Make LDAP be able to skip local 2FA (#16954)

This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources. Signed-off-by: Andrew Thornton <art27@cantab.net>
author: zeripath <art27@cantab.net> 2021-09-17 12:43:47 +0100
committer: GitHub <noreply@github.com> 2021-09-17 12:43:47 +0100
commit: 27b351aba564804f65e5574919a88d6194c75256 (patch)
tree: fa4857e05e344693e629aa14b05b7f8ffba42cfc /services/auth/basic.go
parent: f96d0d3d5b2acb3545c3a2ced7972879a9750c9d (diff)
download: gitea-27b351aba564804f65e5574919a88d6194c75256.tar.gz
gitea-27b351aba564804f65e5574919a88d6194c75256.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/services/auth/basic.go b/services/auth/basic.go
index 244f63d2f7..0c400b6b53 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -107,7 +107,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	}
 
 	log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
-	u, err := UserSignIn(uname, passwd)
+	u, source, err := UserSignIn(uname, passwd)
 	if err != nil {
 		if !models.IsErrUserNotExist(err) {
 			log.Error("UserSignIn: %v", err)
@@ -115,6 +115,10 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 		return nil
 	}
 
+	if skipper, ok := source.Cfg.(LocalTwoFASkipper); ok && skipper.IsSkipLocalTwoFA() {
+		store.GetData()["SkipLocalTwoFA"] = true
+	}
+
 	log.Trace("Basic Authorization: Logged in user %-v", u)
 
 	return u
author	zeripath <art27@cantab.net>	2021-09-17 12:43:47 +0100
committer	GitHub <noreply@github.com>	2021-09-17 12:43:47 +0100
commit	27b351aba564804f65e5574919a88d6194c75256 (patch)
tree	fa4857e05e344693e629aa14b05b7f8ffba42cfc /services/auth/basic.go
parent	f96d0d3d5b2acb3545c3a2ced7972879a9750c9d (diff)
download	gitea-27b351aba564804f65e5574919a88d6194c75256.tar.gz gitea-27b351aba564804f65e5574919a88d6194c75256.zip