From c6550cb4afed0c384105d37d22ef371bd4ff7cca Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Wed, 21 Jun 2023 13:48:22 +0800 Subject: [PATCH 1/7] return the real reason from signin function and just display incorrect username or password --- routers/web/auth/auth.go | 4 +- routers/web/auth/linkaccount.go | 20 +++++++++- routers/web/auth/openid.go | 20 +++++++++- services/auth/source/db/authenticate.go | 51 ++++++++++++++++++++++++- 4 files changed, 90 insertions(+), 5 deletions(-) diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index e0883a269656..a6861ffd7138 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -26,6 +26,7 @@ import ( "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/routers/utils" auth_service "code.gitea.io/gitea/services/auth" + auth_db "code.gitea.io/gitea/services/auth/source/db" "code.gitea.io/gitea/services/auth/source/oauth2" "code.gitea.io/gitea/services/externalaccount" "code.gitea.io/gitea/services/forms" @@ -201,7 +202,8 @@ func SignInPost(ctx *context.Context) { u, source, err := auth_service.UserSignIn(form.UserName, form.Password) if err != nil { - if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) { + if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || + auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form) log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) } else if user_model.IsErrEmailAlreadyUsed(err) { diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go index 865bcca15240..52079ed2fb3d 100644 --- a/routers/web/auth/linkaccount.go +++ b/routers/web/auth/linkaccount.go @@ -13,9 +13,11 @@ import ( user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/web" auth_service "code.gitea.io/gitea/services/auth" + auth_db "code.gitea.io/gitea/services/auth/source/db" "code.gitea.io/gitea/services/auth/source/oauth2" "code.gitea.io/gitea/services/externalaccount" "code.gitea.io/gitea/services/forms" @@ -116,9 +118,25 @@ func LinkAccountPostSignIn(ctx *context.Context) { u, _, err := auth_service.UserSignIn(signInForm.UserName, signInForm.Password) if err != nil { - if user_model.IsErrUserNotExist(err) { + if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || + auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { ctx.Data["user_exists"] = true ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplLinkAccount, &signInForm) + } else if user_model.IsErrUserProhibitLogin(err) { + ctx.Data["user_exists"] = true + log.Info("Failed authentication attempt for %s from %s: %v", signInForm.UserName, ctx.RemoteAddr(), err) + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(http.StatusOK, "user/auth/prohibit_login") + } else if user_model.IsErrUserInactive(err) { + ctx.Data["user_exists"] = true + if setting.Service.RegisterEmailConfirm { + ctx.Data["Title"] = ctx.Tr("auth.active_your_account") + ctx.HTML(http.StatusOK, TplActivate) + } else { + log.Info("Failed authentication attempt for %s from %s: %v", signInForm.UserName, ctx.RemoteAddr(), err) + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(http.StatusOK, "user/auth/prohibit_login") + } } else { ctx.ServerError("UserLinkAccount", err) } diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go index 5e0e7b258f66..7c1aaedf528b 100644 --- a/routers/web/auth/openid.go +++ b/routers/web/auth/openid.go @@ -18,6 +18,7 @@ import ( "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/services/auth" + auth_db "code.gitea.io/gitea/services/auth/source/db" "code.gitea.io/gitea/services/forms" ) @@ -282,8 +283,25 @@ func ConnectOpenIDPost(ctx *context.Context) { u, _, err := auth.UserSignIn(form.UserName, form.Password) if err != nil { - if user_model.IsErrUserNotExist(err) { + if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || + auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { + ctx.Data["user_exists"] = true ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplConnectOID, &form) + } else if user_model.IsErrUserProhibitLogin(err) { + ctx.Data["user_exists"] = true + log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(http.StatusOK, "user/auth/prohibit_login") + } else if user_model.IsErrUserInactive(err) { + ctx.Data["user_exists"] = true + if setting.Service.RegisterEmailConfirm { + ctx.Data["Title"] = ctx.Tr("auth.active_your_account") + ctx.HTML(http.StatusOK, TplActivate) + } else { + log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(http.StatusOK, "user/auth/prohibit_login") + } } else { ctx.ServerError("ConnectOpenIDPost", err) } diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go index 773ec601ba33..8370fba4bfee 100644 --- a/services/auth/source/db/authenticate.go +++ b/services/auth/source/db/authenticate.go @@ -4,19 +4,66 @@ package db import ( + "fmt" + "code.gitea.io/gitea/models/db" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" ) +// ErrUserPasswordNotSet represents a "ErrUserPasswordNotSet" kind of error. +type ErrUserPasswordNotSet struct { + UID int64 + Name string +} + +// IsErrUserPasswordNotSet checks if an error is a ErrUserPasswordNotSet +func IsErrUserPasswordNotSet(err error) bool { + _, ok := err.(ErrUserPasswordNotSet) + return ok +} + +func (err ErrUserPasswordNotSet) Error() string { + return fmt.Sprintf("user's password doesn't set [uid: %d, name: %s]", err.UID, err.Name) +} + +// Unwrap unwraps this error as a ErrPermission error +func (err ErrUserPasswordNotSet) Unwrap() error { + return util.ErrPermissionDenied +} + +// ErrUserPasswordInvalidate represents a "ErrUserPasswordInvalidate" kind of error. +type ErrUserPasswordInvalidate struct { + UID int64 + Name string +} + +// IsErrUserPasswordInvalidate checks if an error is a ErrUserPasswordInvalidate +func IsErrUserPasswordInvalidate(err error) bool { + _, ok := err.(ErrUserPasswordInvalidate) + return ok +} + +func (err ErrUserPasswordInvalidate) Error() string { + return fmt.Sprintf("user's password is invalidated [uid: %d, name: %s]", err.UID, err.Name) +} + +// Unwrap unwraps this error as a ErrPermission error +func (err ErrUserPasswordInvalidate) Unwrap() error { + return util.ErrPermissionDenied +} + // Authenticate authenticates the provided user against the DB func Authenticate(user *user_model.User, login, password string) (*user_model.User, error) { if user == nil { return nil, user_model.ErrUserNotExist{Name: login} } - if !user.IsPasswordSet() || !user.ValidatePassword(password) { - return nil, user_model.ErrUserNotExist{UID: user.ID, Name: user.Name} + if !user.IsPasswordSet() { + return nil, ErrUserPasswordNotSet{UID: user.ID, Name: user.Name} + } else if !user.ValidatePassword(password) { + return nil, ErrUserPasswordInvalidate{UID: user.ID, Name: user.Name} } // Update password hash if server password hash algorithm have changed From bee86b59a99bbd91f3d90b56617f8627653081c9 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 23 Jun 2023 00:48:09 +0800 Subject: [PATCH 2/7] Fix lint --- routers/web/auth/linkaccount.go | 48 ++++++++++++++++++--------------- routers/web/auth/openid.go | 24 +---------------- 2 files changed, 27 insertions(+), 45 deletions(-) diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go index 52079ed2fb3d..8197d5d39287 100644 --- a/routers/web/auth/linkaccount.go +++ b/routers/web/auth/linkaccount.go @@ -83,6 +83,31 @@ func LinkAccount(ctx *context.Context) { ctx.HTML(http.StatusOK, tplLinkAccount) } +func handleSingInError(ctx *context.Context, userName string, ptrForm any, invoker string, err error) { + if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || + auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { + ctx.Data["user_exists"] = true + ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplConnectOID, ptrForm) + } else if user_model.IsErrUserProhibitLogin(err) { + ctx.Data["user_exists"] = true + log.Info("Failed authentication attempt for %s from %s: %v", userName, ctx.RemoteAddr(), err) + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(http.StatusOK, "user/auth/prohibit_login") + } else if user_model.IsErrUserInactive(err) { + ctx.Data["user_exists"] = true + if setting.Service.RegisterEmailConfirm { + ctx.Data["Title"] = ctx.Tr("auth.active_your_account") + ctx.HTML(http.StatusOK, TplActivate) + } else { + log.Info("Failed authentication attempt for %s from %s: %v", userName, ctx.RemoteAddr(), err) + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(http.StatusOK, "user/auth/prohibit_login") + } + } else { + ctx.ServerError(invoker, err) + } +} + // LinkAccountPostSignIn handle the coupling of external account with another account using signIn func LinkAccountPostSignIn(ctx *context.Context) { signInForm := web.GetForm(ctx).(*forms.SignInForm) @@ -118,28 +143,7 @@ func LinkAccountPostSignIn(ctx *context.Context) { u, _, err := auth_service.UserSignIn(signInForm.UserName, signInForm.Password) if err != nil { - if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || - auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { - ctx.Data["user_exists"] = true - ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplLinkAccount, &signInForm) - } else if user_model.IsErrUserProhibitLogin(err) { - ctx.Data["user_exists"] = true - log.Info("Failed authentication attempt for %s from %s: %v", signInForm.UserName, ctx.RemoteAddr(), err) - ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") - ctx.HTML(http.StatusOK, "user/auth/prohibit_login") - } else if user_model.IsErrUserInactive(err) { - ctx.Data["user_exists"] = true - if setting.Service.RegisterEmailConfirm { - ctx.Data["Title"] = ctx.Tr("auth.active_your_account") - ctx.HTML(http.StatusOK, TplActivate) - } else { - log.Info("Failed authentication attempt for %s from %s: %v", signInForm.UserName, ctx.RemoteAddr(), err) - ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") - ctx.HTML(http.StatusOK, "user/auth/prohibit_login") - } - } else { - ctx.ServerError("UserLinkAccount", err) - } + handleSingInError(ctx, signInForm.UserName, &signInForm, "UserLinkAccount", err) return } diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go index 7c1aaedf528b..af1492e0c3a2 100644 --- a/routers/web/auth/openid.go +++ b/routers/web/auth/openid.go @@ -18,7 +18,6 @@ import ( "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/services/auth" - auth_db "code.gitea.io/gitea/services/auth/source/db" "code.gitea.io/gitea/services/forms" ) @@ -283,28 +282,7 @@ func ConnectOpenIDPost(ctx *context.Context) { u, _, err := auth.UserSignIn(form.UserName, form.Password) if err != nil { - if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || - auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { - ctx.Data["user_exists"] = true - ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplConnectOID, &form) - } else if user_model.IsErrUserProhibitLogin(err) { - ctx.Data["user_exists"] = true - log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) - ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") - ctx.HTML(http.StatusOK, "user/auth/prohibit_login") - } else if user_model.IsErrUserInactive(err) { - ctx.Data["user_exists"] = true - if setting.Service.RegisterEmailConfirm { - ctx.Data["Title"] = ctx.Tr("auth.active_your_account") - ctx.HTML(http.StatusOK, TplActivate) - } else { - log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) - ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") - ctx.HTML(http.StatusOK, "user/auth/prohibit_login") - } - } else { - ctx.ServerError("ConnectOpenIDPost", err) - } + handleSingInError(ctx, form.UserName, &form, "ConnectOpenIDPost", err) return } From 153f35e5ddc7062ed69b84da374194de9c12bc04 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sun, 25 Jun 2023 08:17:56 +0800 Subject: [PATCH 3/7] Follow wxiaoguang's suggestion --- routers/web/auth/auth.go | 2 +- routers/web/auth/linkaccount.go | 11 ++++++----- routers/web/auth/openid.go | 2 +- services/auth/source/db/authenticate.go | 16 ++-------------- 4 files changed, 10 insertions(+), 21 deletions(-) diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index a6861ffd7138..f499f993676b 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -203,7 +203,7 @@ func SignInPost(ctx *context.Context) { u, source, err := auth_service.UserSignIn(form.UserName, form.Password) if err != nil { if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || - auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { + errors.Is(err, auth_db.ErrUserPasswordNotSet{}) || errors.Is(err, auth_db.ErrUserPasswordInvalidate{}) { ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form) log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) } else if user_model.IsErrEmailAlreadyUsed(err) { diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go index 8197d5d39287..13e336210474 100644 --- a/routers/web/auth/linkaccount.go +++ b/routers/web/auth/linkaccount.go @@ -83,11 +83,12 @@ func LinkAccount(ctx *context.Context) { ctx.HTML(http.StatusOK, tplLinkAccount) } -func handleSingInError(ctx *context.Context, userName string, ptrForm any, invoker string, err error) { - if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || - auth_db.IsErrUserPasswordNotSet(err) || auth_db.IsErrUserPasswordInvalidate(err) { +func handleSignInError(ctx *context.Context, userName string, ptrForm any, tmpl base.TplName, invoker string, err error) { + if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) { + ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tmpl, ptrForm) + } else if errors.Is(err, auth_db.ErrUserPasswordNotSet{}) || errors.Is(err, auth_db.ErrUserPasswordInvalidate{}) { ctx.Data["user_exists"] = true - ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplConnectOID, ptrForm) + ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tmpl, ptrForm) } else if user_model.IsErrUserProhibitLogin(err) { ctx.Data["user_exists"] = true log.Info("Failed authentication attempt for %s from %s: %v", userName, ctx.RemoteAddr(), err) @@ -143,7 +144,7 @@ func LinkAccountPostSignIn(ctx *context.Context) { u, _, err := auth_service.UserSignIn(signInForm.UserName, signInForm.Password) if err != nil { - handleSingInError(ctx, signInForm.UserName, &signInForm, "UserLinkAccount", err) + handleSignInError(ctx, signInForm.UserName, &signInForm, tplLinkAccount, "UserLinkAccount", err) return } diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go index af1492e0c3a2..7a4bb7f209b8 100644 --- a/routers/web/auth/openid.go +++ b/routers/web/auth/openid.go @@ -282,7 +282,7 @@ func ConnectOpenIDPost(ctx *context.Context) { u, _, err := auth.UserSignIn(form.UserName, form.Password) if err != nil { - handleSingInError(ctx, form.UserName, &form, "ConnectOpenIDPost", err) + handleSignInError(ctx, form.UserName, &form, tplConnectOID, "ConnectOpenIDPost", err) return } diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go index 8370fba4bfee..9308be1c63b3 100644 --- a/services/auth/source/db/authenticate.go +++ b/services/auth/source/db/authenticate.go @@ -18,14 +18,8 @@ type ErrUserPasswordNotSet struct { Name string } -// IsErrUserPasswordNotSet checks if an error is a ErrUserPasswordNotSet -func IsErrUserPasswordNotSet(err error) bool { - _, ok := err.(ErrUserPasswordNotSet) - return ok -} - func (err ErrUserPasswordNotSet) Error() string { - return fmt.Sprintf("user's password doesn't set [uid: %d, name: %s]", err.UID, err.Name) + return fmt.Sprintf("user's password isn't set [uid: %d, name: %s]", err.UID, err.Name) } // Unwrap unwraps this error as a ErrPermission error @@ -39,14 +33,8 @@ type ErrUserPasswordInvalidate struct { Name string } -// IsErrUserPasswordInvalidate checks if an error is a ErrUserPasswordInvalidate -func IsErrUserPasswordInvalidate(err error) bool { - _, ok := err.(ErrUserPasswordInvalidate) - return ok -} - func (err ErrUserPasswordInvalidate) Error() string { - return fmt.Sprintf("user's password is invalidated [uid: %d, name: %s]", err.UID, err.Name) + return fmt.Sprintf("user's password is invalid [uid: %d, name: %s]", err.UID, err.Name) } // Unwrap unwraps this error as a ErrPermission error From 6ce5a33da0a3ba4d5ce1f9668184c9b7b5273be6 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 29 Jun 2023 17:40:45 +0800 Subject: [PATCH 4/7] Fix test --- routers/web/auth/auth.go | 3 +-- services/auth/source/db/authenticate.go | 8 ++++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index f499f993676b..8aabb022bb25 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -26,7 +26,6 @@ import ( "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/routers/utils" auth_service "code.gitea.io/gitea/services/auth" - auth_db "code.gitea.io/gitea/services/auth/source/db" "code.gitea.io/gitea/services/auth/source/oauth2" "code.gitea.io/gitea/services/externalaccount" "code.gitea.io/gitea/services/forms" @@ -203,7 +202,7 @@ func SignInPost(ctx *context.Context) { u, source, err := auth_service.UserSignIn(form.UserName, form.Password) if err != nil { if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || - errors.Is(err, auth_db.ErrUserPasswordNotSet{}) || errors.Is(err, auth_db.ErrUserPasswordInvalidate{}) { + errors.Is(err, util.ErrInvalidArgument) { ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form) log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) } else if user_model.IsErrEmailAlreadyUsed(err) { diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go index 9308be1c63b3..e0a2606fa48f 100644 --- a/services/auth/source/db/authenticate.go +++ b/services/auth/source/db/authenticate.go @@ -22,9 +22,9 @@ func (err ErrUserPasswordNotSet) Error() string { return fmt.Sprintf("user's password isn't set [uid: %d, name: %s]", err.UID, err.Name) } -// Unwrap unwraps this error as a ErrPermission error +// Unwrap unwraps this error as a ErrInvalidArgument error func (err ErrUserPasswordNotSet) Unwrap() error { - return util.ErrPermissionDenied + return util.ErrInvalidArgument } // ErrUserPasswordInvalidate represents a "ErrUserPasswordInvalidate" kind of error. @@ -37,9 +37,9 @@ func (err ErrUserPasswordInvalidate) Error() string { return fmt.Sprintf("user's password is invalid [uid: %d, name: %s]", err.UID, err.Name) } -// Unwrap unwraps this error as a ErrPermission error +// Unwrap unwraps this error as a ErrInvalidArgument error func (err ErrUserPasswordInvalidate) Unwrap() error { - return util.ErrPermissionDenied + return util.ErrInvalidArgument } // Authenticate authenticates the provided user against the DB From f8d5c574280930c3e38b107a84b07f431760b40a Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 29 Jun 2023 17:50:53 +0800 Subject: [PATCH 5/7] Fix bug --- routers/web/auth/linkaccount.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go index 13e336210474..d8e8c3fad4d1 100644 --- a/routers/web/auth/linkaccount.go +++ b/routers/web/auth/linkaccount.go @@ -15,9 +15,9 @@ import ( "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web" auth_service "code.gitea.io/gitea/services/auth" - auth_db "code.gitea.io/gitea/services/auth/source/db" "code.gitea.io/gitea/services/auth/source/oauth2" "code.gitea.io/gitea/services/externalaccount" "code.gitea.io/gitea/services/forms" @@ -86,7 +86,7 @@ func LinkAccount(ctx *context.Context) { func handleSignInError(ctx *context.Context, userName string, ptrForm any, tmpl base.TplName, invoker string, err error) { if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) { ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tmpl, ptrForm) - } else if errors.Is(err, auth_db.ErrUserPasswordNotSet{}) || errors.Is(err, auth_db.ErrUserPasswordInvalidate{}) { + } else if errors.Is(err, util.ErrInvalidArgument) { ctx.Data["user_exists"] = true ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tmpl, ptrForm) } else if user_model.IsErrUserProhibitLogin(err) { From 6a8ddea8ae0fca67c1ad34ad49fe3a99774d5c30 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sun, 2 Jul 2023 11:10:51 +0800 Subject: [PATCH 6/7] Follow delvh's suggestion --- routers/web/auth/linkaccount.go | 2 +- services/auth/source/db/authenticate.go | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go index d8e8c3fad4d1..522e78a60aa4 100644 --- a/routers/web/auth/linkaccount.go +++ b/routers/web/auth/linkaccount.go @@ -84,7 +84,7 @@ func LinkAccount(ctx *context.Context) { } func handleSignInError(ctx *context.Context, userName string, ptrForm any, tmpl base.TplName, invoker string, err error) { - if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) { + if errors.Is(err, util.ErrNotExist) { ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tmpl, ptrForm) } else if errors.Is(err, util.ErrInvalidArgument) { ctx.Data["user_exists"] = true diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go index e0a2606fa48f..34a0459149a9 100644 --- a/services/auth/source/db/authenticate.go +++ b/services/auth/source/db/authenticate.go @@ -27,18 +27,18 @@ func (err ErrUserPasswordNotSet) Unwrap() error { return util.ErrInvalidArgument } -// ErrUserPasswordInvalidate represents a "ErrUserPasswordInvalidate" kind of error. -type ErrUserPasswordInvalidate struct { +// ErrUserPasswordInvalid represents a "ErrUserPasswordInvalid" kind of error. +type ErrUserPasswordInvalid struct { UID int64 Name string } -func (err ErrUserPasswordInvalidate) Error() string { +func (err ErrUserPasswordInvalid) Error() string { return fmt.Sprintf("user's password is invalid [uid: %d, name: %s]", err.UID, err.Name) } // Unwrap unwraps this error as a ErrInvalidArgument error -func (err ErrUserPasswordInvalidate) Unwrap() error { +func (err ErrUserPasswordInvalid) Unwrap() error { return util.ErrInvalidArgument } @@ -51,7 +51,7 @@ func Authenticate(user *user_model.User, login, password string) (*user_model.Us if !user.IsPasswordSet() { return nil, ErrUserPasswordNotSet{UID: user.ID, Name: user.Name} } else if !user.ValidatePassword(password) { - return nil, ErrUserPasswordInvalidate{UID: user.ID, Name: user.Name} + return nil, ErrUserPasswordInvalid{UID: user.ID, Name: user.Name} } // Update password hash if server password hash algorithm have changed From 47960074f66a088140fecdf45b2d66f4902e1042 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 3 Jul 2023 17:13:10 +0800 Subject: [PATCH 7/7] Fix bug --- routers/web/auth/auth.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index 91121ab39afe..9dcc38247d69 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -201,8 +201,7 @@ func SignInPost(ctx *context.Context) { u, source, err := auth_service.UserSignIn(form.UserName, form.Password) if err != nil { - if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) || - errors.Is(err, util.ErrInvalidArgument) { + if errors.Is(err, util.ErrNotExist) || errors.Is(err, util.ErrInvalidArgument) { ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form) log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err) } else if user_model.IsErrEmailAlreadyUsed(err) {