From 7ad31567cdc8206e0080b851a9b880729266b084 Mon Sep 17 00:00:00 2001
From: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
Date: Sun, 1 Oct 2023 19:32:12 +0800
Subject: [PATCH] Fix ldap admin privileges update bug (#27051)

When the user does not set a username lookup condition, LDAP will get an
empty string `""` for the user, hence the following code
```
if isExist, err := user_model.IsUserExist(db.DefaultContext, 0, sr.Username)
```
The user presence determination will always be nonexistent, so updates
to user information will never be performed.


Fix #27049
---
 .../auth/source/ldap/source_authenticate.go     | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index c480851084..9f4d7ed68f 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -29,7 +29,13 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 		// User not in LDAP, do nothing
 		return nil, user_model.ErrUserNotExist{Name: loginName}
 	}
-
+	// Fallback.
+	if len(sr.Username) == 0 {
+		sr.Username = userName
+	}
+	if len(sr.Mail) == 0 {
+		sr.Mail = fmt.Sprintf("%s@localhost.local", sr.Username)
+	}
 	isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
 
 	// Update User admin flag if exist
@@ -70,15 +76,6 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 			}
 		}
 	} else {
-		// Fallback.
-		if len(sr.Username) == 0 {
-			sr.Username = userName
-		}
-
-		if len(sr.Mail) == 0 {
-			sr.Mail = fmt.Sprintf("%s@localhost.local", sr.Username)
-		}
-
 		user = &user_model.User{
 			LowerName:   strings.ToLower(sr.Username),
 			Name:        sr.Username,