aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-09-27 02:02:01 +0100
committerGitHub <noreply@github.com>2021-09-26 21:02:01 -0400
commit7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575 (patch)
treed6a7158517d666f7865540c5d350a48abcb2a72f
parent74542ad35bae2195972df86862da43e8d45f425f (diff)
downloadgitea-7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575.tar.gz
gitea-7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575.zip
Add SkipLocal2FA option to pam and smtp sources (#17078)
* Add SkipLocal2FA option to other pam and smtp sources Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources Signed-off-by: Andrew Thornton <art27@cantab.net> * make SkipLocal2FA omitempty Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
-rw-r--r--routers/web/admin/auths.go6
-rw-r--r--services/auth/source/ldap/source.go2
-rw-r--r--services/auth/source/oauth2/source.go2
-rw-r--r--services/auth/source/pam/source.go5
-rw-r--r--services/auth/source/pam/source_authenticate.go5
-rw-r--r--services/auth/source/smtp/source.go1
-rw-r--r--services/auth/source/smtp/source_authenticate.go5
-rw-r--r--templates/admin/auth/edit.tmpl14
-rw-r--r--templates/admin/auth/new.tmpl7
-rw-r--r--templates/admin/auth/source/smtp.tmpl7
10 files changed, 48 insertions, 6 deletions
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go
index 1b005e5c7b..a394b4fdc2 100644
--- a/routers/web/admin/auths.go
+++ b/routers/web/admin/auths.go
@@ -161,6 +161,7 @@ func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source {
SkipVerify: form.SkipVerify,
HeloHostname: form.HeloHostname,
DisableHelo: form.DisableHelo,
+ SkipLocalTwoFA: form.SkipLocalTwoFA,
}
}
@@ -244,8 +245,9 @@ func NewAuthSourcePost(ctx *context.Context) {
hasTLS = true
case login.PAM:
config = &pamService.Source{
- ServiceName: form.PAMServiceName,
- EmailDomain: form.PAMEmailDomain,
+ ServiceName: form.PAMServiceName,
+ EmailDomain: form.PAMEmailDomain,
+ SkipLocalTwoFA: form.SkipLocalTwoFA,
}
case login.OAuth2:
config = parseOAuth2Config(form)
diff --git a/services/auth/source/ldap/source.go b/services/auth/source/ldap/source.go
index 82ff7313b2..3d02be4dc9 100644
--- a/services/auth/source/ldap/source.go
+++ b/services/auth/source/ldap/source.go
@@ -53,7 +53,7 @@ type Source struct {
GroupFilter string // Group Name Filter
GroupMemberUID string // Group Attribute containing array of UserUID
UserUID string // User Attribute listed in Group
- SkipLocalTwoFA bool // Skip Local 2fa for users authenticated with this source
+ SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource
loginSource *login.Source
diff --git a/services/auth/source/oauth2/source.go b/services/auth/source/oauth2/source.go
index 49bb9a0148..60845e3b0f 100644
--- a/services/auth/source/oauth2/source.go
+++ b/services/auth/source/oauth2/source.go
@@ -25,7 +25,7 @@ type Source struct {
OpenIDConnectAutoDiscoveryURL string
CustomURLMapping *CustomURLMapping
IconURL string
- SkipLocalTwoFA bool
+ SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource
loginSource *login.Source
diff --git a/services/auth/source/pam/source.go b/services/auth/source/pam/source.go
index 0bfa7cdb06..73850cd9a2 100644
--- a/services/auth/source/pam/source.go
+++ b/services/auth/source/pam/source.go
@@ -19,8 +19,9 @@ import (
// Source holds configuration for the PAM login source.
type Source struct {
- ServiceName string // pam service (e.g. system-auth)
- EmailDomain string
+ ServiceName string // pam service (e.g. system-auth)
+ EmailDomain string
+ SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource
loginSource *login.Source
diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
index ad6fbb5cce..cb5ffc2861 100644
--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil
}
+
+// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
+func (source *Source) IsSkipLocalTwoFA() bool {
+ return source.SkipLocalTwoFA
+}
diff --git a/services/auth/source/smtp/source.go b/services/auth/source/smtp/source.go
index 487375c304..52e2505670 100644
--- a/services/auth/source/smtp/source.go
+++ b/services/auth/source/smtp/source.go
@@ -27,6 +27,7 @@ type Source struct {
SkipVerify bool
HeloHostname string
DisableHelo bool
+ SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource
loginSource *login.Source
diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go
index f50baa56a2..f51c884c3a 100644
--- a/services/auth/source/smtp/source_authenticate.go
+++ b/services/auth/source/smtp/source_authenticate.go
@@ -85,3 +85,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil
}
+
+// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
+func (source *Source) IsSkipLocalTwoFA() bool {
+ return source.SkipLocalTwoFA
+}
diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl
index 9ff8066384..142c537b15 100644
--- a/templates/admin/auth/edit.tmpl
+++ b/templates/admin/auth/edit.tmpl
@@ -215,6 +215,13 @@
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div>
+ <div class="optional field">
+ <div class="ui checkbox">
+ <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
+ <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
+ <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
+ </div>
+ </div>
{{end}}
<!-- PAM -->
@@ -228,6 +235,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
</div>
+ <div class="optional field">
+ <div class="ui checkbox">
+ <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
+ <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
+ <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
+ </div>
+ </div>
{{end}}
<!-- OAuth2 -->
diff --git a/templates/admin/auth/new.tmpl b/templates/admin/auth/new.tmpl
index ba1f145a4a..13e1366c87 100644
--- a/templates/admin/auth/new.tmpl
+++ b/templates/admin/auth/new.tmpl
@@ -41,6 +41,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}">
</div>
+ <div class="pam optional field {{if not (eq .type 4)}}hide{{end}}">
+ <div class="ui checkbox">
+ <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
+ <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
+ <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
+ </div>
+ </div>
<!-- OAuth2 -->
{{ template "admin/auth/source/oauth" . }}
diff --git a/templates/admin/auth/source/smtp.tmpl b/templates/admin/auth/source/smtp.tmpl
index b0f643b8ca..8572d6dc56 100644
--- a/templates/admin/auth/source/smtp.tmpl
+++ b/templates/admin/auth/source/smtp.tmpl
@@ -49,4 +49,11 @@
<input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div>
+ <div class="optional field">
+ <div class="ui checkbox">
+ <label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
+ <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
+ <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
+ </div>
+ </div>
</div>