aboutsummaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
Diffstat (limited to 'services')
-rw-r--r--services/auth/source/ldap/source.go1
-rw-r--r--services/auth/source/ldap/source_authenticate.go4
-rw-r--r--services/auth/source/ldap/source_search.go27
-rw-r--r--services/auth/source/ldap/source_sync.go15
-rw-r--r--services/forms/auth_form.go1
5 files changed, 42 insertions, 6 deletions
diff --git a/services/auth/source/ldap/source.go b/services/auth/source/ldap/source.go
index 3d02be4dc9..3e751f512b 100644
--- a/services/auth/source/ldap/source.go
+++ b/services/auth/source/ldap/source.go
@@ -42,6 +42,7 @@ type Source struct {
AttributeMail string // E-mail attribute
AttributesInBind bool // fetch attributes in bind context (not user)
AttributeSSHPublicKey string // LDAP SSH Public Key attribute
+ AttributeAvatar string
SearchPageSize uint32 // Search with paging page size
Filter string // Query filter to validate entry
AdminFilter string // Query filter to check if user is admin
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index f302a9d583..2719b5b715 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -96,6 +96,10 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
err = models.RewriteAllPublicKeys()
}
+ if err == nil && len(source.AttributeAvatar) > 0 {
+ _ = user.UploadAvatar(sr.Avatar)
+ }
+
return user, err
}
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
index 9fe2443768..1f1cca270d 100644
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -27,6 +27,7 @@ type SearchResult struct {
IsAdmin bool // if user is administrator
IsRestricted bool // if user is restricted
LowerName string // Lowername
+ Avatar []byte
}
func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
@@ -266,7 +267,8 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
return nil
}
- var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
+ isAttributeSSHPublicKeySet := len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
+ isAtributeAvatarSet := len(strings.TrimSpace(ls.AttributeAvatar)) > 0
attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
if len(strings.TrimSpace(ls.UserUID)) > 0 {
@@ -275,8 +277,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
if isAttributeSSHPublicKeySet {
attribs = append(attribs, ls.AttributeSSHPublicKey)
}
+ if isAtributeAvatarSet {
+ attribs = append(attribs, ls.AttributeAvatar)
+ }
- log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v', '%v' with filter '%s' and base '%s'", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, ls.UserUID, userFilter, userDN)
+ log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v', '%v', '%v' with filter '%s' and base '%s'", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, ls.AttributeAvatar, ls.UserUID, userFilter, userDN)
search := ldap.NewSearchRequest(
userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
attribs, nil)
@@ -296,6 +301,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
}
var sshPublicKey []string
+ var Avatar []byte
username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
@@ -363,6 +369,10 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
}
}
+ if isAtributeAvatarSet {
+ Avatar = sr.Entries[0].GetRawAttributeValue(ls.AttributeAvatar)
+ }
+
return &SearchResult{
LowerName: strings.ToLower(username),
Username: username,
@@ -372,6 +382,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
SSHPublicKey: sshPublicKey,
IsAdmin: isAdmin,
IsRestricted: isRestricted,
+ Avatar: Avatar,
}
}
@@ -403,14 +414,18 @@ func (ls *Source) SearchEntries() ([]*SearchResult, error) {
userFilter := fmt.Sprintf(ls.Filter, "*")
- var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
+ isAttributeSSHPublicKeySet := len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
+ isAtributeAvatarSet := len(strings.TrimSpace(ls.AttributeAvatar)) > 0
attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
if isAttributeSSHPublicKeySet {
attribs = append(attribs, ls.AttributeSSHPublicKey)
}
+ if isAtributeAvatarSet {
+ attribs = append(attribs, ls.AttributeAvatar)
+ }
- log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, ls.UserBase)
+ log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, ls.AttributeAvatar, userFilter, ls.UserBase)
search := ldap.NewSearchRequest(
ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
attribs, nil)
@@ -442,8 +457,10 @@ func (ls *Source) SearchEntries() ([]*SearchResult, error) {
if isAttributeSSHPublicKeySet {
result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)
}
+ if isAtributeAvatarSet {
+ result[i].Avatar = v.GetRawAttributeValue(ls.AttributeAvatar)
+ }
result[i].LowerName = strings.ToLower(result[i].Username)
-
}
return result, nil
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index f03e29f920..2df97aabd3 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -112,12 +112,18 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
if err != nil {
log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.loginSource.Name, su.Username, err)
- } else if isAttributeSSHPublicKeySet {
+ }
+
+ if err == nil && isAttributeSSHPublicKeySet {
log.Trace("SyncExternalUsers[%s]: Adding LDAP Public SSH Keys for user %s", source.loginSource.Name, usr.Name)
if models.AddPublicKeysBySource(usr, source.loginSource, su.SSHPublicKey) {
sshKeysNeedUpdate = true
}
}
+
+ if err == nil && len(source.AttributeAvatar) > 0 {
+ _ = usr.UploadAvatar(su.Avatar)
+ }
} else if updateExisting {
// Synchronize SSH Public Key if that attribute is set
if isAttributeSSHPublicKeySet && models.SynchronizePublicKeys(usr, source.loginSource, su.SSHPublicKey) {
@@ -150,6 +156,13 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.loginSource.Name, usr.Name, err)
}
}
+
+ if usr.IsUploadAvatarChanged(su.Avatar) {
+ if err == nil && len(source.AttributeAvatar) > 0 {
+ _ = usr.UploadAvatar(su.Avatar)
+ }
+
+ }
}
}
diff --git a/services/forms/auth_form.go b/services/forms/auth_form.go
index 229728cf7d..2c6966d266 100644
--- a/services/forms/auth_form.go
+++ b/services/forms/auth_form.go
@@ -29,6 +29,7 @@ type AuthenticationForm struct {
AttributeSurname string
AttributeMail string
AttributeSSHPublicKey string
+ AttributeAvatar string
AttributesInBind bool
UsePagedSearch bool
SearchPageSize int
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-14 19:39:02 +0000