From 5300d00d2e7dbb80a252aff57e100113f02506c3 Mon Sep 17 00:00:00 2001 From: Arran Hobson Sayers <32173585+ahobsonsayers@users.noreply.github.com> Date: Thu, 30 Jan 2025 10:28:19 +0000 Subject: [PATCH] fix: Fix user creation on proxy auth (#3666) * Fix user creation on proxy auth * Refactoring --------- Co-authored-by: Oleg Lobanov --- auth/proxy.go | 66 ++++++++++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 30 deletions(-) diff --git a/auth/proxy.go b/auth/proxy.go index 9d140540..0e954309 100644 --- a/auth/proxy.go +++ b/auth/proxy.go @@ -23,39 +23,45 @@ func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Sett username := r.Header.Get(a.Header) user, err := usr.Get(srv.Root, username) if errors.Is(err, fbErrors.ErrNotExist) { - randomPasswordBytes := make([]byte, 32) //nolint:gomnd - _, err = rand.Read(randomPasswordBytes) - if err != nil { - return nil, err - } + return a.createUser(usr, setting, srv, username) + } + return user, err +} - var hashedRandomPassword string - hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes)) - if err != nil { - return nil, err - } - - user = &users.User{ - Username: username, - Password: hashedRandomPassword, - LockPassword: true, - } - setting.Defaults.Apply(user) - - var userHome string - userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root) - if err != nil { - return nil, err - } - user.Scope = userHome - - err = usr.Save(user) - if err != nil { - return nil, err - } +func (a ProxyAuth) createUser(usr users.Store, setting *settings.Settings, srv *settings.Server, username string) (*users.User, error) { + const passwordSize = 32 + randomPasswordBytes := make([]byte, passwordSize) + _, err := rand.Read(randomPasswordBytes) + if err != nil { + return nil, err } - return user, err + var hashedRandomPassword string + hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes)) + if err != nil { + return nil, err + } + + user := &users.User{ + Username: username, + Password: hashedRandomPassword, + LockPassword: true, + } + setting.Defaults.Apply(user) + + var userHome string + userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root) + if err != nil { + return nil, err + } + user.Scope = userHome + + err = usr.Save(user) + if err != nil { + return nil, err + } + + return user, nil } // LoginPage tells that proxy auth doesn't require a login page.