You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

326 lines
10 KiB

10 years ago
10 years ago
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
10 years ago
10 years ago
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
10 years ago
10 years ago
10 years ago
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "code.gitea.io/gitea/models"
  8. "code.gitea.io/gitea/modules/auth"
  9. "code.gitea.io/gitea/modules/auth/ldap"
  10. "code.gitea.io/gitea/modules/auth/oauth2"
  11. "code.gitea.io/gitea/modules/base"
  12. "code.gitea.io/gitea/modules/context"
  13. "code.gitea.io/gitea/modules/log"
  14. "code.gitea.io/gitea/modules/setting"
  15. "github.com/Unknwon/com"
  16. "github.com/go-xorm/core"
  17. )
  18. const (
  19. tplAuths base.TplName = "admin/auth/list"
  20. tplAuthNew base.TplName = "admin/auth/new"
  21. tplAuthEdit base.TplName = "admin/auth/edit"
  22. )
  23. // Authentications show authentication config page
  24. func Authentications(ctx *context.Context) {
  25. ctx.Data["Title"] = ctx.Tr("admin.authentication")
  26. ctx.Data["PageIsAdmin"] = true
  27. ctx.Data["PageIsAdminAuthentications"] = true
  28. var err error
  29. ctx.Data["Sources"], err = models.LoginSources()
  30. if err != nil {
  31. ctx.ServerError("LoginSources", err)
  32. return
  33. }
  34. ctx.Data["Total"] = models.CountLoginSources()
  35. ctx.HTML(200, tplAuths)
  36. }
  37. type dropdownItem struct {
  38. Name string
  39. Type interface{}
  40. }
  41. var (
  42. authSources = []dropdownItem{
  43. {models.LoginNames[models.LoginLDAP], models.LoginLDAP},
  44. {models.LoginNames[models.LoginDLDAP], models.LoginDLDAP},
  45. {models.LoginNames[models.LoginSMTP], models.LoginSMTP},
  46. {models.LoginNames[models.LoginPAM], models.LoginPAM},
  47. {models.LoginNames[models.LoginOAuth2], models.LoginOAuth2},
  48. }
  49. securityProtocols = []dropdownItem{
  50. {models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
  51. {models.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},
  52. {models.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},
  53. }
  54. )
  55. // NewAuthSource render adding a new auth source page
  56. func NewAuthSource(ctx *context.Context) {
  57. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  58. ctx.Data["PageIsAdmin"] = true
  59. ctx.Data["PageIsAdminAuthentications"] = true
  60. ctx.Data["type"] = models.LoginLDAP
  61. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLDAP]
  62. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
  63. ctx.Data["smtp_auth"] = "PLAIN"
  64. ctx.Data["is_active"] = true
  65. ctx.Data["is_sync_enabled"] = true
  66. ctx.Data["AuthSources"] = authSources
  67. ctx.Data["SecurityProtocols"] = securityProtocols
  68. ctx.Data["SMTPAuths"] = models.SMTPAuths
  69. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  70. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  71. // only the first as default
  72. for key := range models.OAuth2Providers {
  73. ctx.Data["oauth2_provider"] = key
  74. break
  75. }
  76. ctx.HTML(200, tplAuthNew)
  77. }
  78. func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
  79. var pageSize uint32
  80. if form.UsePagedSearch {
  81. pageSize = uint32(form.SearchPageSize)
  82. }
  83. return &models.LDAPConfig{
  84. Source: &ldap.Source{
  85. Name: form.Name,
  86. Host: form.Host,
  87. Port: form.Port,
  88. SecurityProtocol: ldap.SecurityProtocol(form.SecurityProtocol),
  89. SkipVerify: form.SkipVerify,
  90. BindDN: form.BindDN,
  91. UserDN: form.UserDN,
  92. BindPassword: form.BindPassword,
  93. UserBase: form.UserBase,
  94. AttributeUsername: form.AttributeUsername,
  95. AttributeName: form.AttributeName,
  96. AttributeSurname: form.AttributeSurname,
  97. AttributeMail: form.AttributeMail,
  98. AttributesInBind: form.AttributesInBind,
  99. AttributeSSHPublicKey: form.AttributeSSHPublicKey,
  100. SearchPageSize: pageSize,
  101. Filter: form.Filter,
  102. AdminFilter: form.AdminFilter,
  103. Enabled: true,
  104. },
  105. }
  106. }
  107. func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {
  108. return &models.SMTPConfig{
  109. Auth: form.SMTPAuth,
  110. Host: form.SMTPHost,
  111. Port: form.SMTPPort,
  112. AllowedDomains: form.AllowedDomains,
  113. TLS: form.TLS,
  114. SkipVerify: form.SkipVerify,
  115. }
  116. }
  117. func parseOAuth2Config(form auth.AuthenticationForm) *models.OAuth2Config {
  118. var customURLMapping *oauth2.CustomURLMapping
  119. if form.Oauth2UseCustomURL {
  120. customURLMapping = &oauth2.CustomURLMapping{
  121. TokenURL: form.Oauth2TokenURL,
  122. AuthURL: form.Oauth2AuthURL,
  123. ProfileURL: form.Oauth2ProfileURL,
  124. EmailURL: form.Oauth2EmailURL,
  125. }
  126. } else {
  127. customURLMapping = nil
  128. }
  129. return &models.OAuth2Config{
  130. Provider: form.Oauth2Provider,
  131. ClientID: form.Oauth2Key,
  132. ClientSecret: form.Oauth2Secret,
  133. OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
  134. CustomURLMapping: customURLMapping,
  135. }
  136. }
  137. // NewAuthSourcePost response for adding an auth source
  138. func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  139. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  140. ctx.Data["PageIsAdmin"] = true
  141. ctx.Data["PageIsAdminAuthentications"] = true
  142. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(form.Type)]
  143. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]
  144. ctx.Data["AuthSources"] = authSources
  145. ctx.Data["SecurityProtocols"] = securityProtocols
  146. ctx.Data["SMTPAuths"] = models.SMTPAuths
  147. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  148. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  149. hasTLS := false
  150. var config core.Conversion
  151. switch models.LoginType(form.Type) {
  152. case models.LoginLDAP, models.LoginDLDAP:
  153. config = parseLDAPConfig(form)
  154. hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
  155. case models.LoginSMTP:
  156. config = parseSMTPConfig(form)
  157. hasTLS = true
  158. case models.LoginPAM:
  159. config = &models.PAMConfig{
  160. ServiceName: form.PAMServiceName,
  161. }
  162. case models.LoginOAuth2:
  163. config = parseOAuth2Config(form)
  164. default:
  165. ctx.Error(400)
  166. return
  167. }
  168. ctx.Data["HasTLS"] = hasTLS
  169. if ctx.HasError() {
  170. ctx.HTML(200, tplAuthNew)
  171. return
  172. }
  173. if err := models.CreateLoginSource(&models.LoginSource{
  174. Type: models.LoginType(form.Type),
  175. Name: form.Name,
  176. IsActived: form.IsActive,
  177. IsSyncEnabled: form.IsSyncEnabled,
  178. Cfg: config,
  179. }); err != nil {
  180. if models.IsErrLoginSourceAlreadyExist(err) {
  181. ctx.Data["Err_Name"] = true
  182. ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), tplAuthNew, form)
  183. } else {
  184. ctx.ServerError("CreateSource", err)
  185. }
  186. return
  187. }
  188. log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, form.Name)
  189. ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))
  190. ctx.Redirect(setting.AppSubURL + "/admin/auths")
  191. }
  192. // EditAuthSource render editing auth source page
  193. func EditAuthSource(ctx *context.Context) {
  194. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  195. ctx.Data["PageIsAdmin"] = true
  196. ctx.Data["PageIsAdminAuthentications"] = true
  197. ctx.Data["SecurityProtocols"] = securityProtocols
  198. ctx.Data["SMTPAuths"] = models.SMTPAuths
  199. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  200. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  201. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  202. if err != nil {
  203. ctx.ServerError("GetLoginSourceByID", err)
  204. return
  205. }
  206. ctx.Data["Source"] = source
  207. ctx.Data["HasTLS"] = source.HasTLS()
  208. if source.IsOAuth2() {
  209. ctx.Data["CurrentOAuth2Provider"] = models.OAuth2Providers[source.OAuth2().Provider]
  210. }
  211. ctx.HTML(200, tplAuthEdit)
  212. }
  213. // EditAuthSourcePost response for editing auth source
  214. func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  215. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  216. ctx.Data["PageIsAdmin"] = true
  217. ctx.Data["PageIsAdminAuthentications"] = true
  218. ctx.Data["SMTPAuths"] = models.SMTPAuths
  219. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  220. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  221. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  222. if err != nil {
  223. ctx.ServerError("GetLoginSourceByID", err)
  224. return
  225. }
  226. ctx.Data["Source"] = source
  227. ctx.Data["HasTLS"] = source.HasTLS()
  228. if ctx.HasError() {
  229. ctx.HTML(200, tplAuthEdit)
  230. return
  231. }
  232. var config core.Conversion
  233. switch models.LoginType(form.Type) {
  234. case models.LoginLDAP, models.LoginDLDAP:
  235. config = parseLDAPConfig(form)
  236. case models.LoginSMTP:
  237. config = parseSMTPConfig(form)
  238. case models.LoginPAM:
  239. config = &models.PAMConfig{
  240. ServiceName: form.PAMServiceName,
  241. }
  242. case models.LoginOAuth2:
  243. config = parseOAuth2Config(form)
  244. default:
  245. ctx.Error(400)
  246. return
  247. }
  248. source.Name = form.Name
  249. source.IsActived = form.IsActive
  250. source.IsSyncEnabled = form.IsSyncEnabled
  251. source.Cfg = config
  252. if err := models.UpdateSource(source); err != nil {
  253. if models.IsErrOpenIDConnectInitialize(err) {
  254. ctx.Flash.Error(err.Error(), true)
  255. ctx.HTML(200, tplAuthEdit)
  256. } else {
  257. ctx.ServerError("UpdateSource", err)
  258. }
  259. return
  260. }
  261. log.Trace("Authentication changed by admin(%s): %d", ctx.User.Name, source.ID)
  262. ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
  263. ctx.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(form.ID))
  264. }
  265. // DeleteAuthSource response for deleting an auth source
  266. func DeleteAuthSource(ctx *context.Context) {
  267. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  268. if err != nil {
  269. ctx.ServerError("GetLoginSourceByID", err)
  270. return
  271. }
  272. if err = models.DeleteSource(source); err != nil {
  273. if models.IsErrLoginSourceInUse(err) {
  274. ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
  275. } else {
  276. ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  277. }
  278. ctx.JSON(200, map[string]interface{}{
  279. "redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),
  280. })
  281. return
  282. }
  283. log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
  284. ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
  285. ctx.JSON(200, map[string]interface{}{
  286. "redirect": setting.AppSubURL + "/admin/auths",
  287. })
  288. }