llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: fix bug that user forbidden check will be skipped in OAuth login (#3580)

Browse Source
This commit is contained in:
DacongDA 2025-02-13 13:14:44 +08:00 committed by GitHub
parent 37d93a5eea
commit 9c39179849
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
controllers/auth.go
View File

@ -54,6 +54,11 @@ func tokenToResponse(token *object.Token) *Response {
// HandleLoggedIn ... // HandleLoggedIn ...
func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) { func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) {
if user.IsForbidden {
c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
return
}
userId := user.GetId() userId := user.GetId()
clientIp := util.GetClientIpFromRequest(c.Ctx.Request) clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
@ -678,10 +683,6 @@ func (c *ApiController) Login() {
if user != nil && !user.IsDeleted { if user != nil && !user.IsDeleted {
// Sign in via OAuth (want to sign up but already have account) // Sign in via OAuth (want to sign up but already have account)
if user.IsForbidden {
c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
}
// sync info from 3rd-party if possible // sync info from 3rd-party if possible
_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo) _, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
if err != nil { if err != nil {