TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-28 22:47:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: login for initial users (#4506)

Browse Source
This commit is contained in:
Livio Spring 2022-10-07 13:56:50 +02:00 committed by GitHub
parent c9e2e6bc33
commit d775020a32
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@ -655,8 +655,8 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain
if err != nil && !errors.IsNotFound(err) { if err != nil && !errors.IsNotFound(err) {
return err return err
} }
// if there's an active user, let's use it // if there's an active (human) user, let's use it
if user != nil && user.State == int32(domain.UserStateActive) { if user != nil && !user.HumanView.IsZero() && domain.UserState(user.State).NotDisabled() {
request.SetUserInfo(user.ID, loginName, user.PreferredLoginName, "", "", user.ResourceOwner) request.SetUserInfo(user.ID, loginName, user.PreferredLoginName, "", "", user.ResourceOwner)
return nil return nil
} }
@ -674,12 +674,25 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain
return nil return nil
} }
// there was no policy that allowed unknown loginnames in any case // there was no policy that allowed unknown loginnames in any case
// so not found errors can now be returned
if err != nil {
return err
}
// let's check if it was a machine user
if !user.MachineView.IsZero() {
return errors.ThrowPreconditionFailed(nil, "AUTH-DGV4g", "Errors.User.NotHuman")
}
// let's once again check if the user was just inactive // let's once again check if the user was just inactive
if user != nil && user.State == int32(domain.UserStateInactive) { if user != nil && user.State == int32(domain.UserStateInactive) {
return errors.ThrowPreconditionFailed(nil, "AUTH-2n8fs", "Errors.User.Inactive") return errors.ThrowPreconditionFailed(nil, "AUTH-2n8fs", "Errors.User.Inactive")
} }
// user was not found // or locked
return err if user != nil && user.State == int32(domain.UserStateLocked) {
return errors.ThrowPreconditionFailed(nil, "AUTH-SF3gb", "Errors.User.Locked")
}
// everything should be handled by now
logging.WithFields("authRequest", request.ID, "loginName", loginName).Error("unhandled state for checkLoginName")
return errors.ThrowInternal(nil, "AUTH-asf3df", "Errors.Internal")
} }
func (repo *AuthRequestRepo) checkDomainDiscovery(ctx context.Context, request *domain.AuthRequest, loginName string) bool { func (repo *AuthRequestRepo) checkDomainDiscovery(ctx context.Context, request *domain.AuthRequest, loginName string) bool {

4
internal/domain/user.go
View File

@ -27,6 +27,10 @@ func (s UserState) Exists() bool {
return s != UserStateUnspecified && s != UserStateDeleted return s != UserStateUnspecified && s != UserStateDeleted
} }
func (s UserState) NotDisabled() bool {
return s == UserStateActive || s == UserStateInitial
}
type UserType int32 type UserType int32
const ( const (