diff --git a/i18n/en_US.yaml b/i18n/en_US.yaml index 663554d7..63702843 100644 --- a/i18n/en_US.yaml +++ b/i18n/en_US.yaml @@ -1,4 +1,5 @@ # The following fields are used for back-end + backend: base: success: @@ -221,6 +222,8 @@ backend: no_permission: other: No permission to Revision. user: + external_login_missing_user_id: + other: The third-party platform does not provide a unique UserID, so you cannot login, please contact the website administrator. external_login_unbinding_forbidden: other: Please set a login password for your account before you remove this login. email_or_password_wrong: diff --git a/internal/base/reason/reason.go b/internal/base/reason/reason.go index b4cdbcb9..91ee74c6 100644 --- a/internal/base/reason/reason.go +++ b/internal/base/reason/reason.go @@ -16,65 +16,70 @@ const ( ) const ( - EmailOrPasswordWrong = "error.object.email_or_password_incorrect" - CommentNotFound = "error.comment.not_found" - CommentCannotEditAfterDeadline = "error.comment.cannot_edit_after_deadline" - QuestionNotFound = "error.question.not_found" - QuestionCannotDeleted = "error.question.cannot_deleted" - QuestionCannotClose = "error.question.cannot_close" - QuestionCannotUpdate = "error.question.cannot_update" - QuestionAlreadyDeleted = "error.question.already_deleted" - AnswerNotFound = "error.answer.not_found" - AnswerCannotDeleted = "error.answer.cannot_deleted" - AnswerCannotUpdate = "error.answer.cannot_update" - AnswerCannotAddByClosedQuestion = "error.answer.question_closed_cannot_add" - CommentEditWithoutPermission = "error.comment.edit_without_permission" - DisallowVote = "error.object.disallow_vote" - DisallowFollow = "error.object.disallow_follow" - DisallowVoteYourSelf = "error.object.disallow_vote_your_self" - CaptchaVerificationFailed = "error.object.captcha_verification_failed" - OldPasswordVerificationFailed = "error.object.old_password_verification_failed" - NewPasswordSameAsPreviousSetting = "error.object.new_password_same_as_previous_setting" - UserNotFound = "error.user.not_found" - UsernameInvalid = "error.user.username_invalid" - UsernameDuplicate = "error.user.username_duplicate" - UserSetAvatar = "error.user.set_avatar" - EmailDuplicate = "error.email.duplicate" - EmailVerifyURLExpired = "error.email.verify_url_expired" - EmailNeedToBeVerified = "error.email.need_to_be_verified" - EmailIllegalDomainError = "error.email.illegal_email_domain_error" - UserSuspended = "error.user.suspended" - ObjectNotFound = "error.object.not_found" - TagNotFound = "error.tag.not_found" - TagNotContainSynonym = "error.tag.not_contain_synonym_tags" - TagCannotUpdate = "error.tag.cannot_update" - TagIsUsedCannotDelete = "error.tag.is_used_cannot_delete" - TagAlreadyExist = "error.tag.already_exist" - RankFailToMeetTheCondition = "error.rank.fail_to_meet_the_condition" - VoteRankFailToMeetTheCondition = "error.rank.vote_fail_to_meet_the_condition" - NoEnoughRankToOperate = "error.rank.no_enough_rank_to_operate" - ThemeNotFound = "error.theme.not_found" - LangNotFound = "error.lang.not_found" - ReportHandleFailed = "error.report.handle_failed" - ReportNotFound = "error.report.not_found" - ReadConfigFailed = "error.config.read_config_failed" - DatabaseConnectionFailed = "error.database.connection_failed" - InstallCreateTableFailed = "error.database.create_table_failed" - InstallConfigFailed = "error.install.create_config_failed" - SiteInfoNotFound = "error.site_info.not_found" - UploadFileSourceUnsupported = "error.upload.source_unsupported" - UploadFileUnsupportedFileFormat = "error.upload.unsupported_file_format" - RecommendTagNotExist = "error.tag.recommend_tag_not_found" - RecommendTagEnter = "error.tag.recommend_tag_enter" - RevisionReviewUnderway = "error.revision.review_underway" - RevisionNoPermission = "error.revision.no_permission" - UserCannotUpdateYourRole = "error.user.cannot_update_your_role" - TagCannotSetSynonymAsItself = "error.tag.cannot_set_synonym_as_itself" - NotAllowedRegistration = "error.user.not_allowed_registration" - SMTPConfigFromNameCannotBeEmail = "error.smtp.config_from_name_cannot_be_email" - AdminCannotUpdateTheirPassword = "error.admin.cannot_update_their_password" - AdminCannotModifySelfStatus = "error.admin.cannot_modify_self_status" - UserExternalLoginUnbindingForbidden = "error.user.external_login_unbinding_forbidden" - UserAccessDenied = "error.user.access_denied" - UserPageAccessDenied = "error.user.page_access_denied" + EmailOrPasswordWrong = "error.object.email_or_password_incorrect" + CommentNotFound = "error.comment.not_found" + CommentCannotEditAfterDeadline = "error.comment.cannot_edit_after_deadline" + QuestionNotFound = "error.question.not_found" + QuestionCannotDeleted = "error.question.cannot_deleted" + QuestionCannotClose = "error.question.cannot_close" + QuestionCannotUpdate = "error.question.cannot_update" + QuestionAlreadyDeleted = "error.question.already_deleted" + AnswerNotFound = "error.answer.not_found" + AnswerCannotDeleted = "error.answer.cannot_deleted" + AnswerCannotUpdate = "error.answer.cannot_update" + AnswerCannotAddByClosedQuestion = "error.answer.question_closed_cannot_add" + CommentEditWithoutPermission = "error.comment.edit_without_permission" + DisallowVote = "error.object.disallow_vote" + DisallowFollow = "error.object.disallow_follow" + DisallowVoteYourSelf = "error.object.disallow_vote_your_self" + CaptchaVerificationFailed = "error.object.captcha_verification_failed" + OldPasswordVerificationFailed = "error.object.old_password_verification_failed" + NewPasswordSameAsPreviousSetting = "error.object.new_password_same_as_previous_setting" + UserNotFound = "error.user.not_found" + UsernameInvalid = "error.user.username_invalid" + UsernameDuplicate = "error.user.username_duplicate" + UserSetAvatar = "error.user.set_avatar" + EmailDuplicate = "error.email.duplicate" + EmailVerifyURLExpired = "error.email.verify_url_expired" + EmailNeedToBeVerified = "error.email.need_to_be_verified" + EmailIllegalDomainError = "error.email.illegal_email_domain_error" + UserSuspended = "error.user.suspended" + ObjectNotFound = "error.object.not_found" + TagNotFound = "error.tag.not_found" + TagNotContainSynonym = "error.tag.not_contain_synonym_tags" + TagCannotUpdate = "error.tag.cannot_update" + TagIsUsedCannotDelete = "error.tag.is_used_cannot_delete" + TagAlreadyExist = "error.tag.already_exist" + RankFailToMeetTheCondition = "error.rank.fail_to_meet_the_condition" + VoteRankFailToMeetTheCondition = "error.rank.vote_fail_to_meet_the_condition" + NoEnoughRankToOperate = "error.rank.no_enough_rank_to_operate" + ThemeNotFound = "error.theme.not_found" + LangNotFound = "error.lang.not_found" + ReportHandleFailed = "error.report.handle_failed" + ReportNotFound = "error.report.not_found" + ReadConfigFailed = "error.config.read_config_failed" + DatabaseConnectionFailed = "error.database.connection_failed" + InstallCreateTableFailed = "error.database.create_table_failed" + InstallConfigFailed = "error.install.create_config_failed" + SiteInfoNotFound = "error.site_info.not_found" + UploadFileSourceUnsupported = "error.upload.source_unsupported" + UploadFileUnsupportedFileFormat = "error.upload.unsupported_file_format" + RecommendTagNotExist = "error.tag.recommend_tag_not_found" + RecommendTagEnter = "error.tag.recommend_tag_enter" + RevisionReviewUnderway = "error.revision.review_underway" + RevisionNoPermission = "error.revision.no_permission" + UserCannotUpdateYourRole = "error.user.cannot_update_your_role" + TagCannotSetSynonymAsItself = "error.tag.cannot_set_synonym_as_itself" + NotAllowedRegistration = "error.user.not_allowed_registration" + SMTPConfigFromNameCannotBeEmail = "error.smtp.config_from_name_cannot_be_email" + AdminCannotUpdateTheirPassword = "error.admin.cannot_update_their_password" + AdminCannotModifySelfStatus = "error.admin.cannot_modify_self_status" + UserAccessDenied = "error.user.access_denied" + UserPageAccessDenied = "error.user.page_access_denied" +) + +// user external login reasons +const ( + UserExternalLoginUnbindingForbidden = "error.user.external_login_unbinding_forbidden" + UserExternalLoginMissingUserID = "error.user.external_login_missing_user_id" ) diff --git a/internal/service/user_external_login/user_center_login_service.go b/internal/service/user_external_login/user_center_login_service.go index 14200298..37a0614d 100644 --- a/internal/service/user_external_login/user_center_login_service.go +++ b/internal/service/user_external_login/user_center_login_service.go @@ -49,6 +49,12 @@ func NewUserCenterLoginService( func (us *UserCenterLoginService) ExternalLogin( ctx context.Context, userCenter plugin.UserCenter, basicUserInfo *plugin.UserCenterBasicUserInfo) ( resp *schema.UserExternalLoginResp, err error) { + if len(basicUserInfo.ExternalID) == 0 { + return &schema.UserExternalLoginResp{ + ErrTitle: translator.Tr(handler.GetLangByCtx(ctx), reason.UserAccessDenied), + ErrMsg: translator.Tr(handler.GetLangByCtx(ctx), reason.UserExternalLoginMissingUserID), + }, nil + } if len(basicUserInfo.Email) > 0 { // check whether site allow register or not diff --git a/internal/service/user_external_login/user_external_login_service.go b/internal/service/user_external_login/user_external_login_service.go index 912d9135..baed23fc 100644 --- a/internal/service/user_external_login/user_external_login_service.go +++ b/internal/service/user_external_login/user_external_login_service.go @@ -6,13 +6,16 @@ import ( "fmt" "time" + "github.com/answerdev/answer/internal/base/handler" "github.com/answerdev/answer/internal/base/reason" + "github.com/answerdev/answer/internal/base/translator" "github.com/answerdev/answer/internal/entity" "github.com/answerdev/answer/internal/schema" "github.com/answerdev/answer/internal/service/activity" "github.com/answerdev/answer/internal/service/export" "github.com/answerdev/answer/internal/service/siteinfo_common" usercommon "github.com/answerdev/answer/internal/service/user_common" + "github.com/answerdev/answer/pkg/checker" "github.com/answerdev/answer/pkg/random" "github.com/answerdev/answer/pkg/token" "github.com/answerdev/answer/plugin" @@ -64,6 +67,13 @@ func NewUserExternalLoginService( func (us *UserExternalLoginService) ExternalLogin( ctx context.Context, externalUserInfo *schema.ExternalLoginUserInfoCache) ( resp *schema.UserExternalLoginResp, err error) { + if len(externalUserInfo.ExternalID) == 0 { + return &schema.UserExternalLoginResp{ + ErrTitle: translator.Tr(handler.GetLangByCtx(ctx), reason.UserAccessDenied), + ErrMsg: translator.Tr(handler.GetLangByCtx(ctx), reason.UserExternalLoginMissingUserID), + }, nil + } + oldExternalLoginUserInfo, exist, err := us.userExternalLoginRepo.GetByExternalID(ctx, externalUserInfo.Provider, externalUserInfo.ExternalID) if err != nil { @@ -99,6 +109,19 @@ func (us *UserExternalLoginService) ExternalLogin( return &schema.UserExternalLoginResp{BindingKey: bindingKey}, nil } + // check whether site allow register or not + siteInfo, err := us.siteInfoCommonService.GetSiteLogin(ctx) + if err != nil { + return nil, err + } + if !checker.EmailInAllowEmailDomain(externalUserInfo.Email, siteInfo.AllowEmailDomains) { + log.Debugf("email domain not allowed: %s", externalUserInfo.Email) + return &schema.UserExternalLoginResp{ + ErrTitle: translator.Tr(handler.GetLangByCtx(ctx), reason.UserAccessDenied), + ErrMsg: translator.Tr(handler.GetLangByCtx(ctx), reason.EmailIllegalDomainError), + }, nil + } + oldUserInfo, exist, err := us.userRepo.GetByEmail(ctx, externalUserInfo.Email) if err != nil { return nil, err