aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web/user/auth.go
Commit message (Collapse)AuthorAgeFilesLines
* Refactor auth package (#17962)Lunny Xiao2022-01-021-2006/+0
|
* Reset Session ID on login (#18018)zeripath2021-12-201-5/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Reset Session ID on login When logging in the SessionID should be reset and the session cleaned up. Signed-off-by: Andrew Thornton <art27@cantab.net> * with new session.RegenerateID function Signed-off-by: Andrew Thornton <art27@cantab.net> * update go-chi/session Signed-off-by: Andrew Thornton <art27@cantab.net> * Ensure that session id is changed after oauth data is set and between account linking pages too Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net>
* Simplify parameter types (#18006)Gusted2021-12-201-1/+1
| | | Remove repeated type declarations in function definitions.
* Reset locale on login (#18023)zeripath2021-12-191-0/+33
| | | | | | | | | | | | | | * Reset locale on login Fix #18020 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update routers/web/user/auth.go Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Ensure complexity, minlength and ispwned are checked on password setting ↵zeripath2021-12-171-1/+16
| | | | | | | | | | | | (#18005) It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix #17977 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor HTTP request context (#17979)wxiaoguang2021-12-151-1/+1
|
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along ↵zeripath2021-12-141-22/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move more model into models/user (#17826)Lunny Xiao2021-11-281-8/+7
| | | | | | | | * Move more model into models/user * Remove unnecessary comment Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix value of User.IsRestricted to default setting when oauth2 user auto ↵Galen Suen2021-11-281-7/+8
| | | | registration; (#17839)
* Move user related model into models/user (#17781)Lunny Xiao2021-11-241-62/+62
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Remove unnecessary attributes of User struct (#17745)Lunny Xiao2021-11-221-8/+9
| | | | | | | | | | | | | | | * Remove unnecessary functions of User struct * Move more database methods out of user struct * Move more database methods out of user struct * Fix template failure * Fix bug * Remove finished FIXME * remove unnecessary code
* Reset locale on login (#17734)zeripath2021-11-201-0/+4
| | | | | | | | | When logging in reset the user's locale to ensure that it matches their preferred locale. Fix #15612 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move EmailAddress & UserRedirect into models/user/ (#17607)Lunny Xiao2021-11-111-5/+6
| | | | | | | | | | | | | | | | | | | | | * Move EmailAddress into models/user/ * Fix test * rename user_mail to user_email * Fix test * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint
* Allow U2F 2FA without TOTP (#11573)Kamil Domański2021-11-081-10/+35
| | | | | | | This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495
* Simplify Gothic to use our session store instead of creating a different ↵zeripath2021-11-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | store (#17507) * Simplify Gothic to use our session store instead of creating a different store We have been using xormstore to provide a separate session store for our OAuth2 logins however, this relies on using gorilla context and some doubling of our session storing. We can however, simplify and simply use our own chi-based session store. Thus removing a cookie and some of the weirdness with missing contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * Handle MaxTokenLength Signed-off-by: Andrew Thornton <art27@cantab.net> * oops Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Don't panic if we fail to parse U2FRegistration data (#17304)David Jimenez2021-10-141-1/+1
| | | | | | | | | * Don't panic if we fail to parse a U2FRegistration data Downgrade logging statement from Fatal to Error so that errors parsing U2FRegistration data does not panic; instead, the invalid key will be skipped and we will attempt to parse the next one, if available. Signed-off-by: David Jimenez <dvejmz@sgfault.com>
* AutoRegistration is supposed to be working with disabled registration (#17219)Viktor Kuzmin2021-10-111-1/+1
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Move twofactor to models/login (#17143)Lunny Xiao2021-09-251-20/+20
|
* Move login related structs and functions to models/login (#17093)Lunny Xiao2021-09-241-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
* refactor: move from io/ioutil to io and os package (#17109)Eng Zer Jun2021-09-221-2/+1
| | | | | | | | | The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move db related basic functions to models/db (#17075)Lunny Xiao2021-09-191-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | * Move db related basic functions to models/db * Fix lint * Fix lint * Fix test * Fix lint * Fix lint * revert unnecessary change * Fix test * Fix wrong replace string * Use *Context * Correct committer spelling and fix wrong replaced words Co-authored-by: zeripath <art27@cantab.net>
* Make LDAP be able to skip local 2FA (#16954)zeripath2021-09-171-2/+12
| | | | | | This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add setting to OAuth handlers to skip local 2FA authentication (#16594)zeripath2021-09-101-8/+12
| | | | | | | | This PR adds a setting to OAuth and OpenID login sources to allow the source to skip local 2FA authentication. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Related refactors to ctx.FormX functions (#16567)65432021-08-111-2/+1
| | | | | | | * use FormTrim if posible * speedup goGet * only convert if nessesary
* Rename ctx.Form() to ctx.FormString() and move code into own file (#16571)65432021-08-111-13/+13
| | | | | | | Followup from #16562 prepare for #16567 * Rename ctx.Form() to ctx.FormString() * Reimplement FormX func to need less code and cpu cycles * Move code into own file
* Rename context.Query to context.Form (#16562)Lunny Xiao2021-07-291-15/+15
|
* Refactor: Move login out of models (#16199)zeripath2021-07-241-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `models` does far too much. In particular it handles all `UserSignin`. It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in. Therefore we should move this code out of `models`. This code has to depend on `models` - therefore it belongs in `services`. There is a package in `services` called `auth` and clearly this functionality belongs in there. Plan: - [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication. - [x] Move `models.UserSignIn` into `auth` - [x] Move `models.ExternalUserLogin` - [x] Move most of the `LoginVia*` methods to `auth` or subpackages - [x] Move Resynchronize functionality to `auth` - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files. - [x] Move the rest of the LDAP functionality in to the ldap subpackage - [x] Re-factor the login sources to express an interfaces `auth.Source`? - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future - [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable - [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2 - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models. - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 - [x] More simplifications of login_source.go may need to be done - Allow wiring in of notify registration - *this can now easily be done - but I think we should do it in another PR* - see #16178 - More refactors...? - OpenID should probably become an auth Method but I think that can be left for another PR - Methods should also probably be cleaned up - again another PR I think. - SSPI still needs more refactors.* Rename auth.Auth auth.Method * Restructure ssh_key.go - move functions from models/user.go that relate to ssh_key to ssh_key - split ssh_key.go to try create clearer function domains for allow for future refactors here. Signed-off-by: Andrew Thornton <art27@cantab.net>
* add configuration option to restrict users by default (#16256)Richard Nienaber2021-07-151-4/+5
| | | | | | | | | | | | | | | | | | * add configuration option to restrict users by default * default IsRestricted permission only set on sign up setting this in the model messes with other workflows (e.g. syncing LDAP users) where the IsRestricted permission needs to be explicitly set and not overridden by a config value * fix formatting * Apply suggestions from code review * ensure newly created user is set to restricted * ensure imports are in the correct order Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix activation of primary email addresses (#16385)Meano2021-07-131-3/+9
| | | | | | | | | | | | | | | | * fix: primary email cannot be activated * Primary email should be activated together with user account when 'RegisterEmailConfirm' is enabled. * To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the admin should have permission to modify the activations status of user email. And the user should be allowed to send activation to primary email. * Only judge whether email is primary from email_address table. * Improve logging and refactor isEmailActive Co-authored-by: zeripath <art27@cantab.net>
* Fix various documentation, user-facing, and source comment typos (#16367)luzpaz2021-07-081-1/+1
| | | | | * Fix various doc, user-facing, and source comment typos Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
* Add better errors for disabled account recovery (#15117)John Olheiser2021-06-251-0/+1
| | | | | | Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Refactor routers directory (#15800)Lunny Xiao2021-06-091-0/+1769
* refactor routers directory * move func used for web and api to common * make corsHandler a function to prohibit side efects * rm unused func Co-authored-by: 6543 <6543@obermui.de>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 06:09:31 +0000