forgejo-federation/routers/admin/auths.go

327 lines
10 KiB
Go
Raw Normal View History

2014-05-05 15:02:47 +05:30
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-05-03 08:18:14 +05:30
package admin
import (
"fmt"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/auth/ldap"
"code.gitea.io/gitea/modules/auth/oauth2"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"github.com/Unknwon/com"
"github.com/go-xorm/core"
2014-05-03 08:18:14 +05:30
)
const (
2016-11-21 08:51:24 +05:30
tplAuths base.TplName = "admin/auth/list"
tplAuthNew base.TplName = "admin/auth/new"
tplAuthEdit base.TplName = "admin/auth/edit"
)
2016-11-21 08:51:24 +05:30
// Authentications show authentication config page
2016-03-11 22:26:52 +05:30
func Authentications(ctx *context.Context) {
2014-08-29 18:20:43 +05:30
ctx.Data["Title"] = ctx.Tr("admin.authentication")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
var err error
ctx.Data["Sources"], err = models.LoginSources()
2014-08-29 18:20:43 +05:30
if err != nil {
ctx.ServerError("LoginSources", err)
2014-08-29 18:20:43 +05:30
return
}
2015-09-11 01:15:03 +05:30
ctx.Data["Total"] = models.CountLoginSources()
2016-11-21 08:51:24 +05:30
ctx.HTML(200, tplAuths)
2014-08-29 18:20:43 +05:30
}
type dropdownItem struct {
2015-09-11 02:41:41 +05:30
Name string
Type interface{}
2015-09-11 02:41:41 +05:30
}
var (
authSources = []dropdownItem{
{models.LoginNames[models.LoginLDAP], models.LoginLDAP},
{models.LoginNames[models.LoginDLDAP], models.LoginDLDAP},
{models.LoginNames[models.LoginSMTP], models.LoginSMTP},
{models.LoginNames[models.LoginPAM], models.LoginPAM},
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
{models.LoginNames[models.LoginOAuth2], models.LoginOAuth2},
}
securityProtocols = []dropdownItem{
2016-11-07 22:08:43 +05:30
{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
{models.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},
{models.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},
}
)
2015-09-11 02:41:41 +05:30
2016-11-21 08:51:24 +05:30
// NewAuthSource render adding a new auth source page
2016-03-11 22:26:52 +05:30
func NewAuthSource(ctx *context.Context) {
2014-08-29 18:20:43 +05:30
ctx.Data["Title"] = ctx.Tr("admin.auths.new")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
2015-09-11 02:41:41 +05:30
ctx.Data["type"] = models.LoginLDAP
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLDAP]
2016-11-07 22:08:43 +05:30
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
2015-09-11 02:41:41 +05:30
ctx.Data["smtp_auth"] = "PLAIN"
ctx.Data["is_active"] = true
2017-05-10 18:40:18 +05:30
ctx.Data["is_sync_enabled"] = true
2015-09-11 02:41:41 +05:30
ctx.Data["AuthSources"] = authSources
ctx.Data["SecurityProtocols"] = securityProtocols
2014-05-11 15:40:37 +05:30
ctx.Data["SMTPAuths"] = models.SMTPAuths
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
ctx.Data["OAuth2Providers"] = models.OAuth2Providers
ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
// only the first as default
for key := range models.OAuth2Providers {
ctx.Data["oauth2_provider"] = key
break
}
2016-11-21 08:51:24 +05:30
ctx.HTML(200, tplAuthNew)
2014-05-03 08:18:14 +05:30
}
2015-09-11 21:33:08 +05:30
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
var pageSize uint32
if form.UsePagedSearch {
pageSize = uint32(form.SearchPageSize)
}
2015-09-11 21:33:08 +05:30
return &models.LDAPConfig{
2015-09-15 01:18:51 +05:30
Source: &ldap.Source{
Name: form.Name,
Host: form.Host,
Port: form.Port,
SecurityProtocol: ldap.SecurityProtocol(form.SecurityProtocol),
SkipVerify: form.SkipVerify,
BindDN: form.BindDN,
UserDN: form.UserDN,
BindPassword: form.BindPassword,
UserBase: form.UserBase,
AttributeUsername: form.AttributeUsername,
AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail,
AttributesInBind: form.AttributesInBind,
AttributeSSHPublicKey: form.AttributeSSHPublicKey,
SearchPageSize: pageSize,
Filter: form.Filter,
AdminFilter: form.AdminFilter,
Enabled: true,
2015-09-11 21:33:08 +05:30
},
}
}
func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {
return &models.SMTPConfig{
Auth: form.SMTPAuth,
Host: form.SMTPHost,
Port: form.SMTPPort,
AllowedDomains: form.AllowedDomains,
TLS: form.TLS,
SkipVerify: form.SkipVerify,
2015-09-11 21:33:08 +05:30
}
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
func parseOAuth2Config(form auth.AuthenticationForm) *models.OAuth2Config {
var customURLMapping *oauth2.CustomURLMapping
if form.Oauth2UseCustomURL {
customURLMapping = &oauth2.CustomURLMapping{
TokenURL: form.Oauth2TokenURL,
AuthURL: form.Oauth2AuthURL,
ProfileURL: form.Oauth2ProfileURL,
EmailURL: form.Oauth2EmailURL,
}
} else {
customURLMapping = nil
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
return &models.OAuth2Config{
Provider: form.Oauth2Provider,
ClientID: form.Oauth2Key,
ClientSecret: form.Oauth2Secret,
OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
CustomURLMapping: customURLMapping,
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
}
}
2016-11-21 08:51:24 +05:30
// NewAuthSourcePost response for adding an auth source
2016-03-11 22:26:52 +05:30
func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
2014-08-29 18:20:43 +05:30
ctx.Data["Title"] = ctx.Tr("admin.auths.new")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
2015-09-11 02:41:41 +05:30
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(form.Type)]
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]
2015-09-11 02:41:41 +05:30
ctx.Data["AuthSources"] = authSources
ctx.Data["SecurityProtocols"] = securityProtocols
2014-05-11 15:40:37 +05:30
ctx.Data["SMTPAuths"] = models.SMTPAuths
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
ctx.Data["OAuth2Providers"] = models.OAuth2Providers
ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
2014-05-03 08:18:14 +05:30
hasTLS := false
2015-09-11 21:33:08 +05:30
var config core.Conversion
switch models.LoginType(form.Type) {
case models.LoginLDAP, models.LoginDLDAP:
2015-09-11 21:33:08 +05:30
config = parseLDAPConfig(form)
2016-11-07 22:08:43 +05:30
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
case models.LoginSMTP:
2015-09-11 21:33:08 +05:30
config = parseSMTPConfig(form)
hasTLS = true
case models.LoginPAM:
2015-09-11 21:33:08 +05:30
config = &models.PAMConfig{
2015-04-23 17:28:57 +05:30
ServiceName: form.PAMServiceName,
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
case models.LoginOAuth2:
config = parseOAuth2Config(form)
2014-05-11 17:13:57 +05:30
default:
ctx.Error(400)
return
2014-05-11 15:40:37 +05:30
}
ctx.Data["HasTLS"] = hasTLS
if ctx.HasError() {
2016-11-21 08:51:24 +05:30
ctx.HTML(200, tplAuthNew)
return
}
2014-05-11 15:40:37 +05:30
if err := models.CreateLoginSource(&models.LoginSource{
2017-05-10 18:40:18 +05:30
Type: models.LoginType(form.Type),
Name: form.Name,
IsActived: form.IsActive,
IsSyncEnabled: form.IsSyncEnabled,
Cfg: config,
2015-09-11 21:33:08 +05:30
}); err != nil {
if models.IsErrLoginSourceAlreadyExist(err) {
ctx.Data["Err_Name"] = true
2016-11-21 08:51:24 +05:30
ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), tplAuthNew, form)
} else {
ctx.ServerError("CreateSource", err)
}
2014-05-03 08:18:14 +05:30
return
}
log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, form.Name)
2015-09-11 21:33:08 +05:30
ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))
ctx.Redirect(setting.AppSubURL + "/admin/auths")
2014-05-03 08:18:14 +05:30
}
2016-11-21 08:51:24 +05:30
// EditAuthSource render editing auth source page
2016-03-11 22:26:52 +05:30
func EditAuthSource(ctx *context.Context) {
2014-08-29 18:20:43 +05:30
ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
2015-09-11 21:33:08 +05:30
ctx.Data["SecurityProtocols"] = securityProtocols
2014-05-11 15:40:37 +05:30
ctx.Data["SMTPAuths"] = models.SMTPAuths
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
ctx.Data["OAuth2Providers"] = models.OAuth2Providers
ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
2014-05-11 15:40:37 +05:30
2015-09-11 21:33:08 +05:30
source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
2014-05-05 14:10:25 +05:30
if err != nil {
ctx.ServerError("GetLoginSourceByID", err)
2014-05-05 14:10:25 +05:30
return
}
2015-09-11 21:33:08 +05:30
ctx.Data["Source"] = source
ctx.Data["HasTLS"] = source.HasTLS()
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
if source.IsOAuth2() {
ctx.Data["CurrentOAuth2Provider"] = models.OAuth2Providers[source.OAuth2().Provider]
}
2016-11-21 08:51:24 +05:30
ctx.HTML(200, tplAuthEdit)
2014-05-03 08:18:14 +05:30
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
// EditAuthSourcePost response for editing auth source
2016-03-11 22:26:52 +05:30
func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
2014-08-29 18:20:43 +05:30
ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
2015-09-11 21:33:08 +05:30
2014-05-11 15:40:37 +05:30
ctx.Data["SMTPAuths"] = models.SMTPAuths
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
ctx.Data["OAuth2Providers"] = models.OAuth2Providers
ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
2014-05-05 14:10:25 +05:30
2015-09-11 21:33:08 +05:30
source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
if err != nil {
ctx.ServerError("GetLoginSourceByID", err)
2015-09-11 21:33:08 +05:30
return
}
ctx.Data["Source"] = source
ctx.Data["HasTLS"] = source.HasTLS()
2015-09-11 21:33:08 +05:30
2014-05-05 14:10:25 +05:30
if ctx.HasError() {
2016-11-21 08:51:24 +05:30
ctx.HTML(200, tplAuthEdit)
2014-05-05 14:10:25 +05:30
return
}
2014-05-11 15:40:37 +05:30
var config core.Conversion
switch models.LoginType(form.Type) {
case models.LoginLDAP, models.LoginDLDAP:
2015-09-11 21:33:08 +05:30
config = parseLDAPConfig(form)
case models.LoginSMTP:
2015-09-11 21:33:08 +05:30
config = parseSMTPConfig(form)
case models.LoginPAM:
2015-04-23 17:28:57 +05:30
config = &models.PAMConfig{
ServiceName: form.PAMServiceName,
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 12:44:37 +05:30
case models.LoginOAuth2:
config = parseOAuth2Config(form)
2014-05-11 20:07:31 +05:30
default:
ctx.Error(400)
return
2014-05-11 15:40:37 +05:30
}
2015-09-11 21:33:08 +05:30
source.Name = form.Name
source.IsActived = form.IsActive
2017-05-10 18:40:18 +05:30
source.IsSyncEnabled = form.IsSyncEnabled
2015-09-11 21:33:08 +05:30
source.Cfg = config
if err := models.UpdateSource(source); err != nil {
if models.IsErrOpenIDConnectInitialize(err) {
ctx.Flash.Error(err.Error(), true)
ctx.HTML(200, tplAuthEdit)
} else {
ctx.ServerError("UpdateSource", err)
}
2014-05-05 14:10:25 +05:30
return
}
2016-12-21 12:39:43 +05:30
log.Trace("Authentication changed by admin(%s): %d", ctx.User.Name, source.ID)
2014-05-05 14:10:25 +05:30
2014-08-29 18:20:43 +05:30
ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
ctx.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(form.ID))
2014-05-03 08:18:14 +05:30
}
2016-11-21 08:51:24 +05:30
// DeleteAuthSource response for deleting an auth source
2016-03-11 22:26:52 +05:30
func DeleteAuthSource(ctx *context.Context) {
2015-09-11 21:33:08 +05:30
source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
2014-05-05 14:10:25 +05:30
if err != nil {
ctx.ServerError("GetLoginSourceByID", err)
2014-05-05 14:10:25 +05:30
return
}
2015-09-11 21:33:08 +05:30
if err = models.DeleteSource(source); err != nil {
2016-08-31 13:52:41 +05:30
if models.IsErrLoginSourceInUse(err) {
ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
2016-08-31 13:52:41 +05:30
} else {
ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
2014-05-05 14:10:25 +05:30
}
ctx.JSON(200, map[string]interface{}{
"redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),
})
2014-05-05 14:10:25 +05:30
return
}
2015-09-11 21:33:08 +05:30
log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
ctx.JSON(200, map[string]interface{}{
"redirect": setting.AppSubURL + "/admin/auths",
2015-09-11 21:33:08 +05:30
})
2014-05-03 08:18:14 +05:30
}