From 6de72ad97dcc3b4499278f9451f4780fa9d73ec3 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 15 Feb 2022 01:01:15 +0800
Subject: [PATCH 1/8] Use email_address table to check user's email when login
 with email adress

---
 services/auth/signin.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/services/auth/signin.go b/services/auth/signin.go
index 4392e861f9970..3548b08d0ee9f 100644
--- a/services/auth/signin.go
+++ b/services/auth/signin.go
@@ -24,17 +24,18 @@ import (
 func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) {
 	var user *user_model.User
 	if strings.Contains(username, "@") {
-		user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))}
+		emailAddress := user_model.EmailAddress{Email: strings.ToLower(strings.TrimSpace(username))}
 		// check same email
-		cnt, err := db.Count(user)
+		has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress)
 		if err != nil {
 			return nil, nil, err
 		}
-		if cnt > 1 {
-			return nil, nil, user_model.ErrEmailAlreadyUsed{
+		if !has {
+			return nil, nil, user_model.ErrEmailAddressNotExist{
 				Email: user.Email,
 			}
 		}
+		user = &user_model.User{ID: emailAddress.UID}
 	} else {
 		trimmedUsername := strings.TrimSpace(username)
 		if len(trimmedUsername) == 0 {

From 9ca188bad099e0d689e22b0f3d565dad3cc976b5 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Mon, 14 Feb 2022 17:41:56 +0000
Subject: [PATCH 2/8] Update services/auth/signin.go

---
 services/auth/signin.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/auth/signin.go b/services/auth/signin.go
index 3548b08d0ee9f..a6f2d14b5c609 100644
--- a/services/auth/signin.go
+++ b/services/auth/signin.go
@@ -24,7 +24,7 @@ import (
 func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) {
 	var user *user_model.User
 	if strings.Contains(username, "@") {
-		emailAddress := user_model.EmailAddress{Email: strings.ToLower(strings.TrimSpace(username))}
+		emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))}
 		// check same email
 		has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress)
 		if err != nil {

From 2d9dc3dbb0a3b8afbeaf11006867d70cacbc25a4 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 16 Feb 2022 01:11:09 +0800
Subject: [PATCH 3/8] Fix test

---
 integrations/signin_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integrations/signin_test.go b/integrations/signin_test.go
index 3ea8866150c3c..068a8a7e777ca 100644
--- a/integrations/signin_test.go
+++ b/integrations/signin_test.go
@@ -51,8 +51,8 @@ func TestSignin(t *testing.T) {
 		{username: "wrongUsername", password: "password", message: i18n.Tr("en", "form.username_password_incorrect")},
 		{username: "user15", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")},
 		{username: "user1@example.com", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")},
-		// test for duplicate email
-		{username: "user2@example.com", password: "password", message: i18n.Tr("en", "form.email_been_used")},
+		// test for normal email
+		{username: "user2@example.com", password: "password", message: ""},
 	}
 
 	for _, s := range samples {

From 47ff835123177f98c3d01e76d85d3a74a57d80bc Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 16 Feb 2022 13:22:17 +0800
Subject: [PATCH 4/8] Fix test

---
 integrations/signin_test.go |  2 --
 models/user/user_test.go    | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/integrations/signin_test.go b/integrations/signin_test.go
index 068a8a7e777ca..a6e4b7d4d2f19 100644
--- a/integrations/signin_test.go
+++ b/integrations/signin_test.go
@@ -51,8 +51,6 @@ func TestSignin(t *testing.T) {
 		{username: "wrongUsername", password: "password", message: i18n.Tr("en", "form.username_password_incorrect")},
 		{username: "user15", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")},
 		{username: "user1@example.com", password: "wrongPassword", message: i18n.Tr("en", "form.username_password_incorrect")},
-		// test for normal email
-		{username: "user2@example.com", password: "password", message: ""},
 	}
 
 	for _, s := range samples {
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 70591c8c12131..a5f47172eebc0 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -235,6 +235,20 @@ func TestCreateUserInvalidEmail(t *testing.T) {
 	assert.True(t, IsErrEmailInvalid(err))
 }
 
+func TestCreateUserEmailAlreadyUsed(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+
+	// add new user with user2's email
+	user.Name = "testuser"
+	user.LowerName = strings.ToLower(user.Name)
+	user.ID = 0
+	err := CreateUser(user)
+	assert.Error(t, err)
+	assert.True(t, IsErrEmailAlreadyUsed(err))
+}
+
 func TestGetUserIDsByNames(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 

From e03e8d6b9d239c0378bc00df2b6bbfc81571984e Mon Sep 17 00:00:00 2001
From: Johan Van de Wauw <johan@gisky.be>
Date: Wed, 16 Feb 2022 23:43:15 +0100
Subject: [PATCH 5/8] Fix logging in with ldap username != loginname

---
 services/auth/source/ldap/source_authenticate.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index e804e32e845db..da4fbbc4aacd1 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -20,7 +20,7 @@ import (
 // Authenticate queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
 func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
-	sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP)
+	sr := source.SearchEntry(user.LoginName, password, source.authSource.Type == auth.DLDAP)
 	if sr == nil {
 		// User not in LDAP, do nothing
 		return nil, user_model.ErrUserNotExist{Name: userName}

From 2907224c885f85210189f6e0747cb1402e9be064 Mon Sep 17 00:00:00 2001
From: Johan Van de Wauw <johan@gisky.be>
Date: Wed, 16 Feb 2022 23:57:49 +0100
Subject: [PATCH 6/8] Fix if user does not exist yet

---
 services/auth/source/ldap/source_authenticate.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index da4fbbc4aacd1..48fc5dfc77ace 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -20,7 +20,10 @@ import (
 // Authenticate queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
 func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
-	sr := source.SearchEntry(user.LoginName, password, source.authSource.Type == auth.DLDAP)
+	if user != nil {
+		userName = user.LoginName
+	}
+	sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP)
 	if sr == nil {
 		// User not in LDAP, do nothing
 		return nil, user_model.ErrUserNotExist{Name: userName}

From d4e78df5f4c4c86378e14d14339c294188d38302 Mon Sep 17 00:00:00 2001
From: Johan Van de Wauw <johan@gisky.be>
Date: Thu, 17 Feb 2022 09:31:32 +0100
Subject: [PATCH 7/8] Make more clear this is loginName

---
 services/auth/source/ldap/source_authenticate.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index 48fc5dfc77ace..c62f102eaeac4 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -20,13 +20,14 @@ import (
 // Authenticate queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
 func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
+    loginName := userName
 	if user != nil {
-		userName = user.LoginName
+		loginName = user.LoginName
 	}
-	sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP)
+	sr := source.SearchEntry(loginName, password, source.authSource.Type == auth.DLDAP)
 	if sr == nil {
 		// User not in LDAP, do nothing
-		return nil, user_model.ErrUserNotExist{Name: userName}
+		return nil, user_model.ErrUserNotExist{Name: loginName}
 	}
 
 	isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0

From 7f79a3589f1307ef4b0b5cccc46ee6594aa2f518 Mon Sep 17 00:00:00 2001
From: Johan Van de Wauw <johan@gisky.be>
Date: Thu, 17 Feb 2022 23:24:37 +0100
Subject: [PATCH 8/8] Fix formatting

---
 services/auth/source/ldap/source_authenticate.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index c62f102eaeac4..2c1bcc29cce5e 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -20,7 +20,7 @@ import (
 // Authenticate queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
 func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
-    loginName := userName
+	loginName := userName
 	if user != nil {
 		loginName = user.LoginName
 	}