mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1079 Commits
17 Branches
Tree: 4744996f9a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4744996f9a'
${ noResults }
gitea/models/login.go

login.go 8.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371 
  1. // Copyright github.com/juju2013. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"encoding/json"

  10. 	"errors"

  11. 	"fmt"

  12. 	"net/smtp"

  13. 	"strings"

  14. 	"time"

  15. 

  16. 	"github.com/go-xorm/core"

  17. 	"github.com/go-xorm/xorm"

  18. 

  19. 	"github.com/gogits/gogs/modules/auth/ldap"

  20. 	"github.com/gogits/gogs/modules/log"

  21. )

  22. 

  23. // Login types.

  24. const (

  25. 	LT_NOTYPE = iota

  26. 	LT_PLAIN

  27. 	LT_LDAP

  28. 	LT_SMTP

  29. )

  30. 

  31. var (

  32. 	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")

  33. 	ErrAuthenticationNotExist     = errors.New("Authentication does not exist")

  34. 	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")

  35. )

  36. 

  37. var LoginTypes = map[int]string{

  38. 	LT_LDAP: "LDAP",

  39. 	LT_SMTP: "SMTP",

  40. }

  41. 

  42. // Ensure structs implmented interface.

  43. var (

  44. 	_ core.Conversion = &LDAPConfig{}

  45. 	_ core.Conversion = &SMTPConfig{}

  46. )

  47. 

  48. type LDAPConfig struct {

  49. 	ldap.Ldapsource

  50. }

  51. 

  52. // implement

  53. func (cfg *LDAPConfig) FromDB(bs []byte) error {

  54. 	return json.Unmarshal(bs, &cfg.Ldapsource)

  55. }

  56. 

  57. func (cfg *LDAPConfig) ToDB() ([]byte, error) {

  58. 	return json.Marshal(cfg.Ldapsource)

  59. }

  60. 

  61. type SMTPConfig struct {

  62. 	Auth string

  63. 	Host string

  64. 	Port int

  65. 	TLS  bool

  66. }

  67. 

  68. // implement

  69. func (cfg *SMTPConfig) FromDB(bs []byte) error {

  70. 	return json.Unmarshal(bs, cfg)

  71. }

  72. 

  73. func (cfg *SMTPConfig) ToDB() ([]byte, error) {

  74. 	return json.Marshal(cfg)

  75. }

  76. 

  77. type LoginSource struct {

  78. 	Id                int64

  79. 	Type              int

  80. 	Name              string          `xorm:"unique"`

  81. 	IsActived         bool            `xorm:"not null default false"`

  82. 	Cfg               core.Conversion `xorm:"TEXT"`

  83. 	Created           time.Time       `xorm:"created"`

  84. 	Updated           time.Time       `xorm:"updated"`

  85. 	AllowAutoRegister bool            `xorm:"not null default false"`

  86. }

  87. 

  88. func (source *LoginSource) TypeString() string {

  89. 	return LoginTypes[source.Type]

  90. }

  91. 

  92. func (source *LoginSource) LDAP() *LDAPConfig {

  93. 	return source.Cfg.(*LDAPConfig)

  94. }

  95. 

  96. func (source *LoginSource) SMTP() *SMTPConfig {

  97. 	return source.Cfg.(*SMTPConfig)

  98. }

  99. 

  100. // for xorm callback

  101. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {

  102. 	if colName == "type" {

  103. 		ty := (*val).(int64)

  104. 		switch ty {

  105. 		case LT_LDAP:

  106. 			source.Cfg = new(LDAPConfig)

  107. 		case LT_SMTP:

  108. 			source.Cfg = new(SMTPConfig)

  109. 		}

  110. 	}

  111. }

  112. 

  113. func GetAuths() ([]*LoginSource, error) {

  114. 	var auths = make([]*LoginSource, 0)

  115. 	err := orm.Find(&auths)

  116. 	return auths, err

  117. }

  118. 

  119. func GetLoginSourceById(id int64) (*LoginSource, error) {

  120. 	source := new(LoginSource)

  121. 	has, err := orm.Id(id).Get(source)

  122. 	if err != nil {

  123. 		return nil, err

  124. 	}

  125. 	if !has {

  126. 		return nil, ErrAuthenticationNotExist

  127. 	}

  128. 	return source, nil

  129. }

  130. 

  131. func AddSource(source *LoginSource) error {

  132. 	_, err := orm.Insert(source)

  133. 	return err

  134. }

  135. 

  136. func UpdateSource(source *LoginSource) error {

  137. 	_, err := orm.Id(source.Id).AllCols().Update(source)

  138. 	return err

  139. }

  140. 

  141. func DelLoginSource(source *LoginSource) error {

  142. 	cnt, err := orm.Count(&User{LoginSource: source.Id})

  143. 	if err != nil {

  144. 		return err

  145. 	}

  146. 	if cnt > 0 {

  147. 		return ErrAuthenticationUserUsed

  148. 	}

  149. 	_, err = orm.Id(source.Id).Delete(&LoginSource{})

  150. 	return err

  151. }

  152. 

  153. // login a user

  154. func LoginUser(uname, passwd string) (*User, error) {

  155. 	var u *User

  156. 	if strings.Contains(uname, "@") {

  157. 		u = &User{Email: uname}

  158. 	} else {

  159. 		u = &User{LowerName: strings.ToLower(uname)}

  160. 	}

  161. 

  162. 	has, err := orm.Get(u)

  163. 	if err != nil {

  164. 		return nil, err

  165. 	}

  166. 

  167. 	if u.LoginType == LT_NOTYPE {

  168. 		if has {

  169. 			u.LoginType = LT_PLAIN

  170. 		}

  171. 	}

  172. 

  173. 	// for plain login, user must have existed.

  174. 	if u.LoginType == LT_PLAIN {

  175. 		if !has {

  176. 			return nil, ErrUserNotExist

  177. 		}

  178. 

  179. 		newUser := &User{Passwd: passwd, Salt: u.Salt}

  180. 		newUser.EncodePasswd()

  181. 		if u.Passwd != newUser.Passwd {

  182. 			return nil, ErrUserNotExist

  183. 		}

  184. 		return u, nil

  185. 	} else {

  186. 		if !has {

  187. 			var sources []LoginSource

  188. 			cond := &LoginSource{IsActived: true, AllowAutoRegister: true}

  189. 			err = orm.UseBool().Find(&sources, cond)

  190. 			if err != nil {

  191. 				return nil, err

  192. 			}

  193. 

  194. 			for _, source := range sources {

  195. 				if source.Type == LT_LDAP {

  196. 					u, err := LoginUserLdapSource(nil, uname, passwd,

  197. 						source.Id, source.Cfg.(*LDAPConfig), true)

  198. 					if err == nil {

  199. 						return u, nil

  200. 					} else {

  201. 						log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err)

  202. 					}

  203. 				} else if source.Type == LT_SMTP {

  204. 					u, err := LoginUserSMTPSource(nil, uname, passwd,

  205. 						source.Id, source.Cfg.(*SMTPConfig), true)

  206. 					if err == nil {

  207. 						return u, nil

  208. 					} else {

  209. 						log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)

  210. 					}

  211. 				}

  212. 			}

  213. 

  214. 			return nil, ErrUserNotExist

  215. 		}

  216. 

  217. 		var source LoginSource

  218. 		hasSource, err := orm.Id(u.LoginSource).Get(&source)

  219. 		if err != nil {

  220. 			return nil, err

  221. 		} else if !hasSource {

  222. 			return nil, ErrLoginSourceNotExist

  223. 		} else if !source.IsActived {

  224. 			return nil, ErrLoginSourceNotActived

  225. 		}

  226. 

  227. 		switch u.LoginType {

  228. 		case LT_LDAP:

  229. 			return LoginUserLdapSource(u, u.LoginName, passwd,

  230. 				source.Id, source.Cfg.(*LDAPConfig), false)

  231. 		case LT_SMTP:

  232. 			return LoginUserSMTPSource(u, u.LoginName, passwd,

  233. 				source.Id, source.Cfg.(*SMTPConfig), false)

  234. 		}

  235. 		return nil, ErrUnsupportedLoginType

  236. 	}

  237. }

  238. 

  239. // Query if name/passwd can login against the LDAP direcotry pool

  240. // Create a local user if success

  241. // Return the same LoginUserPlain semantic

  242. func LoginUserLdapSource(user *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {

  243. 	mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)

  244. 	if !logged {

  245. 		// user not in LDAP, do nothing

  246. 		return nil, ErrUserNotExist

  247. 	}

  248. 	if !autoRegister {

  249. 		return user, nil

  250. 	}

  251. 

  252. 	// fake a local user creation

  253. 	user = &User{

  254. 		LowerName:   strings.ToLower(name),

  255. 		Name:        strings.ToLower(name),

  256. 		LoginType:   LT_LDAP,

  257. 		LoginSource: sourceId,

  258. 		LoginName:   name,

  259. 		IsActive:    true,

  260. 		Passwd:      passwd,

  261. 		Email:       mail,

  262. 	}

  263. 

  264. 	return RegisterUser(user)

  265. }

  266. 

  267. type loginAuth struct {

  268. 	username, password string

  269. }

  270. 

  271. func LoginAuth(username, password string) smtp.Auth {

  272. 	return &loginAuth{username, password}

  273. }

  274. 

  275. func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {

  276. 	return "LOGIN", []byte(a.username), nil

  277. }

  278. 

  279. func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {

  280. 	if more {

  281. 		switch string(fromServer) {

  282. 		case "Username:":

  283. 			return []byte(a.username), nil

  284. 		case "Password:":

  285. 			return []byte(a.password), nil

  286. 		}

  287. 	}

  288. 	return nil, nil

  289. }

  290. 

  291. var (

  292. 	SMTP_PLAIN = "PLAIN"

  293. 	SMTP_LOGIN = "LOGIN"

  294. 	SMTPAuths  = []string{SMTP_PLAIN, SMTP_LOGIN}

  295. )

  296. 

  297. func SmtpAuth(host string, port int, a smtp.Auth, useTls bool) error {

  298. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", host, port))

  299. 	if err != nil {

  300. 		return err

  301. 	}

  302. 	defer c.Close()

  303. 

  304. 	if err = c.Hello("gogs"); err != nil {

  305. 		return err

  306. 	}

  307. 

  308. 	if useTls {

  309. 		if ok, _ := c.Extension("STARTTLS"); ok {

  310. 			config := &tls.Config{ServerName: host}

  311. 			if err = c.StartTLS(config); err != nil {

  312. 				return err

  313. 			}

  314. 		} else {

  315. 			return errors.New("SMTP server unsupported TLS")

  316. 		}

  317. 	}

  318. 

  319. 	if ok, _ := c.Extension("AUTH"); ok {

  320. 		if err = c.Auth(a); err != nil {

  321. 			return err

  322. 		}

  323. 		return nil

  324. 	} else {

  325. 		return ErrUnsupportedLoginType

  326. 	}

  327. }

  328. 

  329. // Query if name/passwd can login against the LDAP direcotry pool

  330. // Create a local user if success

  331. // Return the same LoginUserPlain semantic

  332. func LoginUserSMTPSource(user *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {

  333. 	var auth smtp.Auth

  334. 	if cfg.Auth == SMTP_PLAIN {

  335. 		auth = smtp.PlainAuth("", name, passwd, cfg.Host)

  336. 	} else if cfg.Auth == SMTP_LOGIN {

  337. 		auth = LoginAuth(name, passwd)

  338. 	} else {

  339. 		return nil, errors.New("Unsupported SMTP auth type")

  340. 	}

  341. 

  342. 	if err := SmtpAuth(cfg.Host, cfg.Port, auth, cfg.TLS); err != nil {

  343. 		if strings.Contains(err.Error(), "Username and Password not accepted") {

  344. 			return nil, ErrUserNotExist

  345. 		}

  346. 		return nil, err

  347. 	}

  348. 

  349. 	if !autoRegister {

  350. 		return user, nil

  351. 	}

  352. 

  353. 	var loginName = name

  354. 	idx := strings.Index(name, "@")

  355. 	if idx > -1 {

  356. 		loginName = name[:idx]

  357. 	}

  358. 	// fake a local user creation

  359. 	user = &User{

  360. 		LowerName:   strings.ToLower(loginName),

  361. 		Name:        strings.ToLower(loginName),

  362. 		LoginType:   LT_SMTP,

  363. 		LoginSource: sourceId,

  364. 		LoginName:   name,

  365. 		IsActive:    true,

  366. 		Passwd:      passwd,

  367. 		Email:       name,

  368. 	}

  369. 

  370. 	return RegisterUser(user)

  371. }