luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-04-19 05:29:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Synchronize more user LDAP data on login

Browse source 
Add full name, email and is_active synchronization from LDAP on
user login (as cron task already does).

Allows also automatic user reactivation on login when their
account is active in LDAP.

Related: https://github.com/go-gitea/gitea/pull/18452
Related: https://github.com/gogs/gogs/issues/2498
Author-Change-Id: IB#1104925
Signed-off-by: Pawel Boguslawski <pawel.boguslawski@ib.pl>
This commit is contained in:
Pawel Boguslawski 2025-04-10 19:03:22 +02:00
parent 03903657b3
commit 6df3cdbca5
1 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
services/auth/source/ldap/source_authenticate.go
View file

@ -1,5 +1,6 @@
// Copyright 2021 The Gitea Authors. All rights reserved. // Copyright 2021 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT // SPDX-FileCopyrightText: 2025 Informatyka Boguslawski sp. z o.o. sp.k. <https://www.ib.pl>
// SPDX-License-Identifier: MIT AND GPL-3.0-or-later
package ldap package ldap
@ -50,19 +51,40 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
} }
if user != nil && !user.ProhibitLogin { if user != nil && !user.ProhibitLogin {
opts := &user_service.UpdateOptions{} opts := &user_service.UpdateOptions{}
fullName := composeFullName(sr.Name, sr.Surname, sr.Username)
if user.FullName != fullName {
// Update user fullname if changed.
opts.FullName = optional.Some(fullName)
}
if !user.IsActive {
// User existing in LDAP should be active in application.
opts.IsActive = optional.Some(true)
}
if len(source.AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { if len(source.AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
// Change existing admin flag only if AdminFilter option is set // Change existing admin flag only if AdminFilter option is set
opts.IsAdmin = optional.Some(sr.IsAdmin) opts.IsAdmin = optional.Some(sr.IsAdmin)
} }
if !sr.IsAdmin && len(source.RestrictedFilter) > 0 && user.IsRestricted != sr.IsRestricted { if !sr.IsAdmin && len(source.RestrictedFilter) > 0 && user.IsRestricted != sr.IsRestricted {
// Change existing restricted flag only if RestrictedFilter option is set // Change existing restricted flag only if RestrictedFilter option is set
opts.IsRestricted = optional.Some(sr.IsRestricted) opts.IsRestricted = optional.Some(sr.IsRestricted)
} }
if opts.IsAdmin.Has() || opts.IsRestricted.Has() {
if opts.FullName.Has() || opts.IsActive.Has() || opts.IsAdmin.Has() || opts.IsRestricted.Has() {
if err := user_service.UpdateUser(ctx, user, opts); err != nil { if err := user_service.UpdateUser(ctx, user, opts); err != nil {
return nil, err return nil, err
} }
} }
if !strings.EqualFold(user.Email, sr.Mail) {
// Update user e-mail if changed.
if err := user_service.ReplacePrimaryEmailAddress(ctx, user, sr.Mail); err != nil {
return nil, err
}
}
} }
} }