2014-05-05 05:32:47 -04:00
|
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2014-05-02 22:48:14 -04:00
|
|
|
package admin
|
|
|
|
|
|
|
|
import (
|
2016-03-05 18:08:42 -05:00
|
|
|
"fmt"
|
|
|
|
|
2014-07-26 00:24:27 -04:00
|
|
|
"github.com/Unknwon/com"
|
2014-05-11 06:10:37 -04:00
|
|
|
"github.com/go-xorm/core"
|
2014-05-11 10:37:31 -04:00
|
|
|
|
2016-11-10 11:24:48 -05:00
|
|
|
"code.gitea.io/gitea/models"
|
|
|
|
"code.gitea.io/gitea/modules/auth"
|
|
|
|
"code.gitea.io/gitea/modules/auth/ldap"
|
|
|
|
"code.gitea.io/gitea/modules/base"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2014-05-02 22:48:14 -04:00
|
|
|
)
|
|
|
|
|
2014-06-22 13:14:03 -04:00
|
|
|
const (
|
2016-11-20 22:21:24 -05:00
|
|
|
tplAuths base.TplName = "admin/auth/list"
|
|
|
|
tplAuthNew base.TplName = "admin/auth/new"
|
|
|
|
tplAuthEdit base.TplName = "admin/auth/edit"
|
2014-06-22 13:14:03 -04:00
|
|
|
)
|
|
|
|
|
2016-11-20 22:21:24 -05:00
|
|
|
// Authentications show authentication config page
|
2016-03-11 11:56:52 -05:00
|
|
|
func Authentications(ctx *context.Context) {
|
2014-08-29 08:50:43 -04:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.authentication")
|
|
|
|
ctx.Data["PageIsAdmin"] = true
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
|
|
|
|
|
|
|
var err error
|
2015-09-13 09:51:51 -04:00
|
|
|
ctx.Data["Sources"], err = models.LoginSources()
|
2014-08-29 08:50:43 -04:00
|
|
|
if err != nil {
|
2015-09-13 09:51:51 -04:00
|
|
|
ctx.Handle(500, "LoginSources", err)
|
2014-08-29 08:50:43 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-10 15:45:03 -04:00
|
|
|
|
|
|
|
ctx.Data["Total"] = models.CountLoginSources()
|
2016-11-20 22:21:24 -05:00
|
|
|
ctx.HTML(200, tplAuths)
|
2014-08-29 08:50:43 -04:00
|
|
|
}
|
|
|
|
|
2016-07-07 19:25:09 -04:00
|
|
|
type dropdownItem struct {
|
2015-09-10 17:11:41 -04:00
|
|
|
Name string
|
2016-07-07 19:25:09 -04:00
|
|
|
Type interface{}
|
2015-09-10 17:11:41 -04:00
|
|
|
}
|
|
|
|
|
2016-07-07 19:25:09 -04:00
|
|
|
var (
|
|
|
|
authSources = []dropdownItem{
|
2016-11-07 15:58:22 -05:00
|
|
|
{models.LoginNames[models.LoginLDAP], models.LoginLDAP},
|
|
|
|
{models.LoginNames[models.LoginDLDAP], models.LoginDLDAP},
|
|
|
|
{models.LoginNames[models.LoginSMTP], models.LoginSMTP},
|
|
|
|
{models.LoginNames[models.LoginPAM], models.LoginPAM},
|
2016-07-07 19:25:09 -04:00
|
|
|
}
|
|
|
|
securityProtocols = []dropdownItem{
|
2016-11-07 11:38:43 -05:00
|
|
|
{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
|
2016-11-07 15:58:22 -05:00
|
|
|
{models.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},
|
|
|
|
{models.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},
|
2016-07-07 19:25:09 -04:00
|
|
|
}
|
|
|
|
)
|
2015-09-10 17:11:41 -04:00
|
|
|
|
2016-11-20 22:21:24 -05:00
|
|
|
// NewAuthSource render adding a new auth source page
|
2016-03-11 11:56:52 -05:00
|
|
|
func NewAuthSource(ctx *context.Context) {
|
2014-08-29 08:50:43 -04:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.new")
|
|
|
|
ctx.Data["PageIsAdmin"] = true
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-10 17:11:41 -04:00
|
|
|
|
2016-11-07 15:58:22 -05:00
|
|
|
ctx.Data["type"] = models.LoginLDAP
|
|
|
|
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLDAP]
|
2016-11-07 11:38:43 -05:00
|
|
|
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
|
2015-09-10 17:11:41 -04:00
|
|
|
ctx.Data["smtp_auth"] = "PLAIN"
|
|
|
|
ctx.Data["is_active"] = true
|
|
|
|
ctx.Data["AuthSources"] = authSources
|
2016-07-07 19:25:09 -04:00
|
|
|
ctx.Data["SecurityProtocols"] = securityProtocols
|
2014-05-11 06:10:37 -04:00
|
|
|
ctx.Data["SMTPAuths"] = models.SMTPAuths
|
2016-11-20 22:21:24 -05:00
|
|
|
ctx.HTML(200, tplAuthNew)
|
2014-05-02 22:48:14 -04:00
|
|
|
}
|
|
|
|
|
2015-09-11 12:03:08 -04:00
|
|
|
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
|
|
|
|
return &models.LDAPConfig{
|
2015-09-14 15:48:51 -04:00
|
|
|
Source: &ldap.Source{
|
2015-12-01 08:49:49 -05:00
|
|
|
Name: form.Name,
|
|
|
|
Host: form.Host,
|
|
|
|
Port: form.Port,
|
2016-07-07 19:25:09 -04:00
|
|
|
SecurityProtocol: ldap.SecurityProtocol(form.SecurityProtocol),
|
2015-12-01 08:49:49 -05:00
|
|
|
SkipVerify: form.SkipVerify,
|
|
|
|
BindDN: form.BindDN,
|
|
|
|
UserDN: form.UserDN,
|
|
|
|
BindPassword: form.BindPassword,
|
|
|
|
UserBase: form.UserBase,
|
|
|
|
AttributeUsername: form.AttributeUsername,
|
|
|
|
AttributeName: form.AttributeName,
|
|
|
|
AttributeSurname: form.AttributeSurname,
|
|
|
|
AttributeMail: form.AttributeMail,
|
2016-02-16 06:33:16 -05:00
|
|
|
AttributesInBind: form.AttributesInBind,
|
2015-12-01 08:49:49 -05:00
|
|
|
Filter: form.Filter,
|
|
|
|
AdminFilter: form.AdminFilter,
|
|
|
|
Enabled: true,
|
2015-09-11 12:03:08 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {
|
|
|
|
return &models.SMTPConfig{
|
2015-09-11 13:32:33 -04:00
|
|
|
Auth: form.SMTPAuth,
|
|
|
|
Host: form.SMTPHost,
|
|
|
|
Port: form.SMTPPort,
|
|
|
|
AllowedDomains: form.AllowedDomains,
|
|
|
|
TLS: form.TLS,
|
|
|
|
SkipVerify: form.SkipVerify,
|
2015-09-11 12:03:08 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-20 22:21:24 -05:00
|
|
|
// NewAuthSourcePost response for adding an auth source
|
2016-03-11 11:56:52 -05:00
|
|
|
func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
|
2014-08-29 08:50:43 -04:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.new")
|
|
|
|
ctx.Data["PageIsAdmin"] = true
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-10 17:11:41 -04:00
|
|
|
|
2016-07-07 19:25:09 -04:00
|
|
|
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(form.Type)]
|
|
|
|
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]
|
2015-09-10 17:11:41 -04:00
|
|
|
ctx.Data["AuthSources"] = authSources
|
2016-07-07 19:25:09 -04:00
|
|
|
ctx.Data["SecurityProtocols"] = securityProtocols
|
2014-05-11 06:10:37 -04:00
|
|
|
ctx.Data["SMTPAuths"] = models.SMTPAuths
|
2014-05-02 22:48:14 -04:00
|
|
|
|
2016-07-07 19:25:09 -04:00
|
|
|
hasTLS := false
|
2015-09-11 12:03:08 -04:00
|
|
|
var config core.Conversion
|
2014-06-08 17:53:53 -04:00
|
|
|
switch models.LoginType(form.Type) {
|
2016-11-07 15:58:22 -05:00
|
|
|
case models.LoginLDAP, models.LoginDLDAP:
|
2015-09-11 12:03:08 -04:00
|
|
|
config = parseLDAPConfig(form)
|
2016-11-07 11:38:43 -05:00
|
|
|
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
|
2016-11-07 15:58:22 -05:00
|
|
|
case models.LoginSMTP:
|
2015-09-11 12:03:08 -04:00
|
|
|
config = parseSMTPConfig(form)
|
2016-07-07 19:25:09 -04:00
|
|
|
hasTLS = true
|
2016-11-07 15:58:22 -05:00
|
|
|
case models.LoginPAM:
|
2015-09-11 12:03:08 -04:00
|
|
|
config = &models.PAMConfig{
|
2015-04-23 07:58:57 -04:00
|
|
|
ServiceName: form.PAMServiceName,
|
|
|
|
}
|
2014-05-11 07:43:57 -04:00
|
|
|
default:
|
|
|
|
ctx.Error(400)
|
|
|
|
return
|
2014-05-11 06:10:37 -04:00
|
|
|
}
|
2016-07-07 19:25:09 -04:00
|
|
|
ctx.Data["HasTLS"] = hasTLS
|
|
|
|
|
|
|
|
if ctx.HasError() {
|
2016-11-20 22:21:24 -05:00
|
|
|
ctx.HTML(200, tplAuthNew)
|
2016-07-07 19:25:09 -04:00
|
|
|
return
|
|
|
|
}
|
2014-05-11 06:10:37 -04:00
|
|
|
|
2016-08-31 03:56:10 -04:00
|
|
|
if err := models.CreateLoginSource(&models.LoginSource{
|
2015-09-12 20:58:51 -04:00
|
|
|
Type: models.LoginType(form.Type),
|
|
|
|
Name: form.Name,
|
|
|
|
IsActived: form.IsActive,
|
|
|
|
Cfg: config,
|
2015-09-11 12:03:08 -04:00
|
|
|
}); err != nil {
|
2016-08-31 03:56:10 -04:00
|
|
|
if models.IsErrLoginSourceAlreadyExist(err) {
|
|
|
|
ctx.Data["Err_Name"] = true
|
2016-11-20 22:21:24 -05:00
|
|
|
ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), tplAuthNew, form)
|
2016-08-31 03:56:10 -04:00
|
|
|
} else {
|
|
|
|
ctx.Handle(500, "CreateSource", err)
|
|
|
|
}
|
2014-05-02 22:48:14 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-03-24 19:04:16 -04:00
|
|
|
log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, form.Name)
|
2015-09-11 12:03:08 -04:00
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("admin.auths.new_success", form.Name))
|
2016-11-27 05:14:25 -05:00
|
|
|
ctx.Redirect(setting.AppSubURL + "/admin/auths")
|
2014-05-02 22:48:14 -04:00
|
|
|
}
|
|
|
|
|
2016-11-20 22:21:24 -05:00
|
|
|
// EditAuthSource render editing auth source page
|
2016-03-11 11:56:52 -05:00
|
|
|
func EditAuthSource(ctx *context.Context) {
|
2014-08-29 08:50:43 -04:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
|
|
|
|
ctx.Data["PageIsAdmin"] = true
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-11 12:03:08 -04:00
|
|
|
|
2016-07-07 19:25:09 -04:00
|
|
|
ctx.Data["SecurityProtocols"] = securityProtocols
|
2014-05-11 06:10:37 -04:00
|
|
|
ctx.Data["SMTPAuths"] = models.SMTPAuths
|
|
|
|
|
2015-09-11 12:03:08 -04:00
|
|
|
source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
|
2014-05-05 04:40:25 -04:00
|
|
|
if err != nil {
|
2015-09-11 12:03:08 -04:00
|
|
|
ctx.Handle(500, "GetLoginSourceByID", err)
|
2014-05-05 04:40:25 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-11 12:03:08 -04:00
|
|
|
ctx.Data["Source"] = source
|
2016-07-07 19:25:09 -04:00
|
|
|
ctx.Data["HasTLS"] = source.HasTLS()
|
|
|
|
|
2016-11-20 22:21:24 -05:00
|
|
|
ctx.HTML(200, tplAuthEdit)
|
2014-05-02 22:48:14 -04:00
|
|
|
}
|
|
|
|
|
2016-11-20 22:21:24 -05:00
|
|
|
// EditAuthSourcePost resposne for editing auth source
|
2016-03-11 11:56:52 -05:00
|
|
|
func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
|
2014-08-29 08:50:43 -04:00
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
|
|
|
|
ctx.Data["PageIsAdmin"] = true
|
|
|
|
ctx.Data["PageIsAdminAuthentications"] = true
|
2015-09-11 12:03:08 -04:00
|
|
|
|
2014-05-11 06:10:37 -04:00
|
|
|
ctx.Data["SMTPAuths"] = models.SMTPAuths
|
2014-05-05 04:40:25 -04:00
|
|
|
|
2015-09-11 12:03:08 -04:00
|
|
|
source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
|
|
|
|
if err != nil {
|
|
|
|
ctx.Handle(500, "GetLoginSourceByID", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Data["Source"] = source
|
2016-07-07 19:25:09 -04:00
|
|
|
ctx.Data["HasTLS"] = source.HasTLS()
|
2015-09-11 12:03:08 -04:00
|
|
|
|
2014-05-05 04:40:25 -04:00
|
|
|
if ctx.HasError() {
|
2016-11-20 22:21:24 -05:00
|
|
|
ctx.HTML(200, tplAuthEdit)
|
2014-05-05 04:40:25 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2014-05-11 06:10:37 -04:00
|
|
|
var config core.Conversion
|
2014-06-08 17:53:53 -04:00
|
|
|
switch models.LoginType(form.Type) {
|
2016-11-07 15:58:22 -05:00
|
|
|
case models.LoginLDAP, models.LoginDLDAP:
|
2015-09-11 12:03:08 -04:00
|
|
|
config = parseLDAPConfig(form)
|
2016-11-07 15:58:22 -05:00
|
|
|
case models.LoginSMTP:
|
2015-09-11 12:03:08 -04:00
|
|
|
config = parseSMTPConfig(form)
|
2016-11-07 15:58:22 -05:00
|
|
|
case models.LoginPAM:
|
2015-04-23 07:58:57 -04:00
|
|
|
config = &models.PAMConfig{
|
|
|
|
ServiceName: form.PAMServiceName,
|
|
|
|
}
|
2014-05-11 10:37:31 -04:00
|
|
|
default:
|
|
|
|
ctx.Error(400)
|
|
|
|
return
|
2014-05-11 06:10:37 -04:00
|
|
|
}
|
|
|
|
|
2015-09-11 12:03:08 -04:00
|
|
|
source.Name = form.Name
|
|
|
|
source.IsActived = form.IsActive
|
|
|
|
source.Cfg = config
|
|
|
|
if err := models.UpdateSource(source); err != nil {
|
2014-08-29 08:50:43 -04:00
|
|
|
ctx.Handle(500, "UpdateSource", err)
|
2014-05-05 04:40:25 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-11 12:03:08 -04:00
|
|
|
log.Trace("Authentication changed by admin(%s): %s", ctx.User.Name, source.ID)
|
2014-05-05 04:40:25 -04:00
|
|
|
|
2014-08-29 08:50:43 -04:00
|
|
|
ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
|
2016-11-27 05:14:25 -05:00
|
|
|
ctx.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(form.ID))
|
2014-05-02 22:48:14 -04:00
|
|
|
}
|
|
|
|
|
2016-11-20 22:21:24 -05:00
|
|
|
// DeleteAuthSource response for deleting an auth source
|
2016-03-11 11:56:52 -05:00
|
|
|
func DeleteAuthSource(ctx *context.Context) {
|
2015-09-11 12:03:08 -04:00
|
|
|
source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
|
2014-05-05 04:40:25 -04:00
|
|
|
if err != nil {
|
2015-09-11 12:03:08 -04:00
|
|
|
ctx.Handle(500, "GetLoginSourceByID", err)
|
2014-05-05 04:40:25 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-09-11 12:03:08 -04:00
|
|
|
if err = models.DeleteSource(source); err != nil {
|
2016-08-31 04:22:41 -04:00
|
|
|
if models.IsErrLoginSourceInUse(err) {
|
2016-03-05 18:08:42 -05:00
|
|
|
ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
|
2016-08-31 04:22:41 -04:00
|
|
|
} else {
|
2016-03-05 18:08:42 -05:00
|
|
|
ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
|
2014-05-05 04:40:25 -04:00
|
|
|
}
|
2016-03-05 18:08:42 -05:00
|
|
|
ctx.JSON(200, map[string]interface{}{
|
2016-11-27 05:14:25 -05:00
|
|
|
"redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),
|
2016-03-05 18:08:42 -05:00
|
|
|
})
|
2014-05-05 04:40:25 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-11 12:03:08 -04:00
|
|
|
log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
|
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
|
|
|
|
ctx.JSON(200, map[string]interface{}{
|
2016-11-27 05:14:25 -05:00
|
|
|
"redirect": setting.AppSubURL + "/admin/auths",
|
2015-09-11 12:03:08 -04:00
|
|
|
})
|
2014-05-02 22:48:14 -04:00
|
|
|
}
|