aboutsummaryrefslogtreecommitdiffstats
path: root/routers/admin/auths.go
Commit message (Collapse)AuthorAgeFilesLines
* Move macaron to chi (#14293)Lunny Xiao2021-01-261-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
* Custom icons for OAuth sources (#14161)Timo Ley2020-12-281-0/+1
| | | | | | | | | | | | | * Add Icon URL to Backend * Template for Icon URL * Localization & Edit Icon URL * Improve Custom Icon URL * Removed not working else Co-authored-by: 6543 <6543@obermui.de>
* migrate from com.* to alternatives (#14103)65432020-12-251-2/+1
| | | | | | | | | | | | | | | * remove github.com/unknwon/com from models * dont use "com.ToStr()" * replace "com.ToStr" with "fmt.Sprint" where its easy to do * more refactor * fix test * just "proxy" Copy func for now * as per @lunny
* Remove PAM from auth dropdown when unavailable (#13276)John Olheiser2020-10-231-8/+15
| | | Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add check for LDAP group membership (#10869)John Olheiser2020-09-101-0/+5
| | | | | | | | | | | | | | This is a port of gogs/gogs#4398 The only changes made by myself are: Add locales Add some JS to the UI Otherwise all code credit goes to @aboron Resolves #10829 Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Upgrade xorm to v1.0.0 (#10646)Lunny Xiao2020-03-221-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Upgrade xorm to v1.0.0 * small nit * Fix tests * Update xorm * Update xorm * fix go.sum * fix test * Fix bug when dump * Fix bug * update xorm to latest * Fix migration test * update xorm to latest * Fix import order * Use xorm tag
* Add restricted user filter to LDAP authentication (#10600)Lauris BH2020-03-051-0/+1
| | | | | | * Add restricted user filter to LDAP authentification * Fix unit test cases
* Add option to prevent LDAP from deactivating everything on empty search (#9879)zeripath2020-01-201-0/+1
| | | | | | | | | | | * Add option to prevent LDAP from deactivating everything on empty search * Update options/locale/locale_en-US.ini Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add single sign-on support via SSPI on Windows (#8463)QuaSoft2019-11-231-0/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add single sign-on support via SSPI on Windows * Ensure plugins implement interface * Ensure plugins implement interface * Move functions used only by the SSPI auth method to sspi_windows.go * Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected * Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links. * Update documentation for the new 'SPNEGO with SSPI' login source * Mention in documentation that ROOT_URL should contain the FQDN of the server * Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing) * Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources) * Add option in SSPIConfig for removing of domains from logon names * Update helper text for StripDomainNames option * Make sure handleSignIn() is called after a new user object is created by SSPI auth method * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates * Remove code duplication * Log errors in ActiveLoginSources Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert suffix of randomly generated E-mails for Reverse proxy authentication Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert unneeded white-space change in template Co-Authored-By: Lauris BH <lauris@nix.lv> * Add copyright comments at the top of new files * Use loopback name for randomly generated emails * Add locale tag for the SSPISeparatorReplacement field with proper casing * Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields * Update docs/content/doc/features/authentication.en-us.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Remove Priority() method and define the order in which SSO auth methods should be executed in one place * Log authenticated username only if it's not empty * Rephrase helper text for automatic creation of users * Return error if more than one active SSPI auth source is found * Change newUser() function to return error, letting caller log/handle the error * Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed * Refactor initialization of the list containing SSO auth methods * Validate SSPI settings on POST * Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page * Make 'Default language' in SSPI config empty, unless changed by admin * Show error if admin tries to add a second authentication source of type SSPI * Simplify declaration of global variable * Rebuild gitgraph.js on Linux * Make sure config values containing only whitespace are not accepted
* Use gitea forked macaron (#7933)Tamal Saha2019-08-231-1/+1
| | | Signed-off-by: Tamal Saha <tamal@appscode.com>
* Fix error log when loading issues caused by a xorm bug (#7271)Lunny Xiao2019-06-231-1/+1
| | | | | | | | | | | | * fix error log when loading issues caused by a xorm bug * upgrade packages * fix fmt * fix Consistency * fix tests
* LDAP Public SSH Keys synchronization (#1844)Magnus Lindvall2018-05-241-18/+19
| | | | | | | | | | | | | | | | | | | * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
* Add option to use paged LDAP search when synchronizing users (#3895)Lauris BH2018-05-051-0/+5
|
* Handle refactor (#3339)Morgan Bazalgette2018-01-101-6/+6
| | | | | | * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound
* LDAP user synchronization (#1478)Lauris BH2017-05-101-4/+7
|
* Additional OAuth2 providers (#1010)Willem van Dreumel2017-05-011-7/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
* Oauth2 consumer (#679)Willem van Dreumel2017-02-221-1/+28
| | | | | | | | | | | | | | | | | | | | | | | | | * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
* Fix string format verbs (#3637)Alexander Lunegov2016-12-221-1/+1
|
* Golint fixed for modules/setting (#262)Lunny Xiao2016-11-271-4/+4
| | | | | | * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
* go lint fixed for routers/adminLunny Xiao2016-11-211-9/+15
|
* Update import paths from github.com/go-gitea to code.gitea.io (#135)Sandro Santilli2016-11-101-7/+7
| | | | | | | - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
* Fix type in unused constant name (#111)Sandro Santilli2016-11-071-14/+14
| | | | | | | | | | | | | | | | | | * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
* Security protocolsSandro Santilli2016-11-071-5/+5
|
* More mixageSandro Santilli2016-11-071-9/+9
|
* More...Sandro Santilli2016-11-071-5/+5
|
* Change import reference to match gitea instead of gogs (#37)Rémy Boulanouar2016-11-031-7/+7
|
* models/login_source: code improvementUnknwon2016-08-311-3/+2
|
* #3515 use alert instead 500 for duplicated login source nameUnknwon2016-08-311-2/+7
|
* Use SecurityProtocol to replace UseSSL in LDAP configUnknwon2016-07-081-16/+35
| | | | Initially proposed by #2376 and fixes #3068 as well.
* Rename module: middleware -> contextUnknwon2016-03-111-7/+7
|
* #1146 finsih UI work for access mode of collaboratorsUnknwon2016-03-051-3/+7
| | | | | Collaborators have write access as default, and can be changed via repository collaboration settings page to change between read, write and admin.
* LDAP: Fetch attributes in Bind DN context optionAdam Strzelecki2016-02-201-0/+1
| | | | | | | | | This is feature is workaround for #2628 (JumpCloud) and some other services that allow LDAP search only under BindDN user account, but not allow any LDAP search query in logged user DN context. Such approach is an alternative to minimal permissions security pattern for BindDN user.
* #1938 #1374 disable password change for non-local usersUnknwon2015-12-101-12/+12
|
* LDAP: Optional user name attribute specificationAdam Strzelecki2015-12-021-15/+16
| | | | | | | | | | | | | | | Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
* #1637 able to skip verify for LDAPUnknwon2015-09-141-1/+2
|
* #697 disable captcha and new admin create user UIUnknwon2015-09-131-2/+2
|
* #1625 remove auto_register and makes it defaultUnknwon2015-09-121-6/+4
|
* #1620 add allowed domains for SMTP authUnknwon2015-09-111-5/+6
|
* finish new edit auth UIUnknwon2015-09-111-95/+72
|
* finish new add auth UIUnknwon2015-09-101-9/+26
|
* more minor fix on 1581Unknwon2015-09-101-2/+4
|
* Added LDAP simple auth support.Sergio Benitez2015-09-041-2/+8
|
* #1542 A way to skip TLS verify for SMTP authenticationUnknwon2015-08-291-37/+39
|
* Set IsAdmin using LDAPGirish Ramakrishnan2015-08-181-0/+2
| | | | | | | | | The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
* Significantly enhanced LDAP support in Gogs.Sergio Benitez2015-08-121-9/+9
|
* Add PAM authenticationPaolo Borelli2015-04-241-0/+8
|
* #1124 LDAP add and edit form are misleadingUnknwon2015-03-241-15/+15
|
* Get username, name, surname and e-mail from LDAP serverLauris BH2015-02-081-18/+24
|
* Add suburl supportUnknwon2014-09-191-4/+4
|
* Allow Gogs to run from a suburl behind a reverse proxy. e.g. ↵Martin van Beurden2014-09-181-4/+5
| | | | | | | | | | | | | | http://mydomain.com/gogs/ Conflicts: modules/setting/setting.go Conflicts: templates/repo/release/list.tmpl templates/user/dashboard/dashboard.tmpl Conflicts: routers/repo/setting.go