mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5335 Commits
17 Branches
Tree: ff7424179e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ff7424179e'
${ noResults }
gitea/models/login_source.go

login_source.go 19KB
Raw Normal View History

Add tar.gz download button and other mirror updates
10 years ago
fix code
10 years ago
add login.go
10 years ago
ldap support
10 years ago
Make gmail auth work
10 years ago
ldap support
10 years ago
basic authentications
10 years ago
add smtp authentication
10 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
8 years ago
merge all login methods
10 years ago
ldap support
10 years ago
add login.go
10 years ago
finish new edit auth UI
8 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
ldap support
10 years ago
basic authentications
10 years ago
fix code
10 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
7 years ago
ldap support
10 years ago
add login.go
10 years ago
Lint models/login_source.go
7 years ago
Add tar.gz download button and other mirror updates
10 years ago
models/login_source: code improvement
7 years ago
basic authentications
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
basic authentications
10 years ago
Lint models/login_source.go
7 years ago
finish new add auth UI
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
basic authentications
10 years ago
add login.go
10 years ago
Lint models/login_source.go
7 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
Rewrite XORM queries
7 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Fix spelling errors in comments.
9 years ago
Fix edit auth page bug
10 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix edit auth page bug
10 years ago
add login.go
10 years ago
Lint models/login_source.go
7 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
8 years ago
add login.go
10 years ago
Lint models/login_source.go
7 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
8 years ago
add login.go
10 years ago
Lint models/login_source.go
7 years ago
add login.go
10 years ago
#1637 able to skip verify for LDAP
8 years ago
add login.go
10 years ago
Lint models/login_source.go
7 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
7 years ago
add smtp authentication
10 years ago
#1620 add allowed domains for SMTP auth
8 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
7 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
7 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
7 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
7 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
7 years ago
Add PAM authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
models/login_source: code improvement
7 years ago
add login.go
10 years ago
LDAP user synchronization (#1478)
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Create missing database indexes (#596)
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Create missing database indexes (#596)
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
7 years ago
ldap support
10 years ago
#2349 try to handle []int8 case
8 years ago
#2349 fix convert type
8 years ago
#2349 try to handle []int8 case
8 years ago
Lint models/login_source.go
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
#2349 try to handle []int8 case
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
finish new edit auth UI
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
Lint models/login_source.go
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
7 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Lint models/login_source.go
7 years ago
finish new add auth UI
8 years ago
basic authentications
10 years ago
Lint models/login_source.go
7 years ago
finish new edit auth UI
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
finish new edit auth UI
8 years ago
Lint models/login_source.go
7 years ago
finish new edit auth UI
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
finish new edit auth UI
8 years ago
Lint models/login_source.go
7 years ago
finish new edit auth UI
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
finish new edit auth UI
8 years ago
Lint models/login_source.go
7 years ago
finish new edit auth UI
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
finish new edit auth UI
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
7 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Security protocols
7 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
8 years ago
Lint models/login_source.go
7 years ago
finish new edit auth UI
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
Security protocols
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
finish new edit auth UI
8 years ago
Lint models/login_source.go
7 years ago
#1637 able to skip verify for LDAP
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1637 able to skip verify for LDAP
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1637 able to skip verify for LDAP
8 years ago
Lint models/login_source.go
7 years ago
basic authentications
10 years ago
Lint models/login_source.go
7 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
7 years ago
Add PAM authentication
9 years ago
Lint models/login_source.go
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Lint models/login_source.go
7 years ago
#3515 use alert instead 500 for duplicated login source name
7 years ago
LDAP user synchronization (#1478)
7 years ago
#3515 use alert instead 500 for duplicated login source name
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Add tar.gz download button and other mirror updates
10 years ago
Lint models/login_source.go
7 years ago
#697 disable captcha and new admin create user UI
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
ldap support
10 years ago
APIs: admin users
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
basic authentications
10 years ago
Fix #165
10 years ago
basic authentications
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
#3515 use alert instead 500 for duplicated login source name
7 years ago
basic authentications
10 years ago
Lint models/login_source.go
7 years ago
add support for smtp authentication
10 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
ldap support
10 years ago
Lint models/login_source.go
7 years ago
finish new edit auth UI
8 years ago
basic authentications
10 years ago
finish new edit auth UI
8 years ago
models/login_source: code improvement
7 years ago
basic authentications
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
finish new edit auth UI
8 years ago
ldap support
10 years ago
add login.go
10 years ago
merge all login methods
10 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
merge all login methods
10 years ago
models/login_source: code improvement
7 years ago
minor fix on #1694
8 years ago
Fix typos
7 years ago
LDAP user synchronization (#1478)
7 years ago
work on #672
9 years ago
fixed bug #151 caused Find should be Get (#153)
7 years ago
merge all login methods
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
merge all login methods
10 years ago
models/login_source: code improvement
7 years ago
merge all login methods
10 years ago
work on #672
9 years ago
LDAP user synchronization (#1478)
7 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
8 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
LDAP user synchronization (#1478)
7 years ago
#2709 validate username attribute fetched from LDAP
8 years ago
LDAP user synchronization (#1478)
7 years ago
work on #672
9 years ago
models/login_source: code improvement
7 years ago
LDAP user synchronization (#1478)
7 years ago
Added LDAP simple auth support.
8 years ago
models/login_source: code improvement
7 years ago
work on #672
9 years ago
LDAP user synchronization (#1478)
7 years ago
merge all login methods
10 years ago
models/login_source: code improvement
7 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
8 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
add smtp authentication
10 years ago
Lint models/login_source.go
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
Lint models/login_source.go
7 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
add smtp authentication
10 years ago
Make gmail auth work
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
smtp login bug fixed
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
smtp login bug fixed
10 years ago
Clean old LDAP code
10 years ago
add smtp authentication
10 years ago
Add tar.gz download button and other mirror updates
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
#1620 add allowed domains for SMTP auth
8 years ago
models/login_source: code improvement
7 years ago
#1620 add allowed domains for SMTP auth
8 years ago
fixed bug #151 caused Find should be Get (#153)
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
fixed bug #151 caused Find should be Get (#153)
7 years ago
#1620 add allowed domains for SMTP auth
8 years ago
add smtp authentication
10 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
models/login_source: code improvement
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
models/login_source: code improvement
7 years ago
smtp login bug fixed
10 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
8 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
8 years ago
fixed bug #151 caused Find should be Get (#153)
7 years ago
Make gmail auth work
10 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
7 years ago
smtp login bug fixed
10 years ago
models/login_source: code improvement
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1938 #1374 disable password change for non-local users
8 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
models/login_source: code improvement
7 years ago
add smtp authentication
10 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
golint fixed for modules/auth
7 years ago
Add PAM authentication
9 years ago
fixed bug #151 caused Find should be Get (#153)
7 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
7 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
#1938 #1374 disable password change for non-local users
8 years ago
models/login_source: code improvement
7 years ago
Add PAM authentication
9 years ago
models/login_source: code improvement
7 years ago
Add PAM authentication
9 years ago
#1625 remove auto_register and makes it default
8 years ago
Lint models/login_source.go
7 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
models/login_source: code improvement
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
models/login_source: code improvement
7 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
7 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
Fix typos
7 years ago
models/login_source: code improvement
7 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
#1625 remove auto_register and makes it default
8 years ago
fix bug not to trim space of login username (#1796)
7 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix typos
7 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
fixed bug #151 caused Find should be Get (#153)
7 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
Fix typos
7 years ago
#1625 remove auto_register and makes it default
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
#1625 remove auto_register and makes it default
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Fix typos
7 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
models/login_source: code improvement
7 years ago
#1625 remove auto_register and makes it default
8 years ago
fixed bug #151 caused Find should be Get (#153)
7 years ago
gofmt (#1662)
7 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"encoding/json"

  10. 	"errors"

  11. 	"fmt"

  12. 	"net/smtp"

  13. 	"net/textproto"

  14. 	"strings"

  15. 	"time"

  16. 

  17. 	"github.com/Unknwon/com"

  18. 	"github.com/go-macaron/binding"

  19. 	"github.com/go-xorm/core"

  20. 	"github.com/go-xorm/xorm"

  21. 

  22. 	"code.gitea.io/gitea/modules/auth/ldap"

  23. 	"code.gitea.io/gitea/modules/auth/oauth2"

  24. 	"code.gitea.io/gitea/modules/auth/pam"

  25. 	"code.gitea.io/gitea/modules/log"

  26. )

  27. 

  28. // LoginType represents an login type.

  29. type LoginType int

  30. 

  31. // Note: new type must append to the end of list to maintain compatibility.

  32. const (

  33. 	LoginNoType LoginType = iota

  34. 	LoginPlain            // 1

  35. 	LoginLDAP             // 2

  36. 	LoginSMTP             // 3

  37. 	LoginPAM              // 4

  38. 	LoginDLDAP            // 5

  39. 	LoginOAuth2           // 6

  40. )

  41. 

  42. // LoginNames contains the name of LoginType values.

  43. var LoginNames = map[LoginType]string{

  44. 	LoginLDAP:   "LDAP (via BindDN)",

  45. 	LoginDLDAP:  "LDAP (simple auth)", // Via direct bind

  46. 	LoginSMTP:   "SMTP",

  47. 	LoginPAM:    "PAM",

  48. 	LoginOAuth2: "OAuth2",

  49. }

  50. 

  51. // SecurityProtocolNames contains the name of SecurityProtocol values.

  52. var SecurityProtocolNames = map[ldap.SecurityProtocol]string{

  53. 	ldap.SecurityProtocolUnencrypted: "Unencrypted",

  54. 	ldap.SecurityProtocolLDAPS:       "LDAPS",

  55. 	ldap.SecurityProtocolStartTLS:    "StartTLS",

  56. }

  57. 

  58. // Ensure structs implemented interface.

  59. var (

  60. 	_ core.Conversion = &LDAPConfig{}

  61. 	_ core.Conversion = &SMTPConfig{}

  62. 	_ core.Conversion = &PAMConfig{}

  63. 	_ core.Conversion = &OAuth2Config{}

  64. )

  65. 

  66. // LDAPConfig holds configuration for LDAP login source.

  67. type LDAPConfig struct {

  68. 	*ldap.Source

  69. }

  70. 

  71. // FromDB fills up a LDAPConfig from serialized format.

  72. func (cfg *LDAPConfig) FromDB(bs []byte) error {

  73. 	return json.Unmarshal(bs, &cfg)

  74. }

  75. 

  76. // ToDB exports a LDAPConfig to a serialized format.

  77. func (cfg *LDAPConfig) ToDB() ([]byte, error) {

  78. 	return json.Marshal(cfg)

  79. }

  80. 

  81. // SecurityProtocolName returns the name of configured security

  82. // protocol.

  83. func (cfg *LDAPConfig) SecurityProtocolName() string {

  84. 	return SecurityProtocolNames[cfg.SecurityProtocol]

  85. }

  86. 

  87. // SMTPConfig holds configuration for the SMTP login source.

  88. type SMTPConfig struct {

  89. 	Auth           string

  90. 	Host           string

  91. 	Port           int

  92. 	AllowedDomains string `xorm:"TEXT"`

  93. 	TLS            bool

  94. 	SkipVerify     bool

  95. }

  96. 

  97. // FromDB fills up an SMTPConfig from serialized format.

  98. func (cfg *SMTPConfig) FromDB(bs []byte) error {

  99. 	return json.Unmarshal(bs, cfg)

  100. }

  101. 

  102. // ToDB exports an SMTPConfig to a serialized format.

  103. func (cfg *SMTPConfig) ToDB() ([]byte, error) {

  104. 	return json.Marshal(cfg)

  105. }

  106. 

  107. // PAMConfig holds configuration for the PAM login source.

  108. type PAMConfig struct {

  109. 	ServiceName string // pam service (e.g. system-auth)

  110. }

  111. 

  112. // FromDB fills up a PAMConfig from serialized format.

  113. func (cfg *PAMConfig) FromDB(bs []byte) error {

  114. 	return json.Unmarshal(bs, &cfg)

  115. }

  116. 

  117. // ToDB exports a PAMConfig to a serialized format.

  118. func (cfg *PAMConfig) ToDB() ([]byte, error) {

  119. 	return json.Marshal(cfg)

  120. }

  121. 

  122. // OAuth2Config holds configuration for the OAuth2 login source.

  123. type OAuth2Config struct {

  124. 	Provider                      string

  125. 	ClientID                      string

  126. 	ClientSecret                  string

  127. 	OpenIDConnectAutoDiscoveryURL string

  128. 	CustomURLMapping              *oauth2.CustomURLMapping

  129. }

  130. 

  131. // FromDB fills up an OAuth2Config from serialized format.

  132. func (cfg *OAuth2Config) FromDB(bs []byte) error {

  133. 	return json.Unmarshal(bs, cfg)

  134. }

  135. 

  136. // ToDB exports an SMTPConfig to a serialized format.

  137. func (cfg *OAuth2Config) ToDB() ([]byte, error) {

  138. 	return json.Marshal(cfg)

  139. }

  140. 

  141. // LoginSource represents an external way for authorizing users.

  142. type LoginSource struct {

  143. 	ID            int64 `xorm:"pk autoincr"`

  144. 	Type          LoginType

  145. 	Name          string          `xorm:"UNIQUE"`

  146. 	IsActived     bool            `xorm:"INDEX NOT NULL DEFAULT false"`

  147. 	IsSyncEnabled bool            `xorm:"INDEX NOT NULL DEFAULT false"`

  148. 	Cfg           core.Conversion `xorm:"TEXT"`

  149. 

  150. 	Created     time.Time `xorm:"-"`

  151. 	CreatedUnix int64     `xorm:"INDEX"`

  152. 	Updated     time.Time `xorm:"-"`

  153. 	UpdatedUnix int64     `xorm:"INDEX"`

  154. }

  155. 

  156. // BeforeInsert is invoked from XORM before inserting an object of this type.

  157. func (source *LoginSource) BeforeInsert() {

  158. 	source.CreatedUnix = time.Now().Unix()

  159. 	source.UpdatedUnix = source.CreatedUnix

  160. }

  161. 

  162. // BeforeUpdate is invoked from XORM before updating this object.

  163. func (source *LoginSource) BeforeUpdate() {

  164. 	source.UpdatedUnix = time.Now().Unix()

  165. }

  166. 

  167. // Cell2Int64 converts a xorm.Cell type to int64,

  168. // and handles possible irregular cases.

  169. func Cell2Int64(val xorm.Cell) int64 {

  170. 	switch (*val).(type) {

  171. 	case []uint8:

  172. 		log.Trace("Cell2Int64 ([]uint8): %v", *val)

  173. 		return com.StrTo(string((*val).([]uint8))).MustInt64()

  174. 	}

  175. 	return (*val).(int64)

  176. }

  177. 

  178. // BeforeSet is invoked from XORM before setting the value of a field of this object.

  179. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {

  180. 	switch colName {

  181. 	case "type":

  182. 		switch LoginType(Cell2Int64(val)) {

  183. 		case LoginLDAP, LoginDLDAP:

  184. 			source.Cfg = new(LDAPConfig)

  185. 		case LoginSMTP:

  186. 			source.Cfg = new(SMTPConfig)

  187. 		case LoginPAM:

  188. 			source.Cfg = new(PAMConfig)

  189. 		case LoginOAuth2:

  190. 			source.Cfg = new(OAuth2Config)

  191. 		default:

  192. 			panic("unrecognized login source type: " + com.ToStr(*val))

  193. 		}

  194. 	}

  195. }

  196. 

  197. // AfterSet is invoked from XORM after setting the value of a field of this object.

  198. func (source *LoginSource) AfterSet(colName string, _ xorm.Cell) {

  199. 	switch colName {

  200. 	case "created_unix":

  201. 		source.Created = time.Unix(source.CreatedUnix, 0).Local()

  202. 	case "updated_unix":

  203. 		source.Updated = time.Unix(source.UpdatedUnix, 0).Local()

  204. 	}

  205. }

  206. 

  207. // TypeName return name of this login source type.

  208. func (source *LoginSource) TypeName() string {

  209. 	return LoginNames[source.Type]

  210. }

  211. 

  212. // IsLDAP returns true of this source is of the LDAP type.

  213. func (source *LoginSource) IsLDAP() bool {

  214. 	return source.Type == LoginLDAP

  215. }

  216. 

  217. // IsDLDAP returns true of this source is of the DLDAP type.

  218. func (source *LoginSource) IsDLDAP() bool {

  219. 	return source.Type == LoginDLDAP

  220. }

  221. 

  222. // IsSMTP returns true of this source is of the SMTP type.

  223. func (source *LoginSource) IsSMTP() bool {

  224. 	return source.Type == LoginSMTP

  225. }

  226. 

  227. // IsPAM returns true of this source is of the PAM type.

  228. func (source *LoginSource) IsPAM() bool {

  229. 	return source.Type == LoginPAM

  230. }

  231. 

  232. // IsOAuth2 returns true of this source is of the OAuth2 type.

  233. func (source *LoginSource) IsOAuth2() bool {

  234. 	return source.Type == LoginOAuth2

  235. }

  236. 

  237. // HasTLS returns true of this source supports TLS.

  238. func (source *LoginSource) HasTLS() bool {

  239. 	return ((source.IsLDAP() || source.IsDLDAP()) &&

  240. 		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||

  241. 		source.IsSMTP()

  242. }

  243. 

  244. // UseTLS returns true of this source is configured to use TLS.

  245. func (source *LoginSource) UseTLS() bool {

  246. 	switch source.Type {

  247. 	case LoginLDAP, LoginDLDAP:

  248. 		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted

  249. 	case LoginSMTP:

  250. 		return source.SMTP().TLS

  251. 	}

  252. 

  253. 	return false

  254. }

  255. 

  256. // SkipVerify returns true if this source is configured to skip SSL

  257. // verification.

  258. func (source *LoginSource) SkipVerify() bool {

  259. 	switch source.Type {

  260. 	case LoginLDAP, LoginDLDAP:

  261. 		return source.LDAP().SkipVerify

  262. 	case LoginSMTP:

  263. 		return source.SMTP().SkipVerify

  264. 	}

  265. 

  266. 	return false

  267. }

  268. 

  269. // LDAP returns LDAPConfig for this source, if of LDAP type.

  270. func (source *LoginSource) LDAP() *LDAPConfig {

  271. 	return source.Cfg.(*LDAPConfig)

  272. }

  273. 

  274. // SMTP returns SMTPConfig for this source, if of SMTP type.

  275. func (source *LoginSource) SMTP() *SMTPConfig {

  276. 	return source.Cfg.(*SMTPConfig)

  277. }

  278. 

  279. // PAM returns PAMConfig for this source, if of PAM type.

  280. func (source *LoginSource) PAM() *PAMConfig {

  281. 	return source.Cfg.(*PAMConfig)

  282. }

  283. 

  284. // OAuth2 returns OAuth2Config for this source, if of OAuth2 type.

  285. func (source *LoginSource) OAuth2() *OAuth2Config {

  286. 	return source.Cfg.(*OAuth2Config)

  287. }

  288. 

  289. // CreateLoginSource inserts a LoginSource in the DB if not already

  290. // existing with the given name.

  291. func CreateLoginSource(source *LoginSource) error {

  292. 	has, err := x.Get(&LoginSource{Name: source.Name})

  293. 	if err != nil {

  294. 		return err

  295. 	} else if has {

  296. 		return ErrLoginSourceAlreadyExist{source.Name}

  297. 	}

  298. 	// Synchronization is only aviable with LDAP for now

  299. 	if !source.IsLDAP() {

  300. 		source.IsSyncEnabled = false

  301. 	}

  302. 

  303. 	_, err = x.Insert(source)

  304. 	if err == nil && source.IsOAuth2() && source.IsActived {

  305. 		oAuth2Config := source.OAuth2()

  306. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)

  307. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)

  308. 

  309. 		if err != nil {

  310. 			// remove the LoginSource in case of errors while registering OAuth2 providers

  311. 			x.Delete(source)

  312. 		}

  313. 	}

  314. 	return err

  315. }

  316. 

  317. // LoginSources returns a slice of all login sources found in DB.

  318. func LoginSources() ([]*LoginSource, error) {

  319. 	auths := make([]*LoginSource, 0, 6)

  320. 	return auths, x.Find(&auths)

  321. }

  322. 

  323. // GetLoginSourceByID returns login source by given ID.

  324. func GetLoginSourceByID(id int64) (*LoginSource, error) {

  325. 	source := new(LoginSource)

  326. 	has, err := x.Id(id).Get(source)

  327. 	if err != nil {

  328. 		return nil, err

  329. 	} else if !has {

  330. 		return nil, ErrLoginSourceNotExist{id}

  331. 	}

  332. 	return source, nil

  333. }

  334. 

  335. // UpdateSource updates a LoginSource record in DB.

  336. func UpdateSource(source *LoginSource) error {

  337. 	var originalLoginSource *LoginSource

  338. 	if source.IsOAuth2() {

  339. 		// keep track of the original values so we can restore in case of errors while registering OAuth2 providers

  340. 		var err error

  341. 		if originalLoginSource, err = GetLoginSourceByID(source.ID); err != nil {

  342. 			return err

  343. 		}

  344. 	}

  345. 

  346. 	_, err := x.Id(source.ID).AllCols().Update(source)

  347. 	if err == nil && source.IsOAuth2() && source.IsActived {

  348. 		oAuth2Config := source.OAuth2()

  349. 		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)

  350. 		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)

  351. 

  352. 		if err != nil {

  353. 			// restore original values since we cannot update the provider it self

  354. 			x.Id(source.ID).AllCols().Update(originalLoginSource)

  355. 		}

  356. 	}

  357. 	return err

  358. }

  359. 

  360. // DeleteSource deletes a LoginSource record in DB.

  361. func DeleteSource(source *LoginSource) error {

  362. 	count, err := x.Count(&User{LoginSource: source.ID})

  363. 	if err != nil {

  364. 		return err

  365. 	} else if count > 0 {

  366. 		return ErrLoginSourceInUse{source.ID}

  367. 	}

  368. 

  369. 	count, err = x.Count(&ExternalLoginUser{LoginSourceID: source.ID})

  370. 	if err != nil {

  371. 		return err

  372. 	} else if count > 0 {

  373. 		return ErrLoginSourceInUse{source.ID}

  374. 	}

  375. 

  376. 	if source.IsOAuth2() {

  377. 		oauth2.RemoveProvider(source.Name)

  378. 	}

  379. 

  380. 	_, err = x.Id(source.ID).Delete(new(LoginSource))

  381. 	return err

  382. }

  383. 

  384. // CountLoginSources returns number of login sources.

  385. func CountLoginSources() int64 {

  386. 	count, _ := x.Count(new(LoginSource))

  387. 	return count

  388. }

  389. 

  390. // .____     ________      _____ __________

  391. // |    |    \______ \    /  _  \\______   \

  392. // |    |     |    |  \  /  /_\  \|     ___/

  393. // |    |___  |    `   \/    |    \    |

  394. // |_______ \/_______  /\____|__  /____|

  395. //         \/        \/         \/

  396. 

  397. func composeFullName(firstname, surname, username string) string {

  398. 	switch {

  399. 	case len(firstname) == 0 && len(surname) == 0:

  400. 		return username

  401. 	case len(firstname) == 0:

  402. 		return surname

  403. 	case len(surname) == 0:

  404. 		return firstname

  405. 	default:

  406. 		return firstname + " " + surname

  407. 	}

  408. }

  409. 

  410. // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,

  411. // and create a local user if success when enabled.

  412. func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {

  413. 	sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)

  414. 	if sr == nil {

  415. 		// User not in LDAP, do nothing

  416. 		return nil, ErrUserNotExist{0, login, 0}

  417. 	}

  418. 

  419. 	if !autoRegister {

  420. 		return user, nil

  421. 	}

  422. 

  423. 	// Fallback.

  424. 	if len(sr.Username) == 0 {

  425. 		sr.Username = login

  426. 	}

  427. 	// Validate username make sure it satisfies requirement.

  428. 	if binding.AlphaDashDotPattern.MatchString(sr.Username) {

  429. 		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", sr.Username)

  430. 	}

  431. 

  432. 	if len(sr.Mail) == 0 {

  433. 		sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)

  434. 	}

  435. 

  436. 	user = &User{

  437. 		LowerName:   strings.ToLower(sr.Username),

  438. 		Name:        sr.Username,

  439. 		FullName:    composeFullName(sr.Name, sr.Surname, sr.Username),

  440. 		Email:       sr.Mail,

  441. 		LoginType:   source.Type,

  442. 		LoginSource: source.ID,

  443. 		LoginName:   login,

  444. 		IsActive:    true,

  445. 		IsAdmin:     sr.IsAdmin,

  446. 	}

  447. 	return user, CreateUser(user)

  448. }

  449. 

  450. //   _________   __________________________

  451. //  /   _____/  /     \__    ___/\______   \

  452. //  \_____  \  /  \ /  \|    |    |     ___/

  453. //  /        \/    Y    \    |    |    |

  454. // /_______  /\____|__  /____|    |____|

  455. //         \/         \/

  456. 

  457. type smtpLoginAuth struct {

  458. 	username, password string

  459. }

  460. 

  461. func (auth *smtpLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {

  462. 	return "LOGIN", []byte(auth.username), nil

  463. }

  464. 

  465. func (auth *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {

  466. 	if more {

  467. 		switch string(fromServer) {

  468. 		case "Username:":

  469. 			return []byte(auth.username), nil

  470. 		case "Password:":

  471. 			return []byte(auth.password), nil

  472. 		}

  473. 	}

  474. 	return nil, nil

  475. }

  476. 

  477. // SMTP authentication type names.

  478. const (

  479. 	SMTPPlain = "PLAIN"

  480. 	SMTPLogin = "LOGIN"

  481. )

  482. 

  483. // SMTPAuths contains available SMTP authentication type names.

  484. var SMTPAuths = []string{SMTPPlain, SMTPLogin}

  485. 

  486. // SMTPAuth performs an SMTP authentication.

  487. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {

  488. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))

  489. 	if err != nil {

  490. 		return err

  491. 	}

  492. 	defer c.Close()

  493. 

  494. 	if err = c.Hello("gogs"); err != nil {

  495. 		return err

  496. 	}

  497. 

  498. 	if cfg.TLS {

  499. 		if ok, _ := c.Extension("STARTTLS"); ok {

  500. 			if err = c.StartTLS(&tls.Config{

  501. 				InsecureSkipVerify: cfg.SkipVerify,

  502. 				ServerName:         cfg.Host,

  503. 			}); err != nil {

  504. 				return err

  505. 			}

  506. 		} else {

  507. 			return errors.New("SMTP server unsupports TLS")

  508. 		}

  509. 	}

  510. 

  511. 	if ok, _ := c.Extension("AUTH"); ok {

  512. 		if err = c.Auth(a); err != nil {

  513. 			return err

  514. 		}

  515. 		return nil

  516. 	}

  517. 	return ErrUnsupportedLoginType

  518. }

  519. 

  520. // LoginViaSMTP queries if login/password is valid against the SMTP,

  521. // and create a local user if success when enabled.

  522. func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {

  523. 	// Verify allowed domains.

  524. 	if len(cfg.AllowedDomains) > 0 {

  525. 		idx := strings.Index(login, "@")

  526. 		if idx == -1 {

  527. 			return nil, ErrUserNotExist{0, login, 0}

  528. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), login[idx+1:]) {

  529. 			return nil, ErrUserNotExist{0, login, 0}

  530. 		}

  531. 	}

  532. 

  533. 	var auth smtp.Auth

  534. 	if cfg.Auth == SMTPPlain {

  535. 		auth = smtp.PlainAuth("", login, password, cfg.Host)

  536. 	} else if cfg.Auth == SMTPLogin {

  537. 		auth = &smtpLoginAuth{login, password}

  538. 	} else {

  539. 		return nil, errors.New("Unsupported SMTP auth type")

  540. 	}

  541. 

  542. 	if err := SMTPAuth(auth, cfg); err != nil {

  543. 		// Check standard error format first,

  544. 		// then fallback to worse case.

  545. 		tperr, ok := err.(*textproto.Error)

  546. 		if (ok && tperr.Code == 535) ||

  547. 			strings.Contains(err.Error(), "Username and Password not accepted") {

  548. 			return nil, ErrUserNotExist{0, login, 0}

  549. 		}

  550. 		return nil, err

  551. 	}

  552. 

  553. 	if !autoRegister {

  554. 		return user, nil

  555. 	}

  556. 

  557. 	username := login

  558. 	idx := strings.Index(login, "@")

  559. 	if idx > -1 {

  560. 		username = login[:idx]

  561. 	}

  562. 

  563. 	user = &User{

  564. 		LowerName:   strings.ToLower(username),

  565. 		Name:        strings.ToLower(username),

  566. 		Email:       login,

  567. 		Passwd:      password,

  568. 		LoginType:   LoginSMTP,

  569. 		LoginSource: sourceID,

  570. 		LoginName:   login,

  571. 		IsActive:    true,

  572. 	}

  573. 	return user, CreateUser(user)

  574. }

  575. 

  576. // __________  _____      _____

  577. // \______   \/  _  \    /     \

  578. //  |     ___/  /_\  \  /  \ /  \

  579. //  |    |  /    |    \/    Y    \

  580. //  |____|  \____|__  /\____|__  /

  581. //                  \/         \/

  582. 

  583. // LoginViaPAM queries if login/password is valid against the PAM,

  584. // and create a local user if success when enabled.

  585. func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {

  586. 	if err := pam.Auth(cfg.ServiceName, login, password); err != nil {

  587. 		if strings.Contains(err.Error(), "Authentication failure") {

  588. 			return nil, ErrUserNotExist{0, login, 0}

  589. 		}

  590. 		return nil, err

  591. 	}

  592. 

  593. 	if !autoRegister {

  594. 		return user, nil

  595. 	}

  596. 

  597. 	user = &User{

  598. 		LowerName:   strings.ToLower(login),

  599. 		Name:        login,

  600. 		Email:       login,

  601. 		Passwd:      password,

  602. 		LoginType:   LoginPAM,

  603. 		LoginSource: sourceID,

  604. 		LoginName:   login,

  605. 		IsActive:    true,

  606. 	}

  607. 	return user, CreateUser(user)

  608. }

  609. 

  610. // ExternalUserLogin attempts a login using external source types.

  611. func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {

  612. 	if !source.IsActived {

  613. 		return nil, ErrLoginSourceNotActived

  614. 	}

  615. 

  616. 	switch source.Type {

  617. 	case LoginLDAP, LoginDLDAP:

  618. 		return LoginViaLDAP(user, login, password, source, autoRegister)

  619. 	case LoginSMTP:

  620. 		return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)

  621. 	case LoginPAM:

  622. 		return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)

  623. 	}

  624. 

  625. 	return nil, ErrUnsupportedLoginType

  626. }

  627. 

  628. // UserSignIn validates user name and password.

  629. func UserSignIn(username, password string) (*User, error) {

  630. 	var user *User

  631. 	if strings.Contains(username, "@") {

  632. 		user = &User{Email: strings.ToLower(strings.TrimSpace(username))}

  633. 		// check same email

  634. 		cnt, err := x.Count(user)

  635. 		if err != nil {

  636. 			return nil, err

  637. 		}

  638. 		if cnt > 1 {

  639. 			return nil, ErrEmailAlreadyUsed{

  640. 				Email: user.Email,

  641. 			}

  642. 		}

  643. 	} else {

  644. 		trimmedUsername := strings.TrimSpace(username)

  645. 		if len(trimmedUsername) == 0 {

  646. 			return nil, ErrUserNotExist{0, username, 0}

  647. 		}

  648. 

  649. 		user = &User{LowerName: strings.ToLower(trimmedUsername)}

  650. 	}

  651. 

  652. 	hasUser, err := x.Get(user)

  653. 	if err != nil {

  654. 		return nil, err

  655. 	}

  656. 

  657. 	if hasUser {

  658. 		switch user.LoginType {

  659. 		case LoginNoType, LoginPlain, LoginOAuth2:

  660. 			if user.ValidatePassword(password) {

  661. 				return user, nil

  662. 			}

  663. 

  664. 			return nil, ErrUserNotExist{user.ID, user.Name, 0}

  665. 

  666. 		default:

  667. 			var source LoginSource

  668. 			hasSource, err := x.Id(user.LoginSource).Get(&source)

  669. 			if err != nil {

  670. 				return nil, err

  671. 			} else if !hasSource {

  672. 				return nil, ErrLoginSourceNotExist{user.LoginSource}

  673. 			}

  674. 

  675. 			return ExternalUserLogin(user, user.LoginName, password, &source, false)

  676. 		}

  677. 	}

  678. 

  679. 	sources := make([]*LoginSource, 0, 5)

  680. 	if err = x.UseBool().Find(&sources, &LoginSource{IsActived: true}); err != nil {

  681. 		return nil, err

  682. 	}

  683. 

  684. 	for _, source := range sources {

  685. 		if source.IsOAuth2() {

  686. 			// don't try to authenticate against OAuth2 sources

  687. 			continue

  688. 		}

  689. 		authUser, err := ExternalUserLogin(nil, username, password, source, true)

  690. 		if err == nil {

  691. 			return authUser, nil

  692. 		}

  693. 

  694. 		log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)

  695. 	}

  696. 

  697. 	return nil, ErrUserNotExist{user.ID, user.Name, 0}

  698. }