diff options
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/admin/auths.go | 64 | ||||
| -rw-r--r-- | routers/init.go | 5 | ||||
| -rw-r--r-- | routers/repo/http.go | 4 | ||||
| -rw-r--r-- | routers/user/auth.go | 2 |
4 files changed, 73 insertions, 2 deletions
diff --git a/routers/admin/auths.go b/routers/admin/auths.go index 8e0c27e226..8a16e36bf5 100644 --- a/routers/admin/auths.go +++ b/routers/admin/auths.go @@ -5,7 +5,9 @@ package admin import ( + "errors" "fmt" + "regexp" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/auth" @@ -15,6 +17,7 @@ import ( "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "github.com/unknwon/com" "xorm.io/core" @@ -26,6 +29,11 @@ const ( tplAuthEdit base.TplName = "admin/auth/edit" ) +var ( + separatorAntiPattern = regexp.MustCompile(`[^\w-\.]`) + langCodePattern = regexp.MustCompile(`^[a-z]{2}-[A-Z]{2}$`) +) + // Authentications show authentication config page func Authentications(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("admin.authentication") @@ -55,6 +63,7 @@ var ( {models.LoginNames[models.LoginSMTP], models.LoginSMTP}, {models.LoginNames[models.LoginPAM], models.LoginPAM}, {models.LoginNames[models.LoginOAuth2], models.LoginOAuth2}, + {models.LoginNames[models.LoginSSPI], models.LoginSSPI}, } securityProtocols = []dropdownItem{ {models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted}, @@ -81,6 +90,12 @@ func NewAuthSource(ctx *context.Context) { ctx.Data["OAuth2Providers"] = models.OAuth2Providers ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings + ctx.Data["SSPIAutoCreateUsers"] = true + ctx.Data["SSPIAutoActivateUsers"] = true + ctx.Data["SSPIStripDomainNames"] = true + ctx.Data["SSPISeparatorReplacement"] = "_" + ctx.Data["SSPIDefaultLanguage"] = "" + // only the first as default for key := range models.OAuth2Providers { ctx.Data["oauth2_provider"] = key @@ -152,6 +167,30 @@ func parseOAuth2Config(form auth.AuthenticationForm) *models.OAuth2Config { } } +func parseSSPIConfig(ctx *context.Context, form auth.AuthenticationForm) (*models.SSPIConfig, error) { + if util.IsEmptyString(form.SSPISeparatorReplacement) { + ctx.Data["Err_SSPISeparatorReplacement"] = true + return nil, errors.New(ctx.Tr("form.SSPISeparatorReplacement") + ctx.Tr("form.require_error")) + } + if separatorAntiPattern.MatchString(form.SSPISeparatorReplacement) { + ctx.Data["Err_SSPISeparatorReplacement"] = true + return nil, errors.New(ctx.Tr("form.SSPISeparatorReplacement") + ctx.Tr("form.alpha_dash_dot_error")) + } + + if form.SSPIDefaultLanguage != "" && !langCodePattern.MatchString(form.SSPIDefaultLanguage) { + ctx.Data["Err_SSPIDefaultLanguage"] = true + return nil, errors.New(ctx.Tr("form.lang_select_error")) + } + + return &models.SSPIConfig{ + AutoCreateUsers: form.SSPIAutoCreateUsers, + AutoActivateUsers: form.SSPIAutoActivateUsers, + StripDomainNames: form.SSPIStripDomainNames, + SeparatorReplacement: form.SSPISeparatorReplacement, + DefaultLanguage: form.SSPIDefaultLanguage, + }, nil +} + // NewAuthSourcePost response for adding an auth source func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) { ctx.Data["Title"] = ctx.Tr("admin.auths.new") @@ -166,6 +205,12 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) { ctx.Data["OAuth2Providers"] = models.OAuth2Providers ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings + ctx.Data["SSPIAutoCreateUsers"] = true + ctx.Data["SSPIAutoActivateUsers"] = true + ctx.Data["SSPIStripDomainNames"] = true + ctx.Data["SSPISeparatorReplacement"] = "_" + ctx.Data["SSPIDefaultLanguage"] = "" + hasTLS := false var config core.Conversion switch models.LoginType(form.Type) { @@ -181,6 +226,19 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) { } case models.LoginOAuth2: config = parseOAuth2Config(form) + case models.LoginSSPI: + var err error + config, err = parseSSPIConfig(ctx, form) + if err != nil { + ctx.RenderWithErr(err.Error(), tplAuthNew, form) + return + } + existing, err := models.LoginSourcesByType(models.LoginSSPI) + if err != nil || len(existing) > 0 { + ctx.Data["Err_Type"] = true + ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_of_type_exist"), tplAuthNew, form) + return + } default: ctx.Error(400) return @@ -274,6 +332,12 @@ func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) { } case models.LoginOAuth2: config = parseOAuth2Config(form) + case models.LoginSSPI: + config, err = parseSSPIConfig(ctx, form) + if err != nil { + ctx.RenderWithErr(err.Error(), tplAuthEdit, form) + return + } default: ctx.Error(400) return diff --git a/routers/init.go b/routers/init.go index 4623f02e66..e161143f47 100644 --- a/routers/init.go +++ b/routers/init.go @@ -10,6 +10,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/models/migrations" + "code.gitea.io/gitea/modules/auth/sso" "code.gitea.io/gitea/modules/cache" "code.gitea.io/gitea/modules/cron" "code.gitea.io/gitea/modules/git" @@ -124,4 +125,8 @@ func GlobalInit() { ssh.Unused() } } + + if setting.InstallLock { + sso.Init() + } } diff --git a/routers/repo/http.go b/routers/repo/http.go index 63cce0f713..0025ba2af4 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -19,7 +19,7 @@ import ( "time" "code.gitea.io/gitea/models" - "code.gitea.io/gitea/modules/auth" + "code.gitea.io/gitea/modules/auth/sso" "code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/git" @@ -169,7 +169,7 @@ func HTTP(ctx *context.Context) { // Assume password is token authToken = authPasswd } - uid := auth.CheckOAuthAccessToken(authToken) + uid := sso.CheckOAuthAccessToken(authToken) if uid != 0 { ctx.Data["IsApiToken"] = true diff --git a/routers/user/auth.go b/routers/user/auth.go index d0ad4afffd..1596e11bbb 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -137,6 +137,7 @@ func SignIn(ctx *context.Context) { ctx.Data["SignInLink"] = setting.AppSubURL + "/user/login" ctx.Data["PageIsSignIn"] = true ctx.Data["PageIsLogin"] = true + ctx.Data["EnableSSPI"] = models.IsSSPIEnabled() ctx.HTML(200, tplSignIn) } @@ -156,6 +157,7 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) { ctx.Data["SignInLink"] = setting.AppSubURL + "/user/login" ctx.Data["PageIsSignIn"] = true ctx.Data["PageIsLogin"] = true + ctx.Data["EnableSSPI"] = models.IsSSPIEnabled() if ctx.HasError() { ctx.HTML(200, tplSignIn) |