mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1304 Commits
17 Branches
Tree: 8dd07c0ddd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8dd07c0ddd'
${ noResults }
gitea/models/login.go

login.go 8.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"encoding/json"

  10. 	"errors"

  11. 	"fmt"

  12. 	"net/smtp"

  13. 	"strings"

  14. 	"time"

  15. 

  16. 	"github.com/go-xorm/core"

  17. 	"github.com/go-xorm/xorm"

  18. 

  19. 	"github.com/gogits/gogs/modules/auth/ldap"

  20. 	"github.com/gogits/gogs/modules/log"

  21. )

  22. 

  23. type LoginType int

  24. 

  25. const (

  26. 	NOTYPE LoginType = iota

  27. 	PLAIN

  28. 	LDAP

  29. 	SMTP

  30. )

  31. 

  32. var (

  33. 	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")

  34. 	ErrAuthenticationNotExist     = errors.New("Authentication does not exist")

  35. 	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")

  36. )

  37. 

  38. var LoginTypes = map[LoginType]string{

  39. 	LDAP: "LDAP",

  40. 	SMTP: "SMTP",

  41. }

  42. 

  43. // Ensure structs implmented interface.

  44. var (

  45. 	_ core.Conversion = &LDAPConfig{}

  46. 	_ core.Conversion = &SMTPConfig{}

  47. )

  48. 

  49. type LDAPConfig struct {

  50. 	ldap.Ldapsource

  51. }

  52. 

  53. func (cfg *LDAPConfig) FromDB(bs []byte) error {

  54. 	return json.Unmarshal(bs, &cfg.Ldapsource)

  55. }

  56. 

  57. func (cfg *LDAPConfig) ToDB() ([]byte, error) {

  58. 	return json.Marshal(cfg.Ldapsource)

  59. }

  60. 

  61. type SMTPConfig struct {

  62. 	Auth string

  63. 	Host string

  64. 	Port int

  65. 	TLS  bool

  66. }

  67. 

  68. func (cfg *SMTPConfig) FromDB(bs []byte) error {

  69. 	return json.Unmarshal(bs, cfg)

  70. }

  71. 

  72. func (cfg *SMTPConfig) ToDB() ([]byte, error) {

  73. 	return json.Marshal(cfg)

  74. }

  75. 

  76. type LoginSource struct {

  77. 	Id                int64

  78. 	Type              LoginType

  79. 	Name              string          `xorm:"UNIQUE"`

  80. 	IsActived         bool            `xorm:"NOT NULL DEFAULT false"`

  81. 	Cfg               core.Conversion `xorm:"TEXT"`

  82. 	AllowAutoRegister bool            `xorm:"NOT NULL DEFAULT false"`

  83. 	Created           time.Time       `xorm:"CREATED"`

  84. 	Updated           time.Time       `xorm:"UPDATED"`

  85. }

  86. 

  87. func (source *LoginSource) TypeString() string {

  88. 	return LoginTypes[source.Type]

  89. }

  90. 

  91. func (source *LoginSource) LDAP() *LDAPConfig {

  92. 	return source.Cfg.(*LDAPConfig)

  93. }

  94. 

  95. func (source *LoginSource) SMTP() *SMTPConfig {

  96. 	return source.Cfg.(*SMTPConfig)

  97. }

  98. 

  99. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {

  100. 	if colName == "type" {

  101. 		ty := (*val).(int64)

  102. 		switch LoginType(ty) {

  103. 		case LDAP:

  104. 			source.Cfg = new(LDAPConfig)

  105. 		case SMTP:

  106. 			source.Cfg = new(SMTPConfig)

  107. 		}

  108. 	}

  109. }

  110. 

  111. func CreateSource(source *LoginSource) error {

  112. 	_, err := x.Insert(source)

  113. 	return err

  114. }

  115. 

  116. func GetAuths() ([]*LoginSource, error) {

  117. 	var auths = make([]*LoginSource, 0, 5)

  118. 	err := x.Find(&auths)

  119. 	return auths, err

  120. }

  121. 

  122. func GetLoginSourceById(id int64) (*LoginSource, error) {

  123. 	source := new(LoginSource)

  124. 	has, err := x.Id(id).Get(source)

  125. 	if err != nil {

  126. 		return nil, err

  127. 	} else if !has {

  128. 		return nil, ErrAuthenticationNotExist

  129. 	}

  130. 	return source, nil

  131. }

  132. 

  133. func UpdateSource(source *LoginSource) error {

  134. 	_, err := x.Id(source.Id).AllCols().Update(source)

  135. 	return err

  136. }

  137. 

  138. func DelLoginSource(source *LoginSource) error {

  139. 	cnt, err := x.Count(&User{LoginSource: source.Id})

  140. 	if err != nil {

  141. 		return err

  142. 	}

  143. 	if cnt > 0 {

  144. 		return ErrAuthenticationUserUsed

  145. 	}

  146. 	_, err = x.Id(source.Id).Delete(&LoginSource{})

  147. 	return err

  148. }

  149. 

  150. // UserSignIn validates user name and password.

  151. func UserSignIn(uname, passwd string) (*User, error) {

  152. 	var u *User

  153. 	if strings.Contains(uname, "@") {

  154. 		u = &User{Email: uname}

  155. 	} else {

  156. 		u = &User{LowerName: strings.ToLower(uname)}

  157. 	}

  158. 

  159. 	has, err := x.Get(u)

  160. 	if err != nil {

  161. 		return nil, err

  162. 	}

  163. 

  164. 	if u.LoginType == NOTYPE {

  165. 		if has {

  166. 			u.LoginType = PLAIN

  167. 		} else {

  168. 			return nil, ErrUserNotExist

  169. 		}

  170. 	}

  171. 

  172. 	// For plain login, user must exist to reach this line.

  173. 	// Now verify password.

  174. 	if u.LoginType == PLAIN {

  175. 		newUser := &User{Passwd: passwd, Salt: u.Salt}

  176. 		newUser.EncodePasswd()

  177. 		if u.Passwd != newUser.Passwd {

  178. 			return nil, ErrUserNotExist

  179. 		}

  180. 		return u, nil

  181. 	} else {

  182. 		if !has {

  183. 			var sources []LoginSource

  184. 			if err = x.UseBool().Find(&sources,

  185. 				&LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {

  186. 				return nil, err

  187. 			}

  188. 

  189. 			for _, source := range sources {

  190. 				if source.Type == LDAP {

  191. 					u, err := LoginUserLdapSource(nil, uname, passwd,

  192. 						source.Id, source.Cfg.(*LDAPConfig), true)

  193. 					if err == nil {

  194. 						return u, nil

  195. 					}

  196. 					log.Warn("Fail to login(%s) by LDAP(%s): %v", uname, source.Name, err)

  197. 				} else if source.Type == SMTP {

  198. 					u, err := LoginUserSMTPSource(nil, uname, passwd,

  199. 						source.Id, source.Cfg.(*SMTPConfig), true)

  200. 					if err == nil {

  201. 						return u, nil

  202. 					}

  203. 					log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)

  204. 				}

  205. 			}

  206. 

  207. 			return nil, ErrUserNotExist

  208. 		}

  209. 

  210. 		var source LoginSource

  211. 		hasSource, err := x.Id(u.LoginSource).Get(&source)

  212. 		if err != nil {

  213. 			return nil, err

  214. 		} else if !hasSource {

  215. 			return nil, ErrLoginSourceNotExist

  216. 		} else if !source.IsActived {

  217. 			return nil, ErrLoginSourceNotActived

  218. 		}

  219. 

  220. 		switch u.LoginType {

  221. 		case LDAP:

  222. 			return LoginUserLdapSource(u, u.LoginName, passwd,

  223. 				source.Id, source.Cfg.(*LDAPConfig), false)

  224. 		case SMTP:

  225. 			return LoginUserSMTPSource(u, u.LoginName, passwd,

  226. 				source.Id, source.Cfg.(*SMTPConfig), false)

  227. 		}

  228. 		return nil, ErrUnsupportedLoginType

  229. 	}

  230. }

  231. 

  232. // Query if name/passwd can login against the LDAP direcotry pool

  233. // Create a local user if success

  234. // Return the same LoginUserPlain semantic

  235. func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {

  236. 	mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)

  237. 	if !logged {

  238. 		// user not in LDAP, do nothing

  239. 		return nil, ErrUserNotExist

  240. 	}

  241. 	if !autoRegister {

  242. 		return u, nil

  243. 	}

  244. 

  245. 	// fake a local user creation

  246. 	u = &User{

  247. 		LowerName:   strings.ToLower(name),

  248. 		Name:        strings.ToLower(name),

  249. 		LoginType:   LDAP,

  250. 		LoginSource: sourceId,

  251. 		LoginName:   name,

  252. 		IsActive:    true,

  253. 		Passwd:      passwd,

  254. 		Email:       mail,

  255. 	}

  256. 

  257. 	err := CreateUser(u)

  258. 	return u, err

  259. }

  260. 

  261. type loginAuth struct {

  262. 	username, password string

  263. }

  264. 

  265. func LoginAuth(username, password string) smtp.Auth {

  266. 	return &loginAuth{username, password}

  267. }

  268. 

  269. func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {

  270. 	return "LOGIN", []byte(a.username), nil

  271. }

  272. 

  273. func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {

  274. 	if more {

  275. 		switch string(fromServer) {

  276. 		case "Username:":

  277. 			return []byte(a.username), nil

  278. 		case "Password:":

  279. 			return []byte(a.password), nil

  280. 		}

  281. 	}

  282. 	return nil, nil

  283. }

  284. 

  285. var (

  286. 	SMTP_PLAIN = "PLAIN"

  287. 	SMTP_LOGIN = "LOGIN"

  288. 	SMTPAuths  = []string{SMTP_PLAIN, SMTP_LOGIN}

  289. )

  290. 

  291. func SmtpAuth(host string, port int, a smtp.Auth, useTls bool) error {

  292. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", host, port))

  293. 	if err != nil {

  294. 		return err

  295. 	}

  296. 	defer c.Close()

  297. 

  298. 	if err = c.Hello("gogs"); err != nil {

  299. 		return err

  300. 	}

  301. 

  302. 	if useTls {

  303. 		if ok, _ := c.Extension("STARTTLS"); ok {

  304. 			config := &tls.Config{ServerName: host}

  305. 			if err = c.StartTLS(config); err != nil {

  306. 				return err

  307. 			}

  308. 		} else {

  309. 			return errors.New("SMTP server unsupports TLS")

  310. 		}

  311. 	}

  312. 

  313. 	if ok, _ := c.Extension("AUTH"); ok {

  314. 		if err = c.Auth(a); err != nil {

  315. 			return err

  316. 		}

  317. 		return nil

  318. 	}

  319. 	return ErrUnsupportedLoginType

  320. }

  321. 

  322. // Query if name/passwd can login against the LDAP direcotry pool

  323. // Create a local user if success

  324. // Return the same LoginUserPlain semantic

  325. func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {

  326. 	var auth smtp.Auth

  327. 	if cfg.Auth == SMTP_PLAIN {

  328. 		auth = smtp.PlainAuth("", name, passwd, cfg.Host)

  329. 	} else if cfg.Auth == SMTP_LOGIN {

  330. 		auth = LoginAuth(name, passwd)

  331. 	} else {

  332. 		return nil, errors.New("Unsupported SMTP auth type")

  333. 	}

  334. 

  335. 	if err := SmtpAuth(cfg.Host, cfg.Port, auth, cfg.TLS); err != nil {

  336. 		if strings.Contains(err.Error(), "Username and Password not accepted") {

  337. 			return nil, ErrUserNotExist

  338. 		}

  339. 		return nil, err

  340. 	}

  341. 

  342. 	if !autoRegister {

  343. 		return u, nil

  344. 	}

  345. 

  346. 	var loginName = name

  347. 	idx := strings.Index(name, "@")

  348. 	if idx > -1 {

  349. 		loginName = name[:idx]

  350. 	}

  351. 	// fake a local user creation

  352. 	u = &User{

  353. 		LowerName:   strings.ToLower(loginName),

  354. 		Name:        strings.ToLower(loginName),

  355. 		LoginType:   SMTP,

  356. 		LoginSource: sourceId,

  357. 		LoginName:   name,

  358. 		IsActive:    true,

  359. 		Passwd:      passwd,

  360. 		Email:       name,

  361. 	}

  362. 	err := CreateUser(u)

  363. 	return u, err

  364. }