Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix login with email for ldap users #18800

Merged
merged 4 commits into from
Feb 20, 2022
Merged

Fix login with email for ldap users #18800

merged 4 commits into from
Feb 20, 2022

Conversation

lunny
Copy link
Member

@lunny lunny commented Feb 18, 2022
edited
Loading

authenticator.Authenticate has assume the login name is not an email, but username maybe an email. So when we find the user via email address, we should use user.LoginName instead of username which is an email address.

@lunny lunny added the type/bug label Feb 18, 2022
@lunny lunny mentioned this pull request Feb 18, 2022
Closed
@lunny lunny added backport/v1.16 skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Feb 18, 2022
@lunny lunny added this to the 1.17.0 milestone Feb 18, 2022
singuliere
singuliere approved these changes Feb 18, 2022
View reviewed changes
Copy link
Contributor

@singuliere singuliere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is better also because username may need to be sanitized to trim spaces and should not be used as-is for Authenticate.

@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Feb 18, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 19, 2022
@zeripath
Copy link
Contributor

zeripath commented Feb 19, 2022
edited
Loading

Are we sure about this?

I guess this is right, the user has created a new username-alias pair for gitea so when they're logging in they actually mean

@codecov-commenter
Copy link

Codecov Report

❗ No coverage uploaded for pull request base (main@83c9035). Click here to learn what that means.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##             main   #18800   +/-   ##
=======================================
  Coverage        ?   46.49%           
=======================================
  Files           ?      853           
  Lines           ?   122473           
  Branches        ?        0           
=======================================
  Hits            ?    56947           
  Misses          ?    58638           
  Partials        ?     6888
Impacted Files Coverage Δ
services/auth/signin.go 44.92% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 83c9035...85f0048. Read the comment docs.

@zeripath
Copy link
Contributor

make lgtm work

@zeripath zeripath merged commit 00be0c1 into go-gitea:main Feb 20, 2022
@lunny lunny deleted the lunny/fix_login_email_ldap branch February 20, 2022 15:38
lunny added a commit to lunny/gitea that referenced this pull request Feb 20, 2022
@lunny
Fix login with email for ldap users (go-gitea#18800)
ddcf2e7 
`authenticator.Authenticate` has assume the login name is not an email, but `username` maybe an email. So when we find the user via email address, we should use `user.LoginName` instead of `username` which is an email address.
@lunny lunny mentioned this pull request Feb 20, 2022
Merged
@lunny lunny added the backport/done All backports for this PR have been created label Feb 20, 2022
zjjhot added a commit to zjjhot/gitea that referenced this pull request Feb 21, 2022
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
33db79e 
* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Show fullname on issue edits and gpg/ssh signing info (go-gitea#18827)
  Update go-org to 1.6.0 (go-gitea#18824)
  Fix login with email for ldap users (go-gitea#18800)
  [skip ci] Updated licenses and gitignores
  Immediately Hammer if second kill is sent (go-gitea#18823)
@philipphutterer philipphutterer mentioned this pull request Feb 22, 2022
Closed
techknowlogick added a commit that referenced this pull request Feb 22, 2022
@lunny @techknowlogick
Fix login with email for ldap users (#18800) (#18836)
6591f87 
`authenticator.Authenticate` has assume the login name is not an email, but `username` maybe an email. So when we find the user via email address, we should use `user.LoginName` instead of `username` which is an email address.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Chianina pushed a commit to Chianina/gitea that referenced this pull request Mar 28, 2022
@lunny
Fix login with email for ldap users (go-gitea#18800)
17bb501 
`authenticator.Authenticate` has assume the login name is not an email, but `username` maybe an email. So when we find the user via email address, we should use `user.LoginName` instead of `username` which is an email address.
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Gusted Gusted Gusted approved these changes

@singuliere singuliere singuliere approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. type/bug
Projects
None yet
Milestone
1.17.0
Development

Successfully merging this pull request may close these issues.
6 participants
@lunny @zeripath @codecov-commenter @Gusted @singuliere @GiteaBot