mirror of https://gitee.com/answerdev/answer.git
fix(user): check email invalid when oauth login
This commit is contained in:
LinkinStars
parent
4d1326f0df
commit
cbaf50e691
|
|
@ -1,4 +1,5 @@
|
||||||
# The following fields are used for back-end
|
# The following fields are used for back-end
|
||||||
|
|
||||||
backend:
|
backend:
|
||||||
base:
|
base:
|
||||||
success:
|
success:
|
||||||
|
|
@ -221,6 +222,8 @@ backend:
|
||||||
no_permission:
|
no_permission:
|
||||||
other: No permission to Revision.
|
other: No permission to Revision.
|
||||||
user:
|
user:
|
||||||
|
external_login_missing_user_id:
|
||||||
|
other: The third-party platform does not provide a unique UserID, so you cannot login, please contact the website administrator.
|
||||||
external_login_unbinding_forbidden:
|
external_login_unbinding_forbidden:
|
||||||
other: Please set a login password for your account before you remove this login.
|
other: Please set a login password for your account before you remove this login.
|
||||||
email_or_password_wrong:
|
email_or_password_wrong:
|
||||||
|
|
|
||||||
|
|
@ -16,65 +16,70 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
EmailOrPasswordWrong = "error.object.email_or_password_incorrect"
|
EmailOrPasswordWrong = "error.object.email_or_password_incorrect"
|
||||||
CommentNotFound = "error.comment.not_found"
|
CommentNotFound = "error.comment.not_found"
|
||||||
CommentCannotEditAfterDeadline = "error.comment.cannot_edit_after_deadline"
|
CommentCannotEditAfterDeadline = "error.comment.cannot_edit_after_deadline"
|
||||||
QuestionNotFound = "error.question.not_found"
|
QuestionNotFound = "error.question.not_found"
|
||||||
QuestionCannotDeleted = "error.question.cannot_deleted"
|
QuestionCannotDeleted = "error.question.cannot_deleted"
|
||||||
QuestionCannotClose = "error.question.cannot_close"
|
QuestionCannotClose = "error.question.cannot_close"
|
||||||
QuestionCannotUpdate = "error.question.cannot_update"
|
QuestionCannotUpdate = "error.question.cannot_update"
|
||||||
QuestionAlreadyDeleted = "error.question.already_deleted"
|
QuestionAlreadyDeleted = "error.question.already_deleted"
|
||||||
AnswerNotFound = "error.answer.not_found"
|
AnswerNotFound = "error.answer.not_found"
|
||||||
AnswerCannotDeleted = "error.answer.cannot_deleted"
|
AnswerCannotDeleted = "error.answer.cannot_deleted"
|
||||||
AnswerCannotUpdate = "error.answer.cannot_update"
|
AnswerCannotUpdate = "error.answer.cannot_update"
|
||||||
AnswerCannotAddByClosedQuestion = "error.answer.question_closed_cannot_add"
|
AnswerCannotAddByClosedQuestion = "error.answer.question_closed_cannot_add"
|
||||||
CommentEditWithoutPermission = "error.comment.edit_without_permission"
|
CommentEditWithoutPermission = "error.comment.edit_without_permission"
|
||||||
DisallowVote = "error.object.disallow_vote"
|
DisallowVote = "error.object.disallow_vote"
|
||||||
DisallowFollow = "error.object.disallow_follow"
|
DisallowFollow = "error.object.disallow_follow"
|
||||||
DisallowVoteYourSelf = "error.object.disallow_vote_your_self"
|
DisallowVoteYourSelf = "error.object.disallow_vote_your_self"
|
||||||
CaptchaVerificationFailed = "error.object.captcha_verification_failed"
|
CaptchaVerificationFailed = "error.object.captcha_verification_failed"
|
||||||
OldPasswordVerificationFailed = "error.object.old_password_verification_failed"
|
OldPasswordVerificationFailed = "error.object.old_password_verification_failed"
|
||||||
NewPasswordSameAsPreviousSetting = "error.object.new_password_same_as_previous_setting"
|
NewPasswordSameAsPreviousSetting = "error.object.new_password_same_as_previous_setting"
|
||||||
UserNotFound = "error.user.not_found"
|
UserNotFound = "error.user.not_found"
|
||||||
UsernameInvalid = "error.user.username_invalid"
|
UsernameInvalid = "error.user.username_invalid"
|
||||||
UsernameDuplicate = "error.user.username_duplicate"
|
UsernameDuplicate = "error.user.username_duplicate"
|
||||||
UserSetAvatar = "error.user.set_avatar"
|
UserSetAvatar = "error.user.set_avatar"
|
||||||
EmailDuplicate = "error.email.duplicate"
|
EmailDuplicate = "error.email.duplicate"
|
||||||
EmailVerifyURLExpired = "error.email.verify_url_expired"
|
EmailVerifyURLExpired = "error.email.verify_url_expired"
|
||||||
EmailNeedToBeVerified = "error.email.need_to_be_verified"
|
EmailNeedToBeVerified = "error.email.need_to_be_verified"
|
||||||
EmailIllegalDomainError = "error.email.illegal_email_domain_error"
|
EmailIllegalDomainError = "error.email.illegal_email_domain_error"
|
||||||
UserSuspended = "error.user.suspended"
|
UserSuspended = "error.user.suspended"
|
||||||
ObjectNotFound = "error.object.not_found"
|
ObjectNotFound = "error.object.not_found"
|
||||||
TagNotFound = "error.tag.not_found"
|
TagNotFound = "error.tag.not_found"
|
||||||
TagNotContainSynonym = "error.tag.not_contain_synonym_tags"
|
TagNotContainSynonym = "error.tag.not_contain_synonym_tags"
|
||||||
TagCannotUpdate = "error.tag.cannot_update"
|
TagCannotUpdate = "error.tag.cannot_update"
|
||||||
TagIsUsedCannotDelete = "error.tag.is_used_cannot_delete"
|
TagIsUsedCannotDelete = "error.tag.is_used_cannot_delete"
|
||||||
TagAlreadyExist = "error.tag.already_exist"
|
TagAlreadyExist = "error.tag.already_exist"
|
||||||
RankFailToMeetTheCondition = "error.rank.fail_to_meet_the_condition"
|
RankFailToMeetTheCondition = "error.rank.fail_to_meet_the_condition"
|
||||||
VoteRankFailToMeetTheCondition = "error.rank.vote_fail_to_meet_the_condition"
|
VoteRankFailToMeetTheCondition = "error.rank.vote_fail_to_meet_the_condition"
|
||||||
NoEnoughRankToOperate = "error.rank.no_enough_rank_to_operate"
|
NoEnoughRankToOperate = "error.rank.no_enough_rank_to_operate"
|
||||||
ThemeNotFound = "error.theme.not_found"
|
ThemeNotFound = "error.theme.not_found"
|
||||||
LangNotFound = "error.lang.not_found"
|
LangNotFound = "error.lang.not_found"
|
||||||
ReportHandleFailed = "error.report.handle_failed"
|
ReportHandleFailed = "error.report.handle_failed"
|
||||||
ReportNotFound = "error.report.not_found"
|
ReportNotFound = "error.report.not_found"
|
||||||
ReadConfigFailed = "error.config.read_config_failed"
|
ReadConfigFailed = "error.config.read_config_failed"
|
||||||
DatabaseConnectionFailed = "error.database.connection_failed"
|
DatabaseConnectionFailed = "error.database.connection_failed"
|
||||||
InstallCreateTableFailed = "error.database.create_table_failed"
|
InstallCreateTableFailed = "error.database.create_table_failed"
|
||||||
InstallConfigFailed = "error.install.create_config_failed"
|
InstallConfigFailed = "error.install.create_config_failed"
|
||||||
SiteInfoNotFound = "error.site_info.not_found"
|
SiteInfoNotFound = "error.site_info.not_found"
|
||||||
UploadFileSourceUnsupported = "error.upload.source_unsupported"
|
UploadFileSourceUnsupported = "error.upload.source_unsupported"
|
||||||
UploadFileUnsupportedFileFormat = "error.upload.unsupported_file_format"
|
UploadFileUnsupportedFileFormat = "error.upload.unsupported_file_format"
|
||||||
RecommendTagNotExist = "error.tag.recommend_tag_not_found"
|
RecommendTagNotExist = "error.tag.recommend_tag_not_found"
|
||||||
RecommendTagEnter = "error.tag.recommend_tag_enter"
|
RecommendTagEnter = "error.tag.recommend_tag_enter"
|
||||||
RevisionReviewUnderway = "error.revision.review_underway"
|
RevisionReviewUnderway = "error.revision.review_underway"
|
||||||
RevisionNoPermission = "error.revision.no_permission"
|
RevisionNoPermission = "error.revision.no_permission"
|
||||||
UserCannotUpdateYourRole = "error.user.cannot_update_your_role"
|
UserCannotUpdateYourRole = "error.user.cannot_update_your_role"
|
||||||
TagCannotSetSynonymAsItself = "error.tag.cannot_set_synonym_as_itself"
|
TagCannotSetSynonymAsItself = "error.tag.cannot_set_synonym_as_itself"
|
||||||
NotAllowedRegistration = "error.user.not_allowed_registration"
|
NotAllowedRegistration = "error.user.not_allowed_registration"
|
||||||
SMTPConfigFromNameCannotBeEmail = "error.smtp.config_from_name_cannot_be_email"
|
SMTPConfigFromNameCannotBeEmail = "error.smtp.config_from_name_cannot_be_email"
|
||||||
AdminCannotUpdateTheirPassword = "error.admin.cannot_update_their_password"
|
AdminCannotUpdateTheirPassword = "error.admin.cannot_update_their_password"
|
||||||
AdminCannotModifySelfStatus = "error.admin.cannot_modify_self_status"
|
AdminCannotModifySelfStatus = "error.admin.cannot_modify_self_status"
|
||||||
UserExternalLoginUnbindingForbidden = "error.user.external_login_unbinding_forbidden"
|
UserAccessDenied = "error.user.access_denied"
|
||||||
UserAccessDenied = "error.user.access_denied"
|
UserPageAccessDenied = "error.user.page_access_denied"
|
||||||
UserPageAccessDenied = "error.user.page_access_denied"
|
)
|
||||||
|
|
||||||
|
// user external login reasons
|
||||||
|
const (
|
||||||
|
UserExternalLoginUnbindingForbidden = "error.user.external_login_unbinding_forbidden"
|
||||||
|
UserExternalLoginMissingUserID = "error.user.external_login_missing_user_id"
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -49,6 +49,12 @@ func NewUserCenterLoginService(
|
||||||
func (us *UserCenterLoginService) ExternalLogin(
|
func (us *UserCenterLoginService) ExternalLogin(
|
||||||
ctx context.Context, userCenter plugin.UserCenter, basicUserInfo *plugin.UserCenterBasicUserInfo) (
|
ctx context.Context, userCenter plugin.UserCenter, basicUserInfo *plugin.UserCenterBasicUserInfo) (
|
||||||
resp *schema.UserExternalLoginResp, err error) {
|
resp *schema.UserExternalLoginResp, err error) {
|
||||||
|
if len(basicUserInfo.ExternalID) == 0 {
|
||||||
|
return &schema.UserExternalLoginResp{
|
||||||
|
ErrTitle: translator.Tr(handler.GetLangByCtx(ctx), reason.UserAccessDenied),
|
||||||
|
ErrMsg: translator.Tr(handler.GetLangByCtx(ctx), reason.UserExternalLoginMissingUserID),
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
if len(basicUserInfo.Email) > 0 {
|
if len(basicUserInfo.Email) > 0 {
|
||||||
// check whether site allow register or not
|
// check whether site allow register or not
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,16 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/answerdev/answer/internal/base/handler"
|
||||||
"github.com/answerdev/answer/internal/base/reason"
|
"github.com/answerdev/answer/internal/base/reason"
|
||||||
|
"github.com/answerdev/answer/internal/base/translator"
|
||||||
"github.com/answerdev/answer/internal/entity"
|
"github.com/answerdev/answer/internal/entity"
|
||||||
"github.com/answerdev/answer/internal/schema"
|
"github.com/answerdev/answer/internal/schema"
|
||||||
"github.com/answerdev/answer/internal/service/activity"
|
"github.com/answerdev/answer/internal/service/activity"
|
||||||
"github.com/answerdev/answer/internal/service/export"
|
"github.com/answerdev/answer/internal/service/export"
|
||||||
"github.com/answerdev/answer/internal/service/siteinfo_common"
|
"github.com/answerdev/answer/internal/service/siteinfo_common"
|
||||||
usercommon "github.com/answerdev/answer/internal/service/user_common"
|
usercommon "github.com/answerdev/answer/internal/service/user_common"
|
||||||
|
"github.com/answerdev/answer/pkg/checker"
|
||||||
"github.com/answerdev/answer/pkg/random"
|
"github.com/answerdev/answer/pkg/random"
|
||||||
"github.com/answerdev/answer/pkg/token"
|
"github.com/answerdev/answer/pkg/token"
|
||||||
"github.com/answerdev/answer/plugin"
|
"github.com/answerdev/answer/plugin"
|
||||||
|
|
@ -64,6 +67,13 @@ func NewUserExternalLoginService(
|
||||||
func (us *UserExternalLoginService) ExternalLogin(
|
func (us *UserExternalLoginService) ExternalLogin(
|
||||||
ctx context.Context, externalUserInfo *schema.ExternalLoginUserInfoCache) (
|
ctx context.Context, externalUserInfo *schema.ExternalLoginUserInfoCache) (
|
||||||
resp *schema.UserExternalLoginResp, err error) {
|
resp *schema.UserExternalLoginResp, err error) {
|
||||||
|
if len(externalUserInfo.ExternalID) == 0 {
|
||||||
|
return &schema.UserExternalLoginResp{
|
||||||
|
ErrTitle: translator.Tr(handler.GetLangByCtx(ctx), reason.UserAccessDenied),
|
||||||
|
ErrMsg: translator.Tr(handler.GetLangByCtx(ctx), reason.UserExternalLoginMissingUserID),
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
oldExternalLoginUserInfo, exist, err := us.userExternalLoginRepo.GetByExternalID(ctx,
|
oldExternalLoginUserInfo, exist, err := us.userExternalLoginRepo.GetByExternalID(ctx,
|
||||||
externalUserInfo.Provider, externalUserInfo.ExternalID)
|
externalUserInfo.Provider, externalUserInfo.ExternalID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -99,6 +109,19 @@ func (us *UserExternalLoginService) ExternalLogin(
|
||||||
return &schema.UserExternalLoginResp{BindingKey: bindingKey}, nil
|
return &schema.UserExternalLoginResp{BindingKey: bindingKey}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check whether site allow register or not
|
||||||
|
siteInfo, err := us.siteInfoCommonService.GetSiteLogin(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if !checker.EmailInAllowEmailDomain(externalUserInfo.Email, siteInfo.AllowEmailDomains) {
|
||||||
|
log.Debugf("email domain not allowed: %s", externalUserInfo.Email)
|
||||||
|
return &schema.UserExternalLoginResp{
|
||||||
|
ErrTitle: translator.Tr(handler.GetLangByCtx(ctx), reason.UserAccessDenied),
|
||||||
|
ErrMsg: translator.Tr(handler.GetLangByCtx(ctx), reason.EmailIllegalDomainError),
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
oldUserInfo, exist, err := us.userRepo.GetByEmail(ctx, externalUserInfo.Email)
|
oldUserInfo, exist, err := us.userRepo.GetByEmail(ctx, externalUserInfo.Email)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue