Fix 3rd-party auth issues

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-07-06 17:33:40 +02:00
parent 1d2038c9a0
commit 69841cbb45
7 changed files with 36 additions and 4 deletions
--- a/lib/graphql/resolvers/user.ex
+++ b/lib/graphql/resolvers/user.ex
@@ -69,6 +69,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
      {:error, :user_not_found} ->
        {:error, "No user with this email was found"}

+      {:error, :disabled_user} ->
+        {:error, "This user has been disabled"}
+
      {:error, _error} ->
        {:error, "Impossible to authenticate, either your email or password are invalid."}
    end
--- a/lib/service/auth/ldap_authenticator.ex
+++ b/lib/service/auth/ldap_authenticator.ex
@@ -67,13 +67,20 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
               # Then we can verify the user's password
               :ok <- bind_user(connection, base, uid_field, uid, password) do
            case fetch_user(email) do
-              %User{} = user ->
+              %User{disabled: false} = user ->
                user

+              %User{disabled: true} = _user ->
+                {:error, :disabled_user}
+
              _ ->
                register_user(email)
            end
          else
+            {:error, err}
+            when err in [:ldap_search_email_not_found, :ldap_search_email_not_found] ->
+              {:ldap, err}
+
            {:error, error} ->
              {:error, error}