mirrors
/
gitea
kopie van https://github.com/go-gitea/gitea.git
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Publicaties 211 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12567 Commits
17 Branches
Tree: de8e3948a5
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'de8e3948a5'
${ noResults }
gitea/services/auth/source/pam/source_authenticate.go

source_authenticate.go 2.0KB
Ruw Blame Geschiedenis

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package pam

  6. 

  7. import (

  8. 	"fmt"

  9. 	"strings"

  10. 

  11. 	"code.gitea.io/gitea/models/auth"

  12. 	user_model "code.gitea.io/gitea/models/user"

  13. 	"code.gitea.io/gitea/modules/auth/pam"

  14. 	"code.gitea.io/gitea/modules/setting"

  15. 	"code.gitea.io/gitea/services/mailer"

  16. 

  17. 	"github.com/google/uuid"

  18. )

  19. 

  20. // Authenticate queries if login/password is valid against the PAM,

  21. // and create a local user if success when enabled.

  22. func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {

  23. 	pamLogin, err := pam.Auth(source.ServiceName, userName, password)

  24. 	if err != nil {

  25. 		if strings.Contains(err.Error(), "Authentication failure") {

  26. 			return nil, user_model.ErrUserNotExist{Name: userName}

  27. 		}

  28. 		return nil, err

  29. 	}

  30. 

  31. 	if user != nil {

  32. 		return user, nil

  33. 	}

  34. 

  35. 	// Allow PAM sources with `@` in their name, like from Active Directory

  36. 	username := pamLogin

  37. 	email := pamLogin

  38. 	idx := strings.Index(pamLogin, "@")

  39. 	if idx > -1 {

  40. 		username = pamLogin[:idx]

  41. 	}

  42. 	if user_model.ValidateEmail(email) != nil {

  43. 		if source.EmailDomain != "" {

  44. 			email = fmt.Sprintf("%s@%s", username, source.EmailDomain)

  45. 		} else {

  46. 			email = fmt.Sprintf("%s@%s", username, setting.Service.NoReplyAddress)

  47. 		}

  48. 		if user_model.ValidateEmail(email) != nil {

  49. 			email = uuid.New().String() + "@localhost"

  50. 		}

  51. 	}

  52. 

  53. 	user = &user_model.User{

  54. 		LowerName:   strings.ToLower(username),

  55. 		Name:        username,

  56. 		Email:       email,

  57. 		Passwd:      password,

  58. 		LoginType:   auth.PAM,

  59. 		LoginSource: source.authSource.ID,

  60. 		LoginName:   userName, // This is what the user typed in

  61. 		IsActive:    true,

  62. 	}

  63. 

  64. 	if err := user_model.CreateUser(user); err != nil {

  65. 		return user, err

  66. 	}

  67. 

  68. 	mailer.SendRegisterNotifyMail(user)

  69. 

  70. 	return user, nil

  71. }

  72. 

  73. // IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication

  74. func (source *Source) IsSkipLocalTwoFA() bool {

  75. 	return source.SkipLocalTwoFA

  76. }