closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5027 Commits
2 Branches
178 MiB
Tree: c1d5983d3e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c1d5983d3e'
${ noResults }
gitea/models/login_source.go

742 lines
20 KiB
Raw Normal View History

Add tar.gz download button and other mirror updates
10 years ago
fix code
10 years ago
add login.go
10 years ago
ldap support
10 years ago
Make gmail auth work
10 years ago
ldap support
10 years ago
basic authentications
10 years ago
add smtp authentication
10 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
merge all login methods
10 years ago
ldap support
10 years ago
add login.go
10 years ago
finish new edit auth UI
9 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
ldap support
10 years ago
basic authentications
10 years ago
fix code
10 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
ldap support
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Add tar.gz download button and other mirror updates
10 years ago
models/login_source: code improvement
8 years ago
basic authentications
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
basic authentications
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Rewrite XORM queries
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Fix spelling errors in comments.
10 years ago
Fix edit auth page bug
10 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix edit auth page bug
10 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
10 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
models/login_source: code improvement
8 years ago
add login.go
10 years ago
#1625 remove auto_register and makes it default
9 years ago
Create missing database indexes (#596)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Create missing database indexes (#596)
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Create missing database indexes (#596)
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
8 years ago
ldap support
10 years ago
#2349 try to handle []int8 case
8 years ago
#2349 fix convert type
8 years ago
#2349 try to handle []int8 case
8 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
#2349 try to handle []int8 case
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
finish new edit auth UI
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Lint models/login_source.go
8 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
8 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Add tar.gz download button and other mirror updates
10 years ago
Lint models/login_source.go
8 years ago
#697 disable captcha and new admin create user UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
ldap support
10 years ago
APIs: admin users
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
basic authentications
10 years ago
Fix #165
10 years ago
basic authentications
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
basic authentications
10 years ago
Lint models/login_source.go
8 years ago
add support for smtp authentication
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
ldap support
10 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
basic authentications
10 years ago
finish new edit auth UI
9 years ago
models/login_source: code improvement
8 years ago
basic authentications
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
finish new edit auth UI
9 years ago
ldap support
10 years ago
add login.go
10 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
minor fix on #1694
9 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
work on #672
10 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
merge all login methods
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
merge all login methods
10 years ago
work on #672
10 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
models/login_source: code improvement
8 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
#3295 fix wrong logic judgement
8 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
work on #672
10 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
work on #672
10 years ago
models/login_source: code improvement
8 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
models/login_source: code improvement
8 years ago
Added LDAP simple auth support.
9 years ago
models/login_source: code improvement
8 years ago
work on #672
10 years ago
models/login_source: code improvement
8 years ago
merge all login methods
10 years ago
models/login_source: code improvement
8 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
add smtp authentication
10 years ago
Make gmail auth work
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
10 years ago
Clean old LDAP code
10 years ago
add smtp authentication
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
10 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
golint fixed for modules/auth
8 years ago
Add PAM authentication
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
fix some typos (#1082)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"crypto/tls"
  9. 	"encoding/json"
  10. 	"errors"
  11. 	"fmt"
  12. 	"net/smtp"
  13. 	"net/textproto"
  14. 	"strings"
  15. 	"time"
  16. 

  17. 	"github.com/Unknwon/com"
  18. 	"github.com/go-macaron/binding"
  19. 	"github.com/go-xorm/core"
  20. 	"github.com/go-xorm/xorm"
  21. 

  22. 	"code.gitea.io/gitea/modules/auth/ldap"
  23. 	"code.gitea.io/gitea/modules/auth/oauth2"
  24. 	"code.gitea.io/gitea/modules/auth/pam"
  25. 	"code.gitea.io/gitea/modules/log"
  26. )
  27. 

  28. // LoginType represents an login type.

  29. type LoginType int
  30. 

  31. // Note: new type must append to the end of list to maintain compatibility.

  32. const (
  33. 	LoginNoType LoginType = iota
  34. 	LoginPlain            // 1

  35. 	LoginLDAP             // 2

  36. 	LoginSMTP             // 3

  37. 	LoginPAM              // 4

  38. 	LoginDLDAP            // 5

  39. 	LoginOAuth2           // 6

  40. )
  41. 

  42. // LoginNames contains the name of LoginType values.

  43. var LoginNames = map[LoginType]string{
  44. 	LoginLDAP:   "LDAP (via BindDN)",
  45. 	LoginDLDAP:  "LDAP (simple auth)", // Via direct bind

  46. 	LoginSMTP:   "SMTP",
  47. 	LoginPAM:    "PAM",
  48. 	LoginOAuth2: "OAuth2",
  49. }
  50. 

  51. // SecurityProtocolNames contains the name of SecurityProtocol values.

  52. var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
  53. 	ldap.SecurityProtocolUnencrypted: "Unencrypted",
  54. 	ldap.SecurityProtocolLDAPS:       "LDAPS",
  55. 	ldap.SecurityProtocolStartTLS:    "StartTLS",
  56. }
  57. 

  58. // Ensure structs implemented interface.

  59. var (
  60. 	_ core.Conversion = &LDAPConfig{}
  61. 	_ core.Conversion = &SMTPConfig{}
  62. 	_ core.Conversion = &PAMConfig{}
  63. 	_ core.Conversion = &OAuth2Config{}
  64. )
  65. 

  66. // LDAPConfig holds configuration for LDAP login source.

  67. type LDAPConfig struct {
  68. 	*ldap.Source
  69. }
  70. 

  71. // FromDB fills up a LDAPConfig from serialized format.

  72. func (cfg *LDAPConfig) FromDB(bs []byte) error {
  73. 	return json.Unmarshal(bs, &cfg)
  74. }
  75. 

  76. // ToDB exports a LDAPConfig to a serialized format.

  77. func (cfg *LDAPConfig) ToDB() ([]byte, error) {
  78. 	return json.Marshal(cfg)
  79. }
  80. 

  81. // SecurityProtocolName returns the name of configured security

  82. // protocol.

  83. func (cfg *LDAPConfig) SecurityProtocolName() string {
  84. 	return SecurityProtocolNames[cfg.SecurityProtocol]
  85. }
  86. 

  87. // SMTPConfig holds configuration for the SMTP login source.

  88. type SMTPConfig struct {
  89. 	Auth           string
  90. 	Host           string
  91. 	Port           int
  92. 	AllowedDomains string `xorm:"TEXT"`
  93. 	TLS            bool
  94. 	SkipVerify     bool
  95. }
  96. 

  97. // FromDB fills up an SMTPConfig from serialized format.

  98. func (cfg *SMTPConfig) FromDB(bs []byte) error {
  99. 	return json.Unmarshal(bs, cfg)
  100. }
  101. 

  102. // ToDB exports an SMTPConfig to a serialized format.

  103. func (cfg *SMTPConfig) ToDB() ([]byte, error) {
  104. 	return json.Marshal(cfg)
  105. }
  106. 

  107. // PAMConfig holds configuration for the PAM login source.

  108. type PAMConfig struct {
  109. 	ServiceName string // pam service (e.g. system-auth)

  110. }
  111. 

  112. // FromDB fills up a PAMConfig from serialized format.

  113. func (cfg *PAMConfig) FromDB(bs []byte) error {
  114. 	return json.Unmarshal(bs, &cfg)
  115. }
  116. 

  117. // ToDB exports a PAMConfig to a serialized format.

  118. func (cfg *PAMConfig) ToDB() ([]byte, error) {
  119. 	return json.Marshal(cfg)
  120. }
  121. 

  122. // OAuth2Config holds configuration for the OAuth2 login source.

  123. type OAuth2Config struct {
  124. 	Provider     string
  125. 	ClientID     string
  126. 	ClientSecret string
  127. }
  128. 

  129. // FromDB fills up an OAuth2Config from serialized format.

  130. func (cfg *OAuth2Config) FromDB(bs []byte) error {
  131. 	return json.Unmarshal(bs, cfg)
  132. }
  133. 

  134. // ToDB exports an SMTPConfig to a serialized format.

  135. func (cfg *OAuth2Config) ToDB() ([]byte, error) {
  136. 	return json.Marshal(cfg)
  137. }
  138. 

  139. // LoginSource represents an external way for authorizing users.

  140. type LoginSource struct {
  141. 	ID        int64 `xorm:"pk autoincr"`
  142. 	Type      LoginType
  143. 	Name      string          `xorm:"UNIQUE"`
  144. 	IsActived bool            `xorm:"INDEX NOT NULL DEFAULT false"`
  145. 	Cfg       core.Conversion `xorm:"TEXT"`
  146. 

  147. 	Created     time.Time `xorm:"-"`
  148. 	CreatedUnix int64     `xorm:"INDEX"`
  149. 	Updated     time.Time `xorm:"-"`
  150. 	UpdatedUnix int64     `xorm:"INDEX"`
  151. }
  152. 

  153. // BeforeInsert is invoked from XORM before inserting an object of this type.

  154. func (source *LoginSource) BeforeInsert() {
  155. 	source.CreatedUnix = time.Now().Unix()
  156. 	source.UpdatedUnix = source.CreatedUnix
  157. }
  158. 

  159. // BeforeUpdate is invoked from XORM before updating this object.

  160. func (source *LoginSource) BeforeUpdate() {
  161. 	source.UpdatedUnix = time.Now().Unix()
  162. }
  163. 

  164. // Cell2Int64 converts a xorm.Cell type to int64,

  165. // and handles possible irregular cases.

  166. func Cell2Int64(val xorm.Cell) int64 {
  167. 	switch (*val).(type) {
  168. 	case []uint8:
  169. 		log.Trace("Cell2Int64 ([]uint8): %v", *val)
  170. 		return com.StrTo(string((*val).([]uint8))).MustInt64()
  171. 	}
  172. 	return (*val).(int64)
  173. }
  174. 

  175. // BeforeSet is invoked from XORM before setting the value of a field of this object.

  176. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
  177. 	switch colName {
  178. 	case "type":
  179. 		switch LoginType(Cell2Int64(val)) {
  180. 		case LoginLDAP, LoginDLDAP:
  181. 			source.Cfg = new(LDAPConfig)
  182. 		case LoginSMTP:
  183. 			source.Cfg = new(SMTPConfig)
  184. 		case LoginPAM:
  185. 			source.Cfg = new(PAMConfig)
  186. 		case LoginOAuth2:
  187. 			source.Cfg = new(OAuth2Config)
  188. 		default:
  189. 			panic("unrecognized login source type: " + com.ToStr(*val))
  190. 		}
  191. 	}
  192. }
  193. 

  194. // AfterSet is invoked from XORM after setting the value of a field of this object.

  195. func (source *LoginSource) AfterSet(colName string, _ xorm.Cell) {
  196. 	switch colName {
  197. 	case "created_unix":
  198. 		source.Created = time.Unix(source.CreatedUnix, 0).Local()
  199. 	case "updated_unix":
  200. 		source.Updated = time.Unix(source.UpdatedUnix, 0).Local()
  201. 	}
  202. }
  203. 

  204. // TypeName return name of this login source type.

  205. func (source *LoginSource) TypeName() string {
  206. 	return LoginNames[source.Type]
  207. }
  208. 

  209. // IsLDAP returns true of this source is of the LDAP type.

  210. func (source *LoginSource) IsLDAP() bool {
  211. 	return source.Type == LoginLDAP
  212. }
  213. 

  214. // IsDLDAP returns true of this source is of the DLDAP type.

  215. func (source *LoginSource) IsDLDAP() bool {
  216. 	return source.Type == LoginDLDAP
  217. }
  218. 

  219. // IsSMTP returns true of this source is of the SMTP type.

  220. func (source *LoginSource) IsSMTP() bool {
  221. 	return source.Type == LoginSMTP
  222. }
  223. 

  224. // IsPAM returns true of this source is of the PAM type.

  225. func (source *LoginSource) IsPAM() bool {
  226. 	return source.Type == LoginPAM
  227. }
  228. 

  229. // IsOAuth2 returns true of this source is of the OAuth2 type.

  230. func (source *LoginSource) IsOAuth2() bool {
  231. 	return source.Type == LoginOAuth2
  232. }
  233. 

  234. // HasTLS returns true of this source supports TLS.

  235. func (source *LoginSource) HasTLS() bool {
  236. 	return ((source.IsLDAP() || source.IsDLDAP()) &&
  237. 		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
  238. 		source.IsSMTP()
  239. }
  240. 

  241. // UseTLS returns true of this source is configured to use TLS.

  242. func (source *LoginSource) UseTLS() bool {
  243. 	switch source.Type {
  244. 	case LoginLDAP, LoginDLDAP:
  245. 		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
  246. 	case LoginSMTP:
  247. 		return source.SMTP().TLS
  248. 	}
  249. 

  250. 	return false
  251. }
  252. 

  253. // SkipVerify returns true if this source is configured to skip SSL

  254. // verification.

  255. func (source *LoginSource) SkipVerify() bool {
  256. 	switch source.Type {
  257. 	case LoginLDAP, LoginDLDAP:
  258. 		return source.LDAP().SkipVerify
  259. 	case LoginSMTP:
  260. 		return source.SMTP().SkipVerify
  261. 	}
  262. 

  263. 	return false
  264. }
  265. 

  266. // LDAP returns LDAPConfig for this source, if of LDAP type.

  267. func (source *LoginSource) LDAP() *LDAPConfig {
  268. 	return source.Cfg.(*LDAPConfig)
  269. }
  270. 

  271. // SMTP returns SMTPConfig for this source, if of SMTP type.

  272. func (source *LoginSource) SMTP() *SMTPConfig {
  273. 	return source.Cfg.(*SMTPConfig)
  274. }
  275. 

  276. // PAM returns PAMConfig for this source, if of PAM type.

  277. func (source *LoginSource) PAM() *PAMConfig {
  278. 	return source.Cfg.(*PAMConfig)
  279. }
  280. 

  281. // OAuth2 returns OAuth2Config for this source, if of OAuth2 type.

  282. func (source *LoginSource) OAuth2() *OAuth2Config {
  283. 	return source.Cfg.(*OAuth2Config)
  284. }
  285. 

  286. // CreateLoginSource inserts a LoginSource in the DB if not already

  287. // existing with the given name.

  288. func CreateLoginSource(source *LoginSource) error {
  289. 	has, err := x.Get(&LoginSource{Name: source.Name})
  290. 	if err != nil {
  291. 		return err
  292. 	} else if has {
  293. 		return ErrLoginSourceAlreadyExist{source.Name}
  294. 	}
  295. 

  296. 	_, err = x.Insert(source)
  297. 	if err == nil && source.IsOAuth2() {
  298. 		oAuth2Config := source.OAuth2()
  299. 		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)
  300. 	}
  301. 	return err
  302. }
  303. 

  304. // LoginSources returns a slice of all login sources found in DB.

  305. func LoginSources() ([]*LoginSource, error) {
  306. 	auths := make([]*LoginSource, 0, 6)
  307. 	return auths, x.Find(&auths)
  308. }
  309. 

  310. // GetLoginSourceByID returns login source by given ID.

  311. func GetLoginSourceByID(id int64) (*LoginSource, error) {
  312. 	source := new(LoginSource)
  313. 	has, err := x.Id(id).Get(source)
  314. 	if err != nil {
  315. 		return nil, err
  316. 	} else if !has {
  317. 		return nil, ErrLoginSourceNotExist{id}
  318. 	}
  319. 	return source, nil
  320. }
  321. 

  322. // UpdateSource updates a LoginSource record in DB.

  323. func UpdateSource(source *LoginSource) error {
  324. 	_, err := x.Id(source.ID).AllCols().Update(source)
  325. 	if err == nil && source.IsOAuth2() {
  326. 		oAuth2Config := source.OAuth2()
  327. 		oauth2.RemoveProvider(source.Name)
  328. 		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)
  329. 	}
  330. 	return err
  331. }
  332. 

  333. // DeleteSource deletes a LoginSource record in DB.

  334. func DeleteSource(source *LoginSource) error {
  335. 	count, err := x.Count(&User{LoginSource: source.ID})
  336. 	if err != nil {
  337. 		return err
  338. 	} else if count > 0 {
  339. 		return ErrLoginSourceInUse{source.ID}
  340. 	}
  341. 

  342. 	count, err = x.Count(&ExternalLoginUser{LoginSourceID: source.ID})
  343. 	if err != nil {
  344. 		return err
  345. 	} else if count > 0 {
  346. 		return ErrLoginSourceInUse{source.ID}
  347. 	}
  348. 

  349. 	if source.IsOAuth2() {
  350. 		oauth2.RemoveProvider(source.Name)
  351. 	}
  352. 

  353. 	_, err = x.Id(source.ID).Delete(new(LoginSource))
  354. 	return err
  355. }
  356. 

  357. // CountLoginSources returns number of login sources.

  358. func CountLoginSources() int64 {
  359. 	count, _ := x.Count(new(LoginSource))
  360. 	return count
  361. }
  362. 

  363. // .____     ________      _____ __________

  364. // |    |    \______ \    /  _  \\______   \

  365. // |    |     |    |  \  /  /_\  \|     ___/

  366. // |    |___  |    `   \/    |    \    |

  367. // |_______ \/_______  /\____|__  /____|

  368. //         \/        \/         \/

  369. 

  370. func composeFullName(firstname, surname, username string) string {
  371. 	switch {
  372. 	case len(firstname) == 0 && len(surname) == 0:
  373. 		return username
  374. 	case len(firstname) == 0:
  375. 		return surname
  376. 	case len(surname) == 0:
  377. 		return firstname
  378. 	default:
  379. 		return firstname + " " + surname
  380. 	}
  381. }
  382. 

  383. // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,

  384. // and create a local user if success when enabled.

  385. func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
  386. 	username, fn, sn, mail, isAdmin, succeed := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)
  387. 	if !succeed {
  388. 		// User not in LDAP, do nothing

  389. 		return nil, ErrUserNotExist{0, login, 0}
  390. 	}
  391. 

  392. 	if !autoRegister {
  393. 		return user, nil
  394. 	}
  395. 

  396. 	// Fallback.

  397. 	if len(username) == 0 {
  398. 		username = login
  399. 	}
  400. 	// Validate username make sure it satisfies requirement.

  401. 	if binding.AlphaDashDotPattern.MatchString(username) {
  402. 		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", username)
  403. 	}
  404. 

  405. 	if len(mail) == 0 {
  406. 		mail = fmt.Sprintf("%s@localhost", username)
  407. 	}
  408. 

  409. 	user = &User{
  410. 		LowerName:   strings.ToLower(username),
  411. 		Name:        username,
  412. 		FullName:    composeFullName(fn, sn, username),
  413. 		Email:       mail,
  414. 		LoginType:   source.Type,
  415. 		LoginSource: source.ID,
  416. 		LoginName:   login,
  417. 		IsActive:    true,
  418. 		IsAdmin:     isAdmin,
  419. 	}
  420. 	return user, CreateUser(user)
  421. }
  422. 

  423. //   _________   __________________________

  424. //  /   _____/  /     \__    ___/\______   \

  425. //  \_____  \  /  \ /  \|    |    |     ___/

  426. //  /        \/    Y    \    |    |    |

  427. // /_______  /\____|__  /____|    |____|

  428. //         \/         \/

  429. 

  430. type smtpLoginAuth struct {
  431. 	username, password string
  432. }
  433. 

  434. func (auth *smtpLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
  435. 	return "LOGIN", []byte(auth.username), nil
  436. }
  437. 

  438. func (auth *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
  439. 	if more {
  440. 		switch string(fromServer) {
  441. 		case "Username:":
  442. 			return []byte(auth.username), nil
  443. 		case "Password:":
  444. 			return []byte(auth.password), nil
  445. 		}
  446. 	}
  447. 	return nil, nil
  448. }
  449. 

  450. // SMTP authentication type names.

  451. const (
  452. 	SMTPPlain = "PLAIN"
  453. 	SMTPLogin = "LOGIN"
  454. )
  455. 

  456. // SMTPAuths contains available SMTP authentication type names.

  457. var SMTPAuths = []string{SMTPPlain, SMTPLogin}
  458. 

  459. // SMTPAuth performs an SMTP authentication.

  460. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
  461. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))
  462. 	if err != nil {
  463. 		return err
  464. 	}
  465. 	defer c.Close()
  466. 

  467. 	if err = c.Hello("gogs"); err != nil {
  468. 		return err
  469. 	}
  470. 

  471. 	if cfg.TLS {
  472. 		if ok, _ := c.Extension("STARTTLS"); ok {
  473. 			if err = c.StartTLS(&tls.Config{
  474. 				InsecureSkipVerify: cfg.SkipVerify,
  475. 				ServerName:         cfg.Host,
  476. 			}); err != nil {
  477. 				return err
  478. 			}
  479. 		} else {
  480. 			return errors.New("SMTP server unsupports TLS")
  481. 		}
  482. 	}
  483. 

  484. 	if ok, _ := c.Extension("AUTH"); ok {
  485. 		if err = c.Auth(a); err != nil {
  486. 			return err
  487. 		}
  488. 		return nil
  489. 	}
  490. 	return ErrUnsupportedLoginType
  491. }
  492. 

  493. // LoginViaSMTP queries if login/password is valid against the SMTP,

  494. // and create a local user if success when enabled.

  495. func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
  496. 	// Verify allowed domains.

  497. 	if len(cfg.AllowedDomains) > 0 {
  498. 		idx := strings.Index(login, "@")
  499. 		if idx == -1 {
  500. 			return nil, ErrUserNotExist{0, login, 0}
  501. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), login[idx+1:]) {
  502. 			return nil, ErrUserNotExist{0, login, 0}
  503. 		}
  504. 	}
  505. 

  506. 	var auth smtp.Auth
  507. 	if cfg.Auth == SMTPPlain {
  508. 		auth = smtp.PlainAuth("", login, password, cfg.Host)
  509. 	} else if cfg.Auth == SMTPLogin {
  510. 		auth = &smtpLoginAuth{login, password}
  511. 	} else {
  512. 		return nil, errors.New("Unsupported SMTP auth type")
  513. 	}
  514. 

  515. 	if err := SMTPAuth(auth, cfg); err != nil {
  516. 		// Check standard error format first,

  517. 		// then fallback to worse case.

  518. 		tperr, ok := err.(*textproto.Error)
  519. 		if (ok && tperr.Code == 535) ||
  520. 			strings.Contains(err.Error(), "Username and Password not accepted") {
  521. 			return nil, ErrUserNotExist{0, login, 0}
  522. 		}
  523. 		return nil, err
  524. 	}
  525. 

  526. 	if !autoRegister {
  527. 		return user, nil
  528. 	}
  529. 

  530. 	username := login
  531. 	idx := strings.Index(login, "@")
  532. 	if idx > -1 {
  533. 		username = login[:idx]
  534. 	}
  535. 

  536. 	user = &User{
  537. 		LowerName:   strings.ToLower(username),
  538. 		Name:        strings.ToLower(username),
  539. 		Email:       login,
  540. 		Passwd:      password,
  541. 		LoginType:   LoginSMTP,
  542. 		LoginSource: sourceID,
  543. 		LoginName:   login,
  544. 		IsActive:    true,
  545. 	}
  546. 	return user, CreateUser(user)
  547. }
  548. 

  549. // __________  _____      _____

  550. // \______   \/  _  \    /     \

  551. //  |     ___/  /_\  \  /  \ /  \

  552. //  |    |  /    |    \/    Y    \

  553. //  |____|  \____|__  /\____|__  /

  554. //                  \/         \/

  555. 

  556. // LoginViaPAM queries if login/password is valid against the PAM,

  557. // and create a local user if success when enabled.

  558. func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
  559. 	if err := pam.Auth(cfg.ServiceName, login, password); err != nil {
  560. 		if strings.Contains(err.Error(), "Authentication failure") {
  561. 			return nil, ErrUserNotExist{0, login, 0}
  562. 		}
  563. 		return nil, err
  564. 	}
  565. 

  566. 	if !autoRegister {
  567. 		return user, nil
  568. 	}
  569. 

  570. 	user = &User{
  571. 		LowerName:   strings.ToLower(login),
  572. 		Name:        login,
  573. 		Email:       login,
  574. 		Passwd:      password,
  575. 		LoginType:   LoginPAM,
  576. 		LoginSource: sourceID,
  577. 		LoginName:   login,
  578. 		IsActive:    true,
  579. 	}
  580. 	return user, CreateUser(user)
  581. }
  582. 

  583. //  ________      _____          __  .__     ________

  584. //  \_____  \    /  _  \  __ ___/  |_|  |__  \_____  \

  585. //   /   |   \  /  /_\  \|  |  \   __\  |  \  /  ____/

  586. //  /    |    \/    |    \  |  /|  | |   Y  \/       \

  587. //  \_______  /\____|__  /____/ |__| |___|  /\_______ \

  588. //          \/         \/                 \/         \/

  589. 

  590. // OAuth2Provider describes the display values of a single OAuth2 provider

  591. type OAuth2Provider struct {
  592. 	Name        string
  593. 	DisplayName string
  594. 	Image       string
  595. }
  596. 

  597. // OAuth2Providers contains the map of registered OAuth2 providers in Gitea (based on goth)

  598. // key is used to map the OAuth2Provider with the goth provider type (also in LoginSource.OAuth2Config.Provider)

  599. // value is used to store display data

  600. var OAuth2Providers = map[string]OAuth2Provider{
  601. 	"github": {Name: "github", DisplayName: "GitHub", Image: "/img/github.png"},
  602. }
  603. 

  604. // ExternalUserLogin attempts a login using external source types.

  605. func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
  606. 	if !source.IsActived {
  607. 		return nil, ErrLoginSourceNotActived
  608. 	}
  609. 

  610. 	switch source.Type {
  611. 	case LoginLDAP, LoginDLDAP:
  612. 		return LoginViaLDAP(user, login, password, source, autoRegister)
  613. 	case LoginSMTP:
  614. 		return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
  615. 	case LoginPAM:
  616. 		return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
  617. 	}
  618. 

  619. 	return nil, ErrUnsupportedLoginType
  620. }
  621. 

  622. // UserSignIn validates user name and password.

  623. func UserSignIn(username, password string) (*User, error) {
  624. 	var user *User
  625. 	if strings.Contains(username, "@") {
  626. 		user = &User{Email: strings.ToLower(strings.TrimSpace(username))}
  627. 		// check same email

  628. 		cnt, err := x.Count(user)
  629. 		if err != nil {
  630. 			return nil, err
  631. 		}
  632. 		if cnt > 1 {
  633. 			return nil, ErrEmailAlreadyUsed{
  634. 				Email: user.Email,
  635. 			}
  636. 		}
  637. 	} else {
  638. 		user = &User{LowerName: strings.ToLower(strings.TrimSpace(username))}
  639. 	}
  640. 

  641. 	hasUser, err := x.Get(user)
  642. 	if err != nil {
  643. 		return nil, err
  644. 	}
  645. 

  646. 	if hasUser {
  647. 		switch user.LoginType {
  648. 		case LoginNoType, LoginPlain, LoginOAuth2:
  649. 			if user.ValidatePassword(password) {
  650. 				return user, nil
  651. 			}
  652. 

  653. 			return nil, ErrUserNotExist{user.ID, user.Name, 0}
  654. 

  655. 		default:
  656. 			var source LoginSource
  657. 			hasSource, err := x.Id(user.LoginSource).Get(&source)
  658. 			if err != nil {
  659. 				return nil, err
  660. 			} else if !hasSource {
  661. 				return nil, ErrLoginSourceNotExist{user.LoginSource}
  662. 			}
  663. 

  664. 			return ExternalUserLogin(user, user.LoginName, password, &source, false)
  665. 		}
  666. 	}
  667. 

  668. 	sources := make([]*LoginSource, 0, 5)
  669. 	if err = x.UseBool().Find(&sources, &LoginSource{IsActived: true}); err != nil {
  670. 		return nil, err
  671. 	}
  672. 

  673. 	for _, source := range sources {
  674. 		if source.IsOAuth2() {
  675. 			// don't try to authenticate against OAuth2 sources

  676. 			continue
  677. 		}
  678. 		authUser, err := ExternalUserLogin(nil, username, password, source, true)
  679. 		if err == nil {
  680. 			return authUser, nil
  681. 		}
  682. 

  683. 		log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)
  684. 	}
  685. 

  686. 	return nil, ErrUserNotExist{user.ID, user.Name, 0}
  687. }
  688. 

  689. // GetActiveOAuth2ProviderLoginSources returns all actived LoginOAuth2 sources

  690. func GetActiveOAuth2ProviderLoginSources() ([]*LoginSource, error) {
  691. 	sources := make([]*LoginSource, 0, 1)
  692. 	if err := x.UseBool().Find(&sources, &LoginSource{IsActived: true, Type: LoginOAuth2}); err != nil {
  693. 		return nil, err
  694. 	}
  695. 	return sources, nil
  696. }
  697. 

  698. // GetActiveOAuth2LoginSourceByName returns a OAuth2 LoginSource based on the given name

  699. func GetActiveOAuth2LoginSourceByName(name string) (*LoginSource, error) {
  700. 	loginSource := &LoginSource{
  701. 		Name:      name,
  702. 		Type:      LoginOAuth2,
  703. 		IsActived: true,
  704. 	}
  705. 

  706. 	has, err := x.UseBool().Get(loginSource)
  707. 	if !has || err != nil {
  708. 		return nil, err
  709. 	}
  710. 

  711. 	return loginSource, nil
  712. }
  713. 

  714. // GetActiveOAuth2Providers returns the map of configured active OAuth2 providers

  715. // key is used as technical name (like in the callbackURL)

  716. // values to display

  717. func GetActiveOAuth2Providers() (map[string]OAuth2Provider, error) {
  718. 	// Maybe also separate used and unused providers so we can force the registration of only 1 active provider for each type

  719. 

  720. 	loginSources, err := GetActiveOAuth2ProviderLoginSources()
  721. 	if err != nil {
  722. 		return nil, err
  723. 	}
  724. 

  725. 	providers := make(map[string]OAuth2Provider)
  726. 	for _, source := range loginSources {
  727. 		providers[source.Name] = OAuth2Providers[source.OAuth2().Provider]
  728. 	}
  729. 

  730. 	return providers, nil
  731. }
  732. 

  733. // InitOAuth2 initialize the OAuth2 lib and register all active OAuth2 providers in the library

  734. func InitOAuth2() {
  735. 	oauth2.Init()
  736. 	loginSources, _ := GetActiveOAuth2ProviderLoginSources()
  737. 

  738. 	for _, source := range loginSources {
  739. 		oAuth2Config := source.OAuth2()
  740. 		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)
  741. 	}
  742. }