mirror of
https://github.com/nezhahq/nezha.git
synced 2025-01-23 05:08:13 -05:00
feat: allow to disable password authentication
This commit is contained in:
parent
3c89d2d08a
commit
24a17e5824
@ -89,6 +89,7 @@ func authenticator() func(c *gin.Context) (interface{}, error) {
|
|||||||
|
|
||||||
var user model.User
|
var user model.User
|
||||||
realip := c.GetString(model.CtxKeyRealIPStr)
|
realip := c.GetString(model.CtxKeyRealIPStr)
|
||||||
|
|
||||||
if err := singleton.DB.Select("id", "password").Where("username = ?", loginVals.Username).First(&user).Error; err != nil {
|
if err := singleton.DB.Select("id", "password").Where("username = ?", loginVals.Username).First(&user).Error; err != nil {
|
||||||
if err == gorm.ErrRecordNotFound {
|
if err == gorm.ErrRecordNotFound {
|
||||||
model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeLoginFail, model.BlockIDUnknownUser)
|
model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeLoginFail, model.BlockIDUnknownUser)
|
||||||
@ -96,6 +97,11 @@ func authenticator() func(c *gin.Context) (interface{}, error) {
|
|||||||
return nil, jwt.ErrFailedAuthentication
|
return nil, jwt.ErrFailedAuthentication
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if user.RejectPassword {
|
||||||
|
model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeLoginFail, int64(user.ID))
|
||||||
|
return nil, jwt.ErrForbidden
|
||||||
|
}
|
||||||
|
|
||||||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(loginVals.Password)); err != nil {
|
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(loginVals.Password)); err != nil {
|
||||||
model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeLoginFail, int64(user.ID))
|
model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeLoginFail, int64(user.ID))
|
||||||
return nil, jwt.ErrFailedAuthentication
|
return nil, jwt.ErrFailedAuthentication
|
||||||
|
@ -42,7 +42,7 @@ func oauth2redirect(c *gin.Context) (*model.Oauth2LoginResponse, error) {
|
|||||||
return nil, singleton.Localizer.ErrorT("provider is required")
|
return nil, singleton.Localizer.ErrorT("provider is required")
|
||||||
}
|
}
|
||||||
|
|
||||||
rTypeInt, err := strconv.Atoi(c.Query("type"))
|
rTypeInt, err := strconv.ParseUint(c.Query("type"), 10, 8)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -87,10 +87,23 @@ func unbindOauth2(c *gin.Context) (any, error) {
|
|||||||
return nil, singleton.Localizer.ErrorT("provider not found")
|
return nil, singleton.Localizer.ErrorT("provider not found")
|
||||||
}
|
}
|
||||||
provider = strings.ToLower(provider)
|
provider = strings.ToLower(provider)
|
||||||
|
|
||||||
u := c.MustGet(model.CtxKeyAuthorizedUser).(*model.User)
|
u := c.MustGet(model.CtxKeyAuthorizedUser).(*model.User)
|
||||||
if err := singleton.DB.Where("provider = ? AND user_id = ?", provider, u.ID).Delete(&model.Oauth2Bind{}).Error; err != nil {
|
query := singleton.DB.Where("provider = ? AND user_id = ?", provider, u.ID)
|
||||||
|
|
||||||
|
var bindCount int64
|
||||||
|
if err := query.Model(&model.Oauth2Bind{}).Count(&bindCount).Error; err != nil {
|
||||||
return nil, newGormError("%v", err)
|
return nil, newGormError("%v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if bindCount < 2 && u.RejectPassword {
|
||||||
|
return nil, singleton.Localizer.ErrorT("operation not permitted")
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := query.Delete(&model.Oauth2Bind{}).Error; err != nil {
|
||||||
|
return nil, newGormError("%v", err)
|
||||||
|
}
|
||||||
|
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -73,8 +73,18 @@ func updateProfile(c *gin.Context) (any, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var bindCount int64
|
||||||
|
if err := singleton.DB.Where("user_id = ?", auth.(*model.User).ID).Count(&bindCount).Error; err != nil {
|
||||||
|
return nil, newGormError("%v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if pf.RejectPassword && bindCount < 1 {
|
||||||
|
return nil, singleton.Localizer.ErrorT("you don't have any oauth2 bindings")
|
||||||
|
}
|
||||||
|
|
||||||
user.Username = pf.NewUsername
|
user.Username = pf.NewUsername
|
||||||
user.Password = string(hash)
|
user.Password = string(hash)
|
||||||
|
user.RejectPassword = pf.RejectPassword
|
||||||
if err := singleton.DB.Save(&user).Error; err != nil {
|
if err := singleton.DB.Save(&user).Error; err != nil {
|
||||||
return nil, newGormError("%v", err)
|
return nil, newGormError("%v", err)
|
||||||
}
|
}
|
||||||
|
@ -19,6 +19,7 @@ type User struct {
|
|||||||
Password string `json:"password,omitempty" gorm:"type:char(72)"`
|
Password string `json:"password,omitempty" gorm:"type:char(72)"`
|
||||||
Role uint8 `json:"role,omitempty"`
|
Role uint8 `json:"role,omitempty"`
|
||||||
AgentSecret string `json:"agent_secret,omitempty" gorm:"type:char(32)"`
|
AgentSecret string `json:"agent_secret,omitempty" gorm:"type:char(32)"`
|
||||||
|
RejectPassword bool `json:"reject_password,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserInfo struct {
|
type UserInfo struct {
|
||||||
|
@ -10,4 +10,5 @@ type ProfileForm struct {
|
|||||||
OriginalPassword string `json:"original_password,omitempty"`
|
OriginalPassword string `json:"original_password,omitempty"`
|
||||||
NewUsername string `json:"new_username,omitempty"`
|
NewUsername string `json:"new_username,omitempty"`
|
||||||
NewPassword string `json:"new_password,omitempty"`
|
NewPassword string `json:"new_password,omitempty"`
|
||||||
|
RejectPassword bool `json:"reject_password,omitempty"`
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user