mirror of
https://github.com/grafana/grafana.git
synced 2025-02-15 10:03:33 -06:00
Auth: do not expose disabled user disabled status (#18229)
Fixes #17947
This commit is contained in:
Oleg Gaidarenko
GitHub
parent
4b16cd6cc8
commit
d16fd58bdb
@ -81,7 +81,7 @@ func tryOAuthAutoLogin(c *models.ReqContext) bool {
|
||||
}
|
||||
oauthInfos := setting.OAuthService.OAuthInfos
|
||||
if len(oauthInfos) != 1 {
|
||||
log.Warn("Skipping OAuth auto login because multiple OAuth providers are configured.")
|
||||
log.Warn("Skipping OAuth auto login because multiple OAuth providers are configured")
|
||||
return false
|
||||
}
|
||||
for key := range setting.OAuthService.OAuthInfos {
|
||||
@ -114,12 +114,16 @@ func (hs *HTTPServer) LoginPost(c *models.ReqContext, cmd dtos.LoginCommand) Res
|
||||
}
|
||||
|
||||
if err := bus.Dispatch(authQuery); err != nil {
|
||||
e401 := Error(401, "Invalid username or password", err)
|
||||
if err == login.ErrInvalidCredentials || err == login.ErrTooManyLoginAttempts {
|
||||
return Error(401, "Invalid username or password", err)
|
||||
return e401
|
||||
}
|
||||
|
||||
// Do not expose disabled status,
|
||||
// just show incorrect user credentials error (see #17947)
|
||||
if err == login.ErrUserDisabled {
|
||||
return Error(401, "User is disabled", err)
|
||||
hs.log.Warn("User is disabled", "user", cmd.User)
|
||||
return e401
|
||||
}
|
||||
|
||||
return Error(500, "Error while trying to authenticate user", err)
|
||||
|
||||
@ -191,8 +191,11 @@ func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
|
||||
return
|
||||
}
|
||||
|
||||
// Do not expose disabled status,
|
||||
// just show incorrect user credentials error (see #17947)
|
||||
if cmd.Result.IsDisabled {
|
||||
hs.redirectWithError(ctx, login.ErrUserDisabled)
|
||||
oauthLogger.Warn("User is disabled", "user", cmd.Result.Login)
|
||||
hs.redirectWithError(ctx, login.ErrInvalidCredentials)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user