Make LDAP be able to skip local 2FA (#16954)

This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources. Signed-off-by: Andrew Thornton <art27@cantab.net>
author: zeripath <art27@cantab.net> 2021-09-17 12:43:47 +0100
committer: GitHub <noreply@github.com> 2021-09-17 12:43:47 +0100
commit: 27b351aba564804f65e5574919a88d6194c75256 (patch)
tree: fa4857e05e344693e629aa14b05b7f8ffba42cfc /cmd/admin_auth_ldap.go
parent: f96d0d3d5b2acb3545c3a2ced7972879a9750c9d (diff)
download: gitea-27b351aba564804f65e5574919a88d6194c75256.tar.gz
gitea-27b351aba564804f65e5574919a88d6194c75256.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/cmd/admin_auth_ldap.go b/cmd/admin_auth_ldap.go
index 4314930a3e..feeaf17661 100644
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -89,6 +89,10 @@ var (
 			Name:  "public-ssh-key-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
 		},
+		cli.BoolFlag{
+			Name:  "skip-local-2fa",
+			Usage: "Set to true to skip local 2fa for users authenticated by this source",
+		},
 	}
 
 	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
@@ -245,6 +249,10 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 	if c.IsSet("allow-deactivate-all") {
 		config.AllowDeactivateAll = c.Bool("allow-deactivate-all")
 	}
+	if c.IsSet("skip-local-2fa") {
+		config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
+	}
+
 	return nil
 }
author	zeripath <art27@cantab.net>	2021-09-17 12:43:47 +0100
committer	GitHub <noreply@github.com>	2021-09-17 12:43:47 +0100
commit	27b351aba564804f65e5574919a88d6194c75256 (patch)
tree	fa4857e05e344693e629aa14b05b7f8ffba42cfc /cmd/admin_auth_ldap.go
parent	f96d0d3d5b2acb3545c3a2ced7972879a9750c9d (diff)
download	gitea-27b351aba564804f65e5574919a88d6194c75256.tar.gz gitea-27b351aba564804f65e5574919a88d6194c75256.zip