2014-05-05 17:32:47 +08:00
|
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
2022-11-28 02:20:29 +08:00
|
|
|
// SPDX-License-Identifier: MIT
|
2014-05-05 17:32:47 +08:00
|
|
|
|
2014-05-03 10:48:14 +08:00
|
|
|
package admin
|
|
|
|
|
|
|
|
import (
|
2019-11-23 07:33:31 +08:00
|
|
|
"errors"
|
2016-03-06 07:08:42 +08:00
|
|
|
"fmt"
|
2021-04-05 23:30:52 +08:00
|
|
|
"net/http"
|
2021-11-17 02:18:25 +08:00
|
|
|
"net/url"
|
2019-11-23 07:33:31 +08:00
|
|
|
"regexp"
|
2021-11-17 02:18:25 +08:00
|
|
|
"strconv"
|
2021-12-14 16:37:11 +08:00
|
|
|
"strings"
|
2016-03-06 07:08:42 +08:00
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
"code.gitea.io/gitea/models/auth"
|
2020-10-23 18:10:29 +08:00
|
|
|
"code.gitea.io/gitea/modules/auth/pam"
|
2016-11-11 00:24:48 +08:00
|
|
|
"code.gitea.io/gitea/modules/base"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2019-11-23 07:33:31 +08:00
|
|
|
"code.gitea.io/gitea/modules/util"
|
2021-01-26 23:36:53 +08:00
|
|
|
"code.gitea.io/gitea/modules/web"
|
2021-09-24 19:32:56 +08:00
|
|
|
auth_service "code.gitea.io/gitea/services/auth"
|
2021-07-24 18:16:34 +08:00
|
|
|
"code.gitea.io/gitea/services/auth/source/ldap"
|
|
|
|
"code.gitea.io/gitea/services/auth/source/oauth2"
|
2022-01-02 21:12:35 +08:00
|
|
|
pam_service "code.gitea.io/gitea/services/auth/source/pam"
|
2021-07-24 18:16:34 +08:00
|
|
|
"code.gitea.io/gitea/services/auth/source/smtp"
|
|
|
|
"code.gitea.io/gitea/services/auth/source/sspi"
|
2021-04-07 03:44:05 +08:00
|
|
|
"code.gitea.io/gitea/services/forms"
|
2017-05-01 21:26:53 +08:00
|
|
|
|
2020-03-22 23:12:55 +08:00
|
|
|
"xorm.io/xorm/convert"
|
2014-05-03 10:48:14 +08:00
|
|
|
)
|
|
|
|
|
2014-06-23 01:14:03 +08:00
|
|
|
const (
|
2016-11-21 11:21:24 +08:00
|
|
|
tplAuths base.TplName = "admin/auth/list"
|
|
|
|
tplAuthNew base.TplName = "admin/auth/new"
|
|
|
|
tplAuthEdit base.TplName = "admin/auth/edit"
|
2014-06-23 01:14:03 +08:00
|
|
|
)
|
|
|
|
|
2019-11-23 07:33:31 +08:00
|
|
|
var (
|
|
|
|
separatorAntiPattern = regexp.MustCompile(`[^\w-\.]`)
|
|
|
|
langCodePattern = regexp.MustCompile(`^[a-z]{2}-[A-Z]{2}$`)
|
|
|
|
)
|
|
|
|
|
2016-11-21 11:21:24 +08:00
|
|
|
// Authentications show authentication config page
|
2016-03-12 00:56:52 +08:00
|
|
|
func Authentications(ctx *context.Context) {
|
2014-08-29 20:50:43 +08:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.authentication")
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
|
|
|
|
|
|
|
var err error
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.Data["Sources"], err = auth.Sources()
|
2014-08-29 20:50:43 +08:00
|
|
|
if err != nil {
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.ServerError("auth.Sources", err)
|
2014-08-29 20:50:43 +08:00
|
|
|
return
|
|
|
|
}
|
2015-09-11 03:45:03 +08:00
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.Data["Total"] = auth.CountSources()
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.HTML(http.StatusOK, tplAuths)
|
2014-08-29 20:50:43 +08:00
|
|
|
}
|
|
|
|
|
2016-07-08 07:25:09 +08:00
|
|
|
type dropdownItem struct {
|
2015-09-11 05:11:41 +08:00
|
|
|
Name string
|
2023-07-05 02:36:08 +08:00
|
|
|
Type any
|
2015-09-11 05:11:41 +08:00
|
|
|
}
|
|
|
|
|
2016-07-08 07:25:09 +08:00
|
|
|
var (
|
2020-10-23 18:10:29 +08:00
|
|
|
authSources = func() []dropdownItem {
|
|
|
|
items := []dropdownItem{
|
2022-01-02 21:12:35 +08:00
|
|
|
{auth.LDAP.String(), auth.LDAP},
|
|
|
|
{auth.DLDAP.String(), auth.DLDAP},
|
|
|
|
{auth.SMTP.String(), auth.SMTP},
|
|
|
|
{auth.OAuth2.String(), auth.OAuth2},
|
|
|
|
{auth.SSPI.String(), auth.SSPI},
|
2020-10-23 18:10:29 +08:00
|
|
|
}
|
|
|
|
if pam.Supported {
|
2022-01-02 21:12:35 +08:00
|
|
|
items = append(items, dropdownItem{auth.Names[auth.PAM], auth.PAM})
|
2020-10-23 18:10:29 +08:00
|
|
|
}
|
|
|
|
return items
|
|
|
|
}()
|
|
|
|
|
2016-07-08 07:25:09 +08:00
|
|
|
securityProtocols = []dropdownItem{
|
2021-07-24 18:16:34 +08:00
|
|
|
{ldap.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
|
|
|
|
{ldap.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},
|
|
|
|
{ldap.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},
|
2016-07-08 07:25:09 +08:00
|
|
|
}
|
|
|
|
)
|
2015-09-11 05:11:41 +08:00
|
|
|
|
2016-11-21 11:21:24 +08:00
|
|
|
// NewAuthSource render adding a new auth source page
|
2016-03-12 00:56:52 +08:00
|
|
|
func NewAuthSource(ctx *context.Context) {
|
2014-08-29 20:50:43 +08:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.new")
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-11 05:11:41 +08:00
|
|
|
|
2022-03-11 06:40:43 +08:00
|
|
|
ctx.Data["type"] = auth.LDAP.Int()
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.Data["CurrentTypeName"] = auth.Names[auth.LDAP]
|
2021-07-24 18:16:34 +08:00
|
|
|
ctx.Data["CurrentSecurityProtocol"] = ldap.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
|
2015-09-11 05:11:41 +08:00
|
|
|
ctx.Data["smtp_auth"] = "PLAIN"
|
|
|
|
ctx.Data["is_active"] = true
|
2017-05-10 21:10:18 +08:00
|
|
|
ctx.Data["is_sync_enabled"] = true
|
2015-09-11 05:11:41 +08:00
|
|
|
ctx.Data["AuthSources"] = authSources
|
2016-07-08 07:25:09 +08:00
|
|
|
ctx.Data["SecurityProtocols"] = securityProtocols
|
2021-07-24 18:16:34 +08:00
|
|
|
ctx.Data["SMTPAuths"] = smtp.Authenticators
|
2021-08-06 09:11:08 +08:00
|
|
|
oauth2providers := oauth2.GetOAuth2Providers()
|
|
|
|
ctx.Data["OAuth2Providers"] = oauth2providers
|
2017-02-22 15:14:37 +08:00
|
|
|
|
2019-11-23 07:33:31 +08:00
|
|
|
ctx.Data["SSPIAutoCreateUsers"] = true
|
|
|
|
ctx.Data["SSPIAutoActivateUsers"] = true
|
|
|
|
ctx.Data["SSPIStripDomainNames"] = true
|
|
|
|
ctx.Data["SSPISeparatorReplacement"] = "_"
|
|
|
|
ctx.Data["SSPIDefaultLanguage"] = ""
|
|
|
|
|
2017-02-22 15:14:37 +08:00
|
|
|
// only the first as default
|
2022-05-11 21:06:02 +08:00
|
|
|
ctx.Data["oauth2_provider"] = oauth2providers[0].Name()
|
2017-02-22 15:14:37 +08:00
|
|
|
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.HTML(http.StatusOK, tplAuthNew)
|
2014-05-03 10:48:14 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
func parseLDAPConfig(form forms.AuthenticationForm) *ldap.Source {
|
2018-05-05 22:30:47 +08:00
|
|
|
var pageSize uint32
|
|
|
|
if form.UsePagedSearch {
|
|
|
|
pageSize = uint32(form.SearchPageSize)
|
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
return &ldap.Source{
|
|
|
|
Name: form.Name,
|
|
|
|
Host: form.Host,
|
|
|
|
Port: form.Port,
|
|
|
|
SecurityProtocol: ldap.SecurityProtocol(form.SecurityProtocol),
|
|
|
|
SkipVerify: form.SkipVerify,
|
|
|
|
BindDN: form.BindDN,
|
|
|
|
UserDN: form.UserDN,
|
|
|
|
BindPassword: form.BindPassword,
|
|
|
|
UserBase: form.UserBase,
|
|
|
|
AttributeUsername: form.AttributeUsername,
|
|
|
|
AttributeName: form.AttributeName,
|
|
|
|
AttributeSurname: form.AttributeSurname,
|
|
|
|
AttributeMail: form.AttributeMail,
|
|
|
|
AttributesInBind: form.AttributesInBind,
|
|
|
|
AttributeSSHPublicKey: form.AttributeSSHPublicKey,
|
2021-09-27 10:39:36 +08:00
|
|
|
AttributeAvatar: form.AttributeAvatar,
|
2021-07-24 18:16:34 +08:00
|
|
|
SearchPageSize: pageSize,
|
|
|
|
Filter: form.Filter,
|
|
|
|
GroupsEnabled: form.GroupsEnabled,
|
|
|
|
GroupDN: form.GroupDN,
|
|
|
|
GroupFilter: form.GroupFilter,
|
|
|
|
GroupMemberUID: form.GroupMemberUID,
|
2022-02-11 22:24:58 +08:00
|
|
|
GroupTeamMap: form.GroupTeamMap,
|
|
|
|
GroupTeamMapRemoval: form.GroupTeamMapRemoval,
|
2021-07-24 18:16:34 +08:00
|
|
|
UserUID: form.UserUID,
|
|
|
|
AdminFilter: form.AdminFilter,
|
|
|
|
RestrictedFilter: form.RestrictedFilter,
|
|
|
|
AllowDeactivateAll: form.AllowDeactivateAll,
|
|
|
|
Enabled: true,
|
2021-09-17 19:43:47 +08:00
|
|
|
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
2015-09-12 00:03:08 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source {
|
|
|
|
return &smtp.Source{
|
2015-09-12 01:32:33 +08:00
|
|
|
Auth: form.SMTPAuth,
|
2022-11-11 05:12:23 +08:00
|
|
|
Host: form.SMTPHost,
|
2015-09-12 01:32:33 +08:00
|
|
|
Port: form.SMTPPort,
|
|
|
|
AllowedDomains: form.AllowedDomains,
|
2021-08-12 04:42:58 +08:00
|
|
|
ForceSMTPS: form.ForceSMTPS,
|
2015-09-12 01:32:33 +08:00
|
|
|
SkipVerify: form.SkipVerify,
|
2021-08-12 04:42:58 +08:00
|
|
|
HeloHostname: form.HeloHostname,
|
|
|
|
DisableHelo: form.DisableHelo,
|
2021-09-27 09:02:01 +08:00
|
|
|
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
2015-09-12 00:03:08 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
|
2017-05-01 21:26:53 +08:00
|
|
|
var customURLMapping *oauth2.CustomURLMapping
|
|
|
|
if form.Oauth2UseCustomURL {
|
|
|
|
customURLMapping = &oauth2.CustomURLMapping{
|
|
|
|
TokenURL: form.Oauth2TokenURL,
|
|
|
|
AuthURL: form.Oauth2AuthURL,
|
|
|
|
ProfileURL: form.Oauth2ProfileURL,
|
|
|
|
EmailURL: form.Oauth2EmailURL,
|
2021-08-06 09:11:08 +08:00
|
|
|
Tenant: form.Oauth2Tenant,
|
2017-05-01 21:26:53 +08:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
customURLMapping = nil
|
|
|
|
}
|
2022-03-09 02:56:40 +08:00
|
|
|
var scopes []string
|
|
|
|
for _, s := range strings.Split(form.Oauth2Scopes, ",") {
|
|
|
|
s = strings.TrimSpace(s)
|
|
|
|
if s != "" {
|
|
|
|
scopes = append(scopes, s)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
return &oauth2.Source{
|
2017-05-01 21:26:53 +08:00
|
|
|
Provider: form.Oauth2Provider,
|
|
|
|
ClientID: form.Oauth2Key,
|
|
|
|
ClientSecret: form.Oauth2Secret,
|
|
|
|
OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
|
|
|
|
CustomURLMapping: customURLMapping,
|
2020-12-28 10:35:55 +08:00
|
|
|
IconURL: form.Oauth2IconURL,
|
2022-03-09 02:56:40 +08:00
|
|
|
Scopes: scopes,
|
2021-12-14 16:37:11 +08:00
|
|
|
RequiredClaimName: form.Oauth2RequiredClaimName,
|
|
|
|
RequiredClaimValue: form.Oauth2RequiredClaimValue,
|
2021-09-11 00:37:57 +08:00
|
|
|
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
2022-02-01 04:41:11 +08:00
|
|
|
GroupClaimName: form.Oauth2GroupClaimName,
|
|
|
|
RestrictedGroup: form.Oauth2RestrictedGroup,
|
|
|
|
AdminGroup: form.Oauth2AdminGroup,
|
2023-02-08 14:44:42 +08:00
|
|
|
GroupTeamMap: form.Oauth2GroupTeamMap,
|
|
|
|
GroupTeamMapRemoval: form.Oauth2GroupTeamMapRemoval,
|
2017-02-22 15:14:37 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
func parseSSPIConfig(ctx *context.Context, form forms.AuthenticationForm) (*sspi.Source, error) {
|
2019-11-23 07:33:31 +08:00
|
|
|
if util.IsEmptyString(form.SSPISeparatorReplacement) {
|
|
|
|
ctx.Data["Err_SSPISeparatorReplacement"] = true
|
|
|
|
return nil, errors.New(ctx.Tr("form.SSPISeparatorReplacement") + ctx.Tr("form.require_error"))
|
|
|
|
}
|
|
|
|
if separatorAntiPattern.MatchString(form.SSPISeparatorReplacement) {
|
|
|
|
ctx.Data["Err_SSPISeparatorReplacement"] = true
|
|
|
|
return nil, errors.New(ctx.Tr("form.SSPISeparatorReplacement") + ctx.Tr("form.alpha_dash_dot_error"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if form.SSPIDefaultLanguage != "" && !langCodePattern.MatchString(form.SSPIDefaultLanguage) {
|
|
|
|
ctx.Data["Err_SSPIDefaultLanguage"] = true
|
|
|
|
return nil, errors.New(ctx.Tr("form.lang_select_error"))
|
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
return &sspi.Source{
|
2019-11-23 07:33:31 +08:00
|
|
|
AutoCreateUsers: form.SSPIAutoCreateUsers,
|
|
|
|
AutoActivateUsers: form.SSPIAutoActivateUsers,
|
|
|
|
StripDomainNames: form.SSPIStripDomainNames,
|
|
|
|
SeparatorReplacement: form.SSPISeparatorReplacement,
|
|
|
|
DefaultLanguage: form.SSPIDefaultLanguage,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2016-11-21 11:21:24 +08:00
|
|
|
// NewAuthSourcePost response for adding an auth source
|
2021-01-26 23:36:53 +08:00
|
|
|
func NewAuthSourcePost(ctx *context.Context) {
|
2021-04-07 03:44:05 +08:00
|
|
|
form := *web.GetForm(ctx).(*forms.AuthenticationForm)
|
2014-08-29 20:50:43 +08:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.new")
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-11 05:11:41 +08:00
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.Data["CurrentTypeName"] = auth.Type(form.Type).String()
|
2021-07-24 18:16:34 +08:00
|
|
|
ctx.Data["CurrentSecurityProtocol"] = ldap.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]
|
2015-09-11 05:11:41 +08:00
|
|
|
ctx.Data["AuthSources"] = authSources
|
2016-07-08 07:25:09 +08:00
|
|
|
ctx.Data["SecurityProtocols"] = securityProtocols
|
2021-07-24 18:16:34 +08:00
|
|
|
ctx.Data["SMTPAuths"] = smtp.Authenticators
|
2021-08-06 09:11:08 +08:00
|
|
|
oauth2providers := oauth2.GetOAuth2Providers()
|
|
|
|
ctx.Data["OAuth2Providers"] = oauth2providers
|
2014-05-03 10:48:14 +08:00
|
|
|
|
2019-11-23 07:33:31 +08:00
|
|
|
ctx.Data["SSPIAutoCreateUsers"] = true
|
|
|
|
ctx.Data["SSPIAutoActivateUsers"] = true
|
|
|
|
ctx.Data["SSPIStripDomainNames"] = true
|
|
|
|
ctx.Data["SSPISeparatorReplacement"] = "_"
|
|
|
|
ctx.Data["SSPIDefaultLanguage"] = ""
|
|
|
|
|
2016-07-08 07:25:09 +08:00
|
|
|
hasTLS := false
|
2020-03-22 23:12:55 +08:00
|
|
|
var config convert.Conversion
|
2022-01-02 21:12:35 +08:00
|
|
|
switch auth.Type(form.Type) {
|
|
|
|
case auth.LDAP, auth.DLDAP:
|
2015-09-12 00:03:08 +08:00
|
|
|
config = parseLDAPConfig(form)
|
2016-11-08 00:38:43 +08:00
|
|
|
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.SMTP:
|
2015-09-12 00:03:08 +08:00
|
|
|
config = parseSMTPConfig(form)
|
2016-07-08 07:25:09 +08:00
|
|
|
hasTLS = true
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.PAM:
|
|
|
|
config = &pam_service.Source{
|
2021-09-27 09:02:01 +08:00
|
|
|
ServiceName: form.PAMServiceName,
|
|
|
|
EmailDomain: form.PAMEmailDomain,
|
|
|
|
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
2015-04-23 19:58:57 +08:00
|
|
|
}
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.OAuth2:
|
2017-02-22 15:14:37 +08:00
|
|
|
config = parseOAuth2Config(form)
|
2023-03-10 14:14:43 +08:00
|
|
|
oauth2Config := config.(*oauth2.Source)
|
|
|
|
if oauth2Config.Provider == "openidConnect" {
|
|
|
|
discoveryURL, err := url.Parse(oauth2Config.OpenIDConnectAutoDiscoveryURL)
|
|
|
|
if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
|
|
|
|
ctx.Data["Err_DiscoveryURL"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("admin.auths.invalid_openIdConnectAutoDiscoveryURL"), tplAuthNew, form)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.SSPI:
|
2019-11-23 07:33:31 +08:00
|
|
|
var err error
|
|
|
|
config, err = parseSSPIConfig(ctx, form)
|
|
|
|
if err != nil {
|
|
|
|
ctx.RenderWithErr(err.Error(), tplAuthNew, form)
|
|
|
|
return
|
|
|
|
}
|
2022-01-02 21:12:35 +08:00
|
|
|
existing, err := auth.SourcesByType(auth.SSPI)
|
2019-11-23 07:33:31 +08:00
|
|
|
if err != nil || len(existing) > 0 {
|
|
|
|
ctx.Data["Err_Type"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_of_type_exist"), tplAuthNew, form)
|
|
|
|
return
|
|
|
|
}
|
2014-05-11 19:43:57 +08:00
|
|
|
default:
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.Error(http.StatusBadRequest)
|
2014-05-11 19:43:57 +08:00
|
|
|
return
|
2014-05-11 18:10:37 +08:00
|
|
|
}
|
2016-07-08 07:25:09 +08:00
|
|
|
ctx.Data["HasTLS"] = hasTLS
|
|
|
|
|
|
|
|
if ctx.HasError() {
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.HTML(http.StatusOK, tplAuthNew)
|
2016-07-08 07:25:09 +08:00
|
|
|
return
|
|
|
|
}
|
2014-05-11 18:10:37 +08:00
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
if err := auth.CreateSource(&auth.Source{
|
|
|
|
Type: auth.Type(form.Type),
|
2017-05-10 21:10:18 +08:00
|
|
|
Name: form.Name,
|
2021-07-24 18:16:34 +08:00
|
|
|
IsActive: form.IsActive,
|
2017-05-10 21:10:18 +08:00
|
|
|
IsSyncEnabled: form.IsSyncEnabled,
|
|
|
|
Cfg: config,
|
2015-09-12 00:03:08 +08:00
|
|
|
}); err != nil {
|
2022-01-02 21:12:35 +08:00
|
|
|
if auth.IsErrSourceAlreadyExist(err) {
|
2016-08-31 15:56:10 +08:00
|
|
|
ctx.Data["Err_Name"] = true
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(auth.ErrSourceAlreadyExist).Name), tplAuthNew, form)
|
2023-03-10 14:14:43 +08:00
|
|
|
} else if oauth2.IsErrOpenIDConnectInitialize(err) {
|
|
|
|
ctx.Data["Err_DiscoveryURL"] = true
|
|
|
|
unwrapped := err.(oauth2.ErrOpenIDConnectInitialize).Unwrap()
|
|
|
|
ctx.RenderWithErr(ctx.Tr("admin.auths.unable_to_initialize_openid", unwrapped), tplAuthNew, form)
|
2016-08-31 15:56:10 +08:00
|
|
|
} else {
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.ServerError("auth.CreateSource", err)
|
2016-08-31 15:56:10 +08:00
|
|
|
}
|
2014-05-03 10:48:14 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-03-22 15:03:22 +08:00
|
|
|
log.Trace("Authentication created by admin(%s): %s", ctx.Doer.Name, form.Name)
|
2015-09-12 00:03:08 +08:00
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))
|
2016-11-27 18:14:25 +08:00
|
|
|
ctx.Redirect(setting.AppSubURL + "/admin/auths")
|
2014-05-03 10:48:14 +08:00
|
|
|
}
|
|
|
|
|
2016-11-21 11:21:24 +08:00
|
|
|
// EditAuthSource render editing auth source page
|
2016-03-12 00:56:52 +08:00
|
|
|
func EditAuthSource(ctx *context.Context) {
|
2014-08-29 20:50:43 +08:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-12 00:03:08 +08:00
|
|
|
|
2016-07-08 07:25:09 +08:00
|
|
|
ctx.Data["SecurityProtocols"] = securityProtocols
|
2021-07-24 18:16:34 +08:00
|
|
|
ctx.Data["SMTPAuths"] = smtp.Authenticators
|
2021-08-06 09:11:08 +08:00
|
|
|
oauth2providers := oauth2.GetOAuth2Providers()
|
|
|
|
ctx.Data["OAuth2Providers"] = oauth2providers
|
2014-05-11 18:10:37 +08:00
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
source, err := auth.GetSourceByID(ctx.ParamsInt64(":authid"))
|
2014-05-05 16:40:25 +08:00
|
|
|
if err != nil {
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.ServerError("auth.GetSourceByID", err)
|
2014-05-05 16:40:25 +08:00
|
|
|
return
|
|
|
|
}
|
2015-09-12 00:03:08 +08:00
|
|
|
ctx.Data["Source"] = source
|
2016-07-08 07:25:09 +08:00
|
|
|
ctx.Data["HasTLS"] = source.HasTLS()
|
|
|
|
|
2017-02-22 15:14:37 +08:00
|
|
|
if source.IsOAuth2() {
|
2021-08-06 09:11:08 +08:00
|
|
|
type Named interface {
|
|
|
|
Name() string
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, provider := range oauth2providers {
|
|
|
|
if provider.Name() == source.Cfg.(Named).Name() {
|
|
|
|
ctx.Data["CurrentOAuth2Provider"] = provider
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
2017-02-22 15:14:37 +08:00
|
|
|
}
|
2021-12-14 16:37:11 +08:00
|
|
|
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.HTML(http.StatusOK, tplAuthEdit)
|
2014-05-03 10:48:14 +08:00
|
|
|
}
|
|
|
|
|
2017-02-22 15:14:37 +08:00
|
|
|
// EditAuthSourcePost response for editing auth source
|
2021-01-26 23:36:53 +08:00
|
|
|
func EditAuthSourcePost(ctx *context.Context) {
|
2021-04-07 03:44:05 +08:00
|
|
|
form := *web.GetForm(ctx).(*forms.AuthenticationForm)
|
2014-08-29 20:50:43 +08:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-12 00:03:08 +08:00
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
ctx.Data["SMTPAuths"] = smtp.Authenticators
|
2021-08-06 09:11:08 +08:00
|
|
|
oauth2providers := oauth2.GetOAuth2Providers()
|
|
|
|
ctx.Data["OAuth2Providers"] = oauth2providers
|
2014-05-05 16:40:25 +08:00
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
source, err := auth.GetSourceByID(ctx.ParamsInt64(":authid"))
|
2015-09-12 00:03:08 +08:00
|
|
|
if err != nil {
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.ServerError("auth.GetSourceByID", err)
|
2015-09-12 00:03:08 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Data["Source"] = source
|
2016-07-08 07:25:09 +08:00
|
|
|
ctx.Data["HasTLS"] = source.HasTLS()
|
2015-09-12 00:03:08 +08:00
|
|
|
|
2014-05-05 16:40:25 +08:00
|
|
|
if ctx.HasError() {
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.HTML(http.StatusOK, tplAuthEdit)
|
2014-05-05 16:40:25 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-03-22 23:12:55 +08:00
|
|
|
var config convert.Conversion
|
2022-01-02 21:12:35 +08:00
|
|
|
switch auth.Type(form.Type) {
|
|
|
|
case auth.LDAP, auth.DLDAP:
|
2015-09-12 00:03:08 +08:00
|
|
|
config = parseLDAPConfig(form)
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.SMTP:
|
2015-09-12 00:03:08 +08:00
|
|
|
config = parseSMTPConfig(form)
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.PAM:
|
|
|
|
config = &pam_service.Source{
|
2015-04-23 19:58:57 +08:00
|
|
|
ServiceName: form.PAMServiceName,
|
2021-05-14 06:11:47 +08:00
|
|
|
EmailDomain: form.PAMEmailDomain,
|
2015-04-23 19:58:57 +08:00
|
|
|
}
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.OAuth2:
|
2017-02-22 15:14:37 +08:00
|
|
|
config = parseOAuth2Config(form)
|
2023-03-10 14:14:43 +08:00
|
|
|
oauth2Config := config.(*oauth2.Source)
|
|
|
|
if oauth2Config.Provider == "openidConnect" {
|
|
|
|
discoveryURL, err := url.Parse(oauth2Config.OpenIDConnectAutoDiscoveryURL)
|
|
|
|
if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
|
|
|
|
ctx.Data["Err_DiscoveryURL"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("admin.auths.invalid_openIdConnectAutoDiscoveryURL"), tplAuthEdit, form)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2022-01-02 21:12:35 +08:00
|
|
|
case auth.SSPI:
|
2019-11-23 07:33:31 +08:00
|
|
|
config, err = parseSSPIConfig(ctx, form)
|
|
|
|
if err != nil {
|
|
|
|
ctx.RenderWithErr(err.Error(), tplAuthEdit, form)
|
|
|
|
return
|
|
|
|
}
|
2014-05-11 22:37:31 +08:00
|
|
|
default:
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.Error(http.StatusBadRequest)
|
2014-05-11 22:37:31 +08:00
|
|
|
return
|
2014-05-11 18:10:37 +08:00
|
|
|
}
|
|
|
|
|
2015-09-12 00:03:08 +08:00
|
|
|
source.Name = form.Name
|
2021-07-24 18:16:34 +08:00
|
|
|
source.IsActive = form.IsActive
|
2017-05-10 21:10:18 +08:00
|
|
|
source.IsSyncEnabled = form.IsSyncEnabled
|
2015-09-12 00:03:08 +08:00
|
|
|
source.Cfg = config
|
2022-01-02 21:12:35 +08:00
|
|
|
if err := auth.UpdateSource(source); err != nil {
|
2023-03-31 22:32:18 +08:00
|
|
|
if auth.IsErrSourceAlreadyExist(err) {
|
|
|
|
ctx.Data["Err_Name"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(auth.ErrSourceAlreadyExist).Name), tplAuthEdit, form)
|
|
|
|
} else if oauth2.IsErrOpenIDConnectInitialize(err) {
|
2017-05-01 21:26:53 +08:00
|
|
|
ctx.Flash.Error(err.Error(), true)
|
2023-03-10 14:14:43 +08:00
|
|
|
ctx.Data["Err_DiscoveryURL"] = true
|
2021-04-05 23:30:52 +08:00
|
|
|
ctx.HTML(http.StatusOK, tplAuthEdit)
|
2017-05-01 21:26:53 +08:00
|
|
|
} else {
|
2018-01-11 05:34:17 +08:00
|
|
|
ctx.ServerError("UpdateSource", err)
|
2017-05-01 21:26:53 +08:00
|
|
|
}
|
2014-05-05 16:40:25 +08:00
|
|
|
return
|
|
|
|
}
|
2022-03-22 15:03:22 +08:00
|
|
|
log.Trace("Authentication changed by admin(%s): %d", ctx.Doer.Name, source.ID)
|
2014-05-05 16:40:25 +08:00
|
|
|
|
2014-08-29 20:50:43 +08:00
|
|
|
ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
|
2021-11-17 02:18:25 +08:00
|
|
|
ctx.Redirect(setting.AppSubURL + "/admin/auths/" + strconv.FormatInt(form.ID, 10))
|
2014-05-03 10:48:14 +08:00
|
|
|
}
|
|
|
|
|
2016-11-21 11:21:24 +08:00
|
|
|
// DeleteAuthSource response for deleting an auth source
|
2016-03-12 00:56:52 +08:00
|
|
|
func DeleteAuthSource(ctx *context.Context) {
|
2022-01-02 21:12:35 +08:00
|
|
|
source, err := auth.GetSourceByID(ctx.ParamsInt64(":authid"))
|
2014-05-05 16:40:25 +08:00
|
|
|
if err != nil {
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.ServerError("auth.GetSourceByID", err)
|
2014-05-05 16:40:25 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
if err = auth_service.DeleteSource(source); err != nil {
|
|
|
|
if auth.IsErrSourceInUse(err) {
|
2016-03-06 07:08:42 +08:00
|
|
|
ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
|
2016-08-31 16:22:41 +08:00
|
|
|
} else {
|
2022-01-02 21:12:35 +08:00
|
|
|
ctx.Flash.Error(fmt.Sprintf("auth_service.DeleteSource: %v", err))
|
2014-05-05 16:40:25 +08:00
|
|
|
}
|
2023-07-05 02:36:08 +08:00
|
|
|
ctx.JSON(http.StatusOK, map[string]any{
|
2021-11-17 02:18:25 +08:00
|
|
|
"redirect": setting.AppSubURL + "/admin/auths/" + url.PathEscape(ctx.Params(":authid")),
|
2016-03-06 07:08:42 +08:00
|
|
|
})
|
2014-05-05 16:40:25 +08:00
|
|
|
return
|
|
|
|
}
|
2022-03-22 15:03:22 +08:00
|
|
|
log.Trace("Authentication deleted by admin(%s): %d", ctx.Doer.Name, source.ID)
|
2015-09-12 00:03:08 +08:00
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
|
2023-07-05 02:36:08 +08:00
|
|
|
ctx.JSON(http.StatusOK, map[string]any{
|
2016-11-27 18:14:25 +08:00
|
|
|
"redirect": setting.AppSubURL + "/admin/auths",
|
2015-09-12 00:03:08 +08:00
|
|
|
})
|
2014-05-03 10:48:14 +08:00
|
|
|
}
|