From 1c5afd17ee38108b91c803d5d82ac47f3b333c85 Mon Sep 17 00:00:00 2001 From: zeripath Date: Thu, 3 Feb 2022 10:44:18 +0000 Subject: [PATCH] Prevent panic on prohibited user login with oauth2 (#18562) There was an unfortunate regression in #17962 where following detection of the UserProhibitLogin error the err is cast to a pointer by mistake. This causes a panic due to an interface error. Fix #18561 Signed-off-by: Andrew Thornton --- routers/web/auth/oauth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index a8a132bc9..64e9c5c20 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -822,7 +822,7 @@ func SignInOAuthCallback(ctx *context.Context) { u, gothUser, err := oAuth2UserLoginCallback(authSource, ctx.Req, ctx.Resp) if err != nil { if user_model.IsErrUserProhibitLogin(err) { - uplerr := err.(*user_model.ErrUserProhibitLogin) + uplerr := err.(user_model.ErrUserProhibitLogin) log.Info("Failed authentication attempt for %s from %s: %v", uplerr.Name, ctx.RemoteAddr(), err) ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") ctx.HTML(http.StatusOK, "user/auth/prohibit_login")