mirrors
/
gitea
spogulis no https://github.com/go-gitea/gitea.git
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Laidieni 210 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
7605 Revīzijas
17 Atzari
Koks: f9ec2f89f2
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'f9ec2f89f2'
${ noResults }
gitea/models/login_source.go

login_source.go 19KB
Neapstrādāts Parastais skats Vēsture

Add tar.gz download button and other mirror updates
pirms 10 gadiem
fix code
pirms 10 gadiem
add login.go
pirms 10 gadiem
ldap support
pirms 10 gadiem
Make gmail auth work
pirms 10 gadiem
ldap support
pirms 10 gadiem
basic authentications
pirms 10 gadiem
add smtp authentication
pirms 10 gadiem
#2152 fix SMTP authentication makes invalid assumption on protocol
pirms 8 gadiem
Remove macaron dependent on models (#6940)
pirms 5 gadiem
merge all login methods
pirms 10 gadiem
add login.go
pirms 10 gadiem
finish new edit auth UI
pirms 8 gadiem
ldap support
pirms 10 gadiem
basic authentications
pirms 10 gadiem
fix code
pirms 10 gadiem
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
pirms 7 gadiem
fix 500 when use a duplicat email instead of giving an error tip (#1040)
pirms 7 gadiem
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
pirms 7 gadiem
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
pirms 6 gadiem
ldap support
pirms 10 gadiem
add login.go
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
Add tar.gz download button and other mirror updates
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
basic authentications
pirms 10 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
fix 500 when use a duplicat email instead of giving an error tip (#1040)
pirms 7 gadiem
basic authentications
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new add auth UI
pirms 8 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
basic authentications
pirms 10 gadiem
add login.go
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
pirms 7 gadiem
Security protocols
pirms 7 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
Rewrite XORM queries
pirms 7 gadiem
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
pirms 7 gadiem
Fix spelling errors in comments.
pirms 9 gadiem
Fix edit auth page bug
pirms 10 gadiem
Add PAM authentication
pirms 9 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Fix edit auth page bug
pirms 10 gadiem
add login.go
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
add login.go
pirms 10 gadiem
#1637 able to skip verify for LDAP
pirms 8 gadiem
add login.go
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
add login.go
pirms 10 gadiem
#1637 able to skip verify for LDAP
pirms 8 gadiem
add login.go
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
add login.go
pirms 10 gadiem
#1637 able to skip verify for LDAP
pirms 8 gadiem
add login.go
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
pirms 7 gadiem
Lint models/login_source.go
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
#1620 add allowed domains for SMTP auth
pirms 8 gadiem
add smtp authentication
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
Lint models/login_source.go
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
Lint models/login_source.go
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
models/login_source: code improvement
pirms 7 gadiem
add login.go
pirms 10 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
#2302 Replace time.Time with Unix Timestamp (int64)
pirms 8 gadiem
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
pirms 6 gadiem
ldap support
pirms 10 gadiem
#2349 try to handle []int8 case
pirms 8 gadiem
#2349 fix convert type
pirms 8 gadiem
#2349 try to handle []int8 case
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
Add golangci (#6418)
pirms 5 gadiem
#2349 try to handle []int8 case
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new add auth UI
pirms 8 gadiem
basic authentications
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Lint models/login_source.go
pirms 7 gadiem
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
pirms 7 gadiem
Security protocols
pirms 7 gadiem
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
pirms 7 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
Security protocols
pirms 7 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
#1637 able to skip verify for LDAP
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1637 able to skip verify for LDAP
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1637 able to skip verify for LDAP
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
basic authentications
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
Lint models/login_source.go
pirms 7 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Lint models/login_source.go
pirms 7 gadiem
#3515 use alert instead 500 for duplicated login source name
pirms 7 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
#3515 use alert instead 500 for duplicated login source name
pirms 7 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Add golangci (#6418)
pirms 5 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Add tar.gz download button and other mirror updates
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
#697 disable captcha and new admin create user UI
pirms 8 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
ldap support
pirms 10 gadiem
APIs: admin users
pirms 8 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
basic authentications
pirms 10 gadiem
Replace deprecated Id method with ID (#2655)
pirms 6 gadiem
basic authentications
pirms 10 gadiem
Add tar.gz download button and other mirror updates
pirms 10 gadiem
#3515 use alert instead 500 for duplicated login source name
pirms 7 gadiem
basic authentications
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
add support for smtp authentication
pirms 10 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Replace deprecated Id method with ID (#2655)
pirms 6 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Add golangci (#6418)
pirms 5 gadiem
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
pirms 7 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
ldap support
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
finish new edit auth UI
pirms 8 gadiem
basic authentications
pirms 10 gadiem
finish new edit auth UI
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
basic authentications
pirms 10 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Replace deprecated Id method with ID (#2655)
pirms 6 gadiem
ldap support
pirms 10 gadiem
add login.go
pirms 10 gadiem
merge all login methods
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
merge all login methods
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
Remove macaron dependent on models (#6940)
pirms 5 gadiem
Add golangci (#6418)
pirms 5 gadiem
Remove macaron dependent on models (#6940)
pirms 5 gadiem
models/login_source: code improvement
pirms 7 gadiem
minor fix on #1694
pirms 8 gadiem
Fix typos
pirms 7 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
work on #672
pirms 9 gadiem
fixed bug #151 caused Find should be Get (#153)
pirms 7 gadiem
merge all login methods
pirms 10 gadiem
Significantly enhanced LDAP support in Gogs.
pirms 8 gadiem
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
pirms 5 gadiem
merge all login methods
pirms 10 gadiem
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
pirms 5 gadiem
Add golangci (#6418)
pirms 5 gadiem
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
pirms 5 gadiem
models/login_source: code improvement
pirms 7 gadiem
merge all login methods
pirms 10 gadiem
work on #672
pirms 9 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
pirms 8 gadiem
#2709 validate username attribute fetched from LDAP
pirms 7 gadiem
Remove macaron dependent on models (#6940)
pirms 5 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
#2709 validate username attribute fetched from LDAP
pirms 7 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
work on #672
pirms 9 gadiem
models/login_source: code improvement
pirms 7 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
Added LDAP simple auth support.
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
work on #672
pirms 9 gadiem
LDAP user synchronization (#1478)
pirms 7 gadiem
merge all login methods
pirms 10 gadiem
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
pirms 5 gadiem
Add golangci (#6418)
pirms 5 gadiem
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
pirms 5 gadiem
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
pirms 8 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
Lint models/login_source.go
pirms 7 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
add smtp authentication
pirms 10 gadiem
Make gmail auth work
pirms 10 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
smtp login bug fixed
pirms 10 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
smtp login bug fixed
pirms 10 gadiem
Clean old LDAP code
pirms 10 gadiem
add smtp authentication
pirms 10 gadiem
Fix lint errors (#2547)
pirms 6 gadiem
add smtp authentication
pirms 10 gadiem
Add tar.gz download button and other mirror updates
pirms 10 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1620 add allowed domains for SMTP auth
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1620 add allowed domains for SMTP auth
pirms 8 gadiem
fixed bug #151 caused Find should be Get (#153)
pirms 7 gadiem
fix 500 when use a duplicat email instead of giving an error tip (#1040)
pirms 7 gadiem
fixed bug #151 caused Find should be Get (#153)
pirms 7 gadiem
#1620 add allowed domains for SMTP auth
pirms 8 gadiem
add smtp authentication
pirms 10 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
models/login_source: code improvement
pirms 7 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
models/login_source: code improvement
pirms 7 gadiem
smtp login bug fixed
pirms 10 gadiem
Make gmail auth work
pirms 10 gadiem
add smtp authentication
pirms 10 gadiem
#1542 A way to skip TLS verify for SMTP authentication
pirms 8 gadiem
#2152 fix SMTP authentication makes invalid assumption on protocol
pirms 8 gadiem
fixed bug #151 caused Find should be Get (#153)
pirms 7 gadiem
Make gmail auth work
pirms 10 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
smtp login bug fixed
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
smtp login bug fixed
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1938 #1374 disable password change for non-local users
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
models/login_source: code improvement
pirms 7 gadiem
add smtp authentication
pirms 10 gadiem
Add PAM authentication
pirms 9 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
golint fixed for modules/auth
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
fixed bug #151 caused Find should be Get (#153)
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
models/login_source: code improvement
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
models/login_source: code improvement
pirms 7 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
#1938 #1374 disable password change for non-local users
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
models/login_source: code improvement
pirms 7 gadiem
Add PAM authentication
pirms 9 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Lint models/login_source.go
pirms 7 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
pirms 5 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
pirms 5 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
pirms 5 gadiem
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
pirms 7 gadiem
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
pirms 5 gadiem
fix bug when user login and want to resend register confirmation email (#6482)
pirms 5 gadiem
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
pirms 5 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
pirms 5 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Fix typos
pirms 7 gadiem
models/login_source: code improvement
pirms 7 gadiem
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
pirms 7 gadiem
fix 500 when use a duplicat email instead of giving an error tip (#1040)
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
fix bug not to trim space of login username (#1796)
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Only allow local login if password is non-empty (#5906)
pirms 5 gadiem
fix bug when user login and want to resend register confirmation email (#6482)
pirms 5 gadiem
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
pirms 5 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
fixed bug #151 caused Find should be Get (#153)
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Replace deprecated Id method with ID (#2655)
pirms 6 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Fix typos
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Replace calls to xorm UseBool with Where (#2237)
pirms 6 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
pirms 7 gadiem
Fix typos
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
models/login_source: code improvement
pirms 7 gadiem
#1625 remove auto_register and makes it default
pirms 8 gadiem
fixed bug #151 caused Find should be Get (#153)
pirms 7 gadiem
gofmt (#1662)
pirms 7 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"encoding/json"

  10. 	"errors"

  11. 	"fmt"

  12. 	"net/smtp"

  13. 	"net/textproto"

  14. 	"regexp"

  15. 	"strings"

  16. 

  17. 	"github.com/Unknwon/com"

  18. 	"github.com/go-xorm/core"

  19. 	"github.com/go-xorm/xorm"

  20. 

  21. 	"code.gitea.io/gitea/modules/auth/ldap"

  22. 	"code.gitea.io/gitea/modules/auth/oauth2"

  23. 	"code.gitea.io/gitea/modules/auth/pam"

  24. 	"code.gitea.io/gitea/modules/log"

  25. 	"code.gitea.io/gitea/modules/util"

  26. )

  27. 

  28. // LoginType represents an login type.

  29. type LoginType int

  30. 

  31. // Note: new type must append to the end of list to maintain compatibility.

  32. const (

  33. 	LoginNoType LoginType = iota

  34. 	LoginPlain            // 1

  35. 	LoginLDAP             // 2

  36. 	LoginSMTP             // 3

  37. 	LoginPAM              // 4

  38. 	LoginDLDAP            // 5

  39. 	LoginOAuth2           // 6

  40. )

  41. 

  42. // LoginNames contains the name of LoginType values.

  43. var LoginNames = map[LoginType]string{

  44. 	LoginLDAP:   "LDAP (via BindDN)",

  45. 	LoginDLDAP:  "LDAP (simple auth)", // Via direct bind

  46. 	LoginSMTP:   "SMTP",

  47. 	LoginPAM:    "PAM",

  48. 	LoginOAuth2: "OAuth2",

  49. }

  50. 

  51. // SecurityProtocolNames contains the name of SecurityProtocol values.

  52. var SecurityProtocolNames = map[ldap.SecurityProtocol]string{

  53. 	ldap.SecurityProtocolUnencrypted: "Unencrypted",

  54. 	ldap.SecurityProtocolLDAPS:       "LDAPS",

  55. 	ldap.SecurityProtocolStartTLS:    "StartTLS",

  56. }

  57. 

  58. // Ensure structs implemented interface.

  59. var (

  60. 	_ core.Conversion = &LDAPConfig{}

  61. 	_ core.Conversion = &SMTPConfig{}

  62. 	_ core.Conversion = &PAMConfig{}

  63. 	_ core.Conversion = &OAuth2Config{}

  64. )

  65. 

  66. // LDAPConfig holds configuration for LDAP login source.

  67. type LDAPConfig struct {

  68. 	*ldap.Source

  69. }

  70. 

  71. // FromDB fills up a LDAPConfig from serialized format.

  72. func (cfg *LDAPConfig) FromDB(bs []byte) error {

  73. 	return json.Unmarshal(bs, &cfg)

  74. }

  75. 

  76. // ToDB exports a LDAPConfig to a serialized format.

  77. func (cfg *LDAPConfig) ToDB() ([]byte, error) {

  78. 	return json.Marshal(cfg)

  79. }

  80. 

  81. // SecurityProtocolName returns the name of configured security

  82. // protocol.

  83. func (cfg *LDAPConfig) SecurityProtocolName() string {

  84. 	return SecurityProtocolNames[cfg.SecurityProtocol]

  85. }

  86. 

  87. // SMTPConfig holds configuration for the SMTP login source.

  88. type SMTPConfig struct {

  89. 	Auth           string

  90. 	Host           string

  91. 	Port           int

  92. 	AllowedDomains string `xorm:"TEXT"`

  93. 	TLS            bool

  94. 	SkipVerify     bool

  95. }

  96. 

  97. // FromDB fills up an SMTPConfig from serialized format.

  98. func (cfg *SMTPConfig) FromDB(bs []byte) error {

  99. 	return json.Unmarshal(bs, cfg)

  100. }

  101. 

  102. // ToDB exports an SMTPConfig to a serialized format.

  103. func (cfg *SMTPConfig) ToDB() ([]byte, error) {

  104. 	return json.Marshal(cfg)

  105. }

  106. 

  107. // PAMConfig holds configuration for the PAM login source.

  108. type PAMConfig struct {

  109. 	ServiceName string // pam service (e.g. system-auth)

  110. }

  111. 

  112. // FromDB fills up a PAMConfig from serialized format.

  113. func (cfg *PAMConfig) FromDB(bs []byte) error {

  114. 	return json.Unmarshal(bs, &cfg)

  115. }

  116. 

  117. // ToDB exports a PAMConfig to a serialized format.

  118. func (cfg *PAMConfig) ToDB() ([]byte, error) {

  119. 	return json.Marshal(cfg)

  120. }

  121. 

  122. // OAuth2Config holds configuration for the OAuth2 login source.

  123. type OAuth2Config struct {

  124. 	Provider                      string

  125. 	ClientID                      string

  126. 	ClientSecret                  string

  127. 	OpenIDConnectAutoDiscoveryURL string

  128. 	CustomURLMapping              *oauth2.CustomURLMapping

  129. }

  130. 

  131. // FromDB fills up an OAuth2Config from serialized format.

  132. func (cfg *OAuth2Config) FromDB(bs []byte) error {

  133. 	return json.Unmarshal(bs, cfg)

  134. }

  135. 

  136. // ToDB exports an SMTPConfig to a serialized format.

  137. func (cfg *OAuth2Config) ToDB() ([]byte, error) {

  138. 	return json.Marshal(cfg)

  139. }

  140. 

  141. // LoginSource represents an external way for authorizing users.

  142. type LoginSource struct {

  143. 	ID            int64 `xorm:"pk autoincr"`

  144. 	Type          LoginType

  145. 	Name          string          `xorm:"UNIQUE"`

  146. 	IsActived     bool            `xorm:"INDEX NOT NULL DEFAULT false"`

  147. 	IsSyncEnabled bool            `xorm:"INDEX NOT NULL DEFAULT false"`

  148. 	Cfg           core.Conversion `xorm:"TEXT"`

  149. 

  150. 	CreatedUnix util.TimeStamp `xorm:"INDEX created"`

  151. 	UpdatedUnix util.TimeStamp `xorm:"INDEX updated"`

  152. }

  153. 

  154. // Cell2Int64 converts a xorm.Cell type to int64,

  155. // and handles possible irregular cases.

  156. func Cell2Int64(val xorm.Cell) int64 {

  157. 	switch (*val).(type) {

  158. 	case []uint8:

  159. 		log.Trace("Cell2Int64 ([]uint8): %v", *val)

  160. 		return com.StrTo(string((*val).([]uint8))).MustInt64()

  161. 	}

  162. 	return (*val).(int64)

  163. }

  164. 

  165. // BeforeSet is invoked from XORM before setting the value of a field of this object.

  166. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {

  167. 	if colName == "type" {

  168. 		switch LoginType(Cell2Int64(val)) {

  169. 		case LoginLDAP, LoginDLDAP:

  170. 			source.Cfg = new(LDAPConfig)

  171. 		case LoginSMTP:

  172. 			source.Cfg = new(SMTPConfig)

  173. 		case LoginPAM:

  174. 			source.Cfg = new(PAMConfig)

  175. 		case LoginOAuth2:

  176. 			source.Cfg = new(OAuth2Config)

  177. 		default:

  178. 			panic("unrecognized login source type: " + com.ToStr(*val))

  179. 		}

  180. 	}

  181. }

  182. 

  183. // TypeName return name of this login source type.

  184. func (source *LoginSource) TypeName() string {

  185. 	return LoginNames[source.Type]

  186. }

  187. 

  188. // IsLDAP returns true of this source is of the LDAP type.

  189. func (source *LoginSource) IsLDAP() bool {

  190. 	return source.Type == LoginLDAP

  191. }

  192. 

  193. // IsDLDAP returns true of this source is of the DLDAP type.

  194. func (source *LoginSource) IsDLDAP() bool {

  195. 	return source.Type == LoginDLDAP

  196. }

  197. 

  198. // IsSMTP returns true of this source is of the SMTP type.

  199. func (source *LoginSource) IsSMTP() bool {

  200. 	return source.Type == LoginSMTP

  201. }

  202. 

  203. // IsPAM returns true of this source is of the PAM type.

  204. func (source *LoginSource) IsPAM() bool {

  205. 	return source.Type == LoginPAM

  206. }

  207. 

  208. // IsOAuth2 returns true of this source is of the OAuth2 type.

  209. func (source *LoginSource) IsOAuth2() bool {

  210. 	return source.Type == LoginOAuth2

  211. }

  212. 

  213. // HasTLS returns true of this source supports TLS.

  214. func (source *LoginSource) HasTLS() bool {

  215. 	return ((source.IsLDAP() || source.IsDLDAP()) &&

  216. 		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||

  217. 		source.IsSMTP()

  218. }

  219. 

  220. // UseTLS returns true of this source is configured to use TLS.

  221. func (source *LoginSource) UseTLS() bool {

  222. 	switch source.Type {

  223. 	case LoginLDAP, LoginDLDAP:

  224. 		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted

  225. 	case LoginSMTP:

  226. 		return source.SMTP().TLS

  227. 	}

  228. 

  229. 	return false

  230. }

  231. 

  232. // SkipVerify returns true if this source is configured to skip SSL

  233. // verification.

  234. func (source *LoginSource) SkipVerify() bool {

  235. 	switch source.Type {

  236. 	case LoginLDAP, LoginDLDAP:

  237. 		return source.LDAP().SkipVerify

  238. 	case LoginSMTP:

  239. 		return source.SMTP().SkipVerify

  240. 	}

  241. 

  242. 	return false

  243. }

  244. 

  245. // LDAP returns LDAPConfig for this source, if of LDAP type.

  246. func (source *LoginSource) LDAP() *LDAPConfig {

  247. 	return source.Cfg.(*LDAPConfig)

  248. }

  249. 

  250. // SMTP returns SMTPConfig for this source, if of SMTP type.

  251. func (source *LoginSource) SMTP() *SMTPConfig {

  252. 	return source.Cfg.(*SMTPConfig)

  253. }

  254. 

  255. // PAM returns PAMConfig for this source, if of PAM type.

  256. func (source *LoginSource) PAM() *PAMConfig {

  257. 	return source.Cfg.(*PAMConfig)

  258. }

  259. 

  260. // OAuth2 returns OAuth2Config for this source, if of OAuth2 type.

  261. func (source *LoginSource) OAuth2() *OAuth2Config {

  262. 	return source.Cfg.(*OAuth2Config)

  263. }

  264. 

  265. // CreateLoginSource inserts a LoginSource in the DB if not already

  266. // existing with the given name.

  267. func CreateLoginSource(source *LoginSource) error {

  268. 	has, err := x.Get(&LoginSource{Name: source.Name})

  269. 	if err != nil {

  270. 		return err

  271. 	} else if has {

  272. 		return ErrLoginSourceAlreadyExist{source.Name}

  273. 	}

  274. 	// Synchronization is only aviable with LDAP for now

  275. 	if !source.IsLDAP() {

  276. 		source.IsSyncEnabled = false

  277. 	}

  278. 

  279. 	_, err = x.Insert(source)

  280. 	if err == nil && source.IsOAuth2() && source.IsActived {

  281. 		oAuth2Config := source.OAuth2()

  282. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)

  283. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)

  284. 		if err != nil {

  285. 			// remove the LoginSource in case of errors while registering OAuth2 providers

  286. 			if _, err := x.Delete(source); err != nil {

  287. 				log.Error("CreateLoginSource: Error while wrapOpenIDConnectInitializeError: %v", err)

  288. 			}

  289. 			return err

  290. 		}

  291. 	}

  292. 	return err

  293. }

  294. 

  295. // LoginSources returns a slice of all login sources found in DB.

  296. func LoginSources() ([]*LoginSource, error) {

  297. 	auths := make([]*LoginSource, 0, 6)

  298. 	return auths, x.Find(&auths)

  299. }

  300. 

  301. // GetLoginSourceByID returns login source by given ID.

  302. func GetLoginSourceByID(id int64) (*LoginSource, error) {

  303. 	source := new(LoginSource)

  304. 	has, err := x.ID(id).Get(source)

  305. 	if err != nil {

  306. 		return nil, err

  307. 	} else if !has {

  308. 		return nil, ErrLoginSourceNotExist{id}

  309. 	}

  310. 	return source, nil

  311. }

  312. 

  313. // UpdateSource updates a LoginSource record in DB.

  314. func UpdateSource(source *LoginSource) error {

  315. 	var originalLoginSource *LoginSource

  316. 	if source.IsOAuth2() {

  317. 		// keep track of the original values so we can restore in case of errors while registering OAuth2 providers

  318. 		var err error

  319. 		if originalLoginSource, err = GetLoginSourceByID(source.ID); err != nil {

  320. 			return err

  321. 		}

  322. 	}

  323. 

  324. 	_, err := x.ID(source.ID).AllCols().Update(source)

  325. 	if err == nil && source.IsOAuth2() && source.IsActived {

  326. 		oAuth2Config := source.OAuth2()

  327. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)

  328. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)

  329. 		if err != nil {

  330. 			// restore original values since we cannot update the provider it self

  331. 			if _, err := x.ID(source.ID).AllCols().Update(originalLoginSource); err != nil {

  332. 				log.Error("UpdateSource: Error while wrapOpenIDConnectInitializeError: %v", err)

  333. 			}

  334. 			return err

  335. 		}

  336. 	}

  337. 	return err

  338. }

  339. 

  340. // DeleteSource deletes a LoginSource record in DB.

  341. func DeleteSource(source *LoginSource) error {

  342. 	count, err := x.Count(&User{LoginSource: source.ID})

  343. 	if err != nil {

  344. 		return err

  345. 	} else if count > 0 {

  346. 		return ErrLoginSourceInUse{source.ID}

  347. 	}

  348. 

  349. 	count, err = x.Count(&ExternalLoginUser{LoginSourceID: source.ID})

  350. 	if err != nil {

  351. 		return err

  352. 	} else if count > 0 {

  353. 		return ErrLoginSourceInUse{source.ID}

  354. 	}

  355. 

  356. 	if source.IsOAuth2() {

  357. 		oauth2.RemoveProvider(source.Name)

  358. 	}

  359. 

  360. 	_, err = x.ID(source.ID).Delete(new(LoginSource))

  361. 	return err

  362. }

  363. 

  364. // CountLoginSources returns number of login sources.

  365. func CountLoginSources() int64 {

  366. 	count, _ := x.Count(new(LoginSource))

  367. 	return count

  368. }

  369. 

  370. // .____     ________      _____ __________

  371. // |    |    \______ \    /  _  \\______   \

  372. // |    |     |    |  \  /  /_\  \|     ___/

  373. // |    |___  |    `   \/    |    \    |

  374. // |_______ \/_______  /\____|__  /____|

  375. //         \/        \/         \/

  376. 

  377. func composeFullName(firstname, surname, username string) string {

  378. 	switch {

  379. 	case len(firstname) == 0 && len(surname) == 0:

  380. 		return username

  381. 	case len(firstname) == 0:

  382. 		return surname

  383. 	case len(surname) == 0:

  384. 		return firstname

  385. 	default:

  386. 		return firstname + " " + surname

  387. 	}

  388. }

  389. 

  390. var (

  391. 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)

  392. )

  393. 

  394. // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,

  395. // and create a local user if success when enabled.

  396. func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {

  397. 	sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)

  398. 	if sr == nil {

  399. 		// User not in LDAP, do nothing

  400. 		return nil, ErrUserNotExist{0, login, 0}

  401. 	}

  402. 

  403. 	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0

  404. 

  405. 	if !autoRegister {

  406. 		if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {

  407. 			return user, RewriteAllPublicKeys()

  408. 		}

  409. 

  410. 		return user, nil

  411. 	}

  412. 

  413. 	// Fallback.

  414. 	if len(sr.Username) == 0 {

  415. 		sr.Username = login

  416. 	}

  417. 	// Validate username make sure it satisfies requirement.

  418. 	if alphaDashDotPattern.MatchString(sr.Username) {

  419. 		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", sr.Username)

  420. 	}

  421. 

  422. 	if len(sr.Mail) == 0 {

  423. 		sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)

  424. 	}

  425. 

  426. 	user = &User{

  427. 		LowerName:   strings.ToLower(sr.Username),

  428. 		Name:        sr.Username,

  429. 		FullName:    composeFullName(sr.Name, sr.Surname, sr.Username),

  430. 		Email:       sr.Mail,

  431. 		LoginType:   source.Type,

  432. 		LoginSource: source.ID,

  433. 		LoginName:   login,

  434. 		IsActive:    true,

  435. 		IsAdmin:     sr.IsAdmin,

  436. 	}

  437. 

  438. 	err := CreateUser(user)

  439. 

  440. 	if err == nil && isAttributeSSHPublicKeySet && addLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {

  441. 		err = RewriteAllPublicKeys()

  442. 	}

  443. 

  444. 	return user, err

  445. }

  446. 

  447. //   _________   __________________________

  448. //  /   _____/  /     \__    ___/\______   \

  449. //  \_____  \  /  \ /  \|    |    |     ___/

  450. //  /        \/    Y    \    |    |    |

  451. // /_______  /\____|__  /____|    |____|

  452. //         \/         \/

  453. 

  454. type smtpLoginAuth struct {

  455. 	username, password string

  456. }

  457. 

  458. func (auth *smtpLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {

  459. 	return "LOGIN", []byte(auth.username), nil

  460. }

  461. 

  462. func (auth *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {

  463. 	if more {

  464. 		switch string(fromServer) {

  465. 		case "Username:":

  466. 			return []byte(auth.username), nil

  467. 		case "Password:":

  468. 			return []byte(auth.password), nil

  469. 		}

  470. 	}

  471. 	return nil, nil

  472. }

  473. 

  474. // SMTP authentication type names.

  475. const (

  476. 	SMTPPlain = "PLAIN"

  477. 	SMTPLogin = "LOGIN"

  478. )

  479. 

  480. // SMTPAuths contains available SMTP authentication type names.

  481. var SMTPAuths = []string{SMTPPlain, SMTPLogin}

  482. 

  483. // SMTPAuth performs an SMTP authentication.

  484. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {

  485. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))

  486. 	if err != nil {

  487. 		return err

  488. 	}

  489. 	defer c.Close()

  490. 

  491. 	if err = c.Hello("gogs"); err != nil {

  492. 		return err

  493. 	}

  494. 

  495. 	if cfg.TLS {

  496. 		if ok, _ := c.Extension("STARTTLS"); ok {

  497. 			if err = c.StartTLS(&tls.Config{

  498. 				InsecureSkipVerify: cfg.SkipVerify,

  499. 				ServerName:         cfg.Host,

  500. 			}); err != nil {

  501. 				return err

  502. 			}

  503. 		} else {

  504. 			return errors.New("SMTP server unsupports TLS")

  505. 		}

  506. 	}

  507. 

  508. 	if ok, _ := c.Extension("AUTH"); ok {

  509. 		return c.Auth(a)

  510. 	}

  511. 	return ErrUnsupportedLoginType

  512. }

  513. 

  514. // LoginViaSMTP queries if login/password is valid against the SMTP,

  515. // and create a local user if success when enabled.

  516. func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {

  517. 	// Verify allowed domains.

  518. 	if len(cfg.AllowedDomains) > 0 {

  519. 		idx := strings.Index(login, "@")

  520. 		if idx == -1 {

  521. 			return nil, ErrUserNotExist{0, login, 0}

  522. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), login[idx+1:]) {

  523. 			return nil, ErrUserNotExist{0, login, 0}

  524. 		}

  525. 	}

  526. 

  527. 	var auth smtp.Auth

  528. 	if cfg.Auth == SMTPPlain {

  529. 		auth = smtp.PlainAuth("", login, password, cfg.Host)

  530. 	} else if cfg.Auth == SMTPLogin {

  531. 		auth = &smtpLoginAuth{login, password}

  532. 	} else {

  533. 		return nil, errors.New("Unsupported SMTP auth type")

  534. 	}

  535. 

  536. 	if err := SMTPAuth(auth, cfg); err != nil {

  537. 		// Check standard error format first,

  538. 		// then fallback to worse case.

  539. 		tperr, ok := err.(*textproto.Error)

  540. 		if (ok && tperr.Code == 535) ||

  541. 			strings.Contains(err.Error(), "Username and Password not accepted") {

  542. 			return nil, ErrUserNotExist{0, login, 0}

  543. 		}

  544. 		return nil, err

  545. 	}

  546. 

  547. 	if !autoRegister {

  548. 		return user, nil

  549. 	}

  550. 

  551. 	username := login

  552. 	idx := strings.Index(login, "@")

  553. 	if idx > -1 {

  554. 		username = login[:idx]

  555. 	}

  556. 

  557. 	user = &User{

  558. 		LowerName:   strings.ToLower(username),

  559. 		Name:        strings.ToLower(username),

  560. 		Email:       login,

  561. 		Passwd:      password,

  562. 		LoginType:   LoginSMTP,

  563. 		LoginSource: sourceID,

  564. 		LoginName:   login,

  565. 		IsActive:    true,

  566. 	}

  567. 	return user, CreateUser(user)

  568. }

  569. 

  570. // __________  _____      _____

  571. // \______   \/  _  \    /     \

  572. //  |     ___/  /_\  \  /  \ /  \

  573. //  |    |  /    |    \/    Y    \

  574. //  |____|  \____|__  /\____|__  /

  575. //                  \/         \/

  576. 

  577. // LoginViaPAM queries if login/password is valid against the PAM,

  578. // and create a local user if success when enabled.

  579. func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {

  580. 	if err := pam.Auth(cfg.ServiceName, login, password); err != nil {

  581. 		if strings.Contains(err.Error(), "Authentication failure") {

  582. 			return nil, ErrUserNotExist{0, login, 0}

  583. 		}

  584. 		return nil, err

  585. 	}

  586. 

  587. 	if !autoRegister {

  588. 		return user, nil

  589. 	}

  590. 

  591. 	user = &User{

  592. 		LowerName:   strings.ToLower(login),

  593. 		Name:        login,

  594. 		Email:       login,

  595. 		Passwd:      password,

  596. 		LoginType:   LoginPAM,

  597. 		LoginSource: sourceID,

  598. 		LoginName:   login,

  599. 		IsActive:    true,

  600. 	}

  601. 	return user, CreateUser(user)

  602. }

  603. 

  604. // ExternalUserLogin attempts a login using external source types.

  605. func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {

  606. 	if !source.IsActived {

  607. 		return nil, ErrLoginSourceNotActived

  608. 	}

  609. 

  610. 	var err error

  611. 	switch source.Type {

  612. 	case LoginLDAP, LoginDLDAP:

  613. 		user, err = LoginViaLDAP(user, login, password, source, autoRegister)

  614. 	case LoginSMTP:

  615. 		user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)

  616. 	case LoginPAM:

  617. 		user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)

  618. 	default:

  619. 		return nil, ErrUnsupportedLoginType

  620. 	}

  621. 

  622. 	if err != nil {

  623. 		return nil, err

  624. 	}

  625. 

  626. 	// WARN: DON'T check user.IsActive, that will be checked on reqSign so that

  627. 	// user could be hint to resend confirm email.

  628. 	if user.ProhibitLogin {

  629. 		return nil, ErrUserProhibitLogin{user.ID, user.Name}

  630. 	}

  631. 

  632. 	return user, nil

  633. }

  634. 

  635. // UserSignIn validates user name and password.

  636. func UserSignIn(username, password string) (*User, error) {

  637. 	var user *User

  638. 	if strings.Contains(username, "@") {

  639. 		user = &User{Email: strings.ToLower(strings.TrimSpace(username))}

  640. 		// check same email

  641. 		cnt, err := x.Count(user)

  642. 		if err != nil {

  643. 			return nil, err

  644. 		}

  645. 		if cnt > 1 {

  646. 			return nil, ErrEmailAlreadyUsed{

  647. 				Email: user.Email,

  648. 			}

  649. 		}

  650. 	} else {

  651. 		trimmedUsername := strings.TrimSpace(username)

  652. 		if len(trimmedUsername) == 0 {

  653. 			return nil, ErrUserNotExist{0, username, 0}

  654. 		}

  655. 

  656. 		user = &User{LowerName: strings.ToLower(trimmedUsername)}

  657. 	}

  658. 

  659. 	hasUser, err := x.Get(user)

  660. 	if err != nil {

  661. 		return nil, err

  662. 	}

  663. 

  664. 	if hasUser {

  665. 		switch user.LoginType {

  666. 		case LoginNoType, LoginPlain, LoginOAuth2:

  667. 			if user.IsPasswordSet() && user.ValidatePassword(password) {

  668. 				// WARN: DON'T check user.IsActive, that will be checked on reqSign so that

  669. 				// user could be hint to resend confirm email.

  670. 				if user.ProhibitLogin {

  671. 					return nil, ErrUserProhibitLogin{user.ID, user.Name}

  672. 				}

  673. 

  674. 				return user, nil

  675. 			}

  676. 

  677. 			return nil, ErrUserNotExist{user.ID, user.Name, 0}

  678. 

  679. 		default:

  680. 			var source LoginSource

  681. 			hasSource, err := x.ID(user.LoginSource).Get(&source)

  682. 			if err != nil {

  683. 				return nil, err

  684. 			} else if !hasSource {

  685. 				return nil, ErrLoginSourceNotExist{user.LoginSource}

  686. 			}

  687. 

  688. 			return ExternalUserLogin(user, user.LoginName, password, &source, false)

  689. 		}

  690. 	}

  691. 

  692. 	sources := make([]*LoginSource, 0, 5)

  693. 	if err = x.Where("is_actived = ?", true).Find(&sources); err != nil {

  694. 		return nil, err

  695. 	}

  696. 

  697. 	for _, source := range sources {

  698. 		if source.IsOAuth2() {

  699. 			// don't try to authenticate against OAuth2 sources

  700. 			continue

  701. 		}

  702. 		authUser, err := ExternalUserLogin(nil, username, password, source, true)

  703. 		if err == nil {

  704. 			return authUser, nil

  705. 		}

  706. 

  707. 		log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)

  708. 	}

  709. 

  710. 	return nil, ErrUserNotExist{user.ID, user.Name, 0}

  711. }