closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7675 Commits
2 Branches
178 MiB
Tree: b5aa7f7ceb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b5aa7f7ceb'
${ noResults }
gitea/models/login_source.go

711 lines
19 KiB
Raw Normal View History

Add tar.gz download button and other mirror updates
10 years ago
fix code
10 years ago
add login.go
10 years ago
ldap support
10 years ago
Make gmail auth work
10 years ago
ldap support
10 years ago
basic authentications
10 years ago
add smtp authentication
10 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
Remove macaron dependent on models (#6940)
5 years ago
merge all login methods
10 years ago
add login.go
10 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
Fix error log when loading issues caused by a xorm bug (#7271) * fix error log when loading issues caused by a xorm bug * upgrade packages * fix fmt * fix Consistency * fix tests
5 years ago
fix code
10 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
7 years ago
ldap support
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Add tar.gz download button and other mirror updates
10 years ago
models/login_source: code improvement
8 years ago
basic authentications
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
basic authentications
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Rewrite XORM queries
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Fix spelling errors in comments.
10 years ago
Fix edit auth page bug
10 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix edit auth page bug
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
models/login_source: code improvement
8 years ago
add login.go
10 years ago
LDAP user synchronization (#1478)
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
7 years ago
ldap support
10 years ago
#2349 try to handle []int8 case
8 years ago
#2349 fix convert type
8 years ago
#2349 try to handle []int8 case
8 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Add golangci (#6418)
5 years ago
#2349 try to handle []int8 case
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
finish new edit auth UI
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Lint models/login_source.go
8 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
8 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
LDAP user synchronization (#1478)
7 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Add golangci (#6418)
5 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Add tar.gz download button and other mirror updates
10 years ago
Lint models/login_source.go
8 years ago
#697 disable captcha and new admin create user UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
ldap support
10 years ago
APIs: admin users
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
basic authentications
10 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
basic authentications
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
add support for smtp authentication
10 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Add golangci (#6418)
5 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
ldap support
10 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
models/login_source: code improvement
8 years ago
basic authentications
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
ldap support
10 years ago
add login.go
10 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
Remove macaron dependent on models (#6940)
5 years ago
Add golangci (#6418)
5 years ago
Remove macaron dependent on models (#6940)
5 years ago
models/login_source: code improvement
8 years ago
minor fix on #1694
9 years ago
Fix typos
8 years ago
LDAP user synchronization (#1478)
7 years ago
work on #672
10 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
merge all login methods
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
merge all login methods
10 years ago
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
Add golangci (#6418)
5 years ago
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
models/login_source: code improvement
8 years ago
merge all login methods
10 years ago
work on #672
10 years ago
LDAP user synchronization (#1478)
7 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
Remove macaron dependent on models (#6940)
5 years ago
LDAP user synchronization (#1478)
7 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
LDAP user synchronization (#1478)
7 years ago
work on #672
10 years ago
models/login_source: code improvement
8 years ago
LDAP user synchronization (#1478)
7 years ago
Added LDAP simple auth support.
9 years ago
models/login_source: code improvement
8 years ago
work on #672
10 years ago
LDAP user synchronization (#1478)
7 years ago
merge all login methods
10 years ago
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
Add golangci (#6418)
5 years ago
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
add smtp authentication
10 years ago
Make gmail auth work
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
10 years ago
Clean old LDAP code
10 years ago
add smtp authentication
10 years ago
Fix lint errors (#2547)
7 years ago
add smtp authentication
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
golint fixed for modules/auth
8 years ago
Add PAM authentication
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
9 years ago
Lint models/login_source.go
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
fix bug when user login and want to resend register confirmation email (#6482)
5 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
fix bug not to trim space of login username (#1796)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Only allow local login if password is non-empty (#5906)
5 years ago
fix bug when user login and want to resend register confirmation email (#6482)
5 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Replace deprecated Id method with ID (#2655)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Replace calls to xorm UseBool with Where (#2237)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
gofmt (#1662)
7 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"crypto/tls"
  9. 	"encoding/json"
  10. 	"errors"
  11. 	"fmt"
  12. 	"net/smtp"
  13. 	"net/textproto"
  14. 	"regexp"
  15. 	"strings"
  16. 

  17. 	"github.com/Unknwon/com"
  18. 	"github.com/go-xorm/xorm"
  19. 	"xorm.io/core"
  20. 

  21. 	"code.gitea.io/gitea/modules/auth/ldap"
  22. 	"code.gitea.io/gitea/modules/auth/oauth2"
  23. 	"code.gitea.io/gitea/modules/auth/pam"
  24. 	"code.gitea.io/gitea/modules/log"
  25. 	"code.gitea.io/gitea/modules/util"
  26. )
  27. 

  28. // LoginType represents an login type.

  29. type LoginType int
  30. 

  31. // Note: new type must append to the end of list to maintain compatibility.

  32. const (
  33. 	LoginNoType LoginType = iota
  34. 	LoginPlain            // 1

  35. 	LoginLDAP             // 2

  36. 	LoginSMTP             // 3

  37. 	LoginPAM              // 4

  38. 	LoginDLDAP            // 5

  39. 	LoginOAuth2           // 6

  40. )
  41. 

  42. // LoginNames contains the name of LoginType values.

  43. var LoginNames = map[LoginType]string{
  44. 	LoginLDAP:   "LDAP (via BindDN)",
  45. 	LoginDLDAP:  "LDAP (simple auth)", // Via direct bind

  46. 	LoginSMTP:   "SMTP",
  47. 	LoginPAM:    "PAM",
  48. 	LoginOAuth2: "OAuth2",
  49. }
  50. 

  51. // SecurityProtocolNames contains the name of SecurityProtocol values.

  52. var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
  53. 	ldap.SecurityProtocolUnencrypted: "Unencrypted",
  54. 	ldap.SecurityProtocolLDAPS:       "LDAPS",
  55. 	ldap.SecurityProtocolStartTLS:    "StartTLS",
  56. }
  57. 

  58. // Ensure structs implemented interface.

  59. var (
  60. 	_ core.Conversion = &LDAPConfig{}
  61. 	_ core.Conversion = &SMTPConfig{}
  62. 	_ core.Conversion = &PAMConfig{}
  63. 	_ core.Conversion = &OAuth2Config{}
  64. )
  65. 

  66. // LDAPConfig holds configuration for LDAP login source.

  67. type LDAPConfig struct {
  68. 	*ldap.Source
  69. }
  70. 

  71. // FromDB fills up a LDAPConfig from serialized format.

  72. func (cfg *LDAPConfig) FromDB(bs []byte) error {
  73. 	return json.Unmarshal(bs, &cfg)
  74. }
  75. 

  76. // ToDB exports a LDAPConfig to a serialized format.

  77. func (cfg *LDAPConfig) ToDB() ([]byte, error) {
  78. 	return json.Marshal(cfg)
  79. }
  80. 

  81. // SecurityProtocolName returns the name of configured security

  82. // protocol.

  83. func (cfg *LDAPConfig) SecurityProtocolName() string {
  84. 	return SecurityProtocolNames[cfg.SecurityProtocol]
  85. }
  86. 

  87. // SMTPConfig holds configuration for the SMTP login source.

  88. type SMTPConfig struct {
  89. 	Auth           string
  90. 	Host           string
  91. 	Port           int
  92. 	AllowedDomains string `xorm:"TEXT"`
  93. 	TLS            bool
  94. 	SkipVerify     bool
  95. }
  96. 

  97. // FromDB fills up an SMTPConfig from serialized format.

  98. func (cfg *SMTPConfig) FromDB(bs []byte) error {
  99. 	return json.Unmarshal(bs, cfg)
  100. }
  101. 

  102. // ToDB exports an SMTPConfig to a serialized format.

  103. func (cfg *SMTPConfig) ToDB() ([]byte, error) {
  104. 	return json.Marshal(cfg)
  105. }
  106. 

  107. // PAMConfig holds configuration for the PAM login source.

  108. type PAMConfig struct {
  109. 	ServiceName string // pam service (e.g. system-auth)

  110. }
  111. 

  112. // FromDB fills up a PAMConfig from serialized format.

  113. func (cfg *PAMConfig) FromDB(bs []byte) error {
  114. 	return json.Unmarshal(bs, &cfg)
  115. }
  116. 

  117. // ToDB exports a PAMConfig to a serialized format.

  118. func (cfg *PAMConfig) ToDB() ([]byte, error) {
  119. 	return json.Marshal(cfg)
  120. }
  121. 

  122. // OAuth2Config holds configuration for the OAuth2 login source.

  123. type OAuth2Config struct {
  124. 	Provider                      string
  125. 	ClientID                      string
  126. 	ClientSecret                  string
  127. 	OpenIDConnectAutoDiscoveryURL string
  128. 	CustomURLMapping              *oauth2.CustomURLMapping
  129. }
  130. 

  131. // FromDB fills up an OAuth2Config from serialized format.

  132. func (cfg *OAuth2Config) FromDB(bs []byte) error {
  133. 	return json.Unmarshal(bs, cfg)
  134. }
  135. 

  136. // ToDB exports an SMTPConfig to a serialized format.

  137. func (cfg *OAuth2Config) ToDB() ([]byte, error) {
  138. 	return json.Marshal(cfg)
  139. }
  140. 

  141. // LoginSource represents an external way for authorizing users.

  142. type LoginSource struct {
  143. 	ID            int64 `xorm:"pk autoincr"`
  144. 	Type          LoginType
  145. 	Name          string          `xorm:"UNIQUE"`
  146. 	IsActived     bool            `xorm:"INDEX NOT NULL DEFAULT false"`
  147. 	IsSyncEnabled bool            `xorm:"INDEX NOT NULL DEFAULT false"`
  148. 	Cfg           core.Conversion `xorm:"TEXT"`
  149. 

  150. 	CreatedUnix util.TimeStamp `xorm:"INDEX created"`
  151. 	UpdatedUnix util.TimeStamp `xorm:"INDEX updated"`
  152. }
  153. 

  154. // Cell2Int64 converts a xorm.Cell type to int64,

  155. // and handles possible irregular cases.

  156. func Cell2Int64(val xorm.Cell) int64 {
  157. 	switch (*val).(type) {
  158. 	case []uint8:
  159. 		log.Trace("Cell2Int64 ([]uint8): %v", *val)
  160. 		return com.StrTo(string((*val).([]uint8))).MustInt64()
  161. 	}
  162. 	return (*val).(int64)
  163. }
  164. 

  165. // BeforeSet is invoked from XORM before setting the value of a field of this object.

  166. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
  167. 	if colName == "type" {
  168. 		switch LoginType(Cell2Int64(val)) {
  169. 		case LoginLDAP, LoginDLDAP:
  170. 			source.Cfg = new(LDAPConfig)
  171. 		case LoginSMTP:
  172. 			source.Cfg = new(SMTPConfig)
  173. 		case LoginPAM:
  174. 			source.Cfg = new(PAMConfig)
  175. 		case LoginOAuth2:
  176. 			source.Cfg = new(OAuth2Config)
  177. 		default:
  178. 			panic("unrecognized login source type: " + com.ToStr(*val))
  179. 		}
  180. 	}
  181. }
  182. 

  183. // TypeName return name of this login source type.

  184. func (source *LoginSource) TypeName() string {
  185. 	return LoginNames[source.Type]
  186. }
  187. 

  188. // IsLDAP returns true of this source is of the LDAP type.

  189. func (source *LoginSource) IsLDAP() bool {
  190. 	return source.Type == LoginLDAP
  191. }
  192. 

  193. // IsDLDAP returns true of this source is of the DLDAP type.

  194. func (source *LoginSource) IsDLDAP() bool {
  195. 	return source.Type == LoginDLDAP
  196. }
  197. 

  198. // IsSMTP returns true of this source is of the SMTP type.

  199. func (source *LoginSource) IsSMTP() bool {
  200. 	return source.Type == LoginSMTP
  201. }
  202. 

  203. // IsPAM returns true of this source is of the PAM type.

  204. func (source *LoginSource) IsPAM() bool {
  205. 	return source.Type == LoginPAM
  206. }
  207. 

  208. // IsOAuth2 returns true of this source is of the OAuth2 type.

  209. func (source *LoginSource) IsOAuth2() bool {
  210. 	return source.Type == LoginOAuth2
  211. }
  212. 

  213. // HasTLS returns true of this source supports TLS.

  214. func (source *LoginSource) HasTLS() bool {
  215. 	return ((source.IsLDAP() || source.IsDLDAP()) &&
  216. 		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
  217. 		source.IsSMTP()
  218. }
  219. 

  220. // UseTLS returns true of this source is configured to use TLS.

  221. func (source *LoginSource) UseTLS() bool {
  222. 	switch source.Type {
  223. 	case LoginLDAP, LoginDLDAP:
  224. 		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
  225. 	case LoginSMTP:
  226. 		return source.SMTP().TLS
  227. 	}
  228. 

  229. 	return false
  230. }
  231. 

  232. // SkipVerify returns true if this source is configured to skip SSL

  233. // verification.

  234. func (source *LoginSource) SkipVerify() bool {
  235. 	switch source.Type {
  236. 	case LoginLDAP, LoginDLDAP:
  237. 		return source.LDAP().SkipVerify
  238. 	case LoginSMTP:
  239. 		return source.SMTP().SkipVerify
  240. 	}
  241. 

  242. 	return false
  243. }
  244. 

  245. // LDAP returns LDAPConfig for this source, if of LDAP type.

  246. func (source *LoginSource) LDAP() *LDAPConfig {
  247. 	return source.Cfg.(*LDAPConfig)
  248. }
  249. 

  250. // SMTP returns SMTPConfig for this source, if of SMTP type.

  251. func (source *LoginSource) SMTP() *SMTPConfig {
  252. 	return source.Cfg.(*SMTPConfig)
  253. }
  254. 

  255. // PAM returns PAMConfig for this source, if of PAM type.

  256. func (source *LoginSource) PAM() *PAMConfig {
  257. 	return source.Cfg.(*PAMConfig)
  258. }
  259. 

  260. // OAuth2 returns OAuth2Config for this source, if of OAuth2 type.

  261. func (source *LoginSource) OAuth2() *OAuth2Config {
  262. 	return source.Cfg.(*OAuth2Config)
  263. }
  264. 

  265. // CreateLoginSource inserts a LoginSource in the DB if not already

  266. // existing with the given name.

  267. func CreateLoginSource(source *LoginSource) error {
  268. 	has, err := x.Get(&LoginSource{Name: source.Name})
  269. 	if err != nil {
  270. 		return err
  271. 	} else if has {
  272. 		return ErrLoginSourceAlreadyExist{source.Name}
  273. 	}
  274. 	// Synchronization is only aviable with LDAP for now

  275. 	if !source.IsLDAP() {
  276. 		source.IsSyncEnabled = false
  277. 	}
  278. 

  279. 	_, err = x.Insert(source)
  280. 	if err == nil && source.IsOAuth2() && source.IsActived {
  281. 		oAuth2Config := source.OAuth2()
  282. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)
  283. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)
  284. 		if err != nil {
  285. 			// remove the LoginSource in case of errors while registering OAuth2 providers

  286. 			if _, err := x.Delete(source); err != nil {
  287. 				log.Error("CreateLoginSource: Error while wrapOpenIDConnectInitializeError: %v", err)
  288. 			}
  289. 			return err
  290. 		}
  291. 	}
  292. 	return err
  293. }
  294. 

  295. // LoginSources returns a slice of all login sources found in DB.

  296. func LoginSources() ([]*LoginSource, error) {
  297. 	auths := make([]*LoginSource, 0, 6)
  298. 	return auths, x.Find(&auths)
  299. }
  300. 

  301. // GetLoginSourceByID returns login source by given ID.

  302. func GetLoginSourceByID(id int64) (*LoginSource, error) {
  303. 	source := new(LoginSource)
  304. 	has, err := x.ID(id).Get(source)
  305. 	if err != nil {
  306. 		return nil, err
  307. 	} else if !has {
  308. 		return nil, ErrLoginSourceNotExist{id}
  309. 	}
  310. 	return source, nil
  311. }
  312. 

  313. // UpdateSource updates a LoginSource record in DB.

  314. func UpdateSource(source *LoginSource) error {
  315. 	var originalLoginSource *LoginSource
  316. 	if source.IsOAuth2() {
  317. 		// keep track of the original values so we can restore in case of errors while registering OAuth2 providers

  318. 		var err error
  319. 		if originalLoginSource, err = GetLoginSourceByID(source.ID); err != nil {
  320. 			return err
  321. 		}
  322. 	}
  323. 

  324. 	_, err := x.ID(source.ID).AllCols().Update(source)
  325. 	if err == nil && source.IsOAuth2() && source.IsActived {
  326. 		oAuth2Config := source.OAuth2()
  327. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)
  328. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)
  329. 		if err != nil {
  330. 			// restore original values since we cannot update the provider it self

  331. 			if _, err := x.ID(source.ID).AllCols().Update(originalLoginSource); err != nil {
  332. 				log.Error("UpdateSource: Error while wrapOpenIDConnectInitializeError: %v", err)
  333. 			}
  334. 			return err
  335. 		}
  336. 	}
  337. 	return err
  338. }
  339. 

  340. // DeleteSource deletes a LoginSource record in DB.

  341. func DeleteSource(source *LoginSource) error {
  342. 	count, err := x.Count(&User{LoginSource: source.ID})
  343. 	if err != nil {
  344. 		return err
  345. 	} else if count > 0 {
  346. 		return ErrLoginSourceInUse{source.ID}
  347. 	}
  348. 

  349. 	count, err = x.Count(&ExternalLoginUser{LoginSourceID: source.ID})
  350. 	if err != nil {
  351. 		return err
  352. 	} else if count > 0 {
  353. 		return ErrLoginSourceInUse{source.ID}
  354. 	}
  355. 

  356. 	if source.IsOAuth2() {
  357. 		oauth2.RemoveProvider(source.Name)
  358. 	}
  359. 

  360. 	_, err = x.ID(source.ID).Delete(new(LoginSource))
  361. 	return err
  362. }
  363. 

  364. // CountLoginSources returns number of login sources.

  365. func CountLoginSources() int64 {
  366. 	count, _ := x.Count(new(LoginSource))
  367. 	return count
  368. }
  369. 

  370. // .____     ________      _____ __________

  371. // |    |    \______ \    /  _  \\______   \

  372. // |    |     |    |  \  /  /_\  \|     ___/

  373. // |    |___  |    `   \/    |    \    |

  374. // |_______ \/_______  /\____|__  /____|

  375. //         \/        \/         \/

  376. 

  377. func composeFullName(firstname, surname, username string) string {
  378. 	switch {
  379. 	case len(firstname) == 0 && len(surname) == 0:
  380. 		return username
  381. 	case len(firstname) == 0:
  382. 		return surname
  383. 	case len(surname) == 0:
  384. 		return firstname
  385. 	default:
  386. 		return firstname + " " + surname
  387. 	}
  388. }
  389. 

  390. var (
  391. 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
  392. )
  393. 

  394. // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,

  395. // and create a local user if success when enabled.

  396. func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
  397. 	sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)
  398. 	if sr == nil {
  399. 		// User not in LDAP, do nothing

  400. 		return nil, ErrUserNotExist{0, login, 0}
  401. 	}
  402. 

  403. 	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0
  404. 

  405. 	if !autoRegister {
  406. 		if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
  407. 			return user, RewriteAllPublicKeys()
  408. 		}
  409. 

  410. 		return user, nil
  411. 	}
  412. 

  413. 	// Fallback.

  414. 	if len(sr.Username) == 0 {
  415. 		sr.Username = login
  416. 	}
  417. 	// Validate username make sure it satisfies requirement.

  418. 	if alphaDashDotPattern.MatchString(sr.Username) {
  419. 		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", sr.Username)
  420. 	}
  421. 

  422. 	if len(sr.Mail) == 0 {
  423. 		sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)
  424. 	}
  425. 

  426. 	user = &User{
  427. 		LowerName:   strings.ToLower(sr.Username),
  428. 		Name:        sr.Username,
  429. 		FullName:    composeFullName(sr.Name, sr.Surname, sr.Username),
  430. 		Email:       sr.Mail,
  431. 		LoginType:   source.Type,
  432. 		LoginSource: source.ID,
  433. 		LoginName:   login,
  434. 		IsActive:    true,
  435. 		IsAdmin:     sr.IsAdmin,
  436. 	}
  437. 

  438. 	err := CreateUser(user)
  439. 

  440. 	if err == nil && isAttributeSSHPublicKeySet && addLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
  441. 		err = RewriteAllPublicKeys()
  442. 	}
  443. 

  444. 	return user, err
  445. }
  446. 

  447. //   _________   __________________________

  448. //  /   _____/  /     \__    ___/\______   \

  449. //  \_____  \  /  \ /  \|    |    |     ___/

  450. //  /        \/    Y    \    |    |    |

  451. // /_______  /\____|__  /____|    |____|

  452. //         \/         \/

  453. 

  454. type smtpLoginAuth struct {
  455. 	username, password string
  456. }
  457. 

  458. func (auth *smtpLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
  459. 	return "LOGIN", []byte(auth.username), nil
  460. }
  461. 

  462. func (auth *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
  463. 	if more {
  464. 		switch string(fromServer) {
  465. 		case "Username:":
  466. 			return []byte(auth.username), nil
  467. 		case "Password:":
  468. 			return []byte(auth.password), nil
  469. 		}
  470. 	}
  471. 	return nil, nil
  472. }
  473. 

  474. // SMTP authentication type names.

  475. const (
  476. 	SMTPPlain = "PLAIN"
  477. 	SMTPLogin = "LOGIN"
  478. )
  479. 

  480. // SMTPAuths contains available SMTP authentication type names.

  481. var SMTPAuths = []string{SMTPPlain, SMTPLogin}
  482. 

  483. // SMTPAuth performs an SMTP authentication.

  484. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
  485. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))
  486. 	if err != nil {
  487. 		return err
  488. 	}
  489. 	defer c.Close()
  490. 

  491. 	if err = c.Hello("gogs"); err != nil {
  492. 		return err
  493. 	}
  494. 

  495. 	if cfg.TLS {
  496. 		if ok, _ := c.Extension("STARTTLS"); ok {
  497. 			if err = c.StartTLS(&tls.Config{
  498. 				InsecureSkipVerify: cfg.SkipVerify,
  499. 				ServerName:         cfg.Host,
  500. 			}); err != nil {
  501. 				return err
  502. 			}
  503. 		} else {
  504. 			return errors.New("SMTP server unsupports TLS")
  505. 		}
  506. 	}
  507. 

  508. 	if ok, _ := c.Extension("AUTH"); ok {
  509. 		return c.Auth(a)
  510. 	}
  511. 	return ErrUnsupportedLoginType
  512. }
  513. 

  514. // LoginViaSMTP queries if login/password is valid against the SMTP,

  515. // and create a local user if success when enabled.

  516. func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
  517. 	// Verify allowed domains.

  518. 	if len(cfg.AllowedDomains) > 0 {
  519. 		idx := strings.Index(login, "@")
  520. 		if idx == -1 {
  521. 			return nil, ErrUserNotExist{0, login, 0}
  522. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), login[idx+1:]) {
  523. 			return nil, ErrUserNotExist{0, login, 0}
  524. 		}
  525. 	}
  526. 

  527. 	var auth smtp.Auth
  528. 	if cfg.Auth == SMTPPlain {
  529. 		auth = smtp.PlainAuth("", login, password, cfg.Host)
  530. 	} else if cfg.Auth == SMTPLogin {
  531. 		auth = &smtpLoginAuth{login, password}
  532. 	} else {
  533. 		return nil, errors.New("Unsupported SMTP auth type")
  534. 	}
  535. 

  536. 	if err := SMTPAuth(auth, cfg); err != nil {
  537. 		// Check standard error format first,

  538. 		// then fallback to worse case.

  539. 		tperr, ok := err.(*textproto.Error)
  540. 		if (ok && tperr.Code == 535) ||
  541. 			strings.Contains(err.Error(), "Username and Password not accepted") {
  542. 			return nil, ErrUserNotExist{0, login, 0}
  543. 		}
  544. 		return nil, err
  545. 	}
  546. 

  547. 	if !autoRegister {
  548. 		return user, nil
  549. 	}
  550. 

  551. 	username := login
  552. 	idx := strings.Index(login, "@")
  553. 	if idx > -1 {
  554. 		username = login[:idx]
  555. 	}
  556. 

  557. 	user = &User{
  558. 		LowerName:   strings.ToLower(username),
  559. 		Name:        strings.ToLower(username),
  560. 		Email:       login,
  561. 		Passwd:      password,
  562. 		LoginType:   LoginSMTP,
  563. 		LoginSource: sourceID,
  564. 		LoginName:   login,
  565. 		IsActive:    true,
  566. 	}
  567. 	return user, CreateUser(user)
  568. }
  569. 

  570. // __________  _____      _____

  571. // \______   \/  _  \    /     \

  572. //  |     ___/  /_\  \  /  \ /  \

  573. //  |    |  /    |    \/    Y    \

  574. //  |____|  \____|__  /\____|__  /

  575. //                  \/         \/

  576. 

  577. // LoginViaPAM queries if login/password is valid against the PAM,

  578. // and create a local user if success when enabled.

  579. func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
  580. 	if err := pam.Auth(cfg.ServiceName, login, password); err != nil {
  581. 		if strings.Contains(err.Error(), "Authentication failure") {
  582. 			return nil, ErrUserNotExist{0, login, 0}
  583. 		}
  584. 		return nil, err
  585. 	}
  586. 

  587. 	if !autoRegister {
  588. 		return user, nil
  589. 	}
  590. 

  591. 	user = &User{
  592. 		LowerName:   strings.ToLower(login),
  593. 		Name:        login,
  594. 		Email:       login,
  595. 		Passwd:      password,
  596. 		LoginType:   LoginPAM,
  597. 		LoginSource: sourceID,
  598. 		LoginName:   login,
  599. 		IsActive:    true,
  600. 	}
  601. 	return user, CreateUser(user)
  602. }
  603. 

  604. // ExternalUserLogin attempts a login using external source types.

  605. func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
  606. 	if !source.IsActived {
  607. 		return nil, ErrLoginSourceNotActived
  608. 	}
  609. 

  610. 	var err error
  611. 	switch source.Type {
  612. 	case LoginLDAP, LoginDLDAP:
  613. 		user, err = LoginViaLDAP(user, login, password, source, autoRegister)
  614. 	case LoginSMTP:
  615. 		user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
  616. 	case LoginPAM:
  617. 		user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
  618. 	default:
  619. 		return nil, ErrUnsupportedLoginType
  620. 	}
  621. 

  622. 	if err != nil {
  623. 		return nil, err
  624. 	}
  625. 

  626. 	// WARN: DON'T check user.IsActive, that will be checked on reqSign so that

  627. 	// user could be hint to resend confirm email.

  628. 	if user.ProhibitLogin {
  629. 		return nil, ErrUserProhibitLogin{user.ID, user.Name}
  630. 	}
  631. 

  632. 	return user, nil
  633. }
  634. 

  635. // UserSignIn validates user name and password.

  636. func UserSignIn(username, password string) (*User, error) {
  637. 	var user *User
  638. 	if strings.Contains(username, "@") {
  639. 		user = &User{Email: strings.ToLower(strings.TrimSpace(username))}
  640. 		// check same email

  641. 		cnt, err := x.Count(user)
  642. 		if err != nil {
  643. 			return nil, err
  644. 		}
  645. 		if cnt > 1 {
  646. 			return nil, ErrEmailAlreadyUsed{
  647. 				Email: user.Email,
  648. 			}
  649. 		}
  650. 	} else {
  651. 		trimmedUsername := strings.TrimSpace(username)
  652. 		if len(trimmedUsername) == 0 {
  653. 			return nil, ErrUserNotExist{0, username, 0}
  654. 		}
  655. 

  656. 		user = &User{LowerName: strings.ToLower(trimmedUsername)}
  657. 	}
  658. 

  659. 	hasUser, err := x.Get(user)
  660. 	if err != nil {
  661. 		return nil, err
  662. 	}
  663. 

  664. 	if hasUser {
  665. 		switch user.LoginType {
  666. 		case LoginNoType, LoginPlain, LoginOAuth2:
  667. 			if user.IsPasswordSet() && user.ValidatePassword(password) {
  668. 				// WARN: DON'T check user.IsActive, that will be checked on reqSign so that

  669. 				// user could be hint to resend confirm email.

  670. 				if user.ProhibitLogin {
  671. 					return nil, ErrUserProhibitLogin{user.ID, user.Name}
  672. 				}
  673. 

  674. 				return user, nil
  675. 			}
  676. 

  677. 			return nil, ErrUserNotExist{user.ID, user.Name, 0}
  678. 

  679. 		default:
  680. 			var source LoginSource
  681. 			hasSource, err := x.ID(user.LoginSource).Get(&source)
  682. 			if err != nil {
  683. 				return nil, err
  684. 			} else if !hasSource {
  685. 				return nil, ErrLoginSourceNotExist{user.LoginSource}
  686. 			}
  687. 

  688. 			return ExternalUserLogin(user, user.LoginName, password, &source, false)
  689. 		}
  690. 	}
  691. 

  692. 	sources := make([]*LoginSource, 0, 5)
  693. 	if err = x.Where("is_actived = ?", true).Find(&sources); err != nil {
  694. 		return nil, err
  695. 	}
  696. 

  697. 	for _, source := range sources {
  698. 		if source.IsOAuth2() {
  699. 			// don't try to authenticate against OAuth2 sources

  700. 			continue
  701. 		}
  702. 		authUser, err := ExternalUserLogin(nil, username, password, source, true)
  703. 		if err == nil {
  704. 			return authUser, nil
  705. 		}
  706. 

  707. 		log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)
  708. 	}
  709. 

  710. 	return nil, ErrUserNotExist{user.ID, user.Name, 0}
  711. }