Fork to maintain patches against the official gitea for https://code.ceondo.com https://github.com/go-gitea/gitea

auths.go 9.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "code.gitea.io/gitea/models"
  8. "code.gitea.io/gitea/modules/auth"
  9. "code.gitea.io/gitea/modules/auth/ldap"
  10. "code.gitea.io/gitea/modules/auth/oauth2"
  11. "code.gitea.io/gitea/modules/base"
  12. "code.gitea.io/gitea/modules/context"
  13. "code.gitea.io/gitea/modules/log"
  14. "code.gitea.io/gitea/modules/setting"
  15. "github.com/Unknwon/com"
  16. "github.com/go-xorm/core"
  17. )
  18. const (
  19. tplAuths base.TplName = "admin/auth/list"
  20. tplAuthNew base.TplName = "admin/auth/new"
  21. tplAuthEdit base.TplName = "admin/auth/edit"
  22. )
  23. // Authentications show authentication config page
  24. func Authentications(ctx *context.Context) {
  25. ctx.Data["Title"] = ctx.Tr("admin.authentication")
  26. ctx.Data["PageIsAdmin"] = true
  27. ctx.Data["PageIsAdminAuthentications"] = true
  28. var err error
  29. ctx.Data["Sources"], err = models.LoginSources()
  30. if err != nil {
  31. ctx.Handle(500, "LoginSources", err)
  32. return
  33. }
  34. ctx.Data["Total"] = models.CountLoginSources()
  35. ctx.HTML(200, tplAuths)
  36. }
  37. type dropdownItem struct {
  38. Name string
  39. Type interface{}
  40. }
  41. var (
  42. authSources = []dropdownItem{
  43. {models.LoginNames[models.LoginLDAP], models.LoginLDAP},
  44. {models.LoginNames[models.LoginDLDAP], models.LoginDLDAP},
  45. {models.LoginNames[models.LoginSMTP], models.LoginSMTP},
  46. {models.LoginNames[models.LoginPAM], models.LoginPAM},
  47. {models.LoginNames[models.LoginOAuth2], models.LoginOAuth2},
  48. }
  49. securityProtocols = []dropdownItem{
  50. {models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
  51. {models.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},
  52. {models.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},
  53. }
  54. )
  55. // NewAuthSource render adding a new auth source page
  56. func NewAuthSource(ctx *context.Context) {
  57. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  58. ctx.Data["PageIsAdmin"] = true
  59. ctx.Data["PageIsAdminAuthentications"] = true
  60. ctx.Data["type"] = models.LoginLDAP
  61. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLDAP]
  62. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
  63. ctx.Data["smtp_auth"] = "PLAIN"
  64. ctx.Data["is_active"] = true
  65. ctx.Data["is_sync_enabled"] = true
  66. ctx.Data["AuthSources"] = authSources
  67. ctx.Data["SecurityProtocols"] = securityProtocols
  68. ctx.Data["SMTPAuths"] = models.SMTPAuths
  69. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  70. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  71. // only the first as default
  72. for key := range models.OAuth2Providers {
  73. ctx.Data["oauth2_provider"] = key
  74. break
  75. }
  76. ctx.HTML(200, tplAuthNew)
  77. }
  78. func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
  79. return &models.LDAPConfig{
  80. Source: &ldap.Source{
  81. Name: form.Name,
  82. Host: form.Host,
  83. Port: form.Port,
  84. SecurityProtocol: ldap.SecurityProtocol(form.SecurityProtocol),
  85. SkipVerify: form.SkipVerify,
  86. BindDN: form.BindDN,
  87. UserDN: form.UserDN,
  88. BindPassword: form.BindPassword,
  89. UserBase: form.UserBase,
  90. AttributeUsername: form.AttributeUsername,
  91. AttributeName: form.AttributeName,
  92. AttributeSurname: form.AttributeSurname,
  93. AttributeMail: form.AttributeMail,
  94. AttributesInBind: form.AttributesInBind,
  95. Filter: form.Filter,
  96. AdminFilter: form.AdminFilter,
  97. Enabled: true,
  98. },
  99. }
  100. }
  101. func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {
  102. return &models.SMTPConfig{
  103. Auth: form.SMTPAuth,
  104. Host: form.SMTPHost,
  105. Port: form.SMTPPort,
  106. AllowedDomains: form.AllowedDomains,
  107. TLS: form.TLS,
  108. SkipVerify: form.SkipVerify,
  109. }
  110. }
  111. func parseOAuth2Config(form auth.AuthenticationForm) *models.OAuth2Config {
  112. var customURLMapping *oauth2.CustomURLMapping
  113. if form.Oauth2UseCustomURL {
  114. customURLMapping = &oauth2.CustomURLMapping{
  115. TokenURL: form.Oauth2TokenURL,
  116. AuthURL: form.Oauth2AuthURL,
  117. ProfileURL: form.Oauth2ProfileURL,
  118. EmailURL: form.Oauth2EmailURL,
  119. }
  120. } else {
  121. customURLMapping = nil
  122. }
  123. return &models.OAuth2Config{
  124. Provider: form.Oauth2Provider,
  125. ClientID: form.Oauth2Key,
  126. ClientSecret: form.Oauth2Secret,
  127. OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
  128. CustomURLMapping: customURLMapping,
  129. }
  130. }
  131. // NewAuthSourcePost response for adding an auth source
  132. func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  133. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  134. ctx.Data["PageIsAdmin"] = true
  135. ctx.Data["PageIsAdminAuthentications"] = true
  136. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(form.Type)]
  137. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]
  138. ctx.Data["AuthSources"] = authSources
  139. ctx.Data["SecurityProtocols"] = securityProtocols
  140. ctx.Data["SMTPAuths"] = models.SMTPAuths
  141. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  142. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  143. hasTLS := false
  144. var config core.Conversion
  145. switch models.LoginType(form.Type) {
  146. case models.LoginLDAP, models.LoginDLDAP:
  147. config = parseLDAPConfig(form)
  148. hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
  149. case models.LoginSMTP:
  150. config = parseSMTPConfig(form)
  151. hasTLS = true
  152. case models.LoginPAM:
  153. config = &models.PAMConfig{
  154. ServiceName: form.PAMServiceName,
  155. }
  156. case models.LoginOAuth2:
  157. config = parseOAuth2Config(form)
  158. default:
  159. ctx.Error(400)
  160. return
  161. }
  162. ctx.Data["HasTLS"] = hasTLS
  163. if ctx.HasError() {
  164. ctx.HTML(200, tplAuthNew)
  165. return
  166. }
  167. if err := models.CreateLoginSource(&models.LoginSource{
  168. Type: models.LoginType(form.Type),
  169. Name: form.Name,
  170. IsActived: form.IsActive,
  171. IsSyncEnabled: form.IsSyncEnabled,
  172. Cfg: config,
  173. }); err != nil {
  174. if models.IsErrLoginSourceAlreadyExist(err) {
  175. ctx.Data["Err_Name"] = true
  176. ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), tplAuthNew, form)
  177. } else {
  178. ctx.Handle(500, "CreateSource", err)
  179. }
  180. return
  181. }
  182. log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, form.Name)
  183. ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))
  184. ctx.Redirect(setting.AppSubURL + "/admin/auths")
  185. }
  186. // EditAuthSource render editing auth source page
  187. func EditAuthSource(ctx *context.Context) {
  188. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  189. ctx.Data["PageIsAdmin"] = true
  190. ctx.Data["PageIsAdminAuthentications"] = true
  191. ctx.Data["SecurityProtocols"] = securityProtocols
  192. ctx.Data["SMTPAuths"] = models.SMTPAuths
  193. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  194. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  195. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  196. if err != nil {
  197. ctx.Handle(500, "GetLoginSourceByID", err)
  198. return
  199. }
  200. ctx.Data["Source"] = source
  201. ctx.Data["HasTLS"] = source.HasTLS()
  202. if source.IsOAuth2() {
  203. ctx.Data["CurrentOAuth2Provider"] = models.OAuth2Providers[source.OAuth2().Provider]
  204. }
  205. ctx.HTML(200, tplAuthEdit)
  206. }
  207. // EditAuthSourcePost response for editing auth source
  208. func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
  209. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  210. ctx.Data["PageIsAdmin"] = true
  211. ctx.Data["PageIsAdminAuthentications"] = true
  212. ctx.Data["SMTPAuths"] = models.SMTPAuths
  213. ctx.Data["OAuth2Providers"] = models.OAuth2Providers
  214. ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
  215. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  216. if err != nil {
  217. ctx.Handle(500, "GetLoginSourceByID", err)
  218. return
  219. }
  220. ctx.Data["Source"] = source
  221. ctx.Data["HasTLS"] = source.HasTLS()
  222. if ctx.HasError() {
  223. ctx.HTML(200, tplAuthEdit)
  224. return
  225. }
  226. var config core.Conversion
  227. switch models.LoginType(form.Type) {
  228. case models.LoginLDAP, models.LoginDLDAP:
  229. config = parseLDAPConfig(form)
  230. case models.LoginSMTP:
  231. config = parseSMTPConfig(form)
  232. case models.LoginPAM:
  233. config = &models.PAMConfig{
  234. ServiceName: form.PAMServiceName,
  235. }
  236. case models.LoginOAuth2:
  237. config = parseOAuth2Config(form)
  238. default:
  239. ctx.Error(400)
  240. return
  241. }
  242. source.Name = form.Name
  243. source.IsActived = form.IsActive
  244. source.IsSyncEnabled = form.IsSyncEnabled
  245. source.Cfg = config
  246. if err := models.UpdateSource(source); err != nil {
  247. if models.IsErrOpenIDConnectInitialize(err) {
  248. ctx.Flash.Error(err.Error(), true)
  249. ctx.HTML(200, tplAuthEdit)
  250. } else {
  251. ctx.Handle(500, "UpdateSource", err)
  252. }
  253. return
  254. }
  255. log.Trace("Authentication changed by admin(%s): %d", ctx.User.Name, source.ID)
  256. ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
  257. ctx.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(form.ID))
  258. }
  259. // DeleteAuthSource response for deleting an auth source
  260. func DeleteAuthSource(ctx *context.Context) {
  261. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  262. if err != nil {
  263. ctx.Handle(500, "GetLoginSourceByID", err)
  264. return
  265. }
  266. if err = models.DeleteSource(source); err != nil {
  267. if models.IsErrLoginSourceInUse(err) {
  268. ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
  269. } else {
  270. ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  271. }
  272. ctx.JSON(200, map[string]interface{}{
  273. "redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),
  274. })
  275. return
  276. }
  277. log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
  278. ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
  279. ctx.JSON(200, map[string]interface{}{
  280. "redirect": setting.AppSubURL + "/admin/auths",
  281. })
  282. }