From c63e027aece1270c8e1378ee27b015304d25f89d Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Mon, 2 May 2016 08:07:58 -0400
Subject: Fixing LDAP editing of attributes (#2824)

---
 store/sql_user_store.go      | 12 +++++++++++-
 store/sql_user_store_test.go | 11 +++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

(limited to 'store')

diff --git a/store/sql_user_store.go b/store/sql_user_store.go
index 636400ce9..9db378341 100644
--- a/store/sql_user_store.go
+++ b/store/sql_user_store.go
@@ -136,7 +136,17 @@ func (us SqlUserStore) Update(user *model.User, allowActiveUpdate bool) StoreCha
 
 			if user.IsOAuthUser() {
 				user.Email = oldUser.Email
-			} else if !user.IsLDAPUser() && user.Email != oldUser.Email {
+			} else if user.IsLDAPUser() {
+				if user.Username != oldUser.Username ||
+					user.FirstName != oldUser.FirstName ||
+					user.LastName != oldUser.LastName ||
+					user.Email != oldUser.Email {
+					result.Err = model.NewLocAppError("SqlUserStore.Update", "store.sql_user.update.can_not_change_ldap.app_error", nil, "user_id="+user.Id)
+					storeChannel <- result
+					close(storeChannel)
+					return
+				}
+			} else if user.Email != oldUser.Email {
 				user.EmailVerified = false
 			}
 
diff --git a/store/sql_user_store_test.go b/store/sql_user_store_test.go
index 2d17c5888..9fed32dc8 100644
--- a/store/sql_user_store_test.go
+++ b/store/sql_user_store_test.go
@@ -77,6 +77,12 @@ func TestUserStoreUpdate(t *testing.T) {
 	Must(store.User().Save(u1))
 	Must(store.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u1.Id}))
 
+	u2 := &model.User{}
+	u2.Email = model.NewId()
+	u2.AuthService = "ldap"
+	Must(store.User().Save(u2))
+	Must(store.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u2.Id}))
+
 	time.Sleep(100 * time.Millisecond)
 
 	if err := (<-store.User().Update(u1, false)).Err; err != nil {
@@ -92,6 +98,11 @@ func TestUserStoreUpdate(t *testing.T) {
 	if err := (<-store.User().Update(u1, false)).Err; err == nil {
 		t.Fatal("Update should have faile because id change")
 	}
+
+	u2.Email = model.NewId()
+	if err := (<-store.User().Update(u2, false)).Err; err == nil {
+		t.Fatal("Update should have failed because you can't modify LDAP fields")
+	}
 }
 
 func TestUserStoreUpdateLastPingAt(t *testing.T) {
-- 
cgit v1.2.3-1-g7c22