mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14344 Commits
17 Branches
Tree: 477a1cc40e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '477a1cc40e'
${ noResults }
gitea/services/auth/source/smtp/source_authenticate.go

source_authenticate.go 2.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package smtp

  5. 

  6. import (

  7. 	"errors"

  8. 	"net/smtp"

  9. 	"net/textproto"

  10. 	"strings"

  11. 

  12. 	auth_model "code.gitea.io/gitea/models/auth"

  13. 	user_model "code.gitea.io/gitea/models/user"

  14. 	"code.gitea.io/gitea/modules/util"

  15. 	"code.gitea.io/gitea/services/mailer"

  16. )

  17. 

  18. // Authenticate queries if the provided login/password is authenticates against the SMTP server

  19. // Users will be autoregistered as required

  20. func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {

  21. 	// Verify allowed domains.

  22. 	if len(source.AllowedDomains) > 0 {

  23. 		idx := strings.Index(userName, "@")

  24. 		if idx == -1 {

  25. 			return nil, user_model.ErrUserNotExist{Name: userName}

  26. 		} else if !util.SliceContainsString(strings.Split(source.AllowedDomains, ","), userName[idx+1:], true) {

  27. 			return nil, user_model.ErrUserNotExist{Name: userName}

  28. 		}

  29. 	}

  30. 

  31. 	var auth smtp.Auth

  32. 	switch source.Auth {

  33. 	case PlainAuthentication:

  34. 		auth = smtp.PlainAuth("", userName, password, source.Host)

  35. 	case LoginAuthentication:

  36. 		auth = &loginAuthenticator{userName, password}

  37. 	case CRAMMD5Authentication:

  38. 		auth = smtp.CRAMMD5Auth(userName, password)

  39. 	default:

  40. 		return nil, errors.New("unsupported SMTP auth type")

  41. 	}

  42. 

  43. 	if err := Authenticate(auth, source); err != nil {

  44. 		// Check standard error format first,

  45. 		// then fallback to worse case.

  46. 		tperr, ok := err.(*textproto.Error)

  47. 		if (ok && tperr.Code == 535) ||

  48. 			strings.Contains(err.Error(), "Username and Password not accepted") {

  49. 			return nil, user_model.ErrUserNotExist{Name: userName}

  50. 		}

  51. 		if (ok && tperr.Code == 534) ||

  52. 			strings.Contains(err.Error(), "Application-specific password required") {

  53. 			return nil, user_model.ErrUserNotExist{Name: userName}

  54. 		}

  55. 		return nil, err

  56. 	}

  57. 

  58. 	if user != nil {

  59. 		return user, nil

  60. 	}

  61. 

  62. 	username := userName

  63. 	idx := strings.Index(userName, "@")

  64. 	if idx > -1 {

  65. 		username = userName[:idx]

  66. 	}

  67. 

  68. 	user = &user_model.User{

  69. 		LowerName:   strings.ToLower(username),

  70. 		Name:        strings.ToLower(username),

  71. 		Email:       userName,

  72. 		Passwd:      password,

  73. 		LoginType:   auth_model.SMTP,

  74. 		LoginSource: source.authSource.ID,

  75. 		LoginName:   userName,

  76. 	}

  77. 	overwriteDefault := &user_model.CreateUserOverwriteOptions{

  78. 		IsActive: util.OptionalBoolTrue,

  79. 	}

  80. 

  81. 	if err := user_model.CreateUser(user, overwriteDefault); err != nil {

  82. 		return user, err

  83. 	}

  84. 

  85. 	mailer.SendRegisterNotifyMail(user)

  86. 

  87. 	return user, nil

  88. }

  89. 

  90. // IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication

  91. func (source *Source) IsSkipLocalTwoFA() bool {

  92. 	return source.SkipLocalTwoFA

  93. }