closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6148 Commits
2 Branches
178 MiB
Tree: 4163cdf3ea
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4163cdf3ea'
${ noResults }
gitea/models/login_source.go

672 lines
18 KiB
Raw Normal View History

Add tar.gz download button and other mirror updates
10 years ago
fix code
10 years ago
add login.go
10 years ago
ldap support
10 years ago
Make gmail auth work
10 years ago
ldap support
10 years ago
basic authentications
10 years ago
add smtp authentication
10 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
merge all login methods
10 years ago
add login.go
10 years ago
finish new edit auth UI
9 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
ldap support
10 years ago
basic authentications
10 years ago
fix code
10 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
7 years ago
ldap support
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Add tar.gz download button and other mirror updates
10 years ago
models/login_source: code improvement
8 years ago
basic authentications
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
basic authentications
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Rewrite XORM queries
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Fix spelling errors in comments.
10 years ago
Fix edit auth page bug
10 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix edit auth page bug
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
models/login_source: code improvement
8 years ago
add login.go
10 years ago
LDAP user synchronization (#1478)
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
7 years ago
ldap support
10 years ago
#2349 try to handle []int8 case
8 years ago
#2349 fix convert type
8 years ago
#2349 try to handle []int8 case
8 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
#2349 try to handle []int8 case
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
finish new edit auth UI
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Lint models/login_source.go
8 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
8 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
LDAP user synchronization (#1478)
7 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Add tar.gz download button and other mirror updates
10 years ago
Lint models/login_source.go
8 years ago
#697 disable captcha and new admin create user UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
ldap support
10 years ago
APIs: admin users
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
basic authentications
10 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
basic authentications
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
add support for smtp authentication
10 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
ldap support
10 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
models/login_source: code improvement
8 years ago
basic authentications
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
ldap support
10 years ago
add login.go
10 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
minor fix on #1694
9 years ago
Fix typos
8 years ago
LDAP user synchronization (#1478)
7 years ago
work on #672
10 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
merge all login methods
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
merge all login methods
10 years ago
work on #672
10 years ago
LDAP user synchronization (#1478)
7 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
LDAP user synchronization (#1478)
7 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
LDAP user synchronization (#1478)
7 years ago
work on #672
10 years ago
models/login_source: code improvement
8 years ago
LDAP user synchronization (#1478)
7 years ago
Added LDAP simple auth support.
9 years ago
models/login_source: code improvement
8 years ago
work on #672
10 years ago
LDAP user synchronization (#1478)
7 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
add smtp authentication
10 years ago
Make gmail auth work
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
10 years ago
Clean old LDAP code
10 years ago
add smtp authentication
10 years ago
Fix lint errors (#2547)
7 years ago
add smtp authentication
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
golint fixed for modules/auth
8 years ago
Add PAM authentication
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
9 years ago
Lint models/login_source.go
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
fix bug not to trim space of login username (#1796)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Replace calls to xorm UseBool with Where (#2237)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
gofmt (#1662)
7 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"crypto/tls"
  9. 	"encoding/json"
  10. 	"errors"
  11. 	"fmt"
  12. 	"net/smtp"
  13. 	"net/textproto"
  14. 	"strings"
  15. 

  16. 	"github.com/Unknwon/com"
  17. 	"github.com/go-macaron/binding"
  18. 	"github.com/go-xorm/core"
  19. 	"github.com/go-xorm/xorm"
  20. 

  21. 	"code.gitea.io/gitea/modules/auth/ldap"
  22. 	"code.gitea.io/gitea/modules/auth/oauth2"
  23. 	"code.gitea.io/gitea/modules/auth/pam"
  24. 	"code.gitea.io/gitea/modules/log"
  25. 	"code.gitea.io/gitea/modules/util"
  26. )
  27. 

  28. // LoginType represents an login type.

  29. type LoginType int
  30. 

  31. // Note: new type must append to the end of list to maintain compatibility.

  32. const (
  33. 	LoginNoType LoginType = iota
  34. 	LoginPlain            // 1

  35. 	LoginLDAP             // 2

  36. 	LoginSMTP             // 3

  37. 	LoginPAM              // 4

  38. 	LoginDLDAP            // 5

  39. 	LoginOAuth2           // 6

  40. )
  41. 

  42. // LoginNames contains the name of LoginType values.

  43. var LoginNames = map[LoginType]string{
  44. 	LoginLDAP:   "LDAP (via BindDN)",
  45. 	LoginDLDAP:  "LDAP (simple auth)", // Via direct bind

  46. 	LoginSMTP:   "SMTP",
  47. 	LoginPAM:    "PAM",
  48. 	LoginOAuth2: "OAuth2",
  49. }
  50. 

  51. // SecurityProtocolNames contains the name of SecurityProtocol values.

  52. var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
  53. 	ldap.SecurityProtocolUnencrypted: "Unencrypted",
  54. 	ldap.SecurityProtocolLDAPS:       "LDAPS",
  55. 	ldap.SecurityProtocolStartTLS:    "StartTLS",
  56. }
  57. 

  58. // Ensure structs implemented interface.

  59. var (
  60. 	_ core.Conversion = &LDAPConfig{}
  61. 	_ core.Conversion = &SMTPConfig{}
  62. 	_ core.Conversion = &PAMConfig{}
  63. 	_ core.Conversion = &OAuth2Config{}
  64. )
  65. 

  66. // LDAPConfig holds configuration for LDAP login source.

  67. type LDAPConfig struct {
  68. 	*ldap.Source
  69. }
  70. 

  71. // FromDB fills up a LDAPConfig from serialized format.

  72. func (cfg *LDAPConfig) FromDB(bs []byte) error {
  73. 	return json.Unmarshal(bs, &cfg)
  74. }
  75. 

  76. // ToDB exports a LDAPConfig to a serialized format.

  77. func (cfg *LDAPConfig) ToDB() ([]byte, error) {
  78. 	return json.Marshal(cfg)
  79. }
  80. 

  81. // SecurityProtocolName returns the name of configured security

  82. // protocol.

  83. func (cfg *LDAPConfig) SecurityProtocolName() string {
  84. 	return SecurityProtocolNames[cfg.SecurityProtocol]
  85. }
  86. 

  87. // SMTPConfig holds configuration for the SMTP login source.

  88. type SMTPConfig struct {
  89. 	Auth           string
  90. 	Host           string
  91. 	Port           int
  92. 	AllowedDomains string `xorm:"TEXT"`
  93. 	TLS            bool
  94. 	SkipVerify     bool
  95. }
  96. 

  97. // FromDB fills up an SMTPConfig from serialized format.

  98. func (cfg *SMTPConfig) FromDB(bs []byte) error {
  99. 	return json.Unmarshal(bs, cfg)
  100. }
  101. 

  102. // ToDB exports an SMTPConfig to a serialized format.

  103. func (cfg *SMTPConfig) ToDB() ([]byte, error) {
  104. 	return json.Marshal(cfg)
  105. }
  106. 

  107. // PAMConfig holds configuration for the PAM login source.

  108. type PAMConfig struct {
  109. 	ServiceName string // pam service (e.g. system-auth)

  110. }
  111. 

  112. // FromDB fills up a PAMConfig from serialized format.

  113. func (cfg *PAMConfig) FromDB(bs []byte) error {
  114. 	return json.Unmarshal(bs, &cfg)
  115. }
  116. 

  117. // ToDB exports a PAMConfig to a serialized format.

  118. func (cfg *PAMConfig) ToDB() ([]byte, error) {
  119. 	return json.Marshal(cfg)
  120. }
  121. 

  122. // OAuth2Config holds configuration for the OAuth2 login source.

  123. type OAuth2Config struct {
  124. 	Provider                      string
  125. 	ClientID                      string
  126. 	ClientSecret                  string
  127. 	OpenIDConnectAutoDiscoveryURL string
  128. 	CustomURLMapping              *oauth2.CustomURLMapping
  129. }
  130. 

  131. // FromDB fills up an OAuth2Config from serialized format.

  132. func (cfg *OAuth2Config) FromDB(bs []byte) error {
  133. 	return json.Unmarshal(bs, cfg)
  134. }
  135. 

  136. // ToDB exports an SMTPConfig to a serialized format.

  137. func (cfg *OAuth2Config) ToDB() ([]byte, error) {
  138. 	return json.Marshal(cfg)
  139. }
  140. 

  141. // LoginSource represents an external way for authorizing users.

  142. type LoginSource struct {
  143. 	ID            int64 `xorm:"pk autoincr"`
  144. 	Type          LoginType
  145. 	Name          string          `xorm:"UNIQUE"`
  146. 	IsActived     bool            `xorm:"INDEX NOT NULL DEFAULT false"`
  147. 	IsSyncEnabled bool            `xorm:"INDEX NOT NULL DEFAULT false"`
  148. 	Cfg           core.Conversion `xorm:"TEXT"`
  149. 

  150. 	CreatedUnix util.TimeStamp `xorm:"INDEX created"`
  151. 	UpdatedUnix util.TimeStamp `xorm:"INDEX updated"`
  152. }
  153. 

  154. // Cell2Int64 converts a xorm.Cell type to int64,

  155. // and handles possible irregular cases.

  156. func Cell2Int64(val xorm.Cell) int64 {
  157. 	switch (*val).(type) {
  158. 	case []uint8:
  159. 		log.Trace("Cell2Int64 ([]uint8): %v", *val)
  160. 		return com.StrTo(string((*val).([]uint8))).MustInt64()
  161. 	}
  162. 	return (*val).(int64)
  163. }
  164. 

  165. // BeforeSet is invoked from XORM before setting the value of a field of this object.

  166. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
  167. 	switch colName {
  168. 	case "type":
  169. 		switch LoginType(Cell2Int64(val)) {
  170. 		case LoginLDAP, LoginDLDAP:
  171. 			source.Cfg = new(LDAPConfig)
  172. 		case LoginSMTP:
  173. 			source.Cfg = new(SMTPConfig)
  174. 		case LoginPAM:
  175. 			source.Cfg = new(PAMConfig)
  176. 		case LoginOAuth2:
  177. 			source.Cfg = new(OAuth2Config)
  178. 		default:
  179. 			panic("unrecognized login source type: " + com.ToStr(*val))
  180. 		}
  181. 	}
  182. }
  183. 

  184. // TypeName return name of this login source type.

  185. func (source *LoginSource) TypeName() string {
  186. 	return LoginNames[source.Type]
  187. }
  188. 

  189. // IsLDAP returns true of this source is of the LDAP type.

  190. func (source *LoginSource) IsLDAP() bool {
  191. 	return source.Type == LoginLDAP
  192. }
  193. 

  194. // IsDLDAP returns true of this source is of the DLDAP type.

  195. func (source *LoginSource) IsDLDAP() bool {
  196. 	return source.Type == LoginDLDAP
  197. }
  198. 

  199. // IsSMTP returns true of this source is of the SMTP type.

  200. func (source *LoginSource) IsSMTP() bool {
  201. 	return source.Type == LoginSMTP
  202. }
  203. 

  204. // IsPAM returns true of this source is of the PAM type.

  205. func (source *LoginSource) IsPAM() bool {
  206. 	return source.Type == LoginPAM
  207. }
  208. 

  209. // IsOAuth2 returns true of this source is of the OAuth2 type.

  210. func (source *LoginSource) IsOAuth2() bool {
  211. 	return source.Type == LoginOAuth2
  212. }
  213. 

  214. // HasTLS returns true of this source supports TLS.

  215. func (source *LoginSource) HasTLS() bool {
  216. 	return ((source.IsLDAP() || source.IsDLDAP()) &&
  217. 		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
  218. 		source.IsSMTP()
  219. }
  220. 

  221. // UseTLS returns true of this source is configured to use TLS.

  222. func (source *LoginSource) UseTLS() bool {
  223. 	switch source.Type {
  224. 	case LoginLDAP, LoginDLDAP:
  225. 		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
  226. 	case LoginSMTP:
  227. 		return source.SMTP().TLS
  228. 	}
  229. 

  230. 	return false
  231. }
  232. 

  233. // SkipVerify returns true if this source is configured to skip SSL

  234. // verification.

  235. func (source *LoginSource) SkipVerify() bool {
  236. 	switch source.Type {
  237. 	case LoginLDAP, LoginDLDAP:
  238. 		return source.LDAP().SkipVerify
  239. 	case LoginSMTP:
  240. 		return source.SMTP().SkipVerify
  241. 	}
  242. 

  243. 	return false
  244. }
  245. 

  246. // LDAP returns LDAPConfig for this source, if of LDAP type.

  247. func (source *LoginSource) LDAP() *LDAPConfig {
  248. 	return source.Cfg.(*LDAPConfig)
  249. }
  250. 

  251. // SMTP returns SMTPConfig for this source, if of SMTP type.

  252. func (source *LoginSource) SMTP() *SMTPConfig {
  253. 	return source.Cfg.(*SMTPConfig)
  254. }
  255. 

  256. // PAM returns PAMConfig for this source, if of PAM type.

  257. func (source *LoginSource) PAM() *PAMConfig {
  258. 	return source.Cfg.(*PAMConfig)
  259. }
  260. 

  261. // OAuth2 returns OAuth2Config for this source, if of OAuth2 type.

  262. func (source *LoginSource) OAuth2() *OAuth2Config {
  263. 	return source.Cfg.(*OAuth2Config)
  264. }
  265. 

  266. // CreateLoginSource inserts a LoginSource in the DB if not already

  267. // existing with the given name.

  268. func CreateLoginSource(source *LoginSource) error {
  269. 	has, err := x.Get(&LoginSource{Name: source.Name})
  270. 	if err != nil {
  271. 		return err
  272. 	} else if has {
  273. 		return ErrLoginSourceAlreadyExist{source.Name}
  274. 	}
  275. 	// Synchronization is only aviable with LDAP for now

  276. 	if !source.IsLDAP() {
  277. 		source.IsSyncEnabled = false
  278. 	}
  279. 

  280. 	_, err = x.Insert(source)
  281. 	if err == nil && source.IsOAuth2() && source.IsActived {
  282. 		oAuth2Config := source.OAuth2()
  283. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)
  284. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)
  285. 

  286. 		if err != nil {
  287. 			// remove the LoginSource in case of errors while registering OAuth2 providers

  288. 			x.Delete(source)
  289. 		}
  290. 	}
  291. 	return err
  292. }
  293. 

  294. // LoginSources returns a slice of all login sources found in DB.

  295. func LoginSources() ([]*LoginSource, error) {
  296. 	auths := make([]*LoginSource, 0, 6)
  297. 	return auths, x.Find(&auths)
  298. }
  299. 

  300. // GetLoginSourceByID returns login source by given ID.

  301. func GetLoginSourceByID(id int64) (*LoginSource, error) {
  302. 	source := new(LoginSource)
  303. 	has, err := x.ID(id).Get(source)
  304. 	if err != nil {
  305. 		return nil, err
  306. 	} else if !has {
  307. 		return nil, ErrLoginSourceNotExist{id}
  308. 	}
  309. 	return source, nil
  310. }
  311. 

  312. // UpdateSource updates a LoginSource record in DB.

  313. func UpdateSource(source *LoginSource) error {
  314. 	var originalLoginSource *LoginSource
  315. 	if source.IsOAuth2() {
  316. 		// keep track of the original values so we can restore in case of errors while registering OAuth2 providers

  317. 		var err error
  318. 		if originalLoginSource, err = GetLoginSourceByID(source.ID); err != nil {
  319. 			return err
  320. 		}
  321. 	}
  322. 

  323. 	_, err := x.ID(source.ID).AllCols().Update(source)
  324. 	if err == nil && source.IsOAuth2() && source.IsActived {
  325. 		oAuth2Config := source.OAuth2()
  326. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)
  327. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)
  328. 

  329. 		if err != nil {
  330. 			// restore original values since we cannot update the provider it self

  331. 			x.ID(source.ID).AllCols().Update(originalLoginSource)
  332. 		}
  333. 	}
  334. 	return err
  335. }
  336. 

  337. // DeleteSource deletes a LoginSource record in DB.

  338. func DeleteSource(source *LoginSource) error {
  339. 	count, err := x.Count(&User{LoginSource: source.ID})
  340. 	if err != nil {
  341. 		return err
  342. 	} else if count > 0 {
  343. 		return ErrLoginSourceInUse{source.ID}
  344. 	}
  345. 

  346. 	count, err = x.Count(&ExternalLoginUser{LoginSourceID: source.ID})
  347. 	if err != nil {
  348. 		return err
  349. 	} else if count > 0 {
  350. 		return ErrLoginSourceInUse{source.ID}
  351. 	}
  352. 

  353. 	if source.IsOAuth2() {
  354. 		oauth2.RemoveProvider(source.Name)
  355. 	}
  356. 

  357. 	_, err = x.ID(source.ID).Delete(new(LoginSource))
  358. 	return err
  359. }
  360. 

  361. // CountLoginSources returns number of login sources.

  362. func CountLoginSources() int64 {
  363. 	count, _ := x.Count(new(LoginSource))
  364. 	return count
  365. }
  366. 

  367. // .____     ________      _____ __________

  368. // |    |    \______ \    /  _  \\______   \

  369. // |    |     |    |  \  /  /_\  \|     ___/

  370. // |    |___  |    `   \/    |    \    |

  371. // |_______ \/_______  /\____|__  /____|

  372. //         \/        \/         \/

  373. 

  374. func composeFullName(firstname, surname, username string) string {
  375. 	switch {
  376. 	case len(firstname) == 0 && len(surname) == 0:
  377. 		return username
  378. 	case len(firstname) == 0:
  379. 		return surname
  380. 	case len(surname) == 0:
  381. 		return firstname
  382. 	default:
  383. 		return firstname + " " + surname
  384. 	}
  385. }
  386. 

  387. // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,

  388. // and create a local user if success when enabled.

  389. func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
  390. 	sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)
  391. 	if sr == nil {
  392. 		// User not in LDAP, do nothing

  393. 		return nil, ErrUserNotExist{0, login, 0}
  394. 	}
  395. 

  396. 	if !autoRegister {
  397. 		return user, nil
  398. 	}
  399. 

  400. 	// Fallback.

  401. 	if len(sr.Username) == 0 {
  402. 		sr.Username = login
  403. 	}
  404. 	// Validate username make sure it satisfies requirement.

  405. 	if binding.AlphaDashDotPattern.MatchString(sr.Username) {
  406. 		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", sr.Username)
  407. 	}
  408. 

  409. 	if len(sr.Mail) == 0 {
  410. 		sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)
  411. 	}
  412. 

  413. 	user = &User{
  414. 		LowerName:   strings.ToLower(sr.Username),
  415. 		Name:        sr.Username,
  416. 		FullName:    composeFullName(sr.Name, sr.Surname, sr.Username),
  417. 		Email:       sr.Mail,
  418. 		LoginType:   source.Type,
  419. 		LoginSource: source.ID,
  420. 		LoginName:   login,
  421. 		IsActive:    true,
  422. 		IsAdmin:     sr.IsAdmin,
  423. 	}
  424. 	return user, CreateUser(user)
  425. }
  426. 

  427. //   _________   __________________________

  428. //  /   _____/  /     \__    ___/\______   \

  429. //  \_____  \  /  \ /  \|    |    |     ___/

  430. //  /        \/    Y    \    |    |    |

  431. // /_______  /\____|__  /____|    |____|

  432. //         \/         \/

  433. 

  434. type smtpLoginAuth struct {
  435. 	username, password string
  436. }
  437. 

  438. func (auth *smtpLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
  439. 	return "LOGIN", []byte(auth.username), nil
  440. }
  441. 

  442. func (auth *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
  443. 	if more {
  444. 		switch string(fromServer) {
  445. 		case "Username:":
  446. 			return []byte(auth.username), nil
  447. 		case "Password:":
  448. 			return []byte(auth.password), nil
  449. 		}
  450. 	}
  451. 	return nil, nil
  452. }
  453. 

  454. // SMTP authentication type names.

  455. const (
  456. 	SMTPPlain = "PLAIN"
  457. 	SMTPLogin = "LOGIN"
  458. )
  459. 

  460. // SMTPAuths contains available SMTP authentication type names.

  461. var SMTPAuths = []string{SMTPPlain, SMTPLogin}
  462. 

  463. // SMTPAuth performs an SMTP authentication.

  464. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
  465. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))
  466. 	if err != nil {
  467. 		return err
  468. 	}
  469. 	defer c.Close()
  470. 

  471. 	if err = c.Hello("gogs"); err != nil {
  472. 		return err
  473. 	}
  474. 

  475. 	if cfg.TLS {
  476. 		if ok, _ := c.Extension("STARTTLS"); ok {
  477. 			if err = c.StartTLS(&tls.Config{
  478. 				InsecureSkipVerify: cfg.SkipVerify,
  479. 				ServerName:         cfg.Host,
  480. 			}); err != nil {
  481. 				return err
  482. 			}
  483. 		} else {
  484. 			return errors.New("SMTP server unsupports TLS")
  485. 		}
  486. 	}
  487. 

  488. 	if ok, _ := c.Extension("AUTH"); ok {
  489. 		return c.Auth(a)
  490. 	}
  491. 	return ErrUnsupportedLoginType
  492. }
  493. 

  494. // LoginViaSMTP queries if login/password is valid against the SMTP,

  495. // and create a local user if success when enabled.

  496. func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
  497. 	// Verify allowed domains.

  498. 	if len(cfg.AllowedDomains) > 0 {
  499. 		idx := strings.Index(login, "@")
  500. 		if idx == -1 {
  501. 			return nil, ErrUserNotExist{0, login, 0}
  502. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), login[idx+1:]) {
  503. 			return nil, ErrUserNotExist{0, login, 0}
  504. 		}
  505. 	}
  506. 

  507. 	var auth smtp.Auth
  508. 	if cfg.Auth == SMTPPlain {
  509. 		auth = smtp.PlainAuth("", login, password, cfg.Host)
  510. 	} else if cfg.Auth == SMTPLogin {
  511. 		auth = &smtpLoginAuth{login, password}
  512. 	} else {
  513. 		return nil, errors.New("Unsupported SMTP auth type")
  514. 	}
  515. 

  516. 	if err := SMTPAuth(auth, cfg); err != nil {
  517. 		// Check standard error format first,

  518. 		// then fallback to worse case.

  519. 		tperr, ok := err.(*textproto.Error)
  520. 		if (ok && tperr.Code == 535) ||
  521. 			strings.Contains(err.Error(), "Username and Password not accepted") {
  522. 			return nil, ErrUserNotExist{0, login, 0}
  523. 		}
  524. 		return nil, err
  525. 	}
  526. 

  527. 	if !autoRegister {
  528. 		return user, nil
  529. 	}
  530. 

  531. 	username := login
  532. 	idx := strings.Index(login, "@")
  533. 	if idx > -1 {
  534. 		username = login[:idx]
  535. 	}
  536. 

  537. 	user = &User{
  538. 		LowerName:   strings.ToLower(username),
  539. 		Name:        strings.ToLower(username),
  540. 		Email:       login,
  541. 		Passwd:      password,
  542. 		LoginType:   LoginSMTP,
  543. 		LoginSource: sourceID,
  544. 		LoginName:   login,
  545. 		IsActive:    true,
  546. 	}
  547. 	return user, CreateUser(user)
  548. }
  549. 

  550. // __________  _____      _____

  551. // \______   \/  _  \    /     \

  552. //  |     ___/  /_\  \  /  \ /  \

  553. //  |    |  /    |    \/    Y    \

  554. //  |____|  \____|__  /\____|__  /

  555. //                  \/         \/

  556. 

  557. // LoginViaPAM queries if login/password is valid against the PAM,

  558. // and create a local user if success when enabled.

  559. func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
  560. 	if err := pam.Auth(cfg.ServiceName, login, password); err != nil {
  561. 		if strings.Contains(err.Error(), "Authentication failure") {
  562. 			return nil, ErrUserNotExist{0, login, 0}
  563. 		}
  564. 		return nil, err
  565. 	}
  566. 

  567. 	if !autoRegister {
  568. 		return user, nil
  569. 	}
  570. 

  571. 	user = &User{
  572. 		LowerName:   strings.ToLower(login),
  573. 		Name:        login,
  574. 		Email:       login,
  575. 		Passwd:      password,
  576. 		LoginType:   LoginPAM,
  577. 		LoginSource: sourceID,
  578. 		LoginName:   login,
  579. 		IsActive:    true,
  580. 	}
  581. 	return user, CreateUser(user)
  582. }
  583. 

  584. // ExternalUserLogin attempts a login using external source types.

  585. func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
  586. 	if !source.IsActived {
  587. 		return nil, ErrLoginSourceNotActived
  588. 	}
  589. 

  590. 	switch source.Type {
  591. 	case LoginLDAP, LoginDLDAP:
  592. 		return LoginViaLDAP(user, login, password, source, autoRegister)
  593. 	case LoginSMTP:
  594. 		return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
  595. 	case LoginPAM:
  596. 		return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
  597. 	}
  598. 

  599. 	return nil, ErrUnsupportedLoginType
  600. }
  601. 

  602. // UserSignIn validates user name and password.

  603. func UserSignIn(username, password string) (*User, error) {
  604. 	var user *User
  605. 	if strings.Contains(username, "@") {
  606. 		user = &User{Email: strings.ToLower(strings.TrimSpace(username))}
  607. 		// check same email

  608. 		cnt, err := x.Count(user)
  609. 		if err != nil {
  610. 			return nil, err
  611. 		}
  612. 		if cnt > 1 {
  613. 			return nil, ErrEmailAlreadyUsed{
  614. 				Email: user.Email,
  615. 			}
  616. 		}
  617. 	} else {
  618. 		trimmedUsername := strings.TrimSpace(username)
  619. 		if len(trimmedUsername) == 0 {
  620. 			return nil, ErrUserNotExist{0, username, 0}
  621. 		}
  622. 

  623. 		user = &User{LowerName: strings.ToLower(trimmedUsername)}
  624. 	}
  625. 

  626. 	hasUser, err := x.Get(user)
  627. 	if err != nil {
  628. 		return nil, err
  629. 	}
  630. 

  631. 	if hasUser {
  632. 		switch user.LoginType {
  633. 		case LoginNoType, LoginPlain, LoginOAuth2:
  634. 			if user.ValidatePassword(password) {
  635. 				return user, nil
  636. 			}
  637. 

  638. 			return nil, ErrUserNotExist{user.ID, user.Name, 0}
  639. 

  640. 		default:
  641. 			var source LoginSource
  642. 			hasSource, err := x.ID(user.LoginSource).Get(&source)
  643. 			if err != nil {
  644. 				return nil, err
  645. 			} else if !hasSource {
  646. 				return nil, ErrLoginSourceNotExist{user.LoginSource}
  647. 			}
  648. 

  649. 			return ExternalUserLogin(user, user.LoginName, password, &source, false)
  650. 		}
  651. 	}
  652. 

  653. 	sources := make([]*LoginSource, 0, 5)
  654. 	if err = x.Where("is_actived = ?", true).Find(&sources); err != nil {
  655. 		return nil, err
  656. 	}
  657. 

  658. 	for _, source := range sources {
  659. 		if source.IsOAuth2() {
  660. 			// don't try to authenticate against OAuth2 sources

  661. 			continue
  662. 		}
  663. 		authUser, err := ExternalUserLogin(nil, username, password, source, true)
  664. 		if err == nil {
  665. 			return authUser, nil
  666. 		}
  667. 

  668. 		log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)
  669. 	}
  670. 

  671. 	return nil, ErrUserNotExist{user.ID, user.Name, 0}
  672. }