From d8dd271e43550ab043c2db36c274092d7819fcab Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Thu, 10 May 2018 09:46:09 -0700 Subject: MM-4998 Adding LoginIdAttribute to allow LDAP users to change their login ID without losing their account (#8756) * Adding LoginIdAttribute * Modifying LDAP to use loginIDAttribute. * Adding IDAttribute migration and AD objectGUID support. * Removing unused idea. * Fix typo. --- Makefile | 4 ++ api/user.go | 4 +- api4/user.go | 8 +-- app/ldap.go | 6 +- app/login.go | 70 ++++++++++++++-------- app/user.go | 32 ---------- cmd/commands/ldap.go | 29 +++++++++ config/default.json | 1 + einterfaces/ldap.go | 7 +-- i18n/en.json | 4 ++ mlog/log.go | 1 + model/config.go | 11 ++++ model/switch_request.go | 2 +- store/sqlstore/user_store.go | 6 +- store/store.go | 2 +- store/storetest/mocks/AuditStore.go | 2 +- store/storetest/mocks/ChannelMemberHistoryStore.go | 2 +- store/storetest/mocks/ChannelStore.go | 2 +- store/storetest/mocks/ClusterDiscoveryStore.go | 2 +- store/storetest/mocks/CommandStore.go | 2 +- store/storetest/mocks/CommandWebhookStore.go | 2 +- store/storetest/mocks/ComplianceStore.go | 2 +- store/storetest/mocks/EmojiStore.go | 2 +- store/storetest/mocks/FileInfoStore.go | 2 +- store/storetest/mocks/JobStore.go | 2 +- store/storetest/mocks/LayeredStoreDatabaseLayer.go | 2 +- store/storetest/mocks/LayeredStoreSupplier.go | 2 +- store/storetest/mocks/LicenseStore.go | 2 +- store/storetest/mocks/OAuthStore.go | 2 +- store/storetest/mocks/PluginStore.go | 2 +- store/storetest/mocks/PostStore.go | 2 +- store/storetest/mocks/PreferenceStore.go | 2 +- store/storetest/mocks/ReactionStore.go | 2 +- store/storetest/mocks/RoleStore.go | 2 +- store/storetest/mocks/SessionStore.go | 2 +- store/storetest/mocks/SqlStore.go | 2 +- store/storetest/mocks/StatusStore.go | 2 +- store/storetest/mocks/Store.go | 2 +- store/storetest/mocks/SystemStore.go | 2 +- store/storetest/mocks/TeamStore.go | 2 +- store/storetest/mocks/TokenStore.go | 2 +- store/storetest/mocks/UserAccessTokenStore.go | 2 +- store/storetest/mocks/UserStore.go | 12 ++-- store/storetest/mocks/WebhookStore.go | 2 +- store/storetest/user_store.go | 46 ++------------ 45 files changed, 149 insertions(+), 152 deletions(-) diff --git a/Makefile b/Makefile index bff03b1ad..187b8f769 100644 --- a/Makefile +++ b/Makefile @@ -275,6 +275,10 @@ store-mocks: ## Creates mock files. go get github.com/vektra/mockery/... $(GOPATH)/bin/mockery -dir store -all -output store/storetest/mocks -note 'Regenerate this file using `make store-mocks`.' +ldap-mocks: ## Creates mock files for ldap. + go get github.com/vektra/mockery/... + GOPATH=$(shell go env GOPATH) $(shell go env GOPATH)/bin/mockery -dir enterprise/ldap -all -output enterprise/ldap/mocks -note 'Regenerate this file using `make ldap-mocks`.' + update-jira-plugin: ## Updates Jira plugin. go get github.com/mattermost/go-bindata/... curl -s https://api.github.com/repos/mattermost/mattermost-plugin-jira/releases/latest | grep browser_download_url | grep darwin-amd64 | cut -d '"' -f 4 | wget -qi - -O plugin.tar.gz diff --git a/api/user.go b/api/user.go index 15fd4c7ea..5931eac1e 100644 --- a/api/user.go +++ b/api/user.go @@ -107,7 +107,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { ldapOnly := props["ldap_only"] == "true" c.LogAudit("attempt - user_id=" + id + " login_id=" + loginId) - user, err := c.App.AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId, ldapOnly) + user, err := c.App.AuthenticateUserForLogin(id, loginId, password, mfaToken, ldapOnly) if err != nil { c.LogAudit("failure - user_id=" + id + " login_id=" + loginId) c.Err = err @@ -1072,7 +1072,7 @@ func checkMfa(c *Context, w http.ResponseWriter, r *http.Request) { } rdata := map[string]string{} - if user, err := c.App.GetUserForLogin(loginId, false); err != nil { + if user, err := c.App.GetUserForLogin("", loginId); err != nil { rdata["mfa_required"] = "false" } else { rdata["mfa_required"] = strconv.FormatBool(user.MfaActive) diff --git a/api4/user.go b/api4/user.go index 897c49ad1..2a539a551 100644 --- a/api4/user.go +++ b/api4/user.go @@ -771,7 +771,7 @@ func checkUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { return } - if user, err := c.App.GetUserForLogin(loginId, false); err == nil { + if user, err := c.App.GetUserForLogin("", loginId); err == nil { resp["mfa_required"] = user.MfaActive } @@ -943,7 +943,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { ldapOnly := props["ldap_only"] == "true" c.LogAuditWithUserId(id, "attempt - login_id="+loginId) - user, err := c.App.AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId, ldapOnly) + user, err := c.App.AuthenticateUserForLogin(id, loginId, password, mfaToken, ldapOnly) if err != nil { c.LogAuditWithUserId(id, "failure - login_id="+loginId) c.Err = err @@ -1167,7 +1167,7 @@ func sendVerificationEmail(c *Context, w http.ResponseWriter, r *http.Request) { return } - user, err := c.App.GetUserForLogin(email, false) + user, err := c.App.GetUserForLogin("", email) if err != nil { // Don't want to leak whether the email is valid or not ReturnStatusOK(w) @@ -1205,7 +1205,7 @@ func switchAccountType(c *Context, w http.ResponseWriter, r *http.Request) { link, err = c.App.SwitchOAuthToEmail(switchRequest.Email, switchRequest.NewPassword, c.Session.UserId) } else if switchRequest.EmailToLdap() { - link, err = c.App.SwitchEmailToLdap(switchRequest.Email, switchRequest.Password, switchRequest.MfaCode, switchRequest.LdapId, switchRequest.NewPassword) + link, err = c.App.SwitchEmailToLdap(switchRequest.Email, switchRequest.Password, switchRequest.MfaCode, switchRequest.LdapLoginId, switchRequest.NewPassword) } else if switchRequest.LdapToEmail() { link, err = c.App.SwitchLdapToEmail(switchRequest.Password, switchRequest.MfaCode, switchRequest.Email, switchRequest.NewPassword) } else { diff --git a/app/ldap.go b/app/ldap.go index 22c3b746b..544905b70 100644 --- a/app/ldap.go +++ b/app/ldap.go @@ -40,7 +40,7 @@ func (a *App) TestLdap() *model.AppError { return nil } -func (a *App) SwitchEmailToLdap(email, password, code, ldapId, ldapPassword string) (string, *model.AppError) { +func (a *App) SwitchEmailToLdap(email, password, code, ldapLoginId, ldapPassword string) (string, *model.AppError) { if a.License() != nil && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { return "", model.NewAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusForbidden) } @@ -63,7 +63,7 @@ func (a *App) SwitchEmailToLdap(email, password, code, ldapId, ldapPassword stri return "", model.NewAppError("SwitchEmailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusNotImplemented) } - if err := ldapInterface.SwitchToLdap(user.Id, ldapId, ldapPassword); err != nil { + if err := ldapInterface.SwitchToLdap(user.Id, ldapLoginId, ldapPassword); err != nil { return "", err } @@ -95,7 +95,7 @@ func (a *App) SwitchLdapToEmail(ldapPassword, code, email, newPassword string) ( return "", model.NewAppError("SwitchLdapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusNotImplemented) } - if err := ldapInterface.CheckPassword(*user.AuthData, ldapPassword); err != nil { + if err := ldapInterface.CheckPasswordAuthData(*user.AuthData, ldapPassword); err != nil { return "", err } diff --git a/app/login.go b/app/login.go index 43b022749..529e4cb21 100644 --- a/app/login.go +++ b/app/login.go @@ -11,47 +11,69 @@ import ( "github.com/avct/uasurfer" "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/store" ) -func (a *App) AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId string, ldapOnly bool) (*model.User, *model.AppError) { +func (a *App) AuthenticateUserForLogin(id, loginId, password, mfaToken string, ldapOnly bool) (user *model.User, err *model.AppError) { + // Do statistics + defer func() { + if a.Metrics != nil { + if user == nil || err != nil { + a.Metrics.IncrementLoginFail() + } else { + a.Metrics.IncrementLogin() + } + } + }() + if len(password) == 0 { err := model.NewAppError("AuthenticateUserForLogin", "api.user.login.blank_pwd.app_error", nil, "", http.StatusBadRequest) return nil, err } - var user *model.User - var err *model.AppError + // Get the MM user we are trying to login + if user, err = a.GetUserForLogin(id, loginId); err != nil { + return nil, err + } + + // and then authenticate them + if user, err = a.authenticateUser(user, password, mfaToken); err != nil { + return nil, err + } + + return user, nil +} + +func (a *App) GetUserForLogin(id, loginId string) (*model.User, *model.AppError) { + enableUsername := *a.Config().EmailSettings.EnableSignInWithUsername + enableEmail := *a.Config().EmailSettings.EnableSignInWithEmail + // If we are given a userID then fail if we can't find a user with that ID if len(id) != 0 { - if user, err = a.GetUser(id); err != nil { - err.StatusCode = http.StatusBadRequest - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() + if user, err := a.GetUser(id); err != nil { + if err.Id != store.MISSING_ACCOUNT_ERROR { + err.StatusCode = http.StatusInternalServerError + return nil, err + } else { + err.StatusCode = http.StatusBadRequest + return nil, err } - return nil, err - } - } else { - if user, err = a.GetUserForLogin(loginId, ldapOnly); err != nil { - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() - } - return nil, err + } else { + return user, nil } } - // and then authenticate them - if user, err = a.authenticateUser(user, password, mfaToken); err != nil { - if a.Metrics != nil { - a.Metrics.IncrementLoginFail() - } - return nil, err + // Try to get the user by username/email + if result := <-a.Srv.Store.User().GetForLogin(loginId, enableUsername, enableEmail); result.Err == nil { + return result.Data.(*model.User), nil } - if a.Metrics != nil { - a.Metrics.IncrementLogin() + // Try to get the user with LDAP + if user, err := a.Ldap.GetUser(loginId); err == nil { + return user, nil } - return user, nil + return nil, model.NewAppError("GetUserForLogin", "store.sql_user.get_for_login.app_error", nil, "", http.StatusBadRequest) } func (a *App) DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) (*model.Session, *model.AppError) { diff --git a/app/user.go b/app/user.go index fd8b6b377..2b0442e75 100644 --- a/app/user.go +++ b/app/user.go @@ -382,38 +382,6 @@ func (a *App) GetUserByAuth(authData *string, authService string) (*model.User, } } -func (a *App) GetUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppError) { - license := a.License() - ldapAvailable := *a.Config().LdapSettings.Enable && a.Ldap != nil && license != nil && *license.Features.LDAP - - if result := <-a.Srv.Store.User().GetForLogin( - loginId, - *a.Config().EmailSettings.EnableSignInWithUsername && !onlyLdap, - *a.Config().EmailSettings.EnableSignInWithEmail && !onlyLdap, - ldapAvailable, - ); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" { - // don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work - result.Err.StatusCode = http.StatusBadRequest - return nil, result.Err - } else if result.Err != nil { - if !ldapAvailable { - // failed to find user and no LDAP server to fall back on - result.Err.StatusCode = http.StatusBadRequest - return nil, result.Err - } - - // fall back to LDAP server to see if we can find a user - if ldapUser, ldapErr := a.Ldap.GetUser(loginId); ldapErr != nil { - ldapErr.StatusCode = http.StatusBadRequest - return nil, ldapErr - } else { - return ldapUser, nil - } - } else { - return result.Data.(*model.User), nil - } -} - func (a *App) GetUsers(offset int, limit int) ([]*model.User, *model.AppError) { if result := <-a.Srv.Store.User().GetAllProfiles(offset, limit); result.Err != nil { return nil, result.Err diff --git a/cmd/commands/ldap.go b/cmd/commands/ldap.go index 0c79ce32b..03c366213 100644 --- a/cmd/commands/ldap.go +++ b/cmd/commands/ldap.go @@ -22,9 +22,19 @@ var LdapSyncCmd = &cobra.Command{ RunE: ldapSyncCmdF, } +var LdapIdMigrate = &cobra.Command{ + Use: "idmigrate", + Short: "Migrate LDAP IdAttribute to new value", + Long: "Migrate LDAP IdAttribute to new value. Run this utility then change the IdAttribute to the new value.", + Example: " ldap idmigrate objectGUID", + Args: cobra.ExactArgs(1), + RunE: ldapIdMigrateCmdF, +} + func init() { LdapCmd.AddCommand( LdapSyncCmd, + LdapIdMigrate, ) cmd.RootCmd.AddCommand(LdapCmd) } @@ -47,3 +57,22 @@ func ldapSyncCmdF(command *cobra.Command, args []string) error { return nil } + +func ldapIdMigrateCmdF(command *cobra.Command, args []string) error { + a, err := cmd.InitDBCommandContextCobra(command) + if err != nil { + return err + } + defer a.Shutdown() + + toAttribute := args[0] + if ldapI := a.Ldap; ldapI != nil { + if err := ldapI.MigrateIDAttribute(toAttribute); err != nil { + cmd.CommandPrintErrorln("ERROR: AD/LDAP IdAttribute migration failed! Error: " + err.Error()) + } else { + cmd.CommandPrettyPrintln("SUCCESS: AD/LDAP IdAttribute migration complete. You can now change your IdAttribute to: " + toAttribute) + } + } + + return nil +} diff --git a/config/default.json b/config/default.json index 8bf06dc8b..80a694e38 100644 --- a/config/default.json +++ b/config/default.json @@ -263,6 +263,7 @@ "NicknameAttribute": "", "IdAttribute": "", "PositionAttribute": "", + "LoginIdAttribute": "", "SyncIntervalMinutes": 60, "SkipCertificateVerification": false, "QueryTimeout": 60, diff --git a/einterfaces/ldap.go b/einterfaces/ldap.go index 26326b174..31e8b7cf8 100644 --- a/einterfaces/ldap.go +++ b/einterfaces/ldap.go @@ -4,8 +4,6 @@ package einterfaces import ( - "github.com/go-ldap/ldap" - "github.com/mattermost/mattermost-server/model" ) @@ -14,12 +12,11 @@ type LdapInterface interface { GetUser(id string) (*model.User, *model.AppError) GetUserAttributes(id string, attributes []string) (map[string]string, *model.AppError) CheckPassword(id string, password string) *model.AppError + CheckPasswordAuthData(authData string, password string) *model.AppError SwitchToLdap(userId, ldapId, ldapPassword string) *model.AppError ValidateFilter(filter string) *model.AppError StartSynchronizeJob(waitForJobToFinish bool) (*model.Job, *model.AppError) RunTest() *model.AppError GetAllLdapUsers() ([]*model.User, *model.AppError) - UserFromLdapUser(ldapUser *ldap.Entry) *model.User - UserHasUpdateFromLdap(existingUser *model.User, currentLdapUser *model.User) bool - UpdateLocalLdapUser(existingUser *model.User, currentLdapUser *model.User) *model.User + MigrateIDAttribute(toAttribute string) error } diff --git a/i18n/en.json b/i18n/en.json index d4a08b07a..c0b1d0558 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -5018,6 +5018,10 @@ "id": "model.config.is_valid.ldap_id", "translation": "AD/LDAP field \"ID Attribute\" is required." }, + { + "id": "model.config.is_valid.ldap_login_id", + "translation": "AD/LDAP field \"Login ID Attribute\" is required." + }, { "id": "model.config.is_valid.ldap_lastname", "translation": "AD/LDAP field \"Last Name Attribute\" is required." diff --git a/mlog/log.go b/mlog/log.go index ad537a11d..28f7408c4 100644 --- a/mlog/log.go +++ b/mlog/log.go @@ -29,6 +29,7 @@ type Field = zapcore.Field var Int64 = zap.Int64 var Int = zap.Int var String = zap.String +var Any = zap.Any var Err = zap.Error type LoggerConfiguration struct { diff --git a/model/config.go b/model/config.go index 5074b7637..07cd9d977 100644 --- a/model/config.go +++ b/model/config.go @@ -1144,6 +1144,7 @@ type LdapSettings struct { NicknameAttribute *string IdAttribute *string PositionAttribute *string + LoginIdAttribute *string // Synchronization SyncIntervalMinutes *int @@ -1227,6 +1228,12 @@ func (s *LdapSettings) SetDefaults() { s.PositionAttribute = NewString(LDAP_SETTINGS_DEFAULT_POSITION_ATTRIBUTE) } + // For those upgrading to the version when LoginIdAttribute was added + // they need IdAttribute == LoginIdAttribute not to break + if s.LoginIdAttribute == nil { + s.LoginIdAttribute = s.IdAttribute + } + if s.SyncIntervalMinutes == nil { s.SyncIntervalMinutes = NewInt(60) } @@ -2074,6 +2081,10 @@ func (ls *LdapSettings) isValid() *AppError { if *ls.IdAttribute == "" { return NewAppError("Config.IsValid", "model.config.is_valid.ldap_id", nil, "", http.StatusBadRequest) } + + if *ls.LoginIdAttribute == "" { + return NewAppError("Config.IsValid", "model.config.is_valid.ldap_login_id", nil, "", http.StatusBadRequest) + } } return nil diff --git a/model/switch_request.go b/model/switch_request.go index e153c92f4..2a522f492 100644 --- a/model/switch_request.go +++ b/model/switch_request.go @@ -15,7 +15,7 @@ type SwitchRequest struct { Password string `json:"password"` NewPassword string `json:"new_password"` MfaCode string `json:"mfa_code"` - LdapId string `json:"ldap_id"` + LdapLoginId string `json:"ldap_id"` } func (o *SwitchRequest) ToJson() string { diff --git a/store/sqlstore/user_store.go b/store/sqlstore/user_store.go index f4ed3e400..a695e4aa8 100644 --- a/store/sqlstore/user_store.go +++ b/store/sqlstore/user_store.go @@ -819,13 +819,12 @@ func (us SqlUserStore) GetByUsername(username string) store.StoreChannel { }) } -func (us SqlUserStore) GetForLogin(loginId string, allowSignInWithUsername, allowSignInWithEmail, ldapEnabled bool) store.StoreChannel { +func (us SqlUserStore) GetForLogin(loginId string, allowSignInWithUsername, allowSignInWithEmail bool) store.StoreChannel { return store.Do(func(result *store.StoreResult) { params := map[string]interface{}{ "LoginId": loginId, "AllowSignInWithUsername": allowSignInWithUsername, "AllowSignInWithEmail": allowSignInWithEmail, - "LdapEnabled": ldapEnabled, } users := []*model.User{} @@ -837,8 +836,7 @@ func (us SqlUserStore) GetForLogin(loginId string, allowSignInWithUsername, allo Users WHERE (:AllowSignInWithUsername AND Username = :LoginId) - OR (:AllowSignInWithEmail AND Email = :LoginId) - OR (:LdapEnabled AND AuthService = '`+model.USER_AUTH_SERVICE_LDAP+`' AND AuthData = :LoginId)`, + OR (:AllowSignInWithEmail AND Email = :LoginId)`, params); err != nil { result.Err = model.NewAppError("SqlUserStore.GetForLogin", "store.sql_user.get_for_login.app_error", nil, err.Error(), http.StatusInternalServerError) } else if len(users) == 1 { diff --git a/store/store.go b/store/store.go index 0b5c9df5f..7fcebf0b1 100644 --- a/store/store.go +++ b/store/store.go @@ -228,7 +228,7 @@ type UserStore interface { GetByAuth(authData *string, authService string) StoreChannel GetAllUsingAuthService(authService string) StoreChannel GetByUsername(username string) StoreChannel - GetForLogin(loginId string, allowSignInWithUsername, allowSignInWithEmail, ldapEnabled bool) StoreChannel + GetForLogin(loginId string, allowSignInWithUsername, allowSignInWithEmail bool) StoreChannel VerifyEmail(userId string) StoreChannel GetEtagForAllProfiles() StoreChannel GetEtagForProfiles(teamId string) StoreChannel diff --git a/store/storetest/mocks/AuditStore.go b/store/storetest/mocks/AuditStore.go index df84545bd..d1ee9082e 100644 --- a/store/storetest/mocks/AuditStore.go +++ b/store/storetest/mocks/AuditStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/ChannelMemberHistoryStore.go b/store/storetest/mocks/ChannelMemberHistoryStore.go index 16155b982..ae8d024d1 100644 --- a/store/storetest/mocks/ChannelMemberHistoryStore.go +++ b/store/storetest/mocks/ChannelMemberHistoryStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/ChannelStore.go b/store/storetest/mocks/ChannelStore.go index 6eab47073..ec3fa1253 100644 --- a/store/storetest/mocks/ChannelStore.go +++ b/store/storetest/mocks/ChannelStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/ClusterDiscoveryStore.go b/store/storetest/mocks/ClusterDiscoveryStore.go index 997dcf03f..4010006d8 100644 --- a/store/storetest/mocks/ClusterDiscoveryStore.go +++ b/store/storetest/mocks/ClusterDiscoveryStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/CommandStore.go b/store/storetest/mocks/CommandStore.go index de4bc4e34..798bbee4d 100644 --- a/store/storetest/mocks/CommandStore.go +++ b/store/storetest/mocks/CommandStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/CommandWebhookStore.go b/store/storetest/mocks/CommandWebhookStore.go index cede8cdd2..5129388ae 100644 --- a/store/storetest/mocks/CommandWebhookStore.go +++ b/store/storetest/mocks/CommandWebhookStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/ComplianceStore.go b/store/storetest/mocks/ComplianceStore.go index fb828cd4b..dd75941b3 100644 --- a/store/storetest/mocks/ComplianceStore.go +++ b/store/storetest/mocks/ComplianceStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/EmojiStore.go b/store/storetest/mocks/EmojiStore.go index 9871c98aa..b1f0a3217 100644 --- a/store/storetest/mocks/EmojiStore.go +++ b/store/storetest/mocks/EmojiStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/FileInfoStore.go b/store/storetest/mocks/FileInfoStore.go index 4dddf0bd7..67f922146 100644 --- a/store/storetest/mocks/FileInfoStore.go +++ b/store/storetest/mocks/FileInfoStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/JobStore.go b/store/storetest/mocks/JobStore.go index d3558212e..a78a3f94e 100644 --- a/store/storetest/mocks/JobStore.go +++ b/store/storetest/mocks/JobStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/LayeredStoreDatabaseLayer.go b/store/storetest/mocks/LayeredStoreDatabaseLayer.go index 6fa31bb1b..cf1d776ef 100644 --- a/store/storetest/mocks/LayeredStoreDatabaseLayer.go +++ b/store/storetest/mocks/LayeredStoreDatabaseLayer.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/LayeredStoreSupplier.go b/store/storetest/mocks/LayeredStoreSupplier.go index d4242708b..443112615 100644 --- a/store/storetest/mocks/LayeredStoreSupplier.go +++ b/store/storetest/mocks/LayeredStoreSupplier.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/LicenseStore.go b/store/storetest/mocks/LicenseStore.go index 5c65425ea..f00ebba78 100644 --- a/store/storetest/mocks/LicenseStore.go +++ b/store/storetest/mocks/LicenseStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/OAuthStore.go b/store/storetest/mocks/OAuthStore.go index fb49d715d..a39570b6c 100644 --- a/store/storetest/mocks/OAuthStore.go +++ b/store/storetest/mocks/OAuthStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/PluginStore.go b/store/storetest/mocks/PluginStore.go index 920b0f63c..b6f161a86 100644 --- a/store/storetest/mocks/PluginStore.go +++ b/store/storetest/mocks/PluginStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/PostStore.go b/store/storetest/mocks/PostStore.go index bdfbb3321..130bfafd7 100644 --- a/store/storetest/mocks/PostStore.go +++ b/store/storetest/mocks/PostStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/PreferenceStore.go b/store/storetest/mocks/PreferenceStore.go index 5ad56914a..f53ae06d5 100644 --- a/store/storetest/mocks/PreferenceStore.go +++ b/store/storetest/mocks/PreferenceStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/ReactionStore.go b/store/storetest/mocks/ReactionStore.go index ce09f3f76..b3e81a83b 100644 --- a/store/storetest/mocks/ReactionStore.go +++ b/store/storetest/mocks/ReactionStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/RoleStore.go b/store/storetest/mocks/RoleStore.go index 3c01ee341..cb69b2f2e 100644 --- a/store/storetest/mocks/RoleStore.go +++ b/store/storetest/mocks/RoleStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/SessionStore.go b/store/storetest/mocks/SessionStore.go index 70b2bd945..819ae948d 100644 --- a/store/storetest/mocks/SessionStore.go +++ b/store/storetest/mocks/SessionStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/SqlStore.go b/store/storetest/mocks/SqlStore.go index 43709fc0e..20cfd1721 100644 --- a/store/storetest/mocks/SqlStore.go +++ b/store/storetest/mocks/SqlStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/StatusStore.go b/store/storetest/mocks/StatusStore.go index 4acb90bdd..68ccdd4ec 100644 --- a/store/storetest/mocks/StatusStore.go +++ b/store/storetest/mocks/StatusStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/Store.go b/store/storetest/mocks/Store.go index cb7e511f6..a0438b66e 100644 --- a/store/storetest/mocks/Store.go +++ b/store/storetest/mocks/Store.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/SystemStore.go b/store/storetest/mocks/SystemStore.go index b31e4646d..e36396fe1 100644 --- a/store/storetest/mocks/SystemStore.go +++ b/store/storetest/mocks/SystemStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/TeamStore.go b/store/storetest/mocks/TeamStore.go index d38fb5f27..993c9b86f 100644 --- a/store/storetest/mocks/TeamStore.go +++ b/store/storetest/mocks/TeamStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/TokenStore.go b/store/storetest/mocks/TokenStore.go index b4baacf03..657aeca49 100644 --- a/store/storetest/mocks/TokenStore.go +++ b/store/storetest/mocks/TokenStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/UserAccessTokenStore.go b/store/storetest/mocks/UserAccessTokenStore.go index c5ef0fefe..fd98a8a99 100644 --- a/store/storetest/mocks/UserAccessTokenStore.go +++ b/store/storetest/mocks/UserAccessTokenStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/mocks/UserStore.go b/store/storetest/mocks/UserStore.go index 369a29e7a..347dd2065 100644 --- a/store/storetest/mocks/UserStore.go +++ b/store/storetest/mocks/UserStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. @@ -258,13 +258,13 @@ func (_m *UserStore) GetEtagForProfilesNotInTeam(teamId string) store.StoreChann return r0 } -// GetForLogin provides a mock function with given fields: loginId, allowSignInWithUsername, allowSignInWithEmail, ldapEnabled -func (_m *UserStore) GetForLogin(loginId string, allowSignInWithUsername bool, allowSignInWithEmail bool, ldapEnabled bool) store.StoreChannel { - ret := _m.Called(loginId, allowSignInWithUsername, allowSignInWithEmail, ldapEnabled) +// GetForLogin provides a mock function with given fields: loginId, allowSignInWithUsername, allowSignInWithEmail +func (_m *UserStore) GetForLogin(loginId string, allowSignInWithUsername bool, allowSignInWithEmail bool) store.StoreChannel { + ret := _m.Called(loginId, allowSignInWithUsername, allowSignInWithEmail) var r0 store.StoreChannel - if rf, ok := ret.Get(0).(func(string, bool, bool, bool) store.StoreChannel); ok { - r0 = rf(loginId, allowSignInWithUsername, allowSignInWithEmail, ldapEnabled) + if rf, ok := ret.Get(0).(func(string, bool, bool) store.StoreChannel); ok { + r0 = rf(loginId, allowSignInWithUsername, allowSignInWithEmail) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(store.StoreChannel) diff --git a/store/storetest/mocks/WebhookStore.go b/store/storetest/mocks/WebhookStore.go index bf5b636eb..a0b2b0bee 100644 --- a/store/storetest/mocks/WebhookStore.go +++ b/store/storetest/mocks/WebhookStore.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0 +// Code generated by mockery v1.0.0. DO NOT EDIT. // Regenerate this file using `make store-mocks`. diff --git a/store/storetest/user_store.go b/store/storetest/user_store.go index 2fd7d4190..66f54df39 100644 --- a/store/storetest/user_store.go +++ b/store/storetest/user_store.go @@ -1091,64 +1091,26 @@ func testUserStoreGetForLogin(t *testing.T, ss store.Store) { } store.Must(ss.User().Save(u2)) - if result := <-ss.User().GetForLogin(u1.Username, true, true, true); result.Err != nil { + if result := <-ss.User().GetForLogin(u1.Username, true, true); result.Err != nil { t.Fatal("Should have gotten user by username", result.Err) } else if result.Data.(*model.User).Id != u1.Id { t.Fatal("Should have gotten user1 by username") } - if result := <-ss.User().GetForLogin(u1.Email, true, true, true); result.Err != nil { + if result := <-ss.User().GetForLogin(u1.Email, true, true); result.Err != nil { t.Fatal("Should have gotten user by email", result.Err) } else if result.Data.(*model.User).Id != u1.Id { t.Fatal("Should have gotten user1 by email") } - if result := <-ss.User().GetForLogin(*u2.AuthData, true, true, true); result.Err != nil { - t.Fatal("Should have gotten user by AD/LDAP AuthData", result.Err) - } else if result.Data.(*model.User).Id != u2.Id { - t.Fatal("Should have gotten user2 by AD/LDAP AuthData") - } - - // prevent getting user by AuthData when they're not an LDAP user - if result := <-ss.User().GetForLogin(*u1.AuthData, true, true, true); result.Err == nil { - t.Fatal("Should not have gotten user by non-AD/LDAP AuthData") - } - // prevent getting user when different login methods are disabled - if result := <-ss.User().GetForLogin(u1.Username, false, true, true); result.Err == nil { + if result := <-ss.User().GetForLogin(u1.Username, false, true); result.Err == nil { t.Fatal("Should have failed to get user1 by username") } - if result := <-ss.User().GetForLogin(u1.Email, true, false, true); result.Err == nil { + if result := <-ss.User().GetForLogin(u1.Email, true, false); result.Err == nil { t.Fatal("Should have failed to get user1 by email") } - - if result := <-ss.User().GetForLogin(*u2.AuthData, true, true, false); result.Err == nil { - t.Fatal("Should have failed to get user3 by AD/LDAP AuthData") - } - - auth3 := model.NewId() - - // test a special case where two users will have conflicting login information so we throw a special error - u3 := &model.User{ - Email: model.NewId(), - Username: model.NewId(), - AuthService: model.USER_AUTH_SERVICE_LDAP, - AuthData: &auth3, - } - store.Must(ss.User().Save(u3)) - - u4 := &model.User{ - Email: model.NewId(), - Username: model.NewId(), - AuthService: model.USER_AUTH_SERVICE_LDAP, - AuthData: &u3.Username, - } - store.Must(ss.User().Save(u4)) - - if err := (<-ss.User().GetForLogin(u3.Username, true, true, true)).Err; err == nil { - t.Fatal("Should have failed to get users with conflicting login information") - } } func testUserStoreUpdatePassword(t *testing.T, ss store.Store) { -- cgit v1.2.3-1-g7c22