You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

267 lines
7.8 KiB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "github.com/Unknwon/com"
  8. "github.com/go-xorm/core"
  9. "code.gitea.io/gitea/models"
  10. "code.gitea.io/gitea/modules/auth"
  11. "code.gitea.io/gitea/modules/auth/ldap"
  12. "code.gitea.io/gitea/modules/base"
  13. "code.gitea.io/gitea/modules/context"
  14. "code.gitea.io/gitea/modules/log"
  15. "code.gitea.io/gitea/modules/setting"
  16. )
  17. const (
  18. tplAuths base.TplName = "admin/auth/list"
  19. tplAuthNew base.TplName = "admin/auth/new"
  20. tplAuthEdit base.TplName = "admin/auth/edit"
  21. )
  22. // Authentications show authentication config page
  23. func Authentications(ctx *context.Context) {
  24. ctx.Data["Title"] = ctx.Tr("admin.authentication")
  25. ctx.Data["PageIsAdmin"] = true
  26. ctx.Data["PageIsAdminAuthentications"] = true
  27. var err error
  28. ctx.Data["Sources"], err = models.LoginSources()
  29. if err != nil {
  30. ctx.Handle(500, "LoginSources", err)
  31. return
  32. }
  33. ctx.Data["Total"] = models.CountLoginSources()
  34. ctx.HTML(200, tplAuths)
  35. }
  36. type dropdownItem struct {
  37. Name string
  38. Type interface{}
  39. }
  40. var (
  41. authSources = []dropdownItem{
  42. {models.LoginNames[models.LoginLDAP], models.LoginLDAP},
  43. {models.LoginNames[models.LoginDLDAP], models.LoginDLDAP},
  44. {models.LoginNames[models.LoginSMTP], models.LoginSMTP},
  45. {models.LoginNames[models.LoginPAM], models.LoginPAM},
  46. }
  47. securityProtocols = []dropdownItem{
  48. {models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
  49. {models.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},
  50. {models.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},
  51. }
  52. )
  53. // NewAuthSource render adding a new auth source page
  54. func NewAuthSource(ctx *context.Context) {
  55. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  56. ctx.Data["PageIsAdmin"] = true
  57. ctx.Data["PageIsAdminAuthentications"] = true
  58. ctx.Data["type"] = models.LoginLDAP
  59. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLDAP]
  60. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
  61. ctx.Data["smtp_auth"] = "PLAIN"
  62. ctx.Data["is_active"] = true
  63. ctx.Data["AuthSources"] = authSources
  64. ctx.Data["SecurityProtocols"] = securityProtocols
  65. ctx.Data["SMTPAuths"] = models.SMTPAuths
  66. ctx.HTML(200, tplAuthNew)
  67. }
  68. func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
  69. return &models.LDAPConfig{
  70. Source: &ldap.Source{
  71. Name: form.Name,
  72. Host: form.Host,
  73. Port: form.Port,
  74. SecurityProtocol: ldap.SecurityProtocol(form.SecurityProtocol),
  75. SkipVerify: form.SkipVerify,
  76. BindDN: form.BindDN,
  77. UserDN: form.UserDN,
  78. BindPassword: form.BindPassword,
  79. UserBase: form.UserBase,
  80. AttributeUsername: form.AttributeUsername,
  81. AttributeName: form.AttributeName,
  82. AttributeSurname: form.AttributeSurname,
  83. AttributeMail: form.AttributeMail,
  84. AttributesInBind: form.AttributesInBind,
  85. Filter: form.Filter,
  86. AdminFilter: form.AdminFilter,
  87. Enabled: true,
  88. },
  89. }
  90. }
  91. func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {
  92. return &models.SMTPConfig{
  93. Auth: form.SMTPAuth,
  94. Host: form.SMTPHost,
  95. Port: form.SMTPPort,
  96. AllowedDomains: form.AllowedDomains,
  97. TLS: form.TLS,
  98. SkipVerify: form.SkipVerify,
  99. }
  100. }
  101. // NewAuthSourcePost response for adding an auth source
  102. func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  103. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  104. ctx.Data["PageIsAdmin"] = true
  105. ctx.Data["PageIsAdminAuthentications"] = true
  106. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(form.Type)]
  107. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]
  108. ctx.Data["AuthSources"] = authSources
  109. ctx.Data["SecurityProtocols"] = securityProtocols
  110. ctx.Data["SMTPAuths"] = models.SMTPAuths
  111. hasTLS := false
  112. var config core.Conversion
  113. switch models.LoginType(form.Type) {
  114. case models.LoginLDAP, models.LoginDLDAP:
  115. config = parseLDAPConfig(form)
  116. hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
  117. case models.LoginSMTP:
  118. config = parseSMTPConfig(form)
  119. hasTLS = true
  120. case models.LoginPAM:
  121. config = &models.PAMConfig{
  122. ServiceName: form.PAMServiceName,
  123. }
  124. default:
  125. ctx.Error(400)
  126. return
  127. }
  128. ctx.Data["HasTLS"] = hasTLS
  129. if ctx.HasError() {
  130. ctx.HTML(200, tplAuthNew)
  131. return
  132. }
  133. if err := models.CreateLoginSource(&models.LoginSource{
  134. Type: models.LoginType(form.Type),
  135. Name: form.Name,
  136. IsActived: form.IsActive,
  137. Cfg: config,
  138. }); err != nil {
  139. if models.IsErrLoginSourceAlreadyExist(err) {
  140. ctx.Data["Err_Name"] = true
  141. ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), tplAuthNew, form)
  142. } else {
  143. ctx.Handle(500, "CreateSource", err)
  144. }
  145. return
  146. }
  147. log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, form.Name)
  148. ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))
  149. ctx.Redirect(setting.AppSubURL + "/admin/auths")
  150. }
  151. // EditAuthSource render editing auth source page
  152. func EditAuthSource(ctx *context.Context) {
  153. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  154. ctx.Data["PageIsAdmin"] = true
  155. ctx.Data["PageIsAdminAuthentications"] = true
  156. ctx.Data["SecurityProtocols"] = securityProtocols
  157. ctx.Data["SMTPAuths"] = models.SMTPAuths
  158. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  159. if err != nil {
  160. ctx.Handle(500, "GetLoginSourceByID", err)
  161. return
  162. }
  163. ctx.Data["Source"] = source
  164. ctx.Data["HasTLS"] = source.HasTLS()
  165. ctx.HTML(200, tplAuthEdit)
  166. }
  167. // EditAuthSourcePost resposne for editing auth source
  168. func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  169. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  170. ctx.Data["PageIsAdmin"] = true
  171. ctx.Data["PageIsAdminAuthentications"] = true
  172. ctx.Data["SMTPAuths"] = models.SMTPAuths
  173. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  174. if err != nil {
  175. ctx.Handle(500, "GetLoginSourceByID", err)
  176. return
  177. }
  178. ctx.Data["Source"] = source
  179. ctx.Data["HasTLS"] = source.HasTLS()
  180. if ctx.HasError() {
  181. ctx.HTML(200, tplAuthEdit)
  182. return
  183. }
  184. var config core.Conversion
  185. switch models.LoginType(form.Type) {
  186. case models.LoginLDAP, models.LoginDLDAP:
  187. config = parseLDAPConfig(form)
  188. case models.LoginSMTP:
  189. config = parseSMTPConfig(form)
  190. case models.LoginPAM:
  191. config = &models.PAMConfig{
  192. ServiceName: form.PAMServiceName,
  193. }
  194. default:
  195. ctx.Error(400)
  196. return
  197. }
  198. source.Name = form.Name
  199. source.IsActived = form.IsActive
  200. source.Cfg = config
  201. if err := models.UpdateSource(source); err != nil {
  202. ctx.Handle(500, "UpdateSource", err)
  203. return
  204. }
  205. log.Trace("Authentication changed by admin(%s): %d", ctx.User.Name, source.ID)
  206. ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
  207. ctx.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(form.ID))
  208. }
  209. // DeleteAuthSource response for deleting an auth source
  210. func DeleteAuthSource(ctx *context.Context) {
  211. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  212. if err != nil {
  213. ctx.Handle(500, "GetLoginSourceByID", err)
  214. return
  215. }
  216. if err = models.DeleteSource(source); err != nil {
  217. if models.IsErrLoginSourceInUse(err) {
  218. ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
  219. } else {
  220. ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  221. }
  222. ctx.JSON(200, map[string]interface{}{
  223. "redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),
  224. })
  225. return
  226. }
  227. log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
  228. ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
  229. ctx.JSON(200, map[string]interface{}{
  230. "redirect": setting.AppSubURL + "/admin/auths",
  231. })
  232. }