diff options
| author | zeripath <art27@cantab.net> | 2021-07-24 11:16:34 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-24 11:16:34 +0100 |
| commit | 5d2e11eedb837f26d13e3b904583730cd8492fbd (patch) | |
| tree | d323dc6c910809f87c29cb6511b3a10fc3605818 /cmd | |
| parent | f135a818f53d82a61f3d99d80e2a2384f00c51d2 (diff) | |
| download | gitea-5d2e11eedb837f26d13e3b904583730cd8492fbd.tar.gz gitea-5d2e11eedb837f26d13e3b904583730cd8492fbd.zip | |
Refactor: Move login out of models (#16199)
`models` does far too much. In particular it handles all `UserSignin`.
It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in.
Therefore we should move this code out of `models`.
This code has to depend on `models` - therefore it belongs in `services`.
There is a package in `services` called `auth` and clearly this functionality belongs in there.
Plan:
- [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication.
- [x] Move `models.UserSignIn` into `auth`
- [x] Move `models.ExternalUserLogin`
- [x] Move most of the `LoginVia*` methods to `auth` or subpackages
- [x] Move Resynchronize functionality to `auth`
- Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files.
- [x] Move the rest of the LDAP functionality in to the ldap subpackage
- [x] Re-factor the login sources to express an interfaces `auth.Source`?
- I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future
- [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable
- [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2
- [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models.
- [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2
- [x] More simplifications of login_source.go may need to be done
- Allow wiring in of notify registration - *this can now easily be done - but I think we should do it in another PR* - see #16178
- More refactors...?
- OpenID should probably become an auth Method but I think that can be left for another PR
- Methods should also probably be cleaned up - again another PR I think.
- SSPI still needs more refactors.* Rename auth.Auth auth.Method
* Restructure ssh_key.go
- move functions from models/user.go that relate to ssh_key to ssh_key
- split ssh_key.go to try create clearer function domains for allow for
future refactors here.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/admin.go | 18 | ||||
| -rw-r--r-- | cmd/admin_auth_ldap.go | 76 | ||||
| -rw-r--r-- | cmd/admin_auth_ldap_test.go | 481 |
3 files changed, 237 insertions, 338 deletions
diff --git a/cmd/admin.go b/cmd/admin.go index f58a1f9960..94e78186c9 100644 --- a/cmd/admin.go +++ b/cmd/admin.go @@ -14,7 +14,6 @@ import ( "text/tabwriter" "code.gitea.io/gitea/models" - "code.gitea.io/gitea/modules/auth/oauth2" "code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/graceful" "code.gitea.io/gitea/modules/log" @@ -22,6 +21,7 @@ import ( repo_module "code.gitea.io/gitea/modules/repository" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/storage" + "code.gitea.io/gitea/services/auth/source/oauth2" "github.com/urfave/cli" ) @@ -597,7 +597,7 @@ func runRegenerateKeys(_ *cli.Context) error { return models.RewriteAllPublicKeys() } -func parseOAuth2Config(c *cli.Context) *models.OAuth2Config { +func parseOAuth2Config(c *cli.Context) *oauth2.Source { var customURLMapping *oauth2.CustomURLMapping if c.IsSet("use-custom-urls") { customURLMapping = &oauth2.CustomURLMapping{ @@ -609,7 +609,7 @@ func parseOAuth2Config(c *cli.Context) *models.OAuth2Config { } else { customURLMapping = nil } - return &models.OAuth2Config{ + return &oauth2.Source{ Provider: c.String("provider"), ClientID: c.String("key"), ClientSecret: c.String("secret"), @@ -625,10 +625,10 @@ func runAddOauth(c *cli.Context) error { } return models.CreateLoginSource(&models.LoginSource{ - Type: models.LoginOAuth2, - Name: c.String("name"), - IsActived: true, - Cfg: parseOAuth2Config(c), + Type: models.LoginOAuth2, + Name: c.String("name"), + IsActive: true, + Cfg: parseOAuth2Config(c), }) } @@ -646,7 +646,7 @@ func runUpdateOauth(c *cli.Context) error { return err } - oAuth2Config := source.OAuth2() + oAuth2Config := source.Cfg.(*oauth2.Source) if c.IsSet("name") { source.Name = c.String("name") @@ -728,7 +728,7 @@ func runListAuth(c *cli.Context) error { w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags) fmt.Fprintf(w, "ID\tName\tType\tEnabled\n") for _, source := range loginSources { - fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived) + fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActive) } w.Flush() diff --git a/cmd/admin_auth_ldap.go b/cmd/admin_auth_ldap.go index 5ab64ec7d5..4314930a3e 100644 --- a/cmd/admin_auth_ldap.go +++ b/cmd/admin_auth_ldap.go @@ -9,7 +9,7 @@ import ( "strings" "code.gitea.io/gitea/models" - "code.gitea.io/gitea/modules/auth/ldap" + "code.gitea.io/gitea/services/auth/source/ldap" "github.com/urfave/cli" ) @@ -172,7 +172,7 @@ func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) { loginSource.Name = c.String("name") } if c.IsSet("not-active") { - loginSource.IsActived = !c.Bool("not-active") + loginSource.IsActive = !c.Bool("not-active") } if c.IsSet("synchronize-users") { loginSource.IsSyncEnabled = c.Bool("synchronize-users") @@ -180,70 +180,70 @@ func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) { } // parseLdapConfig assigns values on config according to command line flags. -func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error { +func parseLdapConfig(c *cli.Context, config *ldap.Source) error { if c.IsSet("name") { - config.Source.Name = c.String("name") + config.Name = c.String("name") } if c.IsSet("host") { - config.Source.Host = c.String("host") + config.Host = c.String("host") } if c.IsSet("port") { - config.Source.Port = c.Int("port") + config.Port = c.Int("port") } if c.IsSet("security-protocol") { p, ok := findLdapSecurityProtocolByName(c.String("security-protocol")) if !ok { return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol")) } - config.Source.SecurityProtocol = p + config.SecurityProtocol = p } if c.IsSet("skip-tls-verify") { - config.Source.SkipVerify = c.Bool("skip-tls-verify") + config.SkipVerify = c.Bool("skip-tls-verify") } if c.IsSet("bind-dn") { - config.Source.BindDN = c.String("bind-dn") + config.BindDN = c.String("bind-dn") } if c.IsSet("user-dn") { - config.Source.UserDN = c.String("user-dn") + config.UserDN = c.String("user-dn") } if c.IsSet("bind-password") { - config.Source.BindPassword = c.String("bind-password") + config.BindPassword = c.String("bind-password") } if c.IsSet("user-search-base") { - config.Source.UserBase = c.String("user-search-base") + config.UserBase = c.String("user-search-base") } if c.IsSet("username-attribute") { - config.Source.AttributeUsername = c.String("username-attribute") + config.AttributeUsername = c.String("username-attribute") } if c.IsSet("firstname-attribute") { - config.Source.AttributeName = c.String("firstname-attribute") + config.AttributeName = c.String("firstname-attribute") } if c.IsSet("surname-attribute") { - config.Source.AttributeSurname = c.String("surname-attribute") + config.AttributeSurname = c.String("surname-attribute") } if c.IsSet("email-attribute") { - config.Source.AttributeMail = c.String("email-attribute") + config.AttributeMail = c.String("email-attribute") } if c.IsSet("attributes-in-bind") { - config.Source.AttributesInBind = c.Bool("attributes-in-bind") + config.AttributesInBind = c.Bool("attributes-in-bind") } if c.IsSet("public-ssh-key-attribute") { - config.Source.AttributeSSHPublicKey = c.String("public-ssh-key-attribute") + config.AttributeSSHPublicKey = c.String("public-ssh-key-attribute") } if c.IsSet("page-size") { - config.Source.SearchPageSize = uint32(c.Uint("page-size")) + config.SearchPageSize = uint32(c.Uint("page-size")) } if c.IsSet("user-filter") { - config.Source.Filter = c.String("user-filter") + config.Filter = c.String("user-filter") } if c.IsSet("admin-filter") { - config.Source.AdminFilter = c.String("admin-filter") + config.AdminFilter = c.String("admin-filter") } if c.IsSet("restricted-filter") { - config.Source.RestrictedFilter = c.String("restricted-filter") + config.RestrictedFilter = c.String("restricted-filter") } if c.IsSet("allow-deactivate-all") { - config.Source.AllowDeactivateAll = c.Bool("allow-deactivate-all") + config.AllowDeactivateAll = c.Bool("allow-deactivate-all") } return nil } @@ -251,7 +251,7 @@ func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error { // findLdapSecurityProtocolByName finds security protocol by its name ignoring case. // It returns the value of the security protocol and if it was found. func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) { - for i, n := range models.SecurityProtocolNames { + for i, n := range ldap.SecurityProtocolNames { if strings.EqualFold(name, n) { return i, true } @@ -289,17 +289,15 @@ func (a *authService) addLdapBindDn(c *cli.Context) error { } loginSource := &models.LoginSource{ - Type: models.LoginLDAP, - IsActived: true, // active by default - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Enabled: true, // always true - }, + Type: models.LoginLDAP, + IsActive: true, // active by default + Cfg: &ldap.Source{ + Enabled: true, // always true }, } parseLoginSource(c, loginSource) - if err := parseLdapConfig(c, loginSource.LDAP()); err != nil { + if err := parseLdapConfig(c, loginSource.Cfg.(*ldap.Source)); err != nil { return err } @@ -318,7 +316,7 @@ func (a *authService) updateLdapBindDn(c *cli.Context) error { } parseLoginSource(c, loginSource) - if err := parseLdapConfig(c, loginSource.LDAP()); err != nil { + if err := parseLdapConfig(c, loginSource.Cfg.(*ldap.Source)); err != nil { return err } @@ -336,17 +334,15 @@ func (a *authService) addLdapSimpleAuth(c *cli.Context) error { } loginSource := &models.LoginSource{ - Type: models.LoginDLDAP, - IsActived: true, // active by default - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Enabled: true, // always true - }, + Type: models.LoginDLDAP, + IsActive: true, // active by default + Cfg: &ldap.Source{ + Enabled: true, // always true }, } parseLoginSource(c, loginSource) - if err := parseLdapConfig(c, loginSource.LDAP()); err != nil { + if err := parseLdapConfig(c, loginSource.Cfg.(*ldap.Source)); err != nil { return err } @@ -365,7 +361,7 @@ func (a *authService) updateLdapSimpleAuth(c *cli.Context) error { } parseLoginSource(c, loginSource) - if err := parseLdapConfig(c, loginSource.LDAP()); err != nil { + if err := parseLdapConfig(c, loginSource.Cfg.(*ldap.Source)); err != nil { return err } diff --git a/cmd/admin_auth_ldap_test.go b/cmd/admin_auth_ldap_test.go index 87f4f789ab..692b11e3f4 100644 --- a/cmd/admin_auth_ldap_test.go +++ b/cmd/admin_auth_ldap_test.go @@ -8,7 +8,7 @@ import ( "testing" "code.gitea.io/gitea/models" - "code.gitea.io/gitea/modules/auth/ldap" + "code.gitea.io/gitea/services/auth/source/ldap" "github.com/stretchr/testify/assert" "github.com/urfave/cli" @@ -54,30 +54,28 @@ func TestAddLdapBindDn(t *testing.T) { loginSource: &models.LoginSource{ Type: models.LoginLDAP, Name: "ldap (via Bind DN) source full", - IsActived: false, + IsActive: false, IsSyncEnabled: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (via Bind DN) source full", - Host: "ldap-bind-server full", - Port: 9876, - SecurityProtocol: ldap.SecurityProtocol(1), - SkipVerify: true, - BindDN: "cn=readonly,dc=full-domain-bind,dc=org", - BindPassword: "secret-bind-full", - UserBase: "ou=Users,dc=full-domain-bind,dc=org", - AttributeUsername: "uid-bind full", - AttributeName: "givenName-bind full", - AttributeSurname: "sn-bind full", - AttributeMail: "mail-bind full", - AttributesInBind: true, - AttributeSSHPublicKey: "publickey-bind full", - SearchPageSize: 99, - Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", - AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", - RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)", - Enabled: true, - }, + Cfg: &ldap.Source{ + Name: "ldap (via Bind DN) source full", + Host: "ldap-bind-server full", + Port: 9876, + SecurityProtocol: ldap.SecurityProtocol(1), + SkipVerify: true, + BindDN: "cn=readonly,dc=full-domain-bind,dc=org", + BindPassword: "secret-bind-full", + UserBase: "ou=Users,dc=full-domain-bind,dc=org", + AttributeUsername: "uid-bind full", + AttributeName: "givenName-bind full", + AttributeSurname: "sn-bind full", + AttributeMail: "mail-bind full", + AttributesInBind: true, + AttributeSSHPublicKey: "publickey-bind full", + SearchPageSize: 99, + Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", + AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", + RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)", + Enabled: true, }, }, }, @@ -94,20 +92,18 @@ func TestAddLdapBindDn(t *testing.T) { "--email-attribute", "mail-bind min", }, loginSource: &models.LoginSource{ - Type: models.LoginLDAP, - Name: "ldap (via Bind DN) source min", - IsActived: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (via Bind DN) source min", - Host: "ldap-bind-server min", - Port: 1234, - SecurityProtocol: ldap.SecurityProtocol(0), - UserBase: "ou=Users,dc=min-domain-bind,dc=org", - AttributeMail: "mail-bind min", - Filter: "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)", - Enabled: true, - }, + Type: models.LoginLDAP, + Name: "ldap (via Bind DN) source min", + IsActive: true, + Cfg: &ldap.Source{ + Name: "ldap (via Bind DN) source min", + Host: "ldap-bind-server min", + Port: 1234, + SecurityProtocol: ldap.SecurityProtocol(0), + UserBase: "ou=Users,dc=min-domain-bind,dc=org", + AttributeMail: "mail-bind min", + Filter: "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)", + Enabled: true, }, }, }, @@ -276,28 +272,26 @@ func TestAddLdapSimpleAuth(t *testing.T) { "--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org", }, loginSource: &models.LoginSource{ - Type: models.LoginDLDAP, - Name: "ldap (simple auth) source full", - IsActived: false, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (simple auth) source full", - Host: "ldap-simple-server full", - Port: 987, - SecurityProtocol: ldap.SecurityProtocol(2), - SkipVerify: true, - UserDN: "cn=%s,ou=Users,dc=full-domain-simple,dc=org", - UserBase: "ou=Users,dc=full-domain-simple,dc=org", - AttributeUsername: "uid-simple full", - AttributeName: "givenName-simple full", - AttributeSurname: "sn-simple full", - AttributeMail: "mail-simple full", - AttributeSSHPublicKey: "publickey-simple full", - Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", - AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", - RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)", - Enabled: true, - }, + Type: models.LoginDLDAP, + Name: "ldap (simple auth) source full", + IsActive: false, + Cfg: &ldap.Source{ + Name: "ldap (simple auth) source full", + Host: "ldap-simple-server full", + Port: 987, + SecurityProtocol: ldap.SecurityProtocol(2), + SkipVerify: true, + UserDN: "cn=%s,ou=Users,dc=full-domain-simple,dc=org", + UserBase: "ou=Users,dc=full-domain-simple,dc=org", + AttributeUsername: "uid-simple full", + AttributeName: "givenName-simple full", + AttributeSurname: "sn-simple full", + AttributeMail: "mail-simple full", + AttributeSSHPublicKey: "publickey-simple full", + Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", + AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", + RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)", + Enabled: true, }, }, }, @@ -314,20 +308,18 @@ func TestAddLdapSimpleAuth(t *testing.T) { "--user-dn", "cn=%s,ou=Users,dc=min-domain-simple,dc=org", }, loginSource: &models.LoginSource{ - Type: models.LoginDLDAP, - Name: "ldap (simple auth) source min", - IsActived: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (simple auth) source min", - Host: "ldap-simple-server min", - Port: 123, - SecurityProtocol: ldap.SecurityProtocol(0), - UserDN: "cn=%s,ou=Users,dc=min-domain-simple,dc=org", - AttributeMail: "mail-simple min", - Filter: "(&(objectClass=posixAccount)(min-simple-cn=%s))", - Enabled: true, - }, + Type: models.LoginDLDAP, + Name: "ldap (simple auth) source min", + IsActive: true, + Cfg: &ldap.Source{ + Name: "ldap (simple auth) source min", + Host: "ldap-simple-server min", + Port: 123, + SecurityProtocol: ldap.SecurityProtocol(0), + UserDN: "cn=%s,ou=Users,dc=min-domain-simple,dc=org", + AttributeMail: "mail-simple min", + Filter: "(&(objectClass=posixAccount)(min-simple-cn=%s))", + Enabled: true, }, }, }, @@ -516,41 +508,37 @@ func TestUpdateLdapBindDn(t *testing.T) { }, id: 23, existingLoginSource: &models.LoginSource{ - Type: models.LoginLDAP, - IsActived: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Enabled: true, - }, + Type: models.LoginLDAP, + IsActive: true, + Cfg: &ldap.Source{ + Enabled: true, }, }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, Name: "ldap (via Bind DN) source full", - IsActived: false, + IsActive: false, IsSyncEnabled: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (via Bind DN) source full", - Host: "ldap-bind-server full", - Port: 9876, - SecurityProtocol: ldap.SecurityProtocol(1), - SkipVerify: true, - BindDN: "cn=readonly,dc=full-domain-bind,dc=org", - BindPassword: "secret-bind-full", - UserBase: "ou=Users,dc=full-domain-bind,dc=org", - AttributeUsername: "uid-bind full", - AttributeName: "givenName-bind full", - AttributeSurname: "sn-bind full", - AttributeMail: "mail-bind full", - AttributesInBind: false, - AttributeSSHPublicKey: "publickey-bind full", - SearchPageSize: 99, - Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", - AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", - RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)", - Enabled: true, - }, + Cfg: &ldap.Source{ + Name: "ldap (via Bind DN) source full", + Host: "ldap-bind-server full", + Port: 9876, + SecurityProtocol: ldap.SecurityProtocol(1), + SkipVerify: true, + BindDN: "cn=readonly,dc=full-domain-bind,dc=org", + BindPassword: "secret-bind-full", + UserBase: "ou=Users,dc=full-domain-bind,dc=org", + AttributeUsername: "uid-bind full", + AttributeName: "givenName-bind full", + AttributeSurname: "sn-bind full", + AttributeMail: "mail-bind full", + AttributesInBind: false, + AttributeSSHPublicKey: "publickey-bind full", + SearchPageSize: 99, + Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", + AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", + RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)", + Enabled: true, }, }, }, @@ -562,9 +550,7 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Cfg: &ldap.Source{}, }, }, // case 2 @@ -577,10 +563,8 @@ func TestUpdateLdapBindDn(t *testing.T) { loginSource: &models.LoginSource{ Type: models.LoginLDAP, Name: "ldap (via Bind DN) source", - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (via Bind DN) source", - }, + Cfg: &ldap.Source{ + Name: "ldap (via Bind DN) source", }, }, }, @@ -592,18 +576,14 @@ func TestUpdateLdapBindDn(t *testing.T) { "--not-active", }, existingLoginSource: &models.LoginSource{ - Type: models.LoginLDAP, - IsActived: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Type: models.LoginLDAP, + IsActive: true, + Cfg: &ldap.Source{}, }, loginSource: &models.LoginSource{ - Type: models.LoginLDAP, - IsActived: false, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Type: models.LoginLDAP, + IsActive: false, + Cfg: &ldap.Source{}, }, }, // case 4 @@ -615,10 +595,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - SecurityProtocol: ldap.SecurityProtocol(1), - }, + Cfg: &ldap.Source{ + SecurityProtocol: ldap.SecurityProtocol(1), }, }, }, @@ -631,10 +609,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - SkipVerify: true, - }, + Cfg: &ldap.Source{ + SkipVerify: true, }, }, }, @@ -647,10 +623,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Host: "ldap-server", - }, + Cfg: &ldap.Source{ + Host: "ldap-server", }, }, }, @@ -663,10 +637,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Port: 389, - }, + Cfg: &ldap.Source{ + Port: 389, }, }, }, @@ -679,10 +651,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - UserBase: "ou=Users,dc=domain,dc=org", - }, + Cfg: &ldap.Source{ + UserBase: "ou=Users,dc=domain,dc=org", }, }, }, @@ -695,10 +665,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Filter: "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", - }, + Cfg: &ldap.Source{ + Filter: "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", }, }, }, @@ -711,10 +679,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", - }, + Cfg: &ldap.Source{ + AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", }, }, }, @@ -727,10 +693,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeUsername: "uid", - }, + Cfg: &ldap.Source{ + AttributeUsername: "uid", }, }, }, @@ -743,10 +707,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeName: "givenName", - }, + Cfg: &ldap.Source{ + AttributeName: "givenName", }, }, }, @@ -759,10 +721,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeSurname: "sn", - }, + Cfg: &ldap.Source{ + AttributeSurname: "sn", }, }, }, @@ -775,10 +735,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeMail: "mail", - }, + Cfg: &ldap.Source{ + AttributeMail: "mail", }, }, }, @@ -791,10 +749,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributesInBind: true, - }, + Cfg: &ldap.Source{ + AttributesInBind: true, }, }, }, @@ -807,10 +763,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeSSHPublicKey: "publickey", - }, + Cfg: &ldap.Source{ + AttributeSSHPublicKey: "publickey", }, }, }, @@ -823,10 +777,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - BindDN: "cn=readonly,dc=domain,dc=org", - }, + Cfg: &ldap.Source{ + BindDN: "cn=readonly,dc=domain,dc=org", }, }, }, @@ -839,10 +791,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - BindPassword: "secret", - }, + Cfg: &ldap.Source{ + BindPassword: "secret", }, }, }, @@ -856,9 +806,7 @@ func TestUpdateLdapBindDn(t *testing.T) { loginSource: &models.LoginSource{ Type: models.LoginLDAP, IsSyncEnabled: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Cfg: &ldap.Source{}, }, }, // case 20 @@ -870,10 +818,8 @@ func TestUpdateLdapBindDn(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - SearchPageSize: 12, - }, + Cfg: &ldap.Source{ + SearchPageSize: 12, }, }, }, @@ -901,9 +847,7 @@ func TestUpdateLdapBindDn(t *testing.T) { }, existingLoginSource: &models.LoginSource{ Type: models.LoginOAuth2, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Cfg: &ldap.Source{}, }, errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2", }, @@ -933,9 +877,7 @@ func TestUpdateLdapBindDn(t *testing.T) { } return &models.LoginSource{ Type: models.LoginLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Cfg: &ldap.Source{}, }, nil }, } @@ -994,27 +936,25 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, id: 7, loginSource: &models.LoginSource{ - Type: models.LoginDLDAP, - Name: "ldap (simple auth) source full", - IsActived: false, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (simple auth) source full", - Host: "ldap-simple-server full", - Port: 987, - SecurityProtocol: ldap.SecurityProtocol(2), - SkipVerify: true, - UserDN: "cn=%s,ou=Users,dc=full-domain-simple,dc=org", - UserBase: "ou=Users,dc=full-domain-simple,dc=org", - AttributeUsername: "uid-simple full", - AttributeName: "givenName-simple full", - AttributeSurname: "sn-simple full", - AttributeMail: "mail-simple full", - AttributeSSHPublicKey: "publickey-simple full", - Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", - AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", - RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)", - }, + Type: models.LoginDLDAP, + Name: "ldap (simple auth) source full", + IsActive: false, + Cfg: &ldap.Source{ + Name: "ldap (simple auth) source full", + Host: "ldap-simple-server full", + Port: 987, + SecurityProtocol: ldap.SecurityProtocol(2), + SkipVerify: true, + UserDN: "cn=%s,ou=Users,dc=full-domain-simple,dc=org", + UserBase: "ou=Users,dc=full-domain-simple,dc=org", + AttributeUsername: "uid-simple full", + AttributeName: "givenName-simple full", + AttributeSurname: "sn-simple full", + AttributeMail: "mail-simple full", + AttributeSSHPublicKey: "publickey-simple full", + Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", + AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", + RestrictedFilter: "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)", }, }, }, @@ -1026,9 +966,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Cfg: &ldap.Source{}, }, }, // case 2 @@ -1041,10 +979,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { loginSource: &models.LoginSource{ Type: models.LoginDLDAP, Name: "ldap (simple auth) source", - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Name: "ldap (simple auth) source", - }, + Cfg: &ldap.Source{ + Name: "ldap (simple auth) source", }, }, }, @@ -1056,18 +992,14 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { "--not-active", }, existingLoginSource: &models.LoginSource{ - Type: models.LoginDLDAP, - IsActived: true, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Type: models.LoginDLDAP, + IsActive: true, + Cfg: &ldap.Source{}, }, loginSource: &models.LoginSource{ - Type: models.LoginDLDAP, - IsActived: false, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Type: models.LoginDLDAP, + IsActive: false, + Cfg: &ldap.Source{}, }, }, // case 4 @@ -1079,10 +1011,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - SecurityProtocol: ldap.SecurityProtocol(2), - }, + Cfg: &ldap.Source{ + SecurityProtocol: ldap.SecurityProtocol(2), }, }, }, @@ -1095,10 +1025,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - SkipVerify: true, - }, + Cfg: &ldap.Source{ + SkipVerify: true, }, }, }, @@ -1111,10 +1039,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Host: "ldap-server", - }, + Cfg: &ldap.Source{ + Host: "ldap-server", }, }, }, @@ -1127,10 +1053,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Port: 987, - }, + Cfg: &ldap.Source{ + Port: 987, }, }, }, @@ -1143,10 +1067,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - UserBase: "ou=Users,dc=domain,dc=org", - }, + Cfg: &ldap.Source{ + UserBase: "ou=Users,dc=domain,dc=org", }, }, }, @@ -1159,10 +1081,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - Filter: "(&(objectClass=posixAccount)(cn=%s))", - }, + Cfg: &ldap.Source{ + Filter: "(&(objectClass=posixAccount)(cn=%s))", }, }, }, @@ -1175,10 +1095,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", - }, + Cfg: &ldap.Source{ + AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", }, }, }, @@ -1191,10 +1109,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeUsername: "uid", - }, + Cfg: &ldap.Source{ + AttributeUsername: "uid", }, }, }, @@ -1207,10 +1123,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeName: "givenName", - }, + Cfg: &ldap.Source{ + AttributeName: "givenName", }, }, }, @@ -1223,10 +1137,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeSurname: "sn", - }, + Cfg: &ldap.Source{ + AttributeSurname: "sn", }, }, }, @@ -1239,10 +1151,9 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeMail: "mail", - }, + Cfg: &ldap.Source{ + + AttributeMail: "mail", }, }, }, @@ -1255,10 +1166,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - AttributeSSHPublicKey: "publickey", - }, + Cfg: &ldap.Source{ + AttributeSSHPublicKey: "publickey", }, }, }, @@ -1271,10 +1180,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, loginSource: &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{ - UserDN: "cn=%s,ou=Users,dc=domain,dc=org", - }, + Cfg: &ldap.Source{ + UserDN: "cn=%s,ou=Users,dc=domain,dc=org", }, }, }, @@ -1302,9 +1209,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, existingLoginSource: &models.LoginSource{ Type: models.LoginPAM, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Cfg: &ldap.Source{}, }, errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM", }, @@ -1334,9 +1239,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { } return &models.LoginSource{ Type: models.LoginDLDAP, - Cfg: &models.LDAPConfig{ - Source: &ldap.Source{}, - }, + Cfg: &ldap.Source{}, }, nil }, } |