closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3852 Commits
2 Branches
178 MiB
Tree: 79a1bfd963
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '79a1bfd963'
${ noResults }
gitea/routers/admin/auths.go

238 lines
6.4 KiB
Raw Normal View History

fix code
10 years ago
ldap support
10 years ago
#1146 finsih UI work for access mode of collaborators Collaborators have write access as default, and can be changed via repository collaboration settings page to change between read, write and admin.
8 years ago
New UI merge in progress
10 years ago
add support for smtp authentication
10 years ago
Fix #173
10 years ago
ldap support
10 years ago
basic authentications
10 years ago
Rename module: middleware -> context
8 years ago
fix code
10 years ago
Allow Gogs to run from a suburl behind a reverse proxy. e.g. http://mydomain.com/gogs/ Conflicts: modules/setting/setting.go Conflicts: templates/repo/release/list.tmpl templates/user/dashboard/dashboard.tmpl Conflicts: routers/repo/setting.go
10 years ago
ldap support
10 years ago
In progress of name template name constant
10 years ago
Continue working on new admin pages
10 years ago
In progress of name template name constant
10 years ago
Rename module: middleware -> context
8 years ago
Continue working on new admin pages
10 years ago
#697 disable captcha and new admin create user UI
9 years ago
Continue working on new admin pages
10 years ago
#697 disable captcha and new admin create user UI
9 years ago
Continue working on new admin pages
10 years ago
more minor fix on 1581
9 years ago
Continue working on new admin pages
10 years ago
finish new add auth UI
9 years ago
#1938 #1374 disable password change for non-local users
9 years ago
finish new add auth UI
9 years ago
Rename module: middleware -> context
8 years ago
Continue working on new admin pages
10 years ago
finish new add auth UI
9 years ago
#1938 #1374 disable password change for non-local users
9 years ago
finish new add auth UI
9 years ago
add support for smtp authentication
10 years ago
In progress of name template name constant
10 years ago
ldap support
10 years ago
finish new edit auth UI
9 years ago
#1637 able to skip verify for LDAP
9 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
LDAP: Fetch attributes in Bind DN context option This is feature is workaround for #2628 (JumpCloud) and some other services that allow LDAP search only under BindDN user account, but not allow any LDAP search query in logged user DN context. Such approach is an alternative to minimal permissions security pattern for BindDN user.
8 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
finish new edit auth UI
9 years ago
#1620 add allowed domains for SMTP auth
9 years ago
finish new edit auth UI
9 years ago
Rename module: middleware -> context
8 years ago
Continue working on new admin pages
10 years ago
finish new add auth UI
9 years ago
add support for smtp authentication
10 years ago
ldap support
10 years ago
In progress of name template name constant
10 years ago
ldap support
10 years ago
finish new edit auth UI
9 years ago
Add tar.gz download button and other mirror updates
10 years ago
#1938 #1374 disable password change for non-local users
9 years ago
finish new edit auth UI
9 years ago
#1938 #1374 disable password change for non-local users
9 years ago
finish new edit auth UI
9 years ago
#1938 #1374 disable password change for non-local users
9 years ago
finish new edit auth UI
9 years ago
Add PAM authentication
9 years ago
UI fix
10 years ago
add support for smtp authentication
10 years ago
finish new edit auth UI
9 years ago
#1625 remove auto_register and makes it default
9 years ago
finish new edit auth UI
9 years ago
Continue working on new admin pages
10 years ago
ldap support
10 years ago
#1124 LDAP add and edit form are misleading
9 years ago
finish new edit auth UI
9 years ago
Add suburl support
10 years ago
ldap support
10 years ago
Rename module: middleware -> context
8 years ago
Continue working on new admin pages
10 years ago
finish new edit auth UI
9 years ago
add support for smtp authentication
10 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
In progress of name template name constant
10 years ago
ldap support
10 years ago
Rename module: middleware -> context
8 years ago
Continue working on new admin pages
10 years ago
finish new edit auth UI
9 years ago
add support for smtp authentication
10 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
In progress of name template name constant
10 years ago
basic authentications
10 years ago
add support for smtp authentication
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
#1938 #1374 disable password change for non-local users
9 years ago
finish new edit auth UI
9 years ago
#1938 #1374 disable password change for non-local users
9 years ago
finish new edit auth UI
9 years ago
#1938 #1374 disable password change for non-local users
9 years ago
Add PAM authentication
9 years ago
Fix #173
10 years ago
add support for smtp authentication
10 years ago
finish new edit auth UI
9 years ago
Continue working on new admin pages
10 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
Continue working on new admin pages
10 years ago
finish new edit auth UI
9 years ago
ldap support
10 years ago
Rename module: middleware -> context
8 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
#1146 finsih UI work for access mode of collaborators Collaborators have write access as default, and can be changed via repository collaboration settings page to change between read, write and admin.
8 years ago
basic authentications
10 years ago
#1146 finsih UI work for access mode of collaborators Collaborators have write access as default, and can be changed via repository collaboration settings page to change between read, write and admin.
8 years ago
basic authentications
10 years ago
#1146 finsih UI work for access mode of collaborators Collaborators have write access as default, and can be changed via repository collaboration settings page to change between read, write and admin.
8 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
ldap support
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package admin
  6. 

  7. import (
  8. 	"fmt"
  9. 

  10. 	"github.com/Unknwon/com"
  11. 	"github.com/go-xorm/core"
  12. 

  13. 	"github.com/gogits/gogs/models"
  14. 	"github.com/gogits/gogs/modules/auth"
  15. 	"github.com/gogits/gogs/modules/auth/ldap"
  16. 	"github.com/gogits/gogs/modules/base"
  17. 	"github.com/gogits/gogs/modules/context"
  18. 	"github.com/gogits/gogs/modules/log"
  19. 	"github.com/gogits/gogs/modules/setting"
  20. )
  21. 

  22. const (
  23. 	AUTHS     base.TplName = "admin/auth/list"
  24. 	AUTH_NEW  base.TplName = "admin/auth/new"
  25. 	AUTH_EDIT base.TplName = "admin/auth/edit"
  26. )
  27. 

  28. func Authentications(ctx *context.Context) {
  29. 	ctx.Data["Title"] = ctx.Tr("admin.authentication")
  30. 	ctx.Data["PageIsAdmin"] = true
  31. 	ctx.Data["PageIsAdminAuthentications"] = true
  32. 

  33. 	var err error
  34. 	ctx.Data["Sources"], err = models.LoginSources()
  35. 	if err != nil {
  36. 		ctx.Handle(500, "LoginSources", err)
  37. 		return
  38. 	}
  39. 

  40. 	ctx.Data["Total"] = models.CountLoginSources()
  41. 	ctx.HTML(200, AUTHS)
  42. }
  43. 

  44. type AuthSource struct {
  45. 	Name string
  46. 	Type models.LoginType
  47. }
  48. 

  49. var authSources = []AuthSource{
  50. 	{models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
  51. 	{models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
  52. 	{models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
  53. 	{models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
  54. }
  55. 

  56. func NewAuthSource(ctx *context.Context) {
  57. 	ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  58. 	ctx.Data["PageIsAdmin"] = true
  59. 	ctx.Data["PageIsAdminAuthentications"] = true
  60. 

  61. 	ctx.Data["type"] = models.LOGIN_LDAP
  62. 	ctx.Data["CurTypeName"] = models.LoginNames[models.LOGIN_LDAP]
  63. 	ctx.Data["smtp_auth"] = "PLAIN"
  64. 	ctx.Data["is_active"] = true
  65. 	ctx.Data["AuthSources"] = authSources
  66. 	ctx.Data["SMTPAuths"] = models.SMTPAuths
  67. 	ctx.HTML(200, AUTH_NEW)
  68. }
  69. 

  70. func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
  71. 	return &models.LDAPConfig{
  72. 		Source: &ldap.Source{
  73. 			Name:              form.Name,
  74. 			Host:              form.Host,
  75. 			Port:              form.Port,
  76. 			UseSSL:            form.TLS,
  77. 			SkipVerify:        form.SkipVerify,
  78. 			BindDN:            form.BindDN,
  79. 			UserDN:            form.UserDN,
  80. 			BindPassword:      form.BindPassword,
  81. 			UserBase:          form.UserBase,
  82. 			AttributeUsername: form.AttributeUsername,
  83. 			AttributeName:     form.AttributeName,
  84. 			AttributeSurname:  form.AttributeSurname,
  85. 			AttributeMail:     form.AttributeMail,
  86. 			AttributesInBind:  form.AttributesInBind,
  87. 			Filter:            form.Filter,
  88. 			AdminFilter:       form.AdminFilter,
  89. 			Enabled:           true,
  90. 		},
  91. 	}
  92. }
  93. 

  94. func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {
  95. 	return &models.SMTPConfig{
  96. 		Auth:           form.SMTPAuth,
  97. 		Host:           form.SMTPHost,
  98. 		Port:           form.SMTPPort,
  99. 		AllowedDomains: form.AllowedDomains,
  100. 		TLS:            form.TLS,
  101. 		SkipVerify:     form.SkipVerify,
  102. 	}
  103. }
  104. 

  105. func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  106. 	ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  107. 	ctx.Data["PageIsAdmin"] = true
  108. 	ctx.Data["PageIsAdminAuthentications"] = true
  109. 

  110. 	ctx.Data["CurTypeName"] = models.LoginNames[models.LoginType(form.Type)]
  111. 	ctx.Data["AuthSources"] = authSources
  112. 	ctx.Data["SMTPAuths"] = models.SMTPAuths
  113. 

  114. 	if ctx.HasError() {
  115. 		ctx.HTML(200, AUTH_NEW)
  116. 		return
  117. 	}
  118. 

  119. 	var config core.Conversion
  120. 	switch models.LoginType(form.Type) {
  121. 	case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  122. 		config = parseLDAPConfig(form)
  123. 	case models.LOGIN_SMTP:
  124. 		config = parseSMTPConfig(form)
  125. 	case models.LOGIN_PAM:
  126. 		config = &models.PAMConfig{
  127. 			ServiceName: form.PAMServiceName,
  128. 		}
  129. 	default:
  130. 		ctx.Error(400)
  131. 		return
  132. 	}
  133. 

  134. 	if err := models.CreateSource(&models.LoginSource{
  135. 		Type:      models.LoginType(form.Type),
  136. 		Name:      form.Name,
  137. 		IsActived: form.IsActive,
  138. 		Cfg:       config,
  139. 	}); err != nil {
  140. 		ctx.Handle(500, "CreateSource", err)
  141. 		return
  142. 	}
  143. 

  144. 	log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, form.Name)
  145. 

  146. 	ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))
  147. 	ctx.Redirect(setting.AppSubUrl + "/admin/auths")
  148. }
  149. 

  150. func EditAuthSource(ctx *context.Context) {
  151. 	ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  152. 	ctx.Data["PageIsAdmin"] = true
  153. 	ctx.Data["PageIsAdminAuthentications"] = true
  154. 

  155. 	ctx.Data["SMTPAuths"] = models.SMTPAuths
  156. 

  157. 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  158. 	if err != nil {
  159. 		ctx.Handle(500, "GetLoginSourceByID", err)
  160. 		return
  161. 	}
  162. 	ctx.Data["Source"] = source
  163. 	ctx.HTML(200, AUTH_EDIT)
  164. }
  165. 

  166. func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  167. 	ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  168. 	ctx.Data["PageIsAdmin"] = true
  169. 	ctx.Data["PageIsAdminAuthentications"] = true
  170. 

  171. 	ctx.Data["SMTPAuths"] = models.SMTPAuths
  172. 

  173. 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  174. 	if err != nil {
  175. 		ctx.Handle(500, "GetLoginSourceByID", err)
  176. 		return
  177. 	}
  178. 	ctx.Data["Source"] = source
  179. 

  180. 	if ctx.HasError() {
  181. 		ctx.HTML(200, AUTH_EDIT)
  182. 		return
  183. 	}
  184. 

  185. 	var config core.Conversion
  186. 	switch models.LoginType(form.Type) {
  187. 	case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  188. 		config = parseLDAPConfig(form)
  189. 	case models.LOGIN_SMTP:
  190. 		config = parseSMTPConfig(form)
  191. 	case models.LOGIN_PAM:
  192. 		config = &models.PAMConfig{
  193. 			ServiceName: form.PAMServiceName,
  194. 		}
  195. 	default:
  196. 		ctx.Error(400)
  197. 		return
  198. 	}
  199. 

  200. 	source.Name = form.Name
  201. 	source.IsActived = form.IsActive
  202. 	source.Cfg = config
  203. 	if err := models.UpdateSource(source); err != nil {
  204. 		ctx.Handle(500, "UpdateSource", err)
  205. 		return
  206. 	}
  207. 	log.Trace("Authentication changed by admin(%s): %s", ctx.User.Name, source.ID)
  208. 

  209. 	ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
  210. 	ctx.Redirect(setting.AppSubUrl + "/admin/auths/" + com.ToStr(form.ID))
  211. }
  212. 

  213. func DeleteAuthSource(ctx *context.Context) {
  214. 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  215. 	if err != nil {
  216. 		ctx.Handle(500, "GetLoginSourceByID", err)
  217. 		return
  218. 	}
  219. 

  220. 	if err = models.DeleteSource(source); err != nil {
  221. 		switch err {
  222. 		case models.ErrAuthenticationUserUsed:
  223. 			ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
  224. 		default:
  225. 			ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  226. 		}
  227. 		ctx.JSON(200, map[string]interface{}{
  228. 			"redirect": setting.AppSubUrl + "/admin/auths/" + ctx.Params(":authid"),
  229. 		})
  230. 		return
  231. 	}
  232. 	log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
  233. 

  234. 	ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
  235. 	ctx.JSON(200, map[string]interface{}{
  236. 		"redirect": setting.AppSubUrl + "/admin/auths",
  237. 	})
  238. }