mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14191 Commits
17 Branches
Tree: e81ccc406b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e81ccc406b'
${ noResults }
gitea/models/auth/source.go

source.go 10KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2019 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package auth

  6. 

  7. import (

  8. 	"fmt"

  9. 	"reflect"

  10. 

  11. 	"code.gitea.io/gitea/models/db"

  12. 	"code.gitea.io/gitea/modules/log"

  13. 	"code.gitea.io/gitea/modules/timeutil"

  14. 	"code.gitea.io/gitea/modules/util"

  15. 

  16. 	"xorm.io/xorm"

  17. 	"xorm.io/xorm/convert"

  18. )

  19. 

  20. // Type represents an login type.

  21. type Type int

  22. 

  23. // Note: new type must append to the end of list to maintain compatibility.

  24. const (

  25. 	NoType Type = iota

  26. 	Plain       // 1

  27. 	LDAP        // 2

  28. 	SMTP        // 3

  29. 	PAM         // 4

  30. 	DLDAP       // 5

  31. 	OAuth2      // 6

  32. 	SSPI        // 7

  33. )

  34. 

  35. // String returns the string name of the LoginType

  36. func (typ Type) String() string {

  37. 	return Names[typ]

  38. }

  39. 

  40. // Int returns the int value of the LoginType

  41. func (typ Type) Int() int {

  42. 	return int(typ)

  43. }

  44. 

  45. // Names contains the name of LoginType values.

  46. var Names = map[Type]string{

  47. 	LDAP:   "LDAP (via BindDN)",

  48. 	DLDAP:  "LDAP (simple auth)", // Via direct bind

  49. 	SMTP:   "SMTP",

  50. 	PAM:    "PAM",

  51. 	OAuth2: "OAuth2",

  52. 	SSPI:   "SPNEGO with SSPI",

  53. }

  54. 

  55. // Config represents login config as far as the db is concerned

  56. type Config interface {

  57. 	convert.Conversion

  58. }

  59. 

  60. // SkipVerifiable configurations provide a IsSkipVerify to check if SkipVerify is set

  61. type SkipVerifiable interface {

  62. 	IsSkipVerify() bool

  63. }

  64. 

  65. // HasTLSer configurations provide a HasTLS to check if TLS can be enabled

  66. type HasTLSer interface {

  67. 	HasTLS() bool

  68. }

  69. 

  70. // UseTLSer configurations provide a HasTLS to check if TLS is enabled

  71. type UseTLSer interface {

  72. 	UseTLS() bool

  73. }

  74. 

  75. // SSHKeyProvider configurations provide ProvidesSSHKeys to check if they provide SSHKeys

  76. type SSHKeyProvider interface {

  77. 	ProvidesSSHKeys() bool

  78. }

  79. 

  80. // RegisterableSource configurations provide RegisterSource which needs to be run on creation

  81. type RegisterableSource interface {

  82. 	RegisterSource() error

  83. 	UnregisterSource() error

  84. }

  85. 

  86. var registeredConfigs = map[Type]func() Config{}

  87. 

  88. // RegisterTypeConfig register a config for a provided type

  89. func RegisterTypeConfig(typ Type, exemplar Config) {

  90. 	if reflect.TypeOf(exemplar).Kind() == reflect.Ptr {

  91. 		// Pointer:

  92. 		registeredConfigs[typ] = func() Config {

  93. 			return reflect.New(reflect.ValueOf(exemplar).Elem().Type()).Interface().(Config)

  94. 		}

  95. 		return

  96. 	}

  97. 

  98. 	// Not a Pointer

  99. 	registeredConfigs[typ] = func() Config {

  100. 		return reflect.New(reflect.TypeOf(exemplar)).Elem().Interface().(Config)

  101. 	}

  102. }

  103. 

  104. // SourceSettable configurations can have their authSource set on them

  105. type SourceSettable interface {

  106. 	SetAuthSource(*Source)

  107. }

  108. 

  109. // Source represents an external way for authorizing users.

  110. type Source struct {

  111. 	ID            int64 `xorm:"pk autoincr"`

  112. 	Type          Type

  113. 	Name          string             `xorm:"UNIQUE"`

  114. 	IsActive      bool               `xorm:"INDEX NOT NULL DEFAULT false"`

  115. 	IsSyncEnabled bool               `xorm:"INDEX NOT NULL DEFAULT false"`

  116. 	Cfg           convert.Conversion `xorm:"TEXT"`

  117. 

  118. 	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`

  119. 	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`

  120. }

  121. 

  122. // TableName xorm will read the table name from this method

  123. func (Source) TableName() string {

  124. 	return "login_source"

  125. }

  126. 

  127. func init() {

  128. 	db.RegisterModel(new(Source))

  129. }

  130. 

  131. // BeforeSet is invoked from XORM before setting the value of a field of this object.

  132. func (source *Source) BeforeSet(colName string, val xorm.Cell) {

  133. 	if colName == "type" {

  134. 		typ := Type(db.Cell2Int64(val))

  135. 		constructor, ok := registeredConfigs[typ]

  136. 		if !ok {

  137. 			return

  138. 		}

  139. 		source.Cfg = constructor()

  140. 		if settable, ok := source.Cfg.(SourceSettable); ok {

  141. 			settable.SetAuthSource(source)

  142. 		}

  143. 	}

  144. }

  145. 

  146. // TypeName return name of this login source type.

  147. func (source *Source) TypeName() string {

  148. 	return Names[source.Type]

  149. }

  150. 

  151. // IsLDAP returns true of this source is of the LDAP type.

  152. func (source *Source) IsLDAP() bool {

  153. 	return source.Type == LDAP

  154. }

  155. 

  156. // IsDLDAP returns true of this source is of the DLDAP type.

  157. func (source *Source) IsDLDAP() bool {

  158. 	return source.Type == DLDAP

  159. }

  160. 

  161. // IsSMTP returns true of this source is of the SMTP type.

  162. func (source *Source) IsSMTP() bool {

  163. 	return source.Type == SMTP

  164. }

  165. 

  166. // IsPAM returns true of this source is of the PAM type.

  167. func (source *Source) IsPAM() bool {

  168. 	return source.Type == PAM

  169. }

  170. 

  171. // IsOAuth2 returns true of this source is of the OAuth2 type.

  172. func (source *Source) IsOAuth2() bool {

  173. 	return source.Type == OAuth2

  174. }

  175. 

  176. // IsSSPI returns true of this source is of the SSPI type.

  177. func (source *Source) IsSSPI() bool {

  178. 	return source.Type == SSPI

  179. }

  180. 

  181. // HasTLS returns true of this source supports TLS.

  182. func (source *Source) HasTLS() bool {

  183. 	hasTLSer, ok := source.Cfg.(HasTLSer)

  184. 	return ok && hasTLSer.HasTLS()

  185. }

  186. 

  187. // UseTLS returns true of this source is configured to use TLS.

  188. func (source *Source) UseTLS() bool {

  189. 	useTLSer, ok := source.Cfg.(UseTLSer)

  190. 	return ok && useTLSer.UseTLS()

  191. }

  192. 

  193. // SkipVerify returns true if this source is configured to skip SSL

  194. // verification.

  195. func (source *Source) SkipVerify() bool {

  196. 	skipVerifiable, ok := source.Cfg.(SkipVerifiable)

  197. 	return ok && skipVerifiable.IsSkipVerify()

  198. }

  199. 

  200. // CreateSource inserts a AuthSource in the DB if not already

  201. // existing with the given name.

  202. func CreateSource(source *Source) error {

  203. 	has, err := db.GetEngine(db.DefaultContext).Where("name=?", source.Name).Exist(new(Source))

  204. 	if err != nil {

  205. 		return err

  206. 	} else if has {

  207. 		return ErrSourceAlreadyExist{source.Name}

  208. 	}

  209. 	// Synchronization is only available with LDAP for now

  210. 	if !source.IsLDAP() {

  211. 		source.IsSyncEnabled = false

  212. 	}

  213. 

  214. 	_, err = db.GetEngine(db.DefaultContext).Insert(source)

  215. 	if err != nil {

  216. 		return err

  217. 	}

  218. 

  219. 	if !source.IsActive {

  220. 		return nil

  221. 	}

  222. 

  223. 	if settable, ok := source.Cfg.(SourceSettable); ok {

  224. 		settable.SetAuthSource(source)

  225. 	}

  226. 

  227. 	registerableSource, ok := source.Cfg.(RegisterableSource)

  228. 	if !ok {

  229. 		return nil

  230. 	}

  231. 

  232. 	err = registerableSource.RegisterSource()

  233. 	if err != nil {

  234. 		// remove the AuthSource in case of errors while registering configuration

  235. 		if _, err := db.GetEngine(db.DefaultContext).Delete(source); err != nil {

  236. 			log.Error("CreateSource: Error while wrapOpenIDConnectInitializeError: %v", err)

  237. 		}

  238. 	}

  239. 	return err

  240. }

  241. 

  242. // Sources returns a slice of all login sources found in DB.

  243. func Sources() ([]*Source, error) {

  244. 	auths := make([]*Source, 0, 6)

  245. 	return auths, db.GetEngine(db.DefaultContext).Find(&auths)

  246. }

  247. 

  248. // SourcesByType returns all sources of the specified type

  249. func SourcesByType(loginType Type) ([]*Source, error) {

  250. 	sources := make([]*Source, 0, 1)

  251. 	if err := db.GetEngine(db.DefaultContext).Where("type = ?", loginType).Find(&sources); err != nil {

  252. 		return nil, err

  253. 	}

  254. 	return sources, nil

  255. }

  256. 

  257. // AllActiveSources returns all active sources

  258. func AllActiveSources() ([]*Source, error) {

  259. 	sources := make([]*Source, 0, 5)

  260. 	if err := db.GetEngine(db.DefaultContext).Where("is_active = ?", true).Find(&sources); err != nil {

  261. 		return nil, err

  262. 	}

  263. 	return sources, nil

  264. }

  265. 

  266. // ActiveSources returns all active sources of the specified type

  267. func ActiveSources(tp Type) ([]*Source, error) {

  268. 	sources := make([]*Source, 0, 1)

  269. 	if err := db.GetEngine(db.DefaultContext).Where("is_active = ? and type = ?", true, tp).Find(&sources); err != nil {

  270. 		return nil, err

  271. 	}

  272. 	return sources, nil

  273. }

  274. 

  275. // IsSSPIEnabled returns true if there is at least one activated login

  276. // source of type LoginSSPI

  277. func IsSSPIEnabled() bool {

  278. 	if !db.HasEngine {

  279. 		return false

  280. 	}

  281. 	sources, err := ActiveSources(SSPI)

  282. 	if err != nil {

  283. 		log.Error("ActiveSources: %v", err)

  284. 		return false

  285. 	}

  286. 	return len(sources) > 0

  287. }

  288. 

  289. // GetSourceByID returns login source by given ID.

  290. func GetSourceByID(id int64) (*Source, error) {

  291. 	source := new(Source)

  292. 	if id == 0 {

  293. 		source.Cfg = registeredConfigs[NoType]()

  294. 		// Set this source to active

  295. 		// FIXME: allow disabling of db based password authentication in future

  296. 		source.IsActive = true

  297. 		return source, nil

  298. 	}

  299. 

  300. 	has, err := db.GetEngine(db.DefaultContext).ID(id).Get(source)

  301. 	if err != nil {

  302. 		return nil, err

  303. 	} else if !has {

  304. 		return nil, ErrSourceNotExist{id}

  305. 	}

  306. 	return source, nil

  307. }

  308. 

  309. // UpdateSource updates a Source record in DB.

  310. func UpdateSource(source *Source) error {

  311. 	var originalSource *Source

  312. 	if source.IsOAuth2() {

  313. 		// keep track of the original values so we can restore in case of errors while registering OAuth2 providers

  314. 		var err error

  315. 		if originalSource, err = GetSourceByID(source.ID); err != nil {

  316. 			return err

  317. 		}

  318. 	}

  319. 

  320. 	_, err := db.GetEngine(db.DefaultContext).ID(source.ID).AllCols().Update(source)

  321. 	if err != nil {

  322. 		return err

  323. 	}

  324. 

  325. 	if !source.IsActive {

  326. 		return nil

  327. 	}

  328. 

  329. 	if settable, ok := source.Cfg.(SourceSettable); ok {

  330. 		settable.SetAuthSource(source)

  331. 	}

  332. 

  333. 	registerableSource, ok := source.Cfg.(RegisterableSource)

  334. 	if !ok {

  335. 		return nil

  336. 	}

  337. 

  338. 	err = registerableSource.RegisterSource()

  339. 	if err != nil {

  340. 		// restore original values since we cannot update the provider it self

  341. 		if _, err := db.GetEngine(db.DefaultContext).ID(source.ID).AllCols().Update(originalSource); err != nil {

  342. 			log.Error("UpdateSource: Error while wrapOpenIDConnectInitializeError: %v", err)

  343. 		}

  344. 	}

  345. 	return err

  346. }

  347. 

  348. // CountSources returns number of login sources.

  349. func CountSources() int64 {

  350. 	count, _ := db.GetEngine(db.DefaultContext).Count(new(Source))

  351. 	return count

  352. }

  353. 

  354. // ErrSourceNotExist represents a "SourceNotExist" kind of error.

  355. type ErrSourceNotExist struct {

  356. 	ID int64

  357. }

  358. 

  359. // IsErrSourceNotExist checks if an error is a ErrSourceNotExist.

  360. func IsErrSourceNotExist(err error) bool {

  361. 	_, ok := err.(ErrSourceNotExist)

  362. 	return ok

  363. }

  364. 

  365. func (err ErrSourceNotExist) Error() string {

  366. 	return fmt.Sprintf("login source does not exist [id: %d]", err.ID)

  367. }

  368. 

  369. // Unwrap unwraps this as a ErrNotExist err

  370. func (err ErrSourceNotExist) Unwrap() error {

  371. 	return util.ErrNotExist

  372. }

  373. 

  374. // ErrSourceAlreadyExist represents a "SourceAlreadyExist" kind of error.

  375. type ErrSourceAlreadyExist struct {

  376. 	Name string

  377. }

  378. 

  379. // IsErrSourceAlreadyExist checks if an error is a ErrSourceAlreadyExist.

  380. func IsErrSourceAlreadyExist(err error) bool {

  381. 	_, ok := err.(ErrSourceAlreadyExist)

  382. 	return ok

  383. }

  384. 

  385. func (err ErrSourceAlreadyExist) Error() string {

  386. 	return fmt.Sprintf("login source already exists [name: %s]", err.Name)

  387. }

  388. 

  389. // Unwrap unwraps this as a ErrExist err

  390. func (err ErrSourceAlreadyExist) Unwrap() error {

  391. 	return util.ErrAlreadyExist

  392. }

  393. 

  394. // ErrSourceInUse represents a "SourceInUse" kind of error.

  395. type ErrSourceInUse struct {

  396. 	ID int64

  397. }

  398. 

  399. // IsErrSourceInUse checks if an error is a ErrSourceInUse.

  400. func IsErrSourceInUse(err error) bool {

  401. 	_, ok := err.(ErrSourceInUse)

  402. 	return ok

  403. }

  404. 

  405. func (err ErrSourceInUse) Error() string {

  406. 	return fmt.Sprintf("login source is still used by some users [id: %d]", err.ID)

  407. }