mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15702 Commits
17 Branches
Tree: 1a0a205466
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1a0a205466'
${ noResults }
gitea/cmd/admin.go

admin.go 19KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759 
  1. // Copyright 2016 The Gogs Authors. All rights reserved.

  2. // Copyright 2016 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package cmd

  6. 

  7. import (

  8. 	"errors"

  9. 	"fmt"

  10. 	"net/url"

  11. 	"os"

  12. 	"strings"

  13. 	"text/tabwriter"

  14. 

  15. 	asymkey_model "code.gitea.io/gitea/models/asymkey"

  16. 	auth_model "code.gitea.io/gitea/models/auth"

  17. 	"code.gitea.io/gitea/models/db"

  18. 	repo_model "code.gitea.io/gitea/models/repo"

  19. 	"code.gitea.io/gitea/modules/git"

  20. 	"code.gitea.io/gitea/modules/graceful"

  21. 	"code.gitea.io/gitea/modules/log"

  22. 	repo_module "code.gitea.io/gitea/modules/repository"

  23. 	"code.gitea.io/gitea/modules/util"

  24. 	auth_service "code.gitea.io/gitea/services/auth"

  25. 	"code.gitea.io/gitea/services/auth/source/oauth2"

  26. 	"code.gitea.io/gitea/services/auth/source/smtp"

  27. 	repo_service "code.gitea.io/gitea/services/repository"

  28. 

  29. 	"github.com/urfave/cli"

  30. )

  31. 

  32. var (

  33. 	// CmdAdmin represents the available admin sub-command.

  34. 	CmdAdmin = cli.Command{

  35. 		Name:  "admin",

  36. 		Usage: "Command line interface to perform common administrative operations",

  37. 		Subcommands: []cli.Command{

  38. 			subcmdUser,

  39. 			subcmdRepoSyncReleases,

  40. 			subcmdRegenerate,

  41. 			subcmdAuth,

  42. 			subcmdSendMail,

  43. 		},

  44. 	}

  45. 

  46. 	subcmdRepoSyncReleases = cli.Command{

  47. 		Name:   "repo-sync-releases",

  48. 		Usage:  "Synchronize repository releases with tags",

  49. 		Action: runRepoSyncReleases,

  50. 	}

  51. 

  52. 	subcmdRegenerate = cli.Command{

  53. 		Name:  "regenerate",

  54. 		Usage: "Regenerate specific files",

  55. 		Subcommands: []cli.Command{

  56. 			microcmdRegenHooks,

  57. 			microcmdRegenKeys,

  58. 		},

  59. 	}

  60. 

  61. 	microcmdRegenHooks = cli.Command{

  62. 		Name:   "hooks",

  63. 		Usage:  "Regenerate git-hooks",

  64. 		Action: runRegenerateHooks,

  65. 	}

  66. 

  67. 	microcmdRegenKeys = cli.Command{

  68. 		Name:   "keys",

  69. 		Usage:  "Regenerate authorized_keys file",

  70. 		Action: runRegenerateKeys,

  71. 	}

  72. 

  73. 	subcmdAuth = cli.Command{

  74. 		Name:  "auth",

  75. 		Usage: "Modify external auth providers",

  76. 		Subcommands: []cli.Command{

  77. 			microcmdAuthAddOauth,

  78. 			microcmdAuthUpdateOauth,

  79. 			cmdAuthAddLdapBindDn,

  80. 			cmdAuthUpdateLdapBindDn,

  81. 			cmdAuthAddLdapSimpleAuth,

  82. 			cmdAuthUpdateLdapSimpleAuth,

  83. 			microcmdAuthAddSMTP,

  84. 			microcmdAuthUpdateSMTP,

  85. 			microcmdAuthList,

  86. 			microcmdAuthDelete,

  87. 		},

  88. 	}

  89. 

  90. 	microcmdAuthList = cli.Command{

  91. 		Name:   "list",

  92. 		Usage:  "List auth sources",

  93. 		Action: runListAuth,

  94. 		Flags: []cli.Flag{

  95. 			cli.IntFlag{

  96. 				Name:  "min-width",

  97. 				Usage: "Minimal cell width including any padding for the formatted table",

  98. 				Value: 0,

  99. 			},

  100. 			cli.IntFlag{

  101. 				Name:  "tab-width",

  102. 				Usage: "width of tab characters in formatted table (equivalent number of spaces)",

  103. 				Value: 8,

  104. 			},

  105. 			cli.IntFlag{

  106. 				Name:  "padding",

  107. 				Usage: "padding added to a cell before computing its width",

  108. 				Value: 1,

  109. 			},

  110. 			cli.StringFlag{

  111. 				Name:  "pad-char",

  112. 				Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,

  113. 				Value: "\t",

  114. 			},

  115. 			cli.BoolFlag{

  116. 				Name:  "vertical-bars",

  117. 				Usage: "Set to true to print vertical bars between columns",

  118. 			},

  119. 		},

  120. 	}

  121. 

  122. 	idFlag = cli.Int64Flag{

  123. 		Name:  "id",

  124. 		Usage: "ID of authentication source",

  125. 	}

  126. 

  127. 	microcmdAuthDelete = cli.Command{

  128. 		Name:   "delete",

  129. 		Usage:  "Delete specific auth source",

  130. 		Flags:  []cli.Flag{idFlag},

  131. 		Action: runDeleteAuth,

  132. 	}

  133. 

  134. 	oauthCLIFlags = []cli.Flag{

  135. 		cli.StringFlag{

  136. 			Name:  "name",

  137. 			Value: "",

  138. 			Usage: "Application Name",

  139. 		},

  140. 		cli.StringFlag{

  141. 			Name:  "provider",

  142. 			Value: "",

  143. 			Usage: "OAuth2 Provider",

  144. 		},

  145. 		cli.StringFlag{

  146. 			Name:  "key",

  147. 			Value: "",

  148. 			Usage: "Client ID (Key)",

  149. 		},

  150. 		cli.StringFlag{

  151. 			Name:  "secret",

  152. 			Value: "",

  153. 			Usage: "Client Secret",

  154. 		},

  155. 		cli.StringFlag{

  156. 			Name:  "auto-discover-url",

  157. 			Value: "",

  158. 			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",

  159. 		},

  160. 		cli.StringFlag{

  161. 			Name:  "use-custom-urls",

  162. 			Value: "false",

  163. 			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",

  164. 		},

  165. 		cli.StringFlag{

  166. 			Name:  "custom-tenant-id",

  167. 			Value: "",

  168. 			Usage: "Use custom Tenant ID for OAuth endpoints",

  169. 		},

  170. 		cli.StringFlag{

  171. 			Name:  "custom-auth-url",

  172. 			Value: "",

  173. 			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",

  174. 		},

  175. 		cli.StringFlag{

  176. 			Name:  "custom-token-url",

  177. 			Value: "",

  178. 			Usage: "Use a custom Token URL (option for GitLab/GitHub)",

  179. 		},

  180. 		cli.StringFlag{

  181. 			Name:  "custom-profile-url",

  182. 			Value: "",

  183. 			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",

  184. 		},

  185. 		cli.StringFlag{

  186. 			Name:  "custom-email-url",

  187. 			Value: "",

  188. 			Usage: "Use a custom Email URL (option for GitHub)",

  189. 		},

  190. 		cli.StringFlag{

  191. 			Name:  "icon-url",

  192. 			Value: "",

  193. 			Usage: "Custom icon URL for OAuth2 login source",

  194. 		},

  195. 		cli.BoolFlag{

  196. 			Name:  "skip-local-2fa",

  197. 			Usage: "Set to true to skip local 2fa for users authenticated by this source",

  198. 		},

  199. 		cli.StringSliceFlag{

  200. 			Name:  "scopes",

  201. 			Value: nil,

  202. 			Usage: "Scopes to request when to authenticate against this OAuth2 source",

  203. 		},

  204. 		cli.StringFlag{

  205. 			Name:  "required-claim-name",

  206. 			Value: "",

  207. 			Usage: "Claim name that has to be set to allow users to login with this source",

  208. 		},

  209. 		cli.StringFlag{

  210. 			Name:  "required-claim-value",

  211. 			Value: "",

  212. 			Usage: "Claim value that has to be set to allow users to login with this source",

  213. 		},

  214. 		cli.StringFlag{

  215. 			Name:  "group-claim-name",

  216. 			Value: "",

  217. 			Usage: "Claim name providing group names for this source",

  218. 		},

  219. 		cli.StringFlag{

  220. 			Name:  "admin-group",

  221. 			Value: "",

  222. 			Usage: "Group Claim value for administrator users",

  223. 		},

  224. 		cli.StringFlag{

  225. 			Name:  "restricted-group",

  226. 			Value: "",

  227. 			Usage: "Group Claim value for restricted users",

  228. 		},

  229. 		cli.StringFlag{

  230. 			Name:  "group-team-map",

  231. 			Value: "",

  232. 			Usage: "JSON mapping between groups and org teams",

  233. 		},

  234. 		cli.BoolFlag{

  235. 			Name:  "group-team-map-removal",

  236. 			Usage: "Activate automatic team membership removal depending on groups",

  237. 		},

  238. 	}

  239. 

  240. 	microcmdAuthUpdateOauth = cli.Command{

  241. 		Name:   "update-oauth",

  242. 		Usage:  "Update existing Oauth authentication source",

  243. 		Action: runUpdateOauth,

  244. 		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),

  245. 	}

  246. 

  247. 	microcmdAuthAddOauth = cli.Command{

  248. 		Name:   "add-oauth",

  249. 		Usage:  "Add new Oauth authentication source",

  250. 		Action: runAddOauth,

  251. 		Flags:  oauthCLIFlags,

  252. 	}

  253. 

  254. 	subcmdSendMail = cli.Command{

  255. 		Name:   "sendmail",

  256. 		Usage:  "Send a message to all users",

  257. 		Action: runSendMail,

  258. 		Flags: []cli.Flag{

  259. 			cli.StringFlag{

  260. 				Name:  "title",

  261. 				Usage: `a title of a message`,

  262. 				Value: "",

  263. 			},

  264. 			cli.StringFlag{

  265. 				Name:  "content",

  266. 				Usage: "a content of a message",

  267. 				Value: "",

  268. 			},

  269. 			cli.BoolFlag{

  270. 				Name:  "force,f",

  271. 				Usage: "A flag to bypass a confirmation step",

  272. 			},

  273. 		},

  274. 	}

  275. 

  276. 	smtpCLIFlags = []cli.Flag{

  277. 		cli.StringFlag{

  278. 			Name:  "name",

  279. 			Value: "",

  280. 			Usage: "Application Name",

  281. 		},

  282. 		cli.StringFlag{

  283. 			Name:  "auth-type",

  284. 			Value: "PLAIN",

  285. 			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",

  286. 		},

  287. 		cli.StringFlag{

  288. 			Name:  "host",

  289. 			Value: "",

  290. 			Usage: "SMTP Host",

  291. 		},

  292. 		cli.IntFlag{

  293. 			Name:  "port",

  294. 			Usage: "SMTP Port",

  295. 		},

  296. 		cli.BoolTFlag{

  297. 			Name:  "force-smtps",

  298. 			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",

  299. 		},

  300. 		cli.BoolTFlag{

  301. 			Name:  "skip-verify",

  302. 			Usage: "Skip TLS verify.",

  303. 		},

  304. 		cli.StringFlag{

  305. 			Name:  "helo-hostname",

  306. 			Value: "",

  307. 			Usage: "Hostname sent with HELO. Leave blank to send current hostname",

  308. 		},

  309. 		cli.BoolTFlag{

  310. 			Name:  "disable-helo",

  311. 			Usage: "Disable SMTP helo.",

  312. 		},

  313. 		cli.StringFlag{

  314. 			Name:  "allowed-domains",

  315. 			Value: "",

  316. 			Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",

  317. 		},

  318. 		cli.BoolTFlag{

  319. 			Name:  "skip-local-2fa",

  320. 			Usage: "Skip 2FA to log on.",

  321. 		},

  322. 		cli.BoolTFlag{

  323. 			Name:  "active",

  324. 			Usage: "This Authentication Source is Activated.",

  325. 		},

  326. 	}

  327. 

  328. 	microcmdAuthAddSMTP = cli.Command{

  329. 		Name:   "add-smtp",

  330. 		Usage:  "Add new SMTP authentication source",

  331. 		Action: runAddSMTP,

  332. 		Flags:  smtpCLIFlags,

  333. 	}

  334. 

  335. 	microcmdAuthUpdateSMTP = cli.Command{

  336. 		Name:   "update-smtp",

  337. 		Usage:  "Update existing SMTP authentication source",

  338. 		Action: runUpdateSMTP,

  339. 		Flags:  append(smtpCLIFlags[:1], append([]cli.Flag{idFlag}, smtpCLIFlags[1:]...)...),

  340. 	}

  341. )

  342. 

  343. func runRepoSyncReleases(_ *cli.Context) error {

  344. 	ctx, cancel := installSignals()

  345. 	defer cancel()

  346. 

  347. 	if err := initDB(ctx); err != nil {

  348. 		return err

  349. 	}

  350. 

  351. 	log.Trace("Synchronizing repository releases (this may take a while)")

  352. 	for page := 1; ; page++ {

  353. 		repos, count, err := repo_model.SearchRepositoryByName(ctx, &repo_model.SearchRepoOptions{

  354. 			ListOptions: db.ListOptions{

  355. 				PageSize: repo_model.RepositoryListDefaultPageSize,

  356. 				Page:     page,

  357. 			},

  358. 			Private: true,

  359. 		})

  360. 		if err != nil {

  361. 			return fmt.Errorf("SearchRepositoryByName: %w", err)

  362. 		}

  363. 		if len(repos) == 0 {

  364. 			break

  365. 		}

  366. 		log.Trace("Processing next %d repos of %d", len(repos), count)

  367. 		for _, repo := range repos {

  368. 			log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())

  369. 			gitRepo, err := git.OpenRepository(ctx, repo.RepoPath())

  370. 			if err != nil {

  371. 				log.Warn("OpenRepository: %v", err)

  372. 				continue

  373. 			}

  374. 

  375. 			oldnum, err := getReleaseCount(repo.ID)

  376. 			if err != nil {

  377. 				log.Warn(" GetReleaseCountByRepoID: %v", err)

  378. 			}

  379. 			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)

  380. 

  381. 			if err = repo_module.SyncReleasesWithTags(repo, gitRepo); err != nil {

  382. 				log.Warn(" SyncReleasesWithTags: %v", err)

  383. 				gitRepo.Close()

  384. 				continue

  385. 			}

  386. 

  387. 			count, err = getReleaseCount(repo.ID)

  388. 			if err != nil {

  389. 				log.Warn(" GetReleaseCountByRepoID: %v", err)

  390. 				gitRepo.Close()

  391. 				continue

  392. 			}

  393. 

  394. 			log.Trace(" repo %s releases synchronized to tags: from %d to %d",

  395. 				repo.FullName(), oldnum, count)

  396. 			gitRepo.Close()

  397. 		}

  398. 	}

  399. 

  400. 	return nil

  401. }

  402. 

  403. func getReleaseCount(id int64) (int64, error) {

  404. 	return repo_model.GetReleaseCountByRepoID(

  405. 		db.DefaultContext,

  406. 		id,

  407. 		repo_model.FindReleasesOptions{

  408. 			IncludeTags: true,

  409. 		},

  410. 	)

  411. }

  412. 

  413. func runRegenerateHooks(_ *cli.Context) error {

  414. 	ctx, cancel := installSignals()

  415. 	defer cancel()

  416. 

  417. 	if err := initDB(ctx); err != nil {

  418. 		return err

  419. 	}

  420. 	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())

  421. }

  422. 

  423. func runRegenerateKeys(_ *cli.Context) error {

  424. 	ctx, cancel := installSignals()

  425. 	defer cancel()

  426. 

  427. 	if err := initDB(ctx); err != nil {

  428. 		return err

  429. 	}

  430. 	return asymkey_model.RewriteAllPublicKeys()

  431. }

  432. 

  433. func parseOAuth2Config(c *cli.Context) *oauth2.Source {

  434. 	var customURLMapping *oauth2.CustomURLMapping

  435. 	if c.IsSet("use-custom-urls") {

  436. 		customURLMapping = &oauth2.CustomURLMapping{

  437. 			TokenURL:   c.String("custom-token-url"),

  438. 			AuthURL:    c.String("custom-auth-url"),

  439. 			ProfileURL: c.String("custom-profile-url"),

  440. 			EmailURL:   c.String("custom-email-url"),

  441. 			Tenant:     c.String("custom-tenant-id"),

  442. 		}

  443. 	} else {

  444. 		customURLMapping = nil

  445. 	}

  446. 	return &oauth2.Source{

  447. 		Provider:                      c.String("provider"),

  448. 		ClientID:                      c.String("key"),

  449. 		ClientSecret:                  c.String("secret"),

  450. 		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),

  451. 		CustomURLMapping:              customURLMapping,

  452. 		IconURL:                       c.String("icon-url"),

  453. 		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),

  454. 		Scopes:                        c.StringSlice("scopes"),

  455. 		RequiredClaimName:             c.String("required-claim-name"),

  456. 		RequiredClaimValue:            c.String("required-claim-value"),

  457. 		GroupClaimName:                c.String("group-claim-name"),

  458. 		AdminGroup:                    c.String("admin-group"),

  459. 		RestrictedGroup:               c.String("restricted-group"),

  460. 		GroupTeamMap:                  c.String("group-team-map"),

  461. 		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),

  462. 	}

  463. }

  464. 

  465. func runAddOauth(c *cli.Context) error {

  466. 	ctx, cancel := installSignals()

  467. 	defer cancel()

  468. 

  469. 	if err := initDB(ctx); err != nil {

  470. 		return err

  471. 	}

  472. 

  473. 	config := parseOAuth2Config(c)

  474. 	if config.Provider == "openidConnect" {

  475. 		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)

  476. 		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {

  477. 			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)

  478. 		}

  479. 	}

  480. 

  481. 	return auth_model.CreateSource(&auth_model.Source{

  482. 		Type:     auth_model.OAuth2,

  483. 		Name:     c.String("name"),

  484. 		IsActive: true,

  485. 		Cfg:      config,

  486. 	})

  487. }

  488. 

  489. func runUpdateOauth(c *cli.Context) error {

  490. 	if !c.IsSet("id") {

  491. 		return fmt.Errorf("--id flag is missing")

  492. 	}

  493. 

  494. 	ctx, cancel := installSignals()

  495. 	defer cancel()

  496. 

  497. 	if err := initDB(ctx); err != nil {

  498. 		return err

  499. 	}

  500. 

  501. 	source, err := auth_model.GetSourceByID(c.Int64("id"))

  502. 	if err != nil {

  503. 		return err

  504. 	}

  505. 

  506. 	oAuth2Config := source.Cfg.(*oauth2.Source)

  507. 

  508. 	if c.IsSet("name") {

  509. 		source.Name = c.String("name")

  510. 	}

  511. 

  512. 	if c.IsSet("provider") {

  513. 		oAuth2Config.Provider = c.String("provider")

  514. 	}

  515. 

  516. 	if c.IsSet("key") {

  517. 		oAuth2Config.ClientID = c.String("key")

  518. 	}

  519. 

  520. 	if c.IsSet("secret") {

  521. 		oAuth2Config.ClientSecret = c.String("secret")

  522. 	}

  523. 

  524. 	if c.IsSet("auto-discover-url") {

  525. 		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")

  526. 	}

  527. 

  528. 	if c.IsSet("icon-url") {

  529. 		oAuth2Config.IconURL = c.String("icon-url")

  530. 	}

  531. 

  532. 	if c.IsSet("scopes") {

  533. 		oAuth2Config.Scopes = c.StringSlice("scopes")

  534. 	}

  535. 

  536. 	if c.IsSet("required-claim-name") {

  537. 		oAuth2Config.RequiredClaimName = c.String("required-claim-name")

  538. 	}

  539. 	if c.IsSet("required-claim-value") {

  540. 		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")

  541. 	}

  542. 

  543. 	if c.IsSet("group-claim-name") {

  544. 		oAuth2Config.GroupClaimName = c.String("group-claim-name")

  545. 	}

  546. 	if c.IsSet("admin-group") {

  547. 		oAuth2Config.AdminGroup = c.String("admin-group")

  548. 	}

  549. 	if c.IsSet("restricted-group") {

  550. 		oAuth2Config.RestrictedGroup = c.String("restricted-group")

  551. 	}

  552. 	if c.IsSet("group-team-map") {

  553. 		oAuth2Config.GroupTeamMap = c.String("group-team-map")

  554. 	}

  555. 	if c.IsSet("group-team-map-removal") {

  556. 		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")

  557. 	}

  558. 

  559. 	// update custom URL mapping

  560. 	customURLMapping := &oauth2.CustomURLMapping{}

  561. 

  562. 	if oAuth2Config.CustomURLMapping != nil {

  563. 		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL

  564. 		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL

  565. 		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL

  566. 		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL

  567. 		customURLMapping.Tenant = oAuth2Config.CustomURLMapping.Tenant

  568. 	}

  569. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {

  570. 		customURLMapping.TokenURL = c.String("custom-token-url")

  571. 	}

  572. 

  573. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {

  574. 		customURLMapping.AuthURL = c.String("custom-auth-url")

  575. 	}

  576. 

  577. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {

  578. 		customURLMapping.ProfileURL = c.String("custom-profile-url")

  579. 	}

  580. 

  581. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {

  582. 		customURLMapping.EmailURL = c.String("custom-email-url")

  583. 	}

  584. 

  585. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-tenant-id") {

  586. 		customURLMapping.Tenant = c.String("custom-tenant-id")

  587. 	}

  588. 

  589. 	oAuth2Config.CustomURLMapping = customURLMapping

  590. 	source.Cfg = oAuth2Config

  591. 

  592. 	return auth_model.UpdateSource(source)

  593. }

  594. 

  595. func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {

  596. 	if c.IsSet("auth-type") {

  597. 		conf.Auth = c.String("auth-type")

  598. 		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}

  599. 		if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {

  600. 			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")

  601. 		}

  602. 		conf.Auth = c.String("auth-type")

  603. 	}

  604. 	if c.IsSet("host") {

  605. 		conf.Host = c.String("host")

  606. 	}

  607. 	if c.IsSet("port") {

  608. 		conf.Port = c.Int("port")

  609. 	}

  610. 	if c.IsSet("allowed-domains") {

  611. 		conf.AllowedDomains = c.String("allowed-domains")

  612. 	}

  613. 	if c.IsSet("force-smtps") {

  614. 		conf.ForceSMTPS = c.BoolT("force-smtps")

  615. 	}

  616. 	if c.IsSet("skip-verify") {

  617. 		conf.SkipVerify = c.BoolT("skip-verify")

  618. 	}

  619. 	if c.IsSet("helo-hostname") {

  620. 		conf.HeloHostname = c.String("helo-hostname")

  621. 	}

  622. 	if c.IsSet("disable-helo") {

  623. 		conf.DisableHelo = c.BoolT("disable-helo")

  624. 	}

  625. 	if c.IsSet("skip-local-2fa") {

  626. 		conf.SkipLocalTwoFA = c.BoolT("skip-local-2fa")

  627. 	}

  628. 	return nil

  629. }

  630. 

  631. func runAddSMTP(c *cli.Context) error {

  632. 	ctx, cancel := installSignals()

  633. 	defer cancel()

  634. 

  635. 	if err := initDB(ctx); err != nil {

  636. 		return err

  637. 	}

  638. 

  639. 	if !c.IsSet("name") || len(c.String("name")) == 0 {

  640. 		return errors.New("name must be set")

  641. 	}

  642. 	if !c.IsSet("host") || len(c.String("host")) == 0 {

  643. 		return errors.New("host must be set")

  644. 	}

  645. 	if !c.IsSet("port") {

  646. 		return errors.New("port must be set")

  647. 	}

  648. 	active := true

  649. 	if c.IsSet("active") {

  650. 		active = c.BoolT("active")

  651. 	}

  652. 

  653. 	var smtpConfig smtp.Source

  654. 	if err := parseSMTPConfig(c, &smtpConfig); err != nil {

  655. 		return err

  656. 	}

  657. 

  658. 	// If not set default to PLAIN

  659. 	if len(smtpConfig.Auth) == 0 {

  660. 		smtpConfig.Auth = "PLAIN"

  661. 	}

  662. 

  663. 	return auth_model.CreateSource(&auth_model.Source{

  664. 		Type:     auth_model.SMTP,

  665. 		Name:     c.String("name"),

  666. 		IsActive: active,

  667. 		Cfg:      &smtpConfig,

  668. 	})

  669. }

  670. 

  671. func runUpdateSMTP(c *cli.Context) error {

  672. 	if !c.IsSet("id") {

  673. 		return fmt.Errorf("--id flag is missing")

  674. 	}

  675. 

  676. 	ctx, cancel := installSignals()

  677. 	defer cancel()

  678. 

  679. 	if err := initDB(ctx); err != nil {

  680. 		return err

  681. 	}

  682. 

  683. 	source, err := auth_model.GetSourceByID(c.Int64("id"))

  684. 	if err != nil {

  685. 		return err

  686. 	}

  687. 

  688. 	smtpConfig := source.Cfg.(*smtp.Source)

  689. 

  690. 	if err := parseSMTPConfig(c, smtpConfig); err != nil {

  691. 		return err

  692. 	}

  693. 

  694. 	if c.IsSet("name") {

  695. 		source.Name = c.String("name")

  696. 	}

  697. 

  698. 	if c.IsSet("active") {

  699. 		source.IsActive = c.BoolT("active")

  700. 	}

  701. 

  702. 	source.Cfg = smtpConfig

  703. 

  704. 	return auth_model.UpdateSource(source)

  705. }

  706. 

  707. func runListAuth(c *cli.Context) error {

  708. 	ctx, cancel := installSignals()

  709. 	defer cancel()

  710. 

  711. 	if err := initDB(ctx); err != nil {

  712. 		return err

  713. 	}

  714. 

  715. 	authSources, err := auth_model.Sources()

  716. 	if err != nil {

  717. 		return err

  718. 	}

  719. 

  720. 	flags := tabwriter.AlignRight

  721. 	if c.Bool("vertical-bars") {

  722. 		flags |= tabwriter.Debug

  723. 	}

  724. 

  725. 	padChar := byte('\t')

  726. 	if len(c.String("pad-char")) > 0 {

  727. 		padChar = c.String("pad-char")[0]

  728. 	}

  729. 

  730. 	// loop through each source and print

  731. 	w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)

  732. 	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")

  733. 	for _, source := range authSources {

  734. 		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, source.Type.String(), source.IsActive)

  735. 	}

  736. 	w.Flush()

  737. 

  738. 	return nil

  739. }

  740. 

  741. func runDeleteAuth(c *cli.Context) error {

  742. 	if !c.IsSet("id") {

  743. 		return fmt.Errorf("--id flag is missing")

  744. 	}

  745. 

  746. 	ctx, cancel := installSignals()

  747. 	defer cancel()

  748. 

  749. 	if err := initDB(ctx); err != nil {

  750. 		return err

  751. 	}

  752. 

  753. 	source, err := auth_model.GetSourceByID(c.Int64("id"))

  754. 	if err != nil {

  755. 		return err

  756. 	}

  757. 

  758. 	return auth_service.DeleteSource(source)

  759. }