mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7636 Commits
17 Branches
Tree: aa7c34cf86
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'aa7c34cf86'
${ noResults }
gitea/routers/admin/auths.go

auths.go 10KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package admin

  6. 

  7. import (

  8. 	"fmt"

  9. 

  10. 	"code.gitea.io/gitea/models"

  11. 	"code.gitea.io/gitea/modules/auth"

  12. 	"code.gitea.io/gitea/modules/auth/ldap"

  13. 	"code.gitea.io/gitea/modules/auth/oauth2"

  14. 	"code.gitea.io/gitea/modules/base"

  15. 	"code.gitea.io/gitea/modules/context"

  16. 	"code.gitea.io/gitea/modules/log"

  17. 	"code.gitea.io/gitea/modules/setting"

  18. 

  19. 	"github.com/Unknwon/com"

  20. 	"xorm.io/core"

  21. )

  22. 

  23. const (

  24. 	tplAuths    base.TplName = "admin/auth/list"

  25. 	tplAuthNew  base.TplName = "admin/auth/new"

  26. 	tplAuthEdit base.TplName = "admin/auth/edit"

  27. )

  28. 

  29. // Authentications show authentication config page

  30. func Authentications(ctx *context.Context) {

  31. 	ctx.Data["Title"] = ctx.Tr("admin.authentication")

  32. 	ctx.Data["PageIsAdmin"] = true

  33. 	ctx.Data["PageIsAdminAuthentications"] = true

  34. 

  35. 	var err error

  36. 	ctx.Data["Sources"], err = models.LoginSources()

  37. 	if err != nil {

  38. 		ctx.ServerError("LoginSources", err)

  39. 		return

  40. 	}

  41. 

  42. 	ctx.Data["Total"] = models.CountLoginSources()

  43. 	ctx.HTML(200, tplAuths)

  44. }

  45. 

  46. type dropdownItem struct {

  47. 	Name string

  48. 	Type interface{}

  49. }

  50. 

  51. var (

  52. 	authSources = []dropdownItem{

  53. 		{models.LoginNames[models.LoginLDAP], models.LoginLDAP},

  54. 		{models.LoginNames[models.LoginDLDAP], models.LoginDLDAP},

  55. 		{models.LoginNames[models.LoginSMTP], models.LoginSMTP},

  56. 		{models.LoginNames[models.LoginPAM], models.LoginPAM},

  57. 		{models.LoginNames[models.LoginOAuth2], models.LoginOAuth2},

  58. 	}

  59. 	securityProtocols = []dropdownItem{

  60. 		{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},

  61. 		{models.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},

  62. 		{models.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},

  63. 	}

  64. )

  65. 

  66. // NewAuthSource render adding a new auth source page

  67. func NewAuthSource(ctx *context.Context) {

  68. 	ctx.Data["Title"] = ctx.Tr("admin.auths.new")

  69. 	ctx.Data["PageIsAdmin"] = true

  70. 	ctx.Data["PageIsAdminAuthentications"] = true

  71. 

  72. 	ctx.Data["type"] = models.LoginLDAP

  73. 	ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLDAP]

  74. 	ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]

  75. 	ctx.Data["smtp_auth"] = "PLAIN"

  76. 	ctx.Data["is_active"] = true

  77. 	ctx.Data["is_sync_enabled"] = true

  78. 	ctx.Data["AuthSources"] = authSources

  79. 	ctx.Data["SecurityProtocols"] = securityProtocols

  80. 	ctx.Data["SMTPAuths"] = models.SMTPAuths

  81. 	ctx.Data["OAuth2Providers"] = models.OAuth2Providers

  82. 	ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings

  83. 

  84. 	// only the first as default

  85. 	for key := range models.OAuth2Providers {

  86. 		ctx.Data["oauth2_provider"] = key

  87. 		break

  88. 	}

  89. 

  90. 	ctx.HTML(200, tplAuthNew)

  91. }

  92. 

  93. func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {

  94. 	var pageSize uint32

  95. 	if form.UsePagedSearch {

  96. 		pageSize = uint32(form.SearchPageSize)

  97. 	}

  98. 	return &models.LDAPConfig{

  99. 		Source: &ldap.Source{

  100. 			Name:                  form.Name,

  101. 			Host:                  form.Host,

  102. 			Port:                  form.Port,

  103. 			SecurityProtocol:      ldap.SecurityProtocol(form.SecurityProtocol),

  104. 			SkipVerify:            form.SkipVerify,

  105. 			BindDN:                form.BindDN,

  106. 			UserDN:                form.UserDN,

  107. 			BindPassword:          form.BindPassword,

  108. 			UserBase:              form.UserBase,

  109. 			AttributeUsername:     form.AttributeUsername,

  110. 			AttributeName:         form.AttributeName,

  111. 			AttributeSurname:      form.AttributeSurname,

  112. 			AttributeMail:         form.AttributeMail,

  113. 			AttributesInBind:      form.AttributesInBind,

  114. 			AttributeSSHPublicKey: form.AttributeSSHPublicKey,

  115. 			SearchPageSize:        pageSize,

  116. 			Filter:                form.Filter,

  117. 			AdminFilter:           form.AdminFilter,

  118. 			Enabled:               true,

  119. 		},

  120. 	}

  121. }

  122. 

  123. func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {

  124. 	return &models.SMTPConfig{

  125. 		Auth:           form.SMTPAuth,

  126. 		Host:           form.SMTPHost,

  127. 		Port:           form.SMTPPort,

  128. 		AllowedDomains: form.AllowedDomains,

  129. 		TLS:            form.TLS,

  130. 		SkipVerify:     form.SkipVerify,

  131. 	}

  132. }

  133. 

  134. func parseOAuth2Config(form auth.AuthenticationForm) *models.OAuth2Config {

  135. 	var customURLMapping *oauth2.CustomURLMapping

  136. 	if form.Oauth2UseCustomURL {

  137. 		customURLMapping = &oauth2.CustomURLMapping{

  138. 			TokenURL:   form.Oauth2TokenURL,

  139. 			AuthURL:    form.Oauth2AuthURL,

  140. 			ProfileURL: form.Oauth2ProfileURL,

  141. 			EmailURL:   form.Oauth2EmailURL,

  142. 		}

  143. 	} else {

  144. 		customURLMapping = nil

  145. 	}

  146. 	return &models.OAuth2Config{

  147. 		Provider:                      form.Oauth2Provider,

  148. 		ClientID:                      form.Oauth2Key,

  149. 		ClientSecret:                  form.Oauth2Secret,

  150. 		OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,

  151. 		CustomURLMapping:              customURLMapping,

  152. 	}

  153. }

  154. 

  155. // NewAuthSourcePost response for adding an auth source

  156. func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {

  157. 	ctx.Data["Title"] = ctx.Tr("admin.auths.new")

  158. 	ctx.Data["PageIsAdmin"] = true

  159. 	ctx.Data["PageIsAdminAuthentications"] = true

  160. 

  161. 	ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(form.Type)]

  162. 	ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]

  163. 	ctx.Data["AuthSources"] = authSources

  164. 	ctx.Data["SecurityProtocols"] = securityProtocols

  165. 	ctx.Data["SMTPAuths"] = models.SMTPAuths

  166. 	ctx.Data["OAuth2Providers"] = models.OAuth2Providers

  167. 	ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings

  168. 

  169. 	hasTLS := false

  170. 	var config core.Conversion

  171. 	switch models.LoginType(form.Type) {

  172. 	case models.LoginLDAP, models.LoginDLDAP:

  173. 		config = parseLDAPConfig(form)

  174. 		hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted

  175. 	case models.LoginSMTP:

  176. 		config = parseSMTPConfig(form)

  177. 		hasTLS = true

  178. 	case models.LoginPAM:

  179. 		config = &models.PAMConfig{

  180. 			ServiceName: form.PAMServiceName,

  181. 		}

  182. 	case models.LoginOAuth2:

  183. 		config = parseOAuth2Config(form)

  184. 	default:

  185. 		ctx.Error(400)

  186. 		return

  187. 	}

  188. 	ctx.Data["HasTLS"] = hasTLS

  189. 

  190. 	if ctx.HasError() {

  191. 		ctx.HTML(200, tplAuthNew)

  192. 		return

  193. 	}

  194. 

  195. 	if err := models.CreateLoginSource(&models.LoginSource{

  196. 		Type:          models.LoginType(form.Type),

  197. 		Name:          form.Name,

  198. 		IsActived:     form.IsActive,

  199. 		IsSyncEnabled: form.IsSyncEnabled,

  200. 		Cfg:           config,

  201. 	}); err != nil {

  202. 		if models.IsErrLoginSourceAlreadyExist(err) {

  203. 			ctx.Data["Err_Name"] = true

  204. 			ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), tplAuthNew, form)

  205. 		} else {

  206. 			ctx.ServerError("CreateSource", err)

  207. 		}

  208. 		return

  209. 	}

  210. 

  211. 	log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, form.Name)

  212. 

  213. 	ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))

  214. 	ctx.Redirect(setting.AppSubURL + "/admin/auths")

  215. }

  216. 

  217. // EditAuthSource render editing auth source page

  218. func EditAuthSource(ctx *context.Context) {

  219. 	ctx.Data["Title"] = ctx.Tr("admin.auths.edit")

  220. 	ctx.Data["PageIsAdmin"] = true

  221. 	ctx.Data["PageIsAdminAuthentications"] = true

  222. 

  223. 	ctx.Data["SecurityProtocols"] = securityProtocols

  224. 	ctx.Data["SMTPAuths"] = models.SMTPAuths

  225. 	ctx.Data["OAuth2Providers"] = models.OAuth2Providers

  226. 	ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings

  227. 

  228. 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))

  229. 	if err != nil {

  230. 		ctx.ServerError("GetLoginSourceByID", err)

  231. 		return

  232. 	}

  233. 	ctx.Data["Source"] = source

  234. 	ctx.Data["HasTLS"] = source.HasTLS()

  235. 

  236. 	if source.IsOAuth2() {

  237. 		ctx.Data["CurrentOAuth2Provider"] = models.OAuth2Providers[source.OAuth2().Provider]

  238. 	}

  239. 	ctx.HTML(200, tplAuthEdit)

  240. }

  241. 

  242. // EditAuthSourcePost response for editing auth source

  243. func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {

  244. 	ctx.Data["Title"] = ctx.Tr("admin.auths.edit")

  245. 	ctx.Data["PageIsAdmin"] = true

  246. 	ctx.Data["PageIsAdminAuthentications"] = true

  247. 

  248. 	ctx.Data["SMTPAuths"] = models.SMTPAuths

  249. 	ctx.Data["OAuth2Providers"] = models.OAuth2Providers

  250. 	ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings

  251. 

  252. 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))

  253. 	if err != nil {

  254. 		ctx.ServerError("GetLoginSourceByID", err)

  255. 		return

  256. 	}

  257. 	ctx.Data["Source"] = source

  258. 	ctx.Data["HasTLS"] = source.HasTLS()

  259. 

  260. 	if ctx.HasError() {

  261. 		ctx.HTML(200, tplAuthEdit)

  262. 		return

  263. 	}

  264. 

  265. 	var config core.Conversion

  266. 	switch models.LoginType(form.Type) {

  267. 	case models.LoginLDAP, models.LoginDLDAP:

  268. 		config = parseLDAPConfig(form)

  269. 	case models.LoginSMTP:

  270. 		config = parseSMTPConfig(form)

  271. 	case models.LoginPAM:

  272. 		config = &models.PAMConfig{

  273. 			ServiceName: form.PAMServiceName,

  274. 		}

  275. 	case models.LoginOAuth2:

  276. 		config = parseOAuth2Config(form)

  277. 	default:

  278. 		ctx.Error(400)

  279. 		return

  280. 	}

  281. 

  282. 	source.Name = form.Name

  283. 	source.IsActived = form.IsActive

  284. 	source.IsSyncEnabled = form.IsSyncEnabled

  285. 	source.Cfg = config

  286. 	if err := models.UpdateSource(source); err != nil {

  287. 		if models.IsErrOpenIDConnectInitialize(err) {

  288. 			ctx.Flash.Error(err.Error(), true)

  289. 			ctx.HTML(200, tplAuthEdit)

  290. 		} else {

  291. 			ctx.ServerError("UpdateSource", err)

  292. 		}

  293. 		return

  294. 	}

  295. 	log.Trace("Authentication changed by admin(%s): %d", ctx.User.Name, source.ID)

  296. 

  297. 	ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))

  298. 	ctx.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(form.ID))

  299. }

  300. 

  301. // DeleteAuthSource response for deleting an auth source

  302. func DeleteAuthSource(ctx *context.Context) {

  303. 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))

  304. 	if err != nil {

  305. 		ctx.ServerError("GetLoginSourceByID", err)

  306. 		return

  307. 	}

  308. 

  309. 	if err = models.DeleteSource(source); err != nil {

  310. 		if models.IsErrLoginSourceInUse(err) {

  311. 			ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))

  312. 		} else {

  313. 			ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))

  314. 		}

  315. 		ctx.JSON(200, map[string]interface{}{

  316. 			"redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),

  317. 		})

  318. 		return

  319. 	}

  320. 	log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)

  321. 

  322. 	ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))

  323. 	ctx.JSON(200, map[string]interface{}{

  324. 		"redirect": setting.AppSubURL + "/admin/auths",

  325. 	})

  326. }