diff --git a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java index f8ac85aa1c..3827bfa13a 100644 --- a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java +++ b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java @@ -838,7 +838,7 @@ public void setUserCredentials( @NotNull String authProviderId, @NotNull Map credentials ) throws DBException { - var existUserByCredentials = findUserByCredentials(getAuthProvider(authProviderId), credentials); + var existUserByCredentials = findUserByCredentials(getAuthProvider(authProviderId), credentials, false); if (existUserByCredentials != null && !existUserByCredentials.equals(userId)) { throw new DBException("Another user is already linked to the specified credentials"); } @@ -906,7 +906,11 @@ public void deleteUserCredentials(@NotNull String userId, @NotNull String authPr } @Nullable - private String findUserByCredentials(WebAuthProviderDescriptor authProvider, Map authParameters) throws DBCException { + private String findUserByCredentials( + @NotNull WebAuthProviderDescriptor authProvider, + @NotNull Map authParameters, + boolean onlyActive // throws exception if user is inactive + ) throws DBCException { Map identCredentials = new LinkedHashMap<>(); String[] propNames = authParameters.keySet().toArray(new String[0]); for (AuthPropertyDescriptor prop : authProvider.getCredentialParameters(propNames)) { @@ -961,7 +965,7 @@ private String findUserByCredentials(WebAuthProviderDescriptor authProvider, Map } } - if (userId != null && !isActive) { + if (userId != null && onlyActive && !isActive) { throw new DBCException("User account is locked"); } @@ -2405,7 +2409,7 @@ private String findOrCreateExternalUserByCredentials( ) throws DBException { SMAuthProvider smAuthProviderInstance = authProvider.getInstance(); - String userId = findUserByCredentials(authProvider, userCredentials); + String userId = findUserByCredentials(authProvider, userCredentials, true); String userIdFromCredentials; try { userIdFromCredentials = smAuthProviderInstance.validateLocalAuth(progressMonitor, this, providerConfig, userCredentials, null); @@ -3134,6 +3138,7 @@ private void deleteAuthSubject(Connection dbCon, String subjectId) throws SQLExc } } + @NotNull protected WebAuthProviderDescriptor getAuthProvider(String authProviderId) throws DBCException { WebAuthProviderDescriptor authProvider = WebAuthProviderRegistry.getInstance().getAuthProvider(authProviderId); if (authProvider == null) {