aboutsummaryrefslogtreecommitdiffstats
path: root/services/auth/source
diff options
context:
space:
mode:
Diffstat (limited to 'services/auth/source')
-rw-r--r--services/auth/source/ldap/source_authenticate.go2
-rw-r--r--services/auth/source/ldap/source_search.go6
-rw-r--r--services/auth/source/ldap/source_sync.go7
-rw-r--r--services/auth/source/oauth2/providers.go1
-rw-r--r--services/auth/source/oauth2/providers_base.go7
-rw-r--r--services/auth/source/oauth2/providers_openid.go4
-rw-r--r--services/auth/source/oauth2/source.go3
-rw-r--r--services/auth/source/oauth2/store.go15
-rw-r--r--services/auth/source/oauth2/urlmapping.go10
9 files changed, 35 insertions, 20 deletions
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index a2e8c2b86a..6005a4744a 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -58,7 +58,7 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
opts := &user_service.UpdateOptions{}
if source.AdminFilter != "" && user.IsAdmin != sr.IsAdmin {
// Change existing admin flag only if AdminFilter option is set
- opts.IsAdmin = optional.Some(sr.IsAdmin)
+ opts.IsAdmin = user_service.UpdateOptionFieldFromSync(sr.IsAdmin)
}
if !sr.IsAdmin && source.RestrictedFilter != "" && user.IsRestricted != sr.IsRestricted {
// Change existing restricted flag only if RestrictedFilter option is set
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
index fa2c45ce4a..f6c032492f 100644
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -117,10 +117,10 @@ func dial(source *Source) (*ldap.Conn, error) {
}
if source.SecurityProtocol == SecurityProtocolLDAPS {
- return ldap.DialTLS("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port)), tlsConfig) //nolint:staticcheck
+ return ldap.DialTLS("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port)), tlsConfig) //nolint:staticcheck // DialTLS is deprecated
}
- conn, err := ldap.Dial("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port))) //nolint:staticcheck
+ conn, err := ldap.Dial("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port))) //nolint:staticcheck // Dial is deprecated
if err != nil {
return nil, fmt.Errorf("error during Dial: %w", err)
}
@@ -241,7 +241,7 @@ func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string, applyGr
}
func (source *Source) getUserAttributeListedInGroup(entry *ldap.Entry) string {
- if strings.ToLower(source.UserUID) == "dn" {
+ if strings.EqualFold(source.UserUID, "dn") {
return entry.DN
}
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index 678b6b2b62..7b401c5c96 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -162,7 +162,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
IsActive: optional.Some(true),
}
if source.AdminFilter != "" {
- opts.IsAdmin = optional.Some(su.IsAdmin)
+ opts.IsAdmin = user_service.UpdateOptionFieldFromSync(su.IsAdmin)
}
// Change existing restricted flag only if RestrictedFilter option is set
if !su.IsAdmin && source.RestrictedFilter != "" {
@@ -178,8 +178,9 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
}
}
- if usr.IsUploadAvatarChanged(su.Avatar) {
- if err == nil && source.AttributeAvatar != "" {
+ if source.AttributeAvatar != "" {
+ if len(su.Avatar) > 0 && usr.IsUploadAvatarChanged(su.Avatar) {
+ log.Trace("SyncExternalUsers[%s]: Uploading new avatar for %s", source.AuthSource.Name, usr.Name)
_ = user_service.UploadAvatar(ctx, usr, su.Avatar)
}
}
diff --git a/services/auth/source/oauth2/providers.go b/services/auth/source/oauth2/providers.go
index f2c1bb4894..75ed41ba66 100644
--- a/services/auth/source/oauth2/providers.go
+++ b/services/auth/source/oauth2/providers.go
@@ -27,6 +27,7 @@ type Provider interface {
DisplayName() string
IconHTML(size int) template.HTML
CustomURLSettings() *CustomURLSettings
+ SupportSSHPublicKey() bool
}
// GothProviderCreator provides a function to create a goth.Provider
diff --git a/services/auth/source/oauth2/providers_base.go b/services/auth/source/oauth2/providers_base.go
index 9d4ab106e5..d34597d6d9 100644
--- a/services/auth/source/oauth2/providers_base.go
+++ b/services/auth/source/oauth2/providers_base.go
@@ -14,6 +14,13 @@ import (
type BaseProvider struct {
name string
displayName string
+
+ // TODO: maybe some providers also support SSH public keys, then they can set this to true
+ supportSSHPublicKey bool
+}
+
+func (b *BaseProvider) SupportSSHPublicKey() bool {
+ return b.supportSSHPublicKey
}
// Name provides the technical name for this provider
diff --git a/services/auth/source/oauth2/providers_openid.go b/services/auth/source/oauth2/providers_openid.go
index 285876d5ac..e86dc48232 100644
--- a/services/auth/source/oauth2/providers_openid.go
+++ b/services/auth/source/oauth2/providers_openid.go
@@ -17,6 +17,10 @@ import (
// OpenIDProvider is a GothProvider for OpenID
type OpenIDProvider struct{}
+func (o *OpenIDProvider) SupportSSHPublicKey() bool {
+ return true
+}
+
// Name provides the technical name for this provider
func (o *OpenIDProvider) Name() string {
return "openidConnect"
diff --git a/services/auth/source/oauth2/source.go b/services/auth/source/oauth2/source.go
index 08837de377..00d89b3481 100644
--- a/services/auth/source/oauth2/source.go
+++ b/services/auth/source/oauth2/source.go
@@ -27,6 +27,9 @@ type Source struct {
GroupTeamMap string
GroupTeamMapRemoval bool
RestrictedGroup string
+
+ SSHPublicKeyClaimName string
+ FullNameClaimName string
}
// FromDB fills up an OAuth2Config from serialized format.
diff --git a/services/auth/source/oauth2/store.go b/services/auth/source/oauth2/store.go
index 90fa965602..7b6b26edc8 100644
--- a/services/auth/source/oauth2/store.go
+++ b/services/auth/source/oauth2/store.go
@@ -11,7 +11,6 @@ import (
"code.gitea.io/gitea/modules/log"
session_module "code.gitea.io/gitea/modules/session"
- chiSession "gitea.com/go-chi/session"
"github.com/gorilla/sessions"
)
@@ -35,11 +34,11 @@ func (st *SessionsStore) New(r *http.Request, name string) (*sessions.Session, e
// getOrNew gets the session from the chi-session if it exists. Override permits the overriding of an unexpected object.
func (st *SessionsStore) getOrNew(r *http.Request, name string, override bool) (*sessions.Session, error) {
- chiStore := chiSession.GetSession(r)
+ store := session_module.GetContextSession(r)
session := sessions.NewSession(st, name)
- rawData := chiStore.Get(name)
+ rawData := store.Get(name)
if rawData != nil {
oldSession, ok := rawData.(*sessions.Session)
if ok {
@@ -56,21 +55,21 @@ func (st *SessionsStore) getOrNew(r *http.Request, name string, override bool) (
}
session.IsNew = override
- session.ID = chiStore.ID() // Simply copy the session id from the chi store
+ session.ID = store.ID() // Simply copy the session id from the chi store
- return session, chiStore.Set(name, session)
+ return session, store.Set(name, session)
}
// Save should persist session to the underlying store implementation.
func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error {
- chiStore := chiSession.GetSession(r)
+ store := session_module.GetContextSession(r)
if session.IsNew {
_, _ = session_module.RegenerateSession(w, r)
session.IsNew = false
}
- if err := chiStore.Set(session.Name(), session); err != nil {
+ if err := store.Set(session.Name(), session); err != nil {
return err
}
@@ -83,7 +82,7 @@ func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *s
}
}
- return chiStore.Release()
+ return store.Release()
}
type sizeWriter struct {
diff --git a/services/auth/source/oauth2/urlmapping.go b/services/auth/source/oauth2/urlmapping.go
index d0442d58a8..b9f445caa7 100644
--- a/services/auth/source/oauth2/urlmapping.go
+++ b/services/auth/source/oauth2/urlmapping.go
@@ -14,11 +14,11 @@ type CustomURLMapping struct {
// CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs
type CustomURLSettings struct {
- AuthURL Attribute `json:",omitempty"`
- TokenURL Attribute `json:",omitempty"`
- ProfileURL Attribute `json:",omitempty"`
- EmailURL Attribute `json:",omitempty"`
- Tenant Attribute `json:",omitempty"`
+ AuthURL Attribute
+ TokenURL Attribute
+ ProfileURL Attribute
+ EmailURL Attribute
+ Tenant Attribute
}
// Attribute describes the availability, and required status for a custom url configuration
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-30 20:15:36 +0000