Fix 3rd-party auth issues

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
3 years ago · 69841cbb45
parent 1d2038c9a0
commit 69841cbb45
7 changed files with 36 additions and 4 deletions
--- a/js/src/i18n/en_US.json
+++ b/js/src/i18n/en_US.json
@ -708,5 +708,7 @@
  "Your email address was automatically set based on your {provider} account.": "Your email address was automatically set based on your {provider} account.",
  "You can't change your password because you are registered through {provider}.": "You can't change your password because you are registered through {provider}.",
  "Error while login with {provider}. Retry or login another way.": "Error while login with {provider}. Retry or login another way.",
-  "Error while login with {provider}. This login provider doesn't exist.": "Error while login with {provider}. This login provider doesn't exist."
+  "Error while login with {provider}. This login provider doesn't exist.": "Error while login with {provider}. This login provider doesn't exist.",
+  "This user has been disabled": "This user has been disabled",
+  "You can't reset your password because you use a 3rd-party auth provider to login.": "You can't reset your password because you use a 3rd-party auth provider to login."
 }
--- a/js/src/i18n/fr_FR.json
+++ b/js/src/i18n/fr_FR.json
@ -708,5 +708,7 @@
  "Your email address was automatically set based on your {provider} account.": "Votre adresse email a été définie automatiquement en se basant sur votre compte {provider}.",
  "You can't change your password because you are registered through {provider}.": "Vous ne pouvez pas changer votre mot de passe car vous vous êtes enregistré via {provider}.",
  "Error while login with {provider}. Retry or login another way.": "Erreur lors de la connexion avec {provider}. Réessayez ou bien connectez vous autrement.",
-  "Error while login with {provider}. This login provider doesn't exist.": "Erreur lors de la connexion avec {provider}. Cette méthode de connexion n'existe pas."
+  "Error while login with {provider}. This login provider doesn't exist.": "Erreur lors de la connexion avec {provider}. Cette méthode de connexion n'existe pas.",
+  "This user has been disabled": "Cet utilisateur·ice a été désactivé·e",
+  "You can't reset your password because you use a 3rd-party auth provider to login.": "Vous ne pouvez pas réinitialiser votre mot de passe car vous vous connectez via une méthode externe."
 }
--- a/js/src/types/login-error-code.model.ts
+++ b/js/src/types/login-error-code.model.ts
@ -8,4 +8,9 @@ export enum LoginError {
  USER_EMAIL_PASSWORD_INVALID = "Impossible to authenticate, either your email or password are invalid.",
  LOGIN_PROVIDER_ERROR = "Error with Login Provider",
  LOGIN_PROVIDER_NOT_FOUND = "Login Provider not found",
+  USER_DISABLED = "This user has been disabled",
+}
+
+export enum ResetError {
+  USER_IMPOSSIBLE_TO_RESET = "This user can't reset their password",
 }
--- a/js/src/views/User/Login.vue
+++ b/js/src/views/User/Login.vue
@ -54,6 +54,9 @@
          <span v-if="error === LoginError.USER_DOES_NOT_EXIST">{{
            $t("No user account with this email was found. Maybe you made a typo?")
          }}</span>
+          <span v-if="error === LoginError.USER_DISABLED">
+            {{ $t("This user has been disabled") }}
+          </span>
        </b-message>
        <form @submit="loginAction">
          <b-field :label="$t('Email')" label-for="email">
--- a/js/src/views/User/SendPasswordReset.vue
+++ b/js/src/views/User/SendPasswordReset.vue
@ -19,7 +19,14 @@
          :key="error"
          @close="removeError(error)"
        >
-          {{ error }}
+          <span v-if="error == ResetError.USER_IMPOSSIBLE_TO_RESET">
+            {{
+              $t(
+                "You can't reset your password because you use a 3rd-party auth provider to login."
+              )
+            }}
+          </span>
+          <span v-else>{{ error }}</span>
        </b-message>
        <form @submit="sendResetPasswordTokenAction" v-if="!validationSent">
          <b-field :label="$t('Email address')">
@ -52,6 +59,7 @@ import { Component, Prop, Vue } from "vue-property-decorator";
 import { validateEmailField, validateRequiredField } from "../../utils/validators";
 import { SEND_RESET_PASSWORD } from "../../graphql/auth";
 import RouteName from "../../router/name";
+import { ResetError } from "../../types/login-error-code.model";

@Component
 export default class SendPasswordReset extends Vue {
@ -67,6 +75,8 @@ export default class SendPasswordReset extends Vue {

  errors: string[] = [];

+  ResetError = ResetError;
+
  state = {
    email: {
      status: null,
--- a/lib/graphql/resolvers/user.ex
+++ b/lib/graphql/resolvers/user.ex
@ -69,6 +69,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
      {:error, :user_not_found} ->
        {:error, "No user with this email was found"}

+      {:error, :disabled_user} ->
+        {:error, "This user has been disabled"}
+
      {:error, _error} ->
        {:error, "Impossible to authenticate, either your email or password are invalid."}
    end
--- a/lib/service/auth/ldap_authenticator.ex
+++ b/lib/service/auth/ldap_authenticator.ex
@ -67,13 +67,20 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
               # Then we can verify the user's password
               :ok <- bind_user(connection, base, uid_field, uid, password) do
            case fetch_user(email) do
-              %User{} = user ->
+              %User{disabled: false} = user ->
                user

+              %User{disabled: true} = _user ->
+                {:error, :disabled_user}
+
              _ ->
                register_user(email)
            end
          else
+            {:error, err}
+            when err in [:ldap_search_email_not_found, :ldap_search_email_not_found] ->
+              {:ldap, err}
+
            {:error, error} ->
              {:error, error}