mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12567 Commits
17 Branches
Tree: de8e3948a5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'de8e3948a5'
${ noResults }
gitea/services/auth/source/ldap/source.go

source.go 4.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package ldap

  6. 

  7. import (

  8. 	"strings"

  9. 

  10. 	"code.gitea.io/gitea/models/auth"

  11. 	"code.gitea.io/gitea/modules/json"

  12. 	"code.gitea.io/gitea/modules/secret"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. )

  15. 

  16. // .____     ________      _____ __________

  17. // |    |    \______ \    /  _  \\______   \

  18. // |    |     |    |  \  /  /_\  \|     ___/

  19. // |    |___  |    `   \/    |    \    |

  20. // |_______ \/_______  /\____|__  /____|

  21. //         \/        \/         \/

  22. 

  23. // Package ldap provide functions & structure to query a LDAP ldap directory

  24. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  25. 

  26. // Source Basic LDAP authentication service

  27. type Source struct {

  28. 	Name                  string // canonical name (ie. corporate.ad)

  29. 	Host                  string // LDAP host

  30. 	Port                  int    // port number

  31. 	SecurityProtocol      SecurityProtocol

  32. 	SkipVerify            bool

  33. 	BindDN                string // DN to bind with

  34. 	BindPasswordEncrypt   string // Encrypted Bind BN password

  35. 	BindPassword          string // Bind DN password

  36. 	UserBase              string // Base search path for users

  37. 	UserDN                string // Template for the DN of the user for simple auth

  38. 	AttributeUsername     string // Username attribute

  39. 	AttributeName         string // First name attribute

  40. 	AttributeSurname      string // Surname attribute

  41. 	AttributeMail         string // E-mail attribute

  42. 	AttributesInBind      bool   // fetch attributes in bind context (not user)

  43. 	AttributeSSHPublicKey string // LDAP SSH Public Key attribute

  44. 	AttributeAvatar       string

  45. 	SearchPageSize        uint32 // Search with paging page size

  46. 	Filter                string // Query filter to validate entry

  47. 	AdminFilter           string // Query filter to check if user is admin

  48. 	RestrictedFilter      string // Query filter to check if user is restricted

  49. 	Enabled               bool   // if this source is disabled

  50. 	AllowDeactivateAll    bool   // Allow an empty search response to deactivate all users from this source

  51. 	GroupsEnabled         bool   // if the group checking is enabled

  52. 	GroupDN               string // Group Search Base

  53. 	GroupFilter           string // Group Name Filter

  54. 	GroupMemberUID        string // Group Attribute containing array of UserUID

  55. 	UserUID               string // User Attribute listed in Group

  56. 	SkipLocalTwoFA        bool   `json:",omitempty"` // Skip Local 2fa for users authenticated with this source

  57. 

  58. 	// reference to the authSource

  59. 	authSource *auth.Source

  60. }

  61. 

  62. // FromDB fills up a LDAPConfig from serialized format.

  63. func (source *Source) FromDB(bs []byte) error {

  64. 	err := json.UnmarshalHandleDoubleEncode(bs, &source)

  65. 	if err != nil {

  66. 		return err

  67. 	}

  68. 	if source.BindPasswordEncrypt != "" {

  69. 		source.BindPassword, err = secret.DecryptSecret(setting.SecretKey, source.BindPasswordEncrypt)

  70. 		source.BindPasswordEncrypt = ""

  71. 	}

  72. 	return err

  73. }

  74. 

  75. // ToDB exports a LDAPConfig to a serialized format.

  76. func (source *Source) ToDB() ([]byte, error) {

  77. 	var err error

  78. 	source.BindPasswordEncrypt, err = secret.EncryptSecret(setting.SecretKey, source.BindPassword)

  79. 	if err != nil {

  80. 		return nil, err

  81. 	}

  82. 	source.BindPassword = ""

  83. 	return json.Marshal(source)

  84. }

  85. 

  86. // SecurityProtocolName returns the name of configured security

  87. // protocol.

  88. func (source *Source) SecurityProtocolName() string {

  89. 	return SecurityProtocolNames[source.SecurityProtocol]

  90. }

  91. 

  92. // IsSkipVerify returns if SkipVerify is set

  93. func (source *Source) IsSkipVerify() bool {

  94. 	return source.SkipVerify

  95. }

  96. 

  97. // HasTLS returns if HasTLS

  98. func (source *Source) HasTLS() bool {

  99. 	return source.SecurityProtocol > SecurityProtocolUnencrypted

  100. }

  101. 

  102. // UseTLS returns if UseTLS

  103. func (source *Source) UseTLS() bool {

  104. 	return source.SecurityProtocol != SecurityProtocolUnencrypted

  105. }

  106. 

  107. // ProvidesSSHKeys returns if this source provides SSH Keys

  108. func (source *Source) ProvidesSSHKeys() bool {

  109. 	return len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0

  110. }

  111. 

  112. // SetAuthSource sets the related AuthSource

  113. func (source *Source) SetAuthSource(authSource *auth.Source) {

  114. 	source.authSource = authSource

  115. }

  116. 

  117. func init() {

  118. 	auth.RegisterTypeConfig(auth.LDAP, &Source{})

  119. 	auth.RegisterTypeConfig(auth.DLDAP, &Source{})

  120. }