aboutsummaryrefslogtreecommitdiffstats
path: root/services/auth/reverseproxy.go
Commit message (Collapse)AuthorAgeFilesLines
* auth/reverseproxy: Add support for full name (#20776)Will Norris2022-08-161-2/+8
| | | | | | | | | | | | This adds support for getting the user's full name from the reverse proxy in addition to username and email. Tested locally with caddy serving as reverse proxy with Tailscale authentication. Signed-off-by: Will Norris <will@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move almost all functions' parameter db.Engine to context.Context (#19748)Lunny Xiao2022-05-201-1/+1
| | | | * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions
* Respect DefaultUserIsRestricted system default when creating new user (#19310)Jimmy Praet2022-04-291-4/+9
| | | | | | | | | | | | | | | | | | | * Apply DefaultUserIsRestricted in CreateUser * Enforce system defaults in CreateUser Allow for overwrites with CreateUserOverwriteOptions * Fix compilation errors * Add "restricted" option to create user command * Add "restricted" option to create user admin api * Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed * Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed" This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033.
* format with gofumpt (#18184)65432022-01-201-2/+1
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Move user related model into models/user (#17781)Lunny Xiao2021-11-241-7/+7
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Extract constant names out for the ReverseProxy and Basic authentication ↵zeripath2021-11-201-1/+4
| | | | | | | | | methods (#17735) In order to reduce load on the GC extract out the constant names of the Basic and ReverseProxy methods. As mentioned in https://github.com/go-gitea/gitea/pull/15119#discussion_r730352176 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916)zeripath2021-09-021-1/+1
| | | | | | | Duplicate #15987 to allow access to releases download through BASIC authentication. Fix #16914 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Send registration email on user autoregistration (#16523)zeripath2021-08-121-0/+3
| | | | | | | | | | | When users login and are autoregistered send email notification. Fix #16178 * Protect public functions within the mailer by testing if the mailer is configured Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Refactor: Move login out of models (#16199)zeripath2021-07-241-11/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `models` does far too much. In particular it handles all `UserSignin`. It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in. Therefore we should move this code out of `models`. This code has to depend on `models` - therefore it belongs in `services`. There is a package in `services` called `auth` and clearly this functionality belongs in there. Plan: - [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication. - [x] Move `models.UserSignIn` into `auth` - [x] Move `models.ExternalUserLogin` - [x] Move most of the `LoginVia*` methods to `auth` or subpackages - [x] Move Resynchronize functionality to `auth` - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files. - [x] Move the rest of the LDAP functionality in to the ldap subpackage - [x] Re-factor the login sources to express an interfaces `auth.Source`? - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future - [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable - [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2 - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models. - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 - [x] More simplifications of login_source.go may need to be done - Allow wiring in of notify registration - *this can now easily be done - but I think we should do it in another PR* - see #16178 - More refactors...? - OpenID should probably become an auth Method but I think that can be left for another PR - Methods should also probably be cleaned up - again another PR I think. - SSPI still needs more refactors.* Rename auth.Auth auth.Method * Restructure ssh_key.go - move functions from models/user.go that relate to ssh_key to ssh_key - split ssh_key.go to try create clearer function domains for allow for future refactors here. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add sso.Group, context.Auth, context.APIAuth to allow auth special routes ↵Lunny Xiao2021-06-091-0/+125
(#16086) * Add sso.Group, context.Auth, context.APIAuth to allow auth special routes * Remove unnecessary check * Rename sso -> auth * remove unused method of Auth interface
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 07:24:03 +0000