diff options
| author | zeripath <art27@cantab.net> | 2021-12-14 08:37:11 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-14 16:37:11 +0800 |
| commit | 0981ec30c3d5218939d44fc2f40725b0b4a03684 (patch) | |
| tree | 5479fb309f9800310cf2268d493e1cd33abfeac6 /templates/admin | |
| parent | b4782e24d2821bbb5647eff2eaf5c338e92324db (diff) | |
| download | gitea-0981ec30c3d5218939d44fc2f40725b0b4a03684.tar.gz gitea-0981ec30c3d5218939d44fc2f40725b0b4a03684.zip | |
Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
* Add setting to OAuth handlers to override local 2FA settings
This PR adds a setting to OAuth and OpenID login sources to allow the source to
override local 2FA requirements.
Fix #13939
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix regression from #16544
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add scopes settings
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix trace logging in auth_openid
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add required claim options
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move UpdateExternalUser to externalaccount
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow OAuth2/OIDC to set Admin/Restricted status
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow use of the same group claim name for the prohibit login value
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixup! Move UpdateExternalUser to externalaccount
* as per wxiaoguang
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add label back in
Signed-off-by: Andrew Thornton <art27@cantab.net>
* adjust localisation
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'templates/admin')
| -rw-r--r-- | templates/admin/auth/edit.tmpl | 32 | ||||
| -rw-r--r-- | templates/admin/auth/source/oauth.tmpl | 27 |
2 files changed, 54 insertions, 5 deletions
diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl index e7215e2e1a..a9942354c0 100644 --- a/templates/admin/auth/edit.tmpl +++ b/templates/admin/auth/edit.tmpl @@ -286,11 +286,6 @@ <input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}> <p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p> </div> - </div> - - <div class="oauth2_use_custom_url inline field"> - <div class="ui checkbox"> - <label><strong>{{.i18n.Tr "admin.auths.oauth2_use_custom_url"}}</strong></label> <input id="oauth2_use_custom_url" name="oauth2_use_custom_url" type="checkbox" {{if $cfg.CustomURLMapping}}checked{{end}}> </div> </div> @@ -323,6 +318,33 @@ <input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden" /> <input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden" /> {{end}}{{end}} + + <div class="field"> + <label for="oauth2_scopes">{{.i18n.Tr "admin.auths.oauth2_scopes"}}</label> + <input id="oauth2_scopes" name="oauth2_scopes" value="{{if $cfg.Scopes}}{{Join $cfg.Scopes "," }}{{end}}"> + </div> + <div class="field"> + <label for="oauth2_required_claim_name">{{.i18n.Tr "admin.auths.oauth2_required_claim_name"}}</label> + <input id="oauth2_required_claim_name" name="oauth2_required_claim_name" values="{{$cfg.RequiredClaimName}}"> + <p class="help">{{.i18n.Tr "admin.auths.oauth2_required_claim_name_helper"}}</p> + </div> + <div class="field"> + <label for="oauth2_required_claim_value">{{.i18n.Tr "admin.auths.oauth2_required_claim_value"}}</label> + <input id="oauth2_required_claim_value" name="oauth2_required_claim_value" values="{{$cfg.RequiredClaimValue}}"> + <p class="help">{{.i18n.Tr "admin.auths.oauth2_required_claim_value_helper"}}</p> + </div> + <div class="field"> + <label for="oauth2_group_claim_name">{{.i18n.Tr "admin.auths.oauth2_group_claim_name"}}</label> + <input id="oauth2_group_claim_name" name="oauth2_group_claim_name" value="{{$cfg.GroupClaimName}}"> + </div> + <div class="field"> + <label for="oauth2_admin_group">{{.i18n.Tr "admin.auths.oauth2_admin_group"}}</label> + <input id="oauth2_admin_group" name="oauth2_admin_group" value="{{$cfg.AdminGroup}}"> + </div> + <div class="field"> + <label for="oauth2_restricted_group">{{.i18n.Tr "admin.auths.oauth2_restricted_group"}}</label> + <input id="oauth2_restricted_group" name="oauth2_restricted_group" value="{{$cfg.RestrictedGroup}}"> + </div> {{end}} <!-- SSPI --> diff --git a/templates/admin/auth/source/oauth.tmpl b/templates/admin/auth/source/oauth.tmpl index 6e91da14e2..85c7cb6166 100644 --- a/templates/admin/auth/source/oauth.tmpl +++ b/templates/admin/auth/source/oauth.tmpl @@ -71,4 +71,31 @@ <input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden" /> <input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden" /> {{end}}{{end}} + + <div class="field"> + <label for="oauth2_scopes">{{.i18n.Tr "admin.auths.oauth2_scopes"}}</label> + <input id="oauth2_scopes" name="oauth2_scopes" values="{{.oauth2_scopes}}"> + </div> + <div class="field"> + <label for="oauth2_required_claim_name">{{.i18n.Tr "admin.auths.oauth2_required_claim_name"}}</label> + <input id="oauth2_required_claim_name" name="oauth2_required_claim_name" values="{{.oauth2_required_claim_name}}"> + <p class="help">{{.i18n.Tr "admin.auths.oauth2_required_claim_name_helper"}}</p> + </div> + <div class="field"> + <label for="oauth2_required_claim_value">{{.i18n.Tr "admin.auths.oauth2_required_claim_value"}}</label> + <input id="oauth2_required_claim_value" name="oauth2_required_claim_value" values="{{.oauth2_required_claim_value}}"> + <p class="help">{{.i18n.Tr "admin.auths.oauth2_required_claim_value_helper"}}</p> + </div> + <div class="field"> + <label for="oauth2_group_claim_name">{{.i18n.Tr "admin.auths.oauth2_group_claim_name"}}</label> + <input id="oauth2_group_claim_name" name="oauth2_group_claim_name" value="{{.oauth2_group_claim_name}}"> + </div> + <div class="field"> + <label for="oauth2_admin_group">{{.i18n.Tr "admin.auths.oauth2_admin_group"}}</label> + <input id="oauth2_admin_group" name="oauth2_admin_group" value="{{.oauth2_group_claim_name}}"> + </div> + <div class="field"> + <label for="oauth2_restricted_group">{{.i18n.Tr "admin.auths.oauth2_restricted_group"}}</label> + <input id="oauth2_restricted_group" name="oauth2_restricted_group" value="{{.oauth2_group_claim_name}}"> + </div> </div> |