fix(caldav): make sure the caldav tokens of non-local accounts are properly checked

This commit is contained in:
kolaente 2022-07-04 18:08:41 +02:00
parent db1ccff0de
commit 4429ba2da1
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
3 changed files with 37 additions and 5 deletions

View file

@ -28,14 +28,15 @@ import (
) )
func BasicAuth(username, password string, c echo.Context) (bool, error) { func BasicAuth(username, password string, c echo.Context) (bool, error) {
creds := &user.Login{ s := db.NewSession()
defer s.Close()
credentials := &user.Login{
Username: username, Username: username,
Password: password, Password: password,
} }
s := db.NewSession() u, err := user.CheckUserCredentials(s, credentials)
defer s.Close() if err != nil && !user.IsErrWrongUsernameOrPassword(err) && !user.IsErrAccountIsNotLocal(err) {
u, err := user.CheckUserCredentials(s, creds)
if err != nil && !user.IsErrWrongUsernameOrPassword(err) {
log.Errorf("Error during basic auth for caldav: %v", err) log.Errorf("Error during basic auth for caldav: %v", err)
return false, nil return false, nil
} }

View file

@ -452,3 +452,30 @@ func (err *ErrAccountDisabled) HTTPError() web.HTTPError {
Message: "This account is disabled. Check your emails or ask your administrator.", Message: "This account is disabled. Check your emails or ask your administrator.",
} }
} }
// ErrAccountIsNotLocal represents a "AccountIsNotLocal" kind of error.
type ErrAccountIsNotLocal struct {
UserID int64
}
// IsErrAccountIsNotLocal checks if an error is a ErrAccountIsNotLocal.
func IsErrAccountIsNotLocal(err error) bool {
_, ok := err.(*ErrAccountIsNotLocal)
return ok
}
func (err *ErrAccountIsNotLocal) Error() string {
return "Account is not local"
}
// ErrCodeAccountIsNotLocal holds the unique world-error code of this error
const ErrCodeAccountIsNotLocal = 1021
// HTTPError holds the http error description
func (err *ErrAccountIsNotLocal) HTTPError() web.HTTPError {
return web.HTTPError{
HTTPCode: http.StatusPreconditionFailed,
Code: ErrCodeAccountIsNotLocal,
Message: "This account is managed by a third-party authentication provider.",
}
}

View file

@ -314,6 +314,10 @@ func CheckUserCredentials(s *xorm.Session, u *Login) (*User, error) {
return nil, ErrWrongUsernameOrPassword{} return nil, ErrWrongUsernameOrPassword{}
} }
if user.Issuer != IssuerLocal {
return user, &ErrAccountIsNotLocal{UserID: user.ID}
}
// The user is invalid if they need to verify their email address // The user is invalid if they need to verify their email address
if user.Status == StatusEmailConfirmationRequired { if user.Status == StatusEmailConfirmationRequired {
return &User{}, ErrEmailNotConfirmed{UserID: user.ID} return &User{}, ErrEmailNotConfirmed{UserID: user.ID}