diff options
| author | zeripath <art27@cantab.net> | 2021-09-27 03:39:36 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-26 22:39:36 -0400 |
| commit | 123f0aea00687d98893036e252efa7ff672b3ad5 (patch) | |
| tree | d93ba662329576a7428b86e45f6c1178c377c5aa /cmd | |
| parent | 7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575 (diff) | |
| download | gitea-123f0aea00687d98893036e252efa7ff672b3ad5.tar.gz gitea-123f0aea00687d98893036e252efa7ff672b3ad5.zip | |
Allow LDAP Sources to provide Avatars (#16851)
* Allow LDAP Sources to provide Avatars
Add setting to LDAP source to allow it to provide an Avatar.
Currently this is required to point to the image bytes.
Fix #4144
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Rename as Avatar Attribute (drop JPEG)
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Always synchronize avatar if there is change
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Actually get the avatar from the ldap
Signed-off-by: Andrew Thornton <art27@cantab.net>
* clean-up
Signed-off-by: Andrew Thornton <art27@cantab.net>
* use len()>0 rather than != ""
Signed-off-by: Andrew Thornton <art27@cantab.net>
* slight shortcut in IsUploadAvatarChanged
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/admin_auth_ldap.go | 7 | ||||
| -rw-r--r-- | cmd/admin_auth_ldap_test.go | 8 |
2 files changed, 15 insertions, 0 deletions
diff --git a/cmd/admin_auth_ldap.go b/cmd/admin_auth_ldap.go index e95e1d15c6..517904957f 100644 --- a/cmd/admin_auth_ldap.go +++ b/cmd/admin_auth_ldap.go @@ -93,6 +93,10 @@ var ( Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source", }, + cli.StringFlag{ + Name: "avatar-attribute", + Usage: "The attribute of the user’s LDAP record containing the user’s avatar.", + }, } ldapBindDnCLIFlags = append(commonLdapCLIFlags, @@ -234,6 +238,9 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error { if c.IsSet("public-ssh-key-attribute") { config.AttributeSSHPublicKey = c.String("public-ssh-key-attribute") } + if c.IsSet("avatar-attribute") { + config.AttributeAvatar = c.String("avatar-attribute") + } if c.IsSet("page-size") { config.SearchPageSize = uint32(c.Uint("page-size")) } diff --git a/cmd/admin_auth_ldap_test.go b/cmd/admin_auth_ldap_test.go index c26cbdaf39..db1ba13bcd 100644 --- a/cmd/admin_auth_ldap_test.go +++ b/cmd/admin_auth_ldap_test.go @@ -45,6 +45,7 @@ func TestAddLdapBindDn(t *testing.T) { "--surname-attribute", "sn-bind full", "--email-attribute", "mail-bind full", "--public-ssh-key-attribute", "publickey-bind full", + "--avatar-attribute", "avatar-bind full", "--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org", "--bind-password", "secret-bind-full", "--attributes-in-bind", @@ -71,6 +72,7 @@ func TestAddLdapBindDn(t *testing.T) { AttributeMail: "mail-bind full", AttributesInBind: true, AttributeSSHPublicKey: "publickey-bind full", + AttributeAvatar: "avatar-bind full", SearchPageSize: 99, Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", @@ -269,6 +271,7 @@ func TestAddLdapSimpleAuth(t *testing.T) { "--surname-attribute", "sn-simple full", "--email-attribute", "mail-simple full", "--public-ssh-key-attribute", "publickey-simple full", + "--avatar-attribute", "avatar-simple full", "--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org", }, loginSource: &login.Source{ @@ -288,6 +291,7 @@ func TestAddLdapSimpleAuth(t *testing.T) { AttributeSurname: "sn-simple full", AttributeMail: "mail-simple full", AttributeSSHPublicKey: "publickey-simple full", + AttributeAvatar: "avatar-simple full", Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)", @@ -501,6 +505,7 @@ func TestUpdateLdapBindDn(t *testing.T) { "--surname-attribute", "sn-bind full", "--email-attribute", "mail-bind full", "--public-ssh-key-attribute", "publickey-bind full", + "--avatar-attribute", "avatar-bind full", "--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org", "--bind-password", "secret-bind-full", "--synchronize-users", @@ -534,6 +539,7 @@ func TestUpdateLdapBindDn(t *testing.T) { AttributeMail: "mail-bind full", AttributesInBind: false, AttributeSSHPublicKey: "publickey-bind full", + AttributeAvatar: "avatar-bind full", SearchPageSize: 99, Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", @@ -932,6 +938,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { "--surname-attribute", "sn-simple full", "--email-attribute", "mail-simple full", "--public-ssh-key-attribute", "publickey-simple full", + "--avatar-attribute", "avatar-simple full", "--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org", }, id: 7, @@ -952,6 +959,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { AttributeSurname: "sn-simple full", AttributeMail: "mail-simple full", AttributeSSHPublicKey: "publickey-simple full", + AttributeAvatar: "avatar-simple full", Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)", |