fix: adjust the password check logic for ldap user (#597 )

* fix: the password check logic for ldap user. LDAP user should only use the ldap connection to check the password. * fix: code format
fix: refresh_token api return old token (#623 )
2025-08-26 00:50:33 +08:00 · 2022-03-28 17:19:58 +08:00 · 2022-03-27 23:10:05 +08:00 · 2022-03-27 23:06:52 +08:00 · 2022-03-27 16:03:25 +08:00 · 2022-03-26 16:42:25 +08:00
7 changed files with 98 additions and 23 deletions
--- a/idp/github.go
+++ b/idp/github.go
@@ -15,11 +15,13 @@
 package idp

 import (
-	"context"
 	"encoding/json"
+	"fmt"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"strconv"
+	"strings"
 	"time"

 	"golang.org/x/oauth2"
@@ -60,9 +62,38 @@ func (idp *GithubIdProvider) getConfig() *oauth2.Config {
 	return config
 }

+type GithubToken struct {
+	AccessToken string `json:"access_token"`
+	TokenType   string `json:"token_type"`
+	Scope       string `json:"scope"`
+	Error       string `json:"error"`
+}
+
 func (idp *GithubIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, idp.Client)
-	return idp.Config.Exchange(ctx, code)
+	params := &struct {
+		Code         string `json:"code"`
+		ClientId     string `json:"client_id"`
+		ClientSecret string `json:"client_secret"`
+	}{code, idp.Config.ClientID, idp.Config.ClientSecret}
+	data, err := idp.postWithBody(params, idp.Config.Endpoint.TokenURL)
+	if err != nil {
+		return nil, err
+	}
+	pToken := &GithubToken{}
+	if err = json.Unmarshal(data, pToken); err != nil {
+		return nil, err
+	}
+	if pToken.Error != "" {
+		return nil, fmt.Errorf("err: %s", pToken.Error)
+	}
+
+	token := &oauth2.Token{
+		AccessToken: pToken.AccessToken,
+		TokenType:   "Bearer",
+	}
+
+	return token, nil
+
 }

 //{
@@ -192,3 +223,30 @@ func (idp *GithubIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	}
 	return &userInfo, nil
 }
+
+func (idp *GithubIdProvider) postWithBody(body interface{}, url string) ([]byte, error) {
+	bs, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	r := strings.NewReader(string(bs))
+	req, _ := http.NewRequest("POST", url, r)
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := idp.Client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	data, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			return
+		}
+	}(resp.Body)
+
+	return data, nil
+}
--- a/idp/goth.go
+++ b/idp/goth.go
@@ -231,6 +231,10 @@ func (idp *GothIdProvider) GetToken(code string) (*oauth2.Token, error) {
 		value.Add("code", code)
 	}
 	accessToken, err := idp.Session.Authorize(idp.Provider, value)
+	if err != nil {
+		return nil, err
+	}
+
 	//Get ExpiresAt's value
 	valueOfExpire := reflect.ValueOf(idp.Session).Elem().FieldByName("ExpiresAt")
 	if valueOfExpire.IsValid() {
@@ -240,7 +244,8 @@ func (idp *GothIdProvider) GetToken(code string) (*oauth2.Token, error) {
 		AccessToken: accessToken,
 		Expiry:      expireAt,
 	}
-	return &token, err
+
+	return &token, nil
 }

 func (idp *GothIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
--- a/object/check.go
+++ b/object/check.go
@@ -180,16 +180,15 @@ func CheckUserPassword(organization string, username string, password string) (*
 		return nil, "the user is forbidden to sign in, please contact the administrator"
 	}

-	msg := CheckPassword(user, password)
-	if msg != "" {
-		//for ldap users
-		if user.Ldap != "" {
-			return checkLdapUserPassword(user, password)
+	if user.Ldap != "" {
+		//ONLY for ldap users
+		return checkLdapUserPassword(user, password)
+	} else {
+		msg := CheckPassword(user, password)
+		if msg != "" {
+			return nil, msg
 		}
-
-		return nil, msg
 	}
-
 	return user, ""
 }

--- a/object/token.go
+++ b/object/token.go
@@ -439,14 +439,15 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 		TokenType:    "Bearer",
 	}
 	AddToken(newToken)
+	DeleteToken(&token)

 	tokenWrapper := &TokenWrapper{
-		AccessToken:  token.AccessToken,
-		IdToken:      token.AccessToken,
-		RefreshToken: token.RefreshToken,
-		TokenType:    token.TokenType,
-		ExpiresIn:    token.ExpiresIn,
-		Scope:        token.Scope,
+		AccessToken:  newToken.AccessToken,
+		IdToken:      newToken.AccessToken,
+		RefreshToken: newToken.RefreshToken,
+		TokenType:    newToken.TokenType,
+		ExpiresIn:    newToken.ExpiresIn,
+		Scope:        newToken.Scope,
 	}

 	return tokenWrapper
--- a/web/src/ProductBuyPage.js
+++ b/web/src/ProductBuyPage.js
@@ -83,6 +83,10 @@ class ProductBuyPage extends React.Component {
    }
  }

+  getPrice(product) {
+    return `${this.getCurrencySymbol(product)}${product?.price} (${this.getCurrencyText(product)})`;
+  }
+
  getProviders(product) {
    if (this.state.providers.length === 0 || product.providers.length === 0) {
      return [];
@@ -207,7 +211,9 @@ class ProductBuyPage extends React.Component {
            </Descriptions.Item>
            <Descriptions.Item label={i18next.t("product:Price")}>
            <span style={{fontSize: 28, color: "red", fontWeight: "bold"}}>
-              {`${this.getCurrencySymbol(product)}${product?.price} (${this.getCurrencyText(product)})`}
+              {
+                this.getPrice(product)
+              }
            </span>
            </Descriptions.Item>
            <Descriptions.Item label={i18next.t("product:Quantity")}><span style={{fontSize: 16}}>{product?.quantity}</span></Descriptions.Item>
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -22,6 +22,7 @@ import copy from "copy-to-clipboard";
 import {authConfig} from "./auth/Auth";
 import {Helmet} from "react-helmet";
 import moment from "moment";
+import * as Conf from "./Conf";

 export let ServerUrl = "";

@@ -29,12 +30,17 @@ export let ServerUrl = "";
 export const StaticBaseUrl = "https://cdn.casbin.org";

 // https://catamphetamine.gitlab.io/country-flag-icons/3x2/index.html
-export const CountryRegionData = getCountryRegionData()
+export const CountryRegionData = getCountryRegionData();

 export function getCountryRegionData() {
+  let language = i18next.language;
+  if (language === null || language === "null") {
+    language = Conf.DefaultLanguage;
+  }
+
  var countries = require("i18n-iso-countries");
-  countries.registerLocale(require("i18n-iso-countries/langs/" + i18next.language + ".json"));
-  var data = countries.getNames(i18next.language, {select: "official"});
+  countries.registerLocale(require("i18n-iso-countries/langs/" + language + ".json"));
+  var data = countries.getNames(language, {select: "official"});
  var result = []
  for (var i in data) 
    result.push({code:i, name:data[i]})
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@@ -42,7 +42,7 @@ class SyncerListPage extends BaseListPage {
      affiliationTable: "",
      avatarBaseUrl: "",
      syncInterval: 10,
-      isEnabled: true,
+      isEnabled: false,
    }
  }
Author	SHA1	Message	Date
蔡点点	e3f5bf93b2	fix: adjust the password check logic for ldap user (#597 ) * fix: the password check logic for ldap user. LDAP user should only use the ldap connection to check the password. * fix: code format	2022-03-28 17:19:58 +08:00
Yi Zhan	879ca6a488	fix: refresh_token api return old token (#623 ) Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-03-27 23:10:05 +08:00
Yang Luo	544cd40a08	Disable the new syncer by default.	2022-03-27 23:06:52 +08:00
Yang Luo	99f7883c7d	Fix null bug in getCountryRegionData().	2022-03-27 16:03:25 +08:00
Yang Luo	88b0fb6e52	Add getPrice().	2022-03-26 16:42:25 +08:00
Yi Zhan	fa9b49e25b	fix: some idp error messages return unclear (#620 ) Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-03-26 15:15:56 +08:00
Yi Zhan	cd76e9372e	feat: delete the old token when refreshing token (#617 ) Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-03-24 19:58:12 +08:00