diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2021-01-06 09:38:00 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-06 09:38:00 +0800 |
| commit | a1c9e8f266cb2809200dce1618da33314cc25082 (patch) | |
| tree | abb0fbe7f94bd767e4ffef8f1449ed35427a8286 /modules/auth/sso/sspi_windows.go | |
| parent | 4ef5f17a7e1fefb96d4c6d8ff32ead01248bad5a (diff) | |
| download | gitea-a1c9e8f266cb2809200dce1618da33314cc25082.tar.gz gitea-a1c9e8f266cb2809200dce1618da33314cc25082.zip | |
Fix windows build error (#14263)
* fix build
* take flash error message back and fix more windows lint error
* performance optimization
* own step to check lint for windows
Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'modules/auth/sso/sspi_windows.go')
| -rw-r--r-- | modules/auth/sso/sspi_windows.go | 67 |
1 files changed, 35 insertions, 32 deletions
diff --git a/modules/auth/sso/sspi_windows.go b/modules/auth/sso/sspi_windows.go index 5850dcf6e2..44dfa81aa1 100644 --- a/modules/auth/sso/sspi_windows.go +++ b/modules/auth/sso/sspi_windows.go @@ -7,19 +7,17 @@ package sso import ( "errors" "net/http" - "reflect" "strings" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" - - "gitea.com/macaron/macaron" - "gitea.com/macaron/session" + "code.gitea.io/gitea/modules/templates" gouuid "github.com/google/uuid" "github.com/quasoft/websspi" + "github.com/unrolled/render" ) const ( @@ -41,6 +39,7 @@ var ( // On successful authentication returns a valid user object. // Returns nil if authentication fails. type SSPI struct { + rnd *render.Render } // Init creates a new global websspi.Authenticator object @@ -48,7 +47,18 @@ func (s *SSPI) Init() error { config := websspi.NewConfig() var err error sspiAuth, err = websspi.New(config) - return err + if err != nil { + return err + } + s.rnd = render.New(render.Options{ + Extensions: []string{".tmpl"}, + Directory: "templates", + Funcs: templates.NewFuncMap(), + Asset: templates.GetAsset, + AssetNames: templates.GetAssetNames, + IsDevelopment: setting.RunMode != "prod", + }) + return nil } // Free releases resources used by the global websspi.Authenticator object @@ -65,8 +75,8 @@ func (s *SSPI) IsEnabled() bool { // If authentication is successful, returs the corresponding user object. // If negotiation should continue or authentication fails, immediately returns a 401 HTTP // response code, as required by the SPNEGO protocol. -func (s *SSPI) VerifyAuthData(req *http.Request, store DataStore, sess SessionStore) *models.User { - if !s.shouldAuthenticate(ctx) { +func (s *SSPI) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User { + if !s.shouldAuthenticate(req) { return nil } @@ -76,22 +86,29 @@ func (s *SSPI) VerifyAuthData(req *http.Request, store DataStore, sess SessionSt return nil } - userInfo, outToken, err := sspiAuth.Authenticate(req, ctx.Resp) + userInfo, outToken, err := sspiAuth.Authenticate(req, w) if err != nil { log.Warn("Authentication failed with error: %v\n", err) - sspiAuth.AppendAuthenticateHeader(ctx.Resp, outToken) + sspiAuth.AppendAuthenticateHeader(w, outToken) // Include the user login page in the 401 response to allow the user // to login with another authentication method if SSPI authentication // fails - addFlashErr(ctx, ctx.Tr("auth.sspi_auth_failed")) - ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn - ctx.Data["EnableSSPI"] = true - ctx.HTML(401, string(tplSignIn)) + store.GetData()["Flash"] = map[string]string{ + "ErrMsg": err.Error(), + } + store.GetData()["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn + store.GetData()["EnableSSPI"] = true + + err := s.rnd.HTML(w, 401, string(tplSignIn), templates.BaseVars().Merge(store.GetData())) + if err != nil { + log.Error("%v", err) + } + return nil } if outToken != "" { - sspiAuth.AppendAuthenticateHeader(ctx.Resp, outToken) + sspiAuth.AppendAuthenticateHeader(w, outToken) } username := sanitizeUsername(userInfo.Username, cfg) @@ -110,7 +127,7 @@ func (s *SSPI) VerifyAuthData(req *http.Request, store DataStore, sess SessionSt log.Error("User '%s' not found", username) return nil } - user, err = s.newUser(ctx, username, cfg) + user, err = s.newUser(username, cfg) if err != nil { log.Error("CreateUser: %v", err) return nil @@ -118,8 +135,8 @@ func (s *SSPI) VerifyAuthData(req *http.Request, store DataStore, sess SessionSt } // Make sure requests to API paths and PWA resources do not create a new session - if !isAPIPath(ctx) && !isAttachmentDownload(ctx) { - handleSignIn(ctx, sess, user) + if !isAPIPath(req) && !isAttachmentDownload(req) { + handleSignIn(w, req, sess, user) } return user @@ -146,7 +163,7 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) { if path == "/user/login" { if req.FormValue("user_name") != "" && req.FormValue("password") != "" { shouldAuth = false - } else if ctx.Req.FormValue("auth_with_sspi") == "1" { + } else if req.FormValue("auth_with_sspi") == "1" { shouldAuth = true } } else if isInternalPath(req) { @@ -217,20 +234,6 @@ func sanitizeUsername(username string, cfg *models.SSPIConfig) string { return username } -// addFlashErr adds an error message to the Flash object mapped to a macaron.Context -func addFlashErr(ctx *macaron.Context, err string) { - fv := ctx.GetVal(reflect.TypeOf(&session.Flash{})) - if !fv.IsValid() { - return - } - flash, ok := fv.Interface().(*session.Flash) - if !ok { - return - } - flash.Error(err) - ctx.Data["Flash"] = flash -} - // init registers the SSPI auth method as the last method in the list. // The SSPI plugin is expected to be executed last, as it returns 401 status code if negotiation // fails (or if negotiation should continue), which would prevent other authentication methods |