Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-23 07:19:41 +02:00
Code Issues Releases Activity

fix(auth): prevent login for non admin for ldap and oauth [EE-648] (#5283)

Browse source
This commit is contained in:
Chaim Lev-Ari 2022-01-13 07:27:26 +02:00 committed by GitHub
parent 6c32edc5b5
commit 085762a1f4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

6
api/http/handler/users/user_create.go
View file

@ -87,6 +87,12 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
}
// when ldap/oauth is on, can only add users without password
if (settings.AuthenticationMethod == portainer.AuthenticationLDAP || settings.AuthenticationMethod == portainer.AuthenticationOAuth) && payload.Password != "" {
errMsg := "A user with password can not be created when authentication method is Oauth or LDAP"
return &httperror.HandlerError{http.StatusBadRequest, errMsg, errors.New(errMsg)}
}
if settings.AuthenticationMethod == portainer.AuthenticationInternal {
user.Password, err = handler.CryptoService.Hash(payload.Password)
if err != nil {