From 10dab04dc1bbe4c5f121070c432f6f785b6c9b1e Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Mon, 6 Jul 2020 17:33:40 +0200 Subject: [PATCH] Fix 3rd-party auth issues Signed-off-by: Thomas Citharel --- js/src/i18n/en_US.json | 4 +++- js/src/i18n/fr_FR.json | 4 +++- js/src/types/login-error-code.model.ts | 5 +++++ js/src/views/User/Login.vue | 3 +++ js/src/views/User/SendPasswordReset.vue | 12 +++++++++++- lib/graphql/resolvers/user.ex | 3 +++ lib/service/auth/ldap_authenticator.ex | 9 ++++++++- 7 files changed, 36 insertions(+), 4 deletions(-) diff --git a/js/src/i18n/en_US.json b/js/src/i18n/en_US.json index 95070573f..b0e997c23 100644 --- a/js/src/i18n/en_US.json +++ b/js/src/i18n/en_US.json @@ -708,5 +708,7 @@ "Your email address was automatically set based on your {provider} account.": "Your email address was automatically set based on your {provider} account.", "You can't change your password because you are registered through {provider}.": "You can't change your password because you are registered through {provider}.", "Error while login with {provider}. Retry or login another way.": "Error while login with {provider}. Retry or login another way.", - "Error while login with {provider}. This login provider doesn't exist.": "Error while login with {provider}. This login provider doesn't exist." + "Error while login with {provider}. This login provider doesn't exist.": "Error while login with {provider}. This login provider doesn't exist.", + "This user has been disabled": "This user has been disabled", + "You can't reset your password because you use a 3rd-party auth provider to login.": "You can't reset your password because you use a 3rd-party auth provider to login." } diff --git a/js/src/i18n/fr_FR.json b/js/src/i18n/fr_FR.json index b0ad62388..031014ba3 100644 --- a/js/src/i18n/fr_FR.json +++ b/js/src/i18n/fr_FR.json @@ -708,5 +708,7 @@ "Your email address was automatically set based on your {provider} account.": "Votre adresse email a été définie automatiquement en se basant sur votre compte {provider}.", "You can't change your password because you are registered through {provider}.": "Vous ne pouvez pas changer votre mot de passe car vous vous êtes enregistré via {provider}.", "Error while login with {provider}. Retry or login another way.": "Erreur lors de la connexion avec {provider}. Réessayez ou bien connectez vous autrement.", - "Error while login with {provider}. This login provider doesn't exist.": "Erreur lors de la connexion avec {provider}. Cette méthode de connexion n'existe pas." + "Error while login with {provider}. This login provider doesn't exist.": "Erreur lors de la connexion avec {provider}. Cette méthode de connexion n'existe pas.", + "This user has been disabled": "Cet utilisateur·ice a été désactivé·e", + "You can't reset your password because you use a 3rd-party auth provider to login.": "Vous ne pouvez pas réinitialiser votre mot de passe car vous vous connectez via une méthode externe." } diff --git a/js/src/types/login-error-code.model.ts b/js/src/types/login-error-code.model.ts index e2752030b..4c812ec18 100644 --- a/js/src/types/login-error-code.model.ts +++ b/js/src/types/login-error-code.model.ts @@ -8,4 +8,9 @@ export enum LoginError { USER_EMAIL_PASSWORD_INVALID = "Impossible to authenticate, either your email or password are invalid.", LOGIN_PROVIDER_ERROR = "Error with Login Provider", LOGIN_PROVIDER_NOT_FOUND = "Login Provider not found", + USER_DISABLED = "This user has been disabled", +} + +export enum ResetError { + USER_IMPOSSIBLE_TO_RESET = "This user can't reset their password", } diff --git a/js/src/views/User/Login.vue b/js/src/views/User/Login.vue index 9862045c6..cce0febdc 100644 --- a/js/src/views/User/Login.vue +++ b/js/src/views/User/Login.vue @@ -54,6 +54,9 @@ {{ $t("No user account with this email was found. Maybe you made a typo?") }} + + {{ $t("This user has been disabled") }} +
diff --git a/js/src/views/User/SendPasswordReset.vue b/js/src/views/User/SendPasswordReset.vue index 941e913a2..13974a666 100644 --- a/js/src/views/User/SendPasswordReset.vue +++ b/js/src/views/User/SendPasswordReset.vue @@ -19,7 +19,14 @@ :key="error" @close="removeError(error)" > - {{ error }} + + {{ + $t( + "You can't reset your password because you use a 3rd-party auth provider to login." + ) + }} + + {{ error }} @@ -52,6 +59,7 @@ import { Component, Prop, Vue } from "vue-property-decorator"; import { validateEmailField, validateRequiredField } from "../../utils/validators"; import { SEND_RESET_PASSWORD } from "../../graphql/auth"; import RouteName from "../../router/name"; +import { ResetError } from "../../types/login-error-code.model"; @Component export default class SendPasswordReset extends Vue { @@ -67,6 +75,8 @@ export default class SendPasswordReset extends Vue { errors: string[] = []; + ResetError = ResetError; + state = { email: { status: null, diff --git a/lib/graphql/resolvers/user.ex b/lib/graphql/resolvers/user.ex index b3043b97c..69414974e 100644 --- a/lib/graphql/resolvers/user.ex +++ b/lib/graphql/resolvers/user.ex @@ -69,6 +69,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do {:error, :user_not_found} -> {:error, "No user with this email was found"} + {:error, :disabled_user} -> + {:error, "This user has been disabled"} + {:error, _error} -> {:error, "Impossible to authenticate, either your email or password are invalid."} end diff --git a/lib/service/auth/ldap_authenticator.ex b/lib/service/auth/ldap_authenticator.ex index 6db154376..a05fc946d 100644 --- a/lib/service/auth/ldap_authenticator.ex +++ b/lib/service/auth/ldap_authenticator.ex @@ -67,13 +67,20 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do # Then we can verify the user's password :ok <- bind_user(connection, base, uid_field, uid, password) do case fetch_user(email) do - %User{} = user -> + %User{disabled: false} = user -> user + %User{disabled: true} = _user -> + {:error, :disabled_user} + _ -> register_user(email) end else + {:error, err} + when err in [:ldap_search_email_not_found, :ldap_search_email_not_found] -> + {:ldap, err} + {:error, error} -> {:error, error}