Login is forbidden

2021-12-10 15:18:42 +08:00 · 2021-12-10 15:18:42 +08:00 · 4c176c1a0a
parent dac17ab26c
commit 4c176c1a0a
3 changed files with 23 additions and 0 deletions
--- a/models/error.go
+++ b/models/error.go
@ -192,6 +192,22 @@ func (err ErrUserInactive) Error() string {
 	return fmt.Sprintf("user is inactive [uid: %d, name: %s]", err.UID, err.Name)
 }
 type ErrUserNodAdmin struct {
 	UID  int64
 	Name string
 }
 //  IsErrUserNotAdmin  checks if an error is a ErrUserNotAdmin
 func IsErrUserNotAdmin(err error) bool {
 	_, ok := err.(ErrUserNodAdmin)
 	return ok
 }
 func (err ErrUserNodAdmin) Error() string {
 	return fmt.Sprintf("user does not admin [uid:%d, name:%s]", err.UID, err.Name)
 }
 // ErrEmailAlreadyUsed represents a "EmailAlreadyUsed" kind of error.
 type ErrEmailAlreadyUsed struct {
 	Email string
--- a/models/login_source.go
+++ b/models/login_source.go
@ -829,6 +829,9 @@ func UserSignIn(username, password string) (*User, error) {
 	}
 	if hasUser {
 		if !user.IsAdmin {
 			return nil, ErrUserNodAdmin{user.ID, user.Name}
 		}
 		switch user.LoginType {
 		case LoginNoType, LoginPlain, LoginOAuth2:
 			if user.IsPasswordSet() && user.ValidatePassword(password) {
--- a/routers/web/user/auth.go
+++ b/routers/web/user/auth.go
@ -195,6 +195,10 @@ func SignInPost(ctx *context.Context) {
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
 				ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 			}
 		} else if models.IsErrUserNotAdmin(err) {
 			ctx.RenderWithErr(ctx.Tr("form.User is not an administrator"), tplSignIn, &form)
 			log.Info("Failed authentiation attempt for %s from %s ", form.UserName, ctx.RemoteAddr())
 		} else {
 			ctx.ServerError("UserSignIn", err)
 		}