Skip to content

Commit

Permalink
Drop Admin attribute based on LDAP when login (continue #1743) (#8849)
Browse files Browse the repository at this point in the history
* Update User information in Gitea based on LDAP when login

* Update Admin Flag only if exist in settings

* Fix affectation

* Update models/login_source.go

Co-Authored-By: JustKiddingCode <[email protected]>

* Better ident

* Apply suggestions from code review

Update user information

Co-Authored-By: 6543 <[email protected]>

* Make fmt

* add err handling

* if user exist but login is Prohibit return return nil, and Prohibit err

* keep login speed

* User sync is implemented at #1478 - so only make sure that admin acces is drpoed if changed

* handle error and still use async task

* no async

* only update admin if Sync is enabled

* update two comments

* add lafriks suggestions

Co-Authored-By: Lauris BH <[email protected]>

* if adminFilter is set - use it

Co-Authored-By: Lauris BH <[email protected]>

* Update models/login_source.go

well - I should look more detaild at suggestions :D

Co-Authored-By: Lauris BH <[email protected]>

* make it work again

* set is_admin value to user

* look nicer
  • Loading branch information
6543 authored and zeripath committed Nov 14, 2019
1 parent 9bd879b commit 665ce1d
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions models/login_source.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

Expand Down Expand Up @@ -403,6 +404,19 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR

var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0

// Update User admin flag if exist
if isExist, err := IsUserExist(0, sr.Username); err != nil {
return nil, err
} else if isExist &&
!user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
// Change existing admin flag only if AdminFilter option is set
user.IsAdmin = sr.IsAdmin
err = UpdateUserCols(user, "is_admin")
if err != nil {
return nil, err
}
}

if !autoRegister {
if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
return user, RewriteAllPublicKeys()
Expand Down

0 comments on commit 665ce1d

Please sign in to comment.