OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
19689 Commits
197 Branches
392 MB
2926 Download
Branch: V20230215
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'V20230215'
${ noResults }
aiforge/modules/auth/auth.go

auth.go 5.4 kB
Raw Permalink Normal View History

Add binding form for register user
11 years ago
OAuth2 token can be used in basic auth (#6747)
6 years ago
Add binding form for register user
11 years ago
New UI merge in progress
11 years ago
Add binding form for register user
11 years ago
fix-982
3 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
Add single sign-on support via SSPI on Windows (#8463) * Add single sign-on support via SSPI on Windows * Ensure plugins implement interface * Ensure plugins implement interface * Move functions used only by the SSPI auth method to sspi_windows.go * Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected * Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links. * Update documentation for the new 'SPNEGO with SSPI' login source * Mention in documentation that ROOT_URL should contain the FQDN of the server * Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing) * Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources) * Add option in SSPIConfig for removing of domains from logon names * Update helper text for StripDomainNames option * Make sure handleSignIn() is called after a new user object is created by SSPI auth method * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates * Remove code duplication * Log errors in ActiveLoginSources Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert suffix of randomly generated E-mails for Reverse proxy authentication Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert unneeded white-space change in template Co-Authored-By: Lauris BH <lauris@nix.lv> * Add copyright comments at the top of new files * Use loopback name for randomly generated emails * Add locale tag for the SSPISeparatorReplacement field with proper casing * Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields * Update docs/content/doc/features/authentication.en-us.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Remove Priority() method and define the order in which SSO auth methods should be executed in one place * Log authenticated username only if it's not empty * Rephrase helper text for automatic creation of users * Return error if more than one active SSPI auth source is found * Change newUser() function to return error, letting caller log/handle the error * Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed * Refactor initialization of the list containing SSO auth methods * Validate SSPI settings on POST * Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page * Make 'Default language' in SSPI config empty, unless changed by admin * Show error if admin tries to add a second authentication source of type SSPI * Simplify declaration of global variable * Rebuild gitgraph.js on Linux * Make sure config values containing only whitespace are not accepted
5 years ago
Better URL validation (#1507) * Add correct git branch name validation * Change git refname validation error constant name * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add git reference name validation unit tests * Remove unused variable in unit test * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add url validation unit tests
8 years ago
Use gitea forked macaron (#7933) Signed-off-by: Tamal Saha <tamal@appscode.com>
5 years ago
Add binding form for register user
11 years ago
golint fixed for modules/auth
8 years ago
#1128: API calls are not hidden behind sign in
10 years ago
New UI merge in progress
11 years ago
fix #165
10 years ago
#842 able to use access token replace basic auth
9 years ago
work on #616 and update locales
10 years ago
more APIs on #12
10 years ago
work on #616 and update locales
10 years ago
fix-982
3 years ago
Add single sign-on support via SSPI on Windows (#8463) * Add single sign-on support via SSPI on Windows * Ensure plugins implement interface * Ensure plugins implement interface * Move functions used only by the SSPI auth method to sspi_windows.go * Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected * Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links. * Update documentation for the new 'SPNEGO with SSPI' login source * Mention in documentation that ROOT_URL should contain the FQDN of the server * Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing) * Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources) * Add option in SSPIConfig for removing of domains from logon names * Update helper text for StripDomainNames option * Make sure handleSignIn() is called after a new user object is created by SSPI auth method * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates * Remove code duplication * Log errors in ActiveLoginSources Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert suffix of randomly generated E-mails for Reverse proxy authentication Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert unneeded white-space change in template Co-Authored-By: Lauris BH <lauris@nix.lv> * Add copyright comments at the top of new files * Use loopback name for randomly generated emails * Add locale tag for the SSPISeparatorReplacement field with proper casing * Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields * Update docs/content/doc/features/authentication.en-us.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Remove Priority() method and define the order in which SSO auth methods should be executed in one place * Log authenticated username only if it's not empty * Rephrase helper text for automatic creation of users * Return error if more than one active SSPI auth source is found * Change newUser() function to return error, letting caller log/handle the error * Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed * Refactor initialization of the list containing SSO auth methods * Validate SSPI settings on POST * Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page * Make 'Default language' in SSPI config empty, unless changed by admin * Show error if admin tries to add a second authentication source of type SSPI * Simplify declaration of global variable * Rebuild gitgraph.js on Linux * Make sure config values containing only whitespace are not accepted
5 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
Add single sign-on support via SSPI on Windows (#8463) * Add single sign-on support via SSPI on Windows * Ensure plugins implement interface * Ensure plugins implement interface * Move functions used only by the SSPI auth method to sspi_windows.go * Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected * Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links. * Update documentation for the new 'SPNEGO with SSPI' login source * Mention in documentation that ROOT_URL should contain the FQDN of the server * Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing) * Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources) * Add option in SSPIConfig for removing of domains from logon names * Update helper text for StripDomainNames option * Make sure handleSignIn() is called after a new user object is created by SSPI auth method * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates * Remove code duplication * Log errors in ActiveLoginSources Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert suffix of randomly generated E-mails for Reverse proxy authentication Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert unneeded white-space change in template Co-Authored-By: Lauris BH <lauris@nix.lv> * Add copyright comments at the top of new files * Use loopback name for randomly generated emails * Add locale tag for the SSPISeparatorReplacement field with proper casing * Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields * Update docs/content/doc/features/authentication.en-us.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Remove Priority() method and define the order in which SSO auth methods should be executed in one place * Log authenticated username only if it's not empty * Rephrase helper text for automatic creation of users * Return error if more than one active SSPI auth source is found * Change newUser() function to return error, letting caller log/handle the error * Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed * Refactor initialization of the list containing SSO auth methods * Validate SSPI settings on POST * Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page * Make 'Default language' in SSPI config empty, unless changed by admin * Show error if admin tries to add a second authentication source of type SSPI * Simplify declaration of global variable * Rebuild gitgraph.js on Linux * Make sure config values containing only whitespace are not accepted
5 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
Working on install page
11 years ago
fix-982
3 years ago
golint fixed for modules/auth
8 years ago
Use binding middleware
10 years ago
cmd: CMD option for port number of `gogs web` to prevent first time run conflict - routers: use new binding convention to simplify code - templates: able to set HTTP port number in install page
10 years ago
New UI merge in progress
11 years ago
cmd: CMD option for port number of `gogs web` to prevent first time run conflict - routers: use new binding convention to simplify code - templates: able to set HTTP port number in install page
10 years ago
New UI merge in progress
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
New UI merge in progress
11 years ago
Fix #340
11 years ago
fix: gofmt errors. (#1106)
8 years ago
New UI merge in progress
11 years ago
golint fixed for modules/auth
8 years ago
UI: basic label list - create new label
10 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
UI: basic label list - create new label
10 years ago
golint fixed for modules/auth
8 years ago
Fix #340
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
Fix #340
11 years ago
golint fixed for modules/auth
8 years ago
Fix #340
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
golint fixed for modules/auth
8 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
Fix #340
11 years ago
Use binding middleware
10 years ago
New UI merge in progress
11 years ago
Implement webhook branch filter (#7791) * Fix validate() function to handle errors in embedded anon structs * Implement webhook branch filter See #2025, #3998.
5 years ago
New UI merge in progress
11 years ago
Implement webhook branch filter (#7791) * Fix validate() function to handle errors in embedded anon structs * Implement webhook branch filter See #2025, #3998.
5 years ago
New UI merge in progress
11 years ago
Implement webhook branch filter (#7791) * Fix validate() function to handle errors in embedded anon structs * Implement webhook branch filter See #2025, #3998.
5 years ago
fix: gofmt errors. (#1106)
8 years ago
UI: install - new version
10 years ago
Use binding middleware
10 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
Better URL validation (#1507) * Add correct git branch name validation * Change git refname validation error constant name * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add git reference name validation unit tests * Remove unused variable in unit test * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add url validation unit tests
8 years ago
UI: basic label list - create new label
10 years ago
fix binding api broken
10 years ago
Fix #340
11 years ago
fix binding api broken
10 years ago
Fix #340
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
Implement webhook branch filter (#7791) * Fix validate() function to handle errors in embedded anon structs * Implement webhook branch filter See #2025, #3998.
5 years ago
update error msg for alpha_dash_dot_chinese_error
3 years ago
New UI merge in progress
11 years ago
Use binding middleware
10 years ago
New UI merge in progress
11 years ago
Use binding middleware
10 years ago
New UI merge in progress
11 years ago
Use binding middleware
10 years ago
Working on install page
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2019 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package auth

  7. 

  8. import (

  9. 	"reflect"

  10. 	"strings"

  11. 

  12. 	"code.gitea.io/gitea/modules/base"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. 

  15. 	"code.gitea.io/gitea/models"

  16. 	"code.gitea.io/gitea/modules/auth/sso"

  17. 	"code.gitea.io/gitea/modules/validation"

  18. 

  19. 	"gitea.com/macaron/binding"

  20. 	"gitea.com/macaron/macaron"

  21. 	"gitea.com/macaron/session"

  22. 	"github.com/unknwon/com"

  23. )

  24. 

  25. // IsAPIPath if URL is an api path

  26. func IsAPIPath(url string) bool {

  27. 	return strings.HasPrefix(url, "/api/")

  28. }

  29. 

  30. // SignedInUser returns the user object of signed user.

  31. // It returns a bool value to indicate whether user uses basic auth or not.

  32. func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {

  33. 	if !models.HasEngine {

  34. 		return nil, false

  35. 	}

  36. 

  37. 	checkAutoLogin(ctx, sess)

  38. 

  39. 	// Try to sign in with each of the enabled plugins

  40. 	for _, ssoMethod := range sso.Methods() {

  41. 		if !ssoMethod.IsEnabled() {

  42. 			continue

  43. 		}

  44. 		user := ssoMethod.VerifyAuthData(ctx, sess)

  45. 		if user != nil {

  46. 			_, isBasic := ssoMethod.(*sso.Basic)

  47. 			return user, isBasic

  48. 		}

  49. 	}

  50. 

  51. 	return nil, false

  52. }

  53. 

  54. func checkAutoLogin(ctx *macaron.Context, sess session.Store) {

  55. 	uid := sess.Get("uid")

  56. 	if uid == nil {

  57. 		uname := ctx.GetCookie(setting.CookieUserName)

  58. 

  59. 		u, err := models.GetUserByName(uname)

  60. 		if err == nil {

  61. 

  62. 			if val, ok := ctx.GetSuperSecureCookie(

  63. 				base.EncodeMD5(u.Rands+u.Passwd), setting.CookieRememberName); ok && val == u.Name {

  64. 				sess.Set("uid", u.ID)

  65. 			}

  66. 		}

  67. 	}

  68. 

  69. }

  70. 

  71. // Form form binding interface

  72. type Form interface {

  73. 	binding.Validator

  74. }

  75. 

  76. func init() {

  77. 	binding.SetNameMapper(com.ToSnakeCase)

  78. }

  79. 

  80. // AssignForm assign form values back to the template data.

  81. func AssignForm(form interface{}, data map[string]interface{}) {

  82. 	typ := reflect.TypeOf(form)

  83. 	val := reflect.ValueOf(form)

  84. 

  85. 	if typ.Kind() == reflect.Ptr {

  86. 		typ = typ.Elem()

  87. 		val = val.Elem()

  88. 	}

  89. 

  90. 	for i := 0; i < typ.NumField(); i++ {

  91. 		field := typ.Field(i)

  92. 

  93. 		fieldName := field.Tag.Get("form")

  94. 		// Allow ignored fields in the struct

  95. 		if fieldName == "-" {

  96. 			continue

  97. 		} else if len(fieldName) == 0 {

  98. 			fieldName = com.ToSnakeCase(field.Name)

  99. 		}

  100. 

  101. 		data[fieldName] = val.Field(i).Interface()

  102. 	}

  103. }

  104. 

  105. func getRuleBody(field reflect.StructField, prefix string) string {

  106. 	for _, rule := range strings.Split(field.Tag.Get("binding"), ";") {

  107. 		if strings.HasPrefix(rule, prefix) {

  108. 			return rule[len(prefix) : len(rule)-1]

  109. 		}

  110. 	}

  111. 	return ""

  112. }

  113. 

  114. // GetSize get size int form tag

  115. func GetSize(field reflect.StructField) string {

  116. 	return getRuleBody(field, "Size(")

  117. }

  118. 

  119. // GetMinSize get minimal size in form tag

  120. func GetMinSize(field reflect.StructField) string {

  121. 	return getRuleBody(field, "MinSize(")

  122. }

  123. 

  124. // GetMaxSize get max size in form tag

  125. func GetMaxSize(field reflect.StructField) string {

  126. 	return getRuleBody(field, "MaxSize(")

  127. }

  128. 

  129. // GetInclude get include in form tag

  130. func GetInclude(field reflect.StructField) string {

  131. 	return getRuleBody(field, "Include(")

  132. }

  133. 

  134. func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaron.Locale) binding.Errors {

  135. 	if errs.Len() == 0 {

  136. 		return errs

  137. 	}

  138. 

  139. 	data["HasError"] = true

  140. 	// If the field with name errs[0].FieldNames[0] is not found in form

  141. 	// somehow, some code later on will panic on Data["ErrorMsg"].(string).

  142. 	// So initialize it to some default.

  143. 	data["ErrorMsg"] = l.Tr("form.unknown_error")

  144. 	AssignForm(f, data)

  145. 

  146. 	typ := reflect.TypeOf(f)

  147. 	val := reflect.ValueOf(f)

  148. 

  149. 	if typ.Kind() == reflect.Ptr {

  150. 		typ = typ.Elem()

  151. 		val = val.Elem()

  152. 	}

  153. 

  154. 	if field, ok := typ.FieldByName(errs[0].FieldNames[0]); ok {

  155. 		fieldName := field.Tag.Get("form")

  156. 		if fieldName != "-" {

  157. 			data["Err_"+field.Name] = true

  158. 

  159. 			trName := field.Tag.Get("locale")

  160. 			if len(trName) == 0 {

  161. 				trName = l.Tr("form." + field.Name)

  162. 			} else {

  163. 				trName = l.Tr(trName)

  164. 			}

  165. 

  166. 			switch errs[0].Classification {

  167. 			case binding.ERR_REQUIRED:

  168. 				data["ErrorMsg"] = trName + l.Tr("form.require_error")

  169. 			case binding.ERR_ALPHA_DASH:

  170. 				data["ErrorMsg"] = trName + l.Tr("form.alpha_dash_error")

  171. 			case binding.ERR_ALPHA_DASH_DOT:

  172. 				data["ErrorMsg"] = trName + l.Tr("form.alpha_dash_dot_error")

  173. 			case validation.ErrGitRefName:

  174. 				data["ErrorMsg"] = trName + l.Tr("form.git_ref_name_error")

  175. 			case binding.ERR_SIZE:

  176. 				data["ErrorMsg"] = trName + l.Tr("form.size_error", GetSize(field))

  177. 			case binding.ERR_MIN_SIZE:

  178. 				data["ErrorMsg"] = trName + l.Tr("form.min_size_error", GetMinSize(field))

  179. 			case binding.ERR_MAX_SIZE:

  180. 				data["ErrorMsg"] = trName + l.Tr("form.max_size_error", GetMaxSize(field))

  181. 			case binding.ERR_EMAIL:

  182. 				data["ErrorMsg"] = trName + l.Tr("form.email_error")

  183. 			case binding.ERR_URL:

  184. 				data["ErrorMsg"] = trName + l.Tr("form.url_error")

  185. 			case binding.ERR_INCLUDE:

  186. 				data["ErrorMsg"] = trName + l.Tr("form.include_error", GetInclude(field))

  187. 			case validation.ErrGlobPattern:

  188. 				data["ErrorMsg"] = trName + l.Tr("form.glob_pattern_error", errs[0].Message)

  189. 			case validation.ErrAlphaDashDotChinese:

  190. 				data["ErrorMsg"] = trName + l.Tr("form.alpha_dash_dot_chinese_error")

  191. 			default:

  192. 				data["ErrorMsg"] = l.Tr("form.unknown_error") + " " + errs[0].Classification

  193. 			}

  194. 			return errs

  195. 		}

  196. 	}

  197. 	return errs

  198. }

No Description