diff options
author | zeripath <art27@cantab.net> | 2021-09-27 02:02:01 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-26 21:02:01 -0400 |
commit | 7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575 (patch) | |
tree | d6a7158517d666f7865540c5d350a48abcb2a72f | |
parent | 74542ad35bae2195972df86862da43e8d45f425f (diff) | |
download | gitea-7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575.tar.gz gitea-7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575.zip |
Add SkipLocal2FA option to pam and smtp sources (#17078)
* Add SkipLocal2FA option to other pam and smtp sources
Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources
Signed-off-by: Andrew Thornton <art27@cantab.net>
* make SkipLocal2FA omitempty
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
-rw-r--r-- | routers/web/admin/auths.go | 6 | ||||
-rw-r--r-- | services/auth/source/ldap/source.go | 2 | ||||
-rw-r--r-- | services/auth/source/oauth2/source.go | 2 | ||||
-rw-r--r-- | services/auth/source/pam/source.go | 5 | ||||
-rw-r--r-- | services/auth/source/pam/source_authenticate.go | 5 | ||||
-rw-r--r-- | services/auth/source/smtp/source.go | 1 | ||||
-rw-r--r-- | services/auth/source/smtp/source_authenticate.go | 5 | ||||
-rw-r--r-- | templates/admin/auth/edit.tmpl | 14 | ||||
-rw-r--r-- | templates/admin/auth/new.tmpl | 7 | ||||
-rw-r--r-- | templates/admin/auth/source/smtp.tmpl | 7 |
10 files changed, 48 insertions, 6 deletions
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go index 1b005e5c7b..a394b4fdc2 100644 --- a/routers/web/admin/auths.go +++ b/routers/web/admin/auths.go @@ -161,6 +161,7 @@ func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source { SkipVerify: form.SkipVerify, HeloHostname: form.HeloHostname, DisableHelo: form.DisableHelo, + SkipLocalTwoFA: form.SkipLocalTwoFA, } } @@ -244,8 +245,9 @@ func NewAuthSourcePost(ctx *context.Context) { hasTLS = true case login.PAM: config = &pamService.Source{ - ServiceName: form.PAMServiceName, - EmailDomain: form.PAMEmailDomain, + ServiceName: form.PAMServiceName, + EmailDomain: form.PAMEmailDomain, + SkipLocalTwoFA: form.SkipLocalTwoFA, } case login.OAuth2: config = parseOAuth2Config(form) diff --git a/services/auth/source/ldap/source.go b/services/auth/source/ldap/source.go index 82ff7313b2..3d02be4dc9 100644 --- a/services/auth/source/ldap/source.go +++ b/services/auth/source/ldap/source.go @@ -53,7 +53,7 @@ type Source struct { GroupFilter string // Group Name Filter GroupMemberUID string // Group Attribute containing array of UserUID UserUID string // User Attribute listed in Group - SkipLocalTwoFA bool // Skip Local 2fa for users authenticated with this source + SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/oauth2/source.go b/services/auth/source/oauth2/source.go index 49bb9a0148..60845e3b0f 100644 --- a/services/auth/source/oauth2/source.go +++ b/services/auth/source/oauth2/source.go @@ -25,7 +25,7 @@ type Source struct { OpenIDConnectAutoDiscoveryURL string CustomURLMapping *CustomURLMapping IconURL string - SkipLocalTwoFA bool + SkipLocalTwoFA bool `json:",omitempty"` // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/pam/source.go b/services/auth/source/pam/source.go index 0bfa7cdb06..73850cd9a2 100644 --- a/services/auth/source/pam/source.go +++ b/services/auth/source/pam/source.go @@ -19,8 +19,9 @@ import ( // Source holds configuration for the PAM login source. type Source struct { - ServiceName string // pam service (e.g. system-auth) - EmailDomain string + ServiceName string // pam service (e.g. system-auth) + EmailDomain string + SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go index ad6fbb5cce..cb5ffc2861 100644 --- a/services/auth/source/pam/source_authenticate.go +++ b/services/auth/source/pam/source_authenticate.go @@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string) return user, nil } + +// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication +func (source *Source) IsSkipLocalTwoFA() bool { + return source.SkipLocalTwoFA +} diff --git a/services/auth/source/smtp/source.go b/services/auth/source/smtp/source.go index 487375c304..52e2505670 100644 --- a/services/auth/source/smtp/source.go +++ b/services/auth/source/smtp/source.go @@ -27,6 +27,7 @@ type Source struct { SkipVerify bool HeloHostname string DisableHelo bool + SkipLocalTwoFA bool `json:",omitempty"` // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go index f50baa56a2..f51c884c3a 100644 --- a/services/auth/source/smtp/source_authenticate.go +++ b/services/auth/source/smtp/source_authenticate.go @@ -85,3 +85,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string) return user, nil } + +// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication +func (source *Source) IsSkipLocalTwoFA() bool { + return source.SkipLocalTwoFA +} diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl index 9ff8066384..142c537b15 100644 --- a/templates/admin/auth/edit.tmpl +++ b/templates/admin/auth/edit.tmpl @@ -215,6 +215,13 @@ <input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}"> <p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p> </div> + <div class="optional field"> + <div class="ui checkbox"> + <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label> + <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}> + <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p> + </div> + </div> {{end}} <!-- PAM --> @@ -228,6 +235,13 @@ <label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label> <input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}"> </div> + <div class="optional field"> + <div class="ui checkbox"> + <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label> + <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}> + <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p> + </div> + </div> {{end}} <!-- OAuth2 --> diff --git a/templates/admin/auth/new.tmpl b/templates/admin/auth/new.tmpl index ba1f145a4a..13e1366c87 100644 --- a/templates/admin/auth/new.tmpl +++ b/templates/admin/auth/new.tmpl @@ -41,6 +41,13 @@ <label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label> <input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}"> </div> + <div class="pam optional field {{if not (eq .type 4)}}hide{{end}}"> + <div class="ui checkbox"> + <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label> + <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}> + <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p> + </div> + </div> <!-- OAuth2 --> {{ template "admin/auth/source/oauth" . }} diff --git a/templates/admin/auth/source/smtp.tmpl b/templates/admin/auth/source/smtp.tmpl index b0f643b8ca..8572d6dc56 100644 --- a/templates/admin/auth/source/smtp.tmpl +++ b/templates/admin/auth/source/smtp.tmpl @@ -49,4 +49,11 @@ <input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}"> <p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p> </div> + <div class="optional field"> + <div class="ui checkbox"> + <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label> + <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}> + <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p> + </div> + </div> </div> |