Skip to content

Commit e45a831

Browse files
committed
Disable login prohibition and extra e-mail list
When local user management is disabled, active user login should not be prohibited. Only primary user e-mail should be available when local user management is enabled (only this mail is synchronized from LDAP). Related: #18466 Author-Change-Id: IB#1105051
1 parent 5c8f905 commit e45a831

File tree

4 files changed

+17
-9
lines changed

4 files changed

+17
-9
lines changed

services/auth/source/ldap/source_authenticate.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212
"code.gitea.io/gitea/models/auth"
1313
"code.gitea.io/gitea/models/db"
1414
user_model "code.gitea.io/gitea/models/user"
15+
"code.gitea.io/gitea/modules/setting"
1516
"code.gitea.io/gitea/services/mailer"
1617
user_service "code.gitea.io/gitea/services/user"
1718
)
@@ -37,7 +38,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
3738
return nil, err
3839
}
3940
}
40-
if user != nil && !user.ProhibitLogin {
41+
if user != nil && (!user.ProhibitLogin || setting.Service.DisableLocalUserManagement) {
4142
cols := make([]string, 0)
4243
if len(source.AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
4344
// Change existing admin flag only if AdminFilter option is set
@@ -49,6 +50,11 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
4950
user.IsRestricted = sr.IsRestricted
5051
cols = append(cols, "is_restricted")
5152
}
53+
if user.ProhibitLogin && setting.Service.DisableLocalUserManagement {
54+
// When local user management is disabled, active user is allowed to login.
55+
user.ProhibitLogin = false
56+
cols = append(cols, "prohibit_login")
57+
}
5258
if len(cols) > 0 {
5359
err = user_model.UpdateForceUserCols(db.DefaultContext, user, cols...)
5460
if err != nil {

services/auth/source/ldap/source_sync.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ import (
1414
"code.gitea.io/gitea/models/db"
1515
user_model "code.gitea.io/gitea/models/user"
1616
"code.gitea.io/gitea/modules/log"
17+
"code.gitea.io/gitea/modules/setting"
1718
user_service "code.gitea.io/gitea/services/user"
1819
)
1920

@@ -138,7 +139,8 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
138139
(len(source.RestrictedFilter) > 0 && usr.IsRestricted != su.IsRestricted) ||
139140
!strings.EqualFold(usr.Email, su.Mail) ||
140141
usr.FullName != fullName ||
141-
!usr.IsActive {
142+
!usr.IsActive ||
143+
usr.ProhibitLogin != (usr.ProhibitLogin && !setting.Service.DisableLocalUserManagement) {
142144

143145
log.Trace("SyncExternalUsers[%s]: Updating user %s", source.authSource.Name, usr.Name)
144146

@@ -153,8 +155,10 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
153155
usr.IsRestricted = su.IsRestricted
154156
}
155157
usr.IsActive = true
158+
// When local user management is disabled, active user is allowed to login.
159+
usr.ProhibitLogin = usr.ProhibitLogin && !setting.Service.DisableLocalUserManagement
156160

157-
err = user_model.UpdateForceUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
161+
err = user_model.UpdateForceUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active", "prohibit_login")
158162
if err != nil {
159163
log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.authSource.Name, usr.Name, err)
160164
}

templates/admin/user/edit.tmpl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@
9292

9393
<div class="ui divider"></div>
9494

95-
<div class="inline field">
95+
<div class="inline field" {{if DisableLocalUserManagement}} hidden{{end}}>
9696
<div class="ui checkbox">
9797
<label><strong>{{.i18n.Tr "admin.users.is_activated"}}</strong></label>
9898
<input name="active" type="checkbox" {{if .User.IsActive}}checked{{end}} {{if DisableLocalUserManagement}}readonly{{end}}>
@@ -101,7 +101,7 @@
101101
<div class="inline field">
102102
<div class="ui checkbox">
103103
<label><strong>{{.i18n.Tr "admin.users.prohibit_login"}}</strong></label>
104-
<input name="prohibit_login" type="checkbox" {{if .User.ProhibitLogin}}checked{{end}} {{if or (eq .User.ID .SignedUserID) DisableLocalUserManagement}}disabled{{end}}>
104+
<input name="prohibit_login" type="checkbox" {{if .User.ProhibitLogin}}checked{{end}} {{if eq .User.ID .SignedUserID}}disabled{{end}}>
105105
</div>
106106
</div>
107107
<div class="inline field">

templates/user/settings/account.tmpl

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -72,8 +72,8 @@
7272
</form>
7373
</div>
7474
{{range .Emails}}
75+
{{if not DisableLocalUserManagement}}
7576
<div class="item">
76-
{{if not DisableLocalUserManagement}}
7777
{{if not .IsPrimary}}
7878
<div class="right floated content">
7979
<button class="ui red tiny button delete-button" data-modal-id="delete-email" data-url="{{AppSubUrl}}/user/settings/account/email/delete" data-id="{{.ID}}">
@@ -105,10 +105,8 @@
105105
</form>
106106
</div>
107107
{{end}}
108-
{{end}}
109108
<div class="content">
110109
<strong>{{.Email}}</strong>
111-
{{if not DisableLocalUserManagement}}
112110
{{if .IsPrimary}}
113111
<div class="ui blue label">{{$.i18n.Tr "settings.primary"}}</div>
114112
{{end}}
@@ -117,10 +115,10 @@
117115
{{else}}
118116
<div class="ui label">{{$.i18n.Tr "settings.requires_activation"}}</div>
119117
{{end}}
120-
{{end}}
121118
</div>
122119
</div>
123120
{{end}}
121+
{{end}}
124122
</div>
125123
</div>
126124
{{if not DisableLocalUserManagement}}

0 commit comments

Comments
 (0)