Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

oidc: allow login if the password method is disabled

Browse Source 
isLoggedInWithOIDC returns false before login so we need to add
a specific check

Fixes #1879

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2025-03-29 20:28:17 +01:00
parent cf573fc743
commit d95d773570
7 changed files with 18 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/httpd/server.go
View File

@@ -273,7 +273,7 @@ func (s *httpdServer) handleWebClientLoginPost(w http.ResponseWriter, r *http.Re
return
}
connectionID := fmt.Sprintf("%v_%v", protocol, xid.New().String())
if err := checkHTTPClientUser(&user, r, connectionID, true); err != nil {
if err := checkHTTPClientUser(&user, r, connectionID, true, false); err != nil {
updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nError403Message))
return
@@ -312,7 +312,7 @@ func (s *httpdServer) handleWebClientPasswordResetPost(w http.ResponseWriter, r
return
}
connectionID := fmt.Sprintf("%v_%v", getProtocolFromRequest(r), xid.New().String())
if err := checkHTTPClientUser(user, r, connectionID, true); err != nil {
if err := checkHTTPClientUser(user, r, connectionID, true, false); err != nil {
s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorLoginAfterReset))
return
}
@@ -862,7 +862,7 @@ func (s *httpdServer) getUserToken(w http.ResponseWriter, r *http.Request) {
return
}
connectionID := fmt.Sprintf("%v_%v", protocol, xid.New().String())
if err := checkHTTPClientUser(&user, r, connectionID, true); err != nil {
if err := checkHTTPClientUser(&user, r, connectionID, true, false); err != nil {
updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
sendAPIResponse(w, r, err, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
@@ -1039,7 +1039,7 @@ func (s *httpdServer) refreshClientToken(w http.ResponseWriter, r *http.Request,
logger.Debug(logSender, "", "unable to refresh cookie for user %q: %v", user.Username, err)
return
}
if err := checkHTTPClientUser(&user, r, xid.New().String(), true); err != nil {
if err := checkHTTPClientUser(&user, r, xid.New().String(), true, false); err != nil {
logger.Debug(logSender, "", "unable to refresh cookie for user %q: %v", user.Username, err)
return
}