SSPI sources here
 			continue
 		}
-		authUser, err := ExternalUserLogin(nil, username, password, source, true)
+		authUser, err := ExternalUserLogin(nil, username, password, source)
 		if err == nil {
 			return authUser, nil
 		}

Original file line number	Diff line number	Diff line change
`@@ -461,7 +461,7 @@ var (`
`461`	`461`
`462`	`462`	`// LoginViaLDAP queries if login/password is valid against the LDAP directory pool,`
`463`	`463`	`// and create a local user if success when enabled.`
`464`		`-func LoginViaLDAP(user User, login, password string, source LoginSource, autoRegister bool) (*User, error) {`
	`464`	`+func LoginViaLDAP(user User, login, password string, source LoginSource) (*User, error) {`
`465`	`465`	`sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)`
`466`	`466`	`if sr == nil {`
`467`	`467`	`// User not in LDAP, do nothing`
`@@ -491,7 +491,7 @@ func LoginViaLDAP(user User, login, password string, source LoginSource, autoR`
`491`	`491`	`}`
`492`	`492`	`}`
`493`	`493`
`494`		`- if !autoRegister {`
	`494`	`+ if user != nil {`
`495`	`495`	`if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {`
`496`	`496`	`return user, RewriteAllPublicKeys()`
`497`	`497`	`}`
`@@ -602,7 +602,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {`
`602`	`602`
`603`	`603`	`// LoginViaSMTP queries if login/password is valid against the SMTP,`
`604`	`604`	`// and create a local user if success when enabled.`
`605`		`-func LoginViaSMTP(user User, login, password string, sourceID int64, cfg SMTPConfig, autoRegister bool) (*User, error) {`
	`605`	`+func LoginViaSMTP(user User, login, password string, sourceID int64, cfg SMTPConfig) (*User, error) {`
`606`	`606`	`// Verify allowed domains.`
`607`	`607`	`if len(cfg.AllowedDomains) > 0 {`
`608`	`608`	`idx := strings.Index(login, "@")`
`@@ -633,7 +633,7 @@ func LoginViaSMTP(user User, login, password string, sourceID int64, cfg SMTPC`
`633`	`633`	`return nil, err`
`634`	`634`	`}`
`635`	`635`
`636`		`- if !autoRegister {`
	`636`	`+ if user != nil {`
`637`	`637`	`return user, nil`
`638`	`638`	`}`
`639`	`639`
`@@ -665,15 +665,15 @@ func LoginViaSMTP(user User, login, password string, sourceID int64, cfg SMTPC`
`665`	`665`
`666`	`666`	`// LoginViaPAM queries if login/password is valid against the PAM,`
`667`	`667`	`// and create a local user if success when enabled.`
`668`		`-func LoginViaPAM(user User, login, password string, sourceID int64, cfg PAMConfig, autoRegister bool) (*User, error) {`
	`668`	`+func LoginViaPAM(user User, login, password string, sourceID int64, cfg PAMConfig) (*User, error) {`
`669`	`669`	`if err := pam.Auth(cfg.ServiceName, login, password); err != nil {`
`670`	`670`	`if strings.Contains(err.Error(), "Authentication failure") {`
`671`	`671`	`return nil, ErrUserNotExist{0, login, 0}`
`672`	`672`	`}`
`673`	`673`	`return nil, err`
`674`	`674`	`}`
`675`	`675`
`676`		`- if !autoRegister {`
	`676`	`+ if user != nil {`
`677`	`677`	`return user, nil`
`678`	`678`	`}`
`679`	`679`
`@@ -691,19 +691,19 @@ func LoginViaPAM(user User, login, password string, sourceID int64, cfg PAMCon`
`691`	`691`	`}`
`692`	`692`
`693`	`693`	`// ExternalUserLogin attempts a login using external source types.`
`694`		`-func ExternalUserLogin(user User, login, password string, source LoginSource, autoRegister bool) (*User, error) {`
	`694`	`+func ExternalUserLogin(user User, login, password string, source LoginSource) (*User, error) {`
`695`	`695`	`if !source.IsActived {`
`696`	`696`	`return nil, ErrLoginSourceNotActived`
`697`	`697`	`}`
`698`	`698`
`699`	`699`	`var err error`
`700`	`700`	`switch source.Type {`
`701`	`701`	`case LoginLDAP, LoginDLDAP:`
`702`		`- user, err = LoginViaLDAP(user, login, password, source, autoRegister)`
	`702`	`+ user, err = LoginViaLDAP(user, login, password, source)`
`703`	`703`	`case LoginSMTP:`
`704`		`- user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)`
	`704`	`+ user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig))`
`705`	`705`	`case LoginPAM:`
`706`		`- user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)`
	`706`	`+ user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig))`
`707`	`707`	`default:`
`708`	`708`	`return nil, ErrUnsupportedLoginType`
`709`	`709`	`}`
`@@ -783,7 +783,7 @@ func UserSignIn(username, password string) (*User, error) {`
`783`	`783`	`return nil, ErrLoginSourceNotExist{user.LoginSource}`
`784`	`784`	`}`
`785`	`785`
`786`		`- return ExternalUserLogin(user, user.LoginName, password, &source, false)`
	`786`	`+ return ExternalUserLogin(user, user.LoginName, password, &source)`
`787`	`787`	`}`
`788`	`788`	`}`
`789`	`789`
`@@ -797,7 +797,7 @@ func UserSignIn(username, password string) (*User, error) {`
`797`	`797`	`// don't try to authenticate against OAuth2 and SSPI sources here`
`798`	`798`	`continue`
`799`	`799`	`}`
`800`		`- authUser, err := ExternalUserLogin(nil, username, password, source, true)`
	`800`	`+ authUser, err := ExternalUserLogin(nil, username, password, source)`
`801`	`801`	`if err == nil {`
`802`	`802`	`return authUser, nil`
`803`	`803`	`}`