CB-5683 change password for disabled user fix (#3032)

dbeaver · Oct 28, 2024 · 11167d5 · 11167d5
1 parent 4cfb27b
commit 11167d5
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/...er.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java b/...er.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
@@ -838,7 +838,7 @@ public void setUserCredentials(
         @NotNull String authProviderId,
         @NotNull Map<String, Object> credentials
     ) throws DBException {
-        var existUserByCredentials = findUserByCredentials(getAuthProvider(authProviderId), credentials);
+        var existUserByCredentials = findUserByCredentials(getAuthProvider(authProviderId), credentials, false);
         if (existUserByCredentials != null && !existUserByCredentials.equals(userId)) {
             throw new DBException("Another user is already linked to the specified credentials");
         }
@@ -906,7 +906,11 @@ public void deleteUserCredentials(@NotNull String userId, @NotNull String authPr
     }
 
     @Nullable
-    private String findUserByCredentials(WebAuthProviderDescriptor authProvider, Map<String, Object> authParameters) throws DBCException {
+    private String findUserByCredentials(
+        @NotNull WebAuthProviderDescriptor authProvider,
+        @NotNull Map<String, Object> authParameters,
+        boolean onlyActive // throws exception if user is inactive
+    ) throws DBCException {
         Map<String, Object> identCredentials = new LinkedHashMap<>();
         String[] propNames = authParameters.keySet().toArray(new String[0]);
         for (AuthPropertyDescriptor prop : authProvider.getCredentialParameters(propNames)) {
@@ -961,7 +965,7 @@ private String findUserByCredentials(WebAuthProviderDescriptor authProvider, Map
                         }
                     }
 
-                    if (userId != null && !isActive) {
+                    if (userId != null && onlyActive && !isActive) {
                         throw new DBCException("User account is locked");
                     }
 
@@ -2405,7 +2409,7 @@ private String findOrCreateExternalUserByCredentials(
     ) throws DBException {
         SMAuthProvider<?> smAuthProviderInstance = authProvider.getInstance();
 
-        String userId = findUserByCredentials(authProvider, userCredentials);
+        String userId = findUserByCredentials(authProvider, userCredentials, true);
         String userIdFromCredentials;
         try {
             userIdFromCredentials = smAuthProviderInstance.validateLocalAuth(progressMonitor, this, providerConfig, userCredentials, null);
@@ -3134,6 +3138,7 @@ private void deleteAuthSubject(Connection dbCon, String subjectId) throws SQLExc
         }
     }
 
+    @NotNull
     protected WebAuthProviderDescriptor getAuthProvider(String authProviderId) throws DBCException {
         WebAuthProviderDescriptor authProvider = WebAuthProviderRegistry.getInstance().getAuthProvider(authProviderId);
         if (authProvider == null) {