OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
4957 Commits
197 Branches
392 MB
3585 Download
Tree: 01d957677f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '01d957677f'
${ noResults }
aiforge/models/login_source.go

login_source.go 20 kB
Raw Normal View History

Add tar.gz download button and other mirror updates
11 years ago
fix code
11 years ago
add login.go
11 years ago
ldap support
11 years ago
Make gmail auth work
11 years ago
ldap support
11 years ago
basic authentications
11 years ago
add smtp authentication
11 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
merge all login methods
11 years ago
ldap support
11 years ago
add login.go
11 years ago
finish new edit auth UI
9 years ago
#2709 validate username attribute fetched from LDAP
9 years ago
ldap support
11 years ago
basic authentications
11 years ago
fix code
11 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
ldap support
11 years ago
add login.go
11 years ago
Lint models/login_source.go
8 years ago
Add tar.gz download button and other mirror updates
11 years ago
models/login_source: code improvement
8 years ago
basic authentications
11 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
basic authentications
11 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
basic authentications
11 years ago
add login.go
11 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Rewrite XORM queries
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Fix spelling errors in comments.
10 years ago
Fix edit auth page bug
11 years ago
Add PAM authentication
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
Fix edit auth page bug
11 years ago
add login.go
11 years ago
Lint models/login_source.go
8 years ago
add login.go
11 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
11 years ago
Lint models/login_source.go
8 years ago
add login.go
11 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
11 years ago
Lint models/login_source.go
8 years ago
add login.go
11 years ago
#1637 able to skip verify for LDAP
9 years ago
add login.go
11 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
11 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
11 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
11 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
11 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
10 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
models/login_source: code improvement
8 years ago
add login.go
11 years ago
#1625 remove auto_register and makes it default
9 years ago
Create missing database indexes (#596)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Create missing database indexes (#596)
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Create missing database indexes (#596)
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/login_source.go
8 years ago
ldap support
11 years ago
#2349 try to handle []int8 case
9 years ago
#2349 fix convert type
9 years ago
#2349 try to handle []int8 case
9 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
#2349 try to handle []int8 case
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
finish new edit auth UI
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/login_source.go
8 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/login_source.go
8 years ago
finish new add auth UI
9 years ago
basic authentications
11 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
Lint models/login_source.go
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Security protocols
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
finish new edit auth UI
9 years ago
Lint models/login_source.go
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1637 able to skip verify for LDAP
9 years ago
Lint models/login_source.go
8 years ago
basic authentications
11 years ago
Lint models/login_source.go
8 years ago
add smtp authentication
11 years ago
Lint models/login_source.go
8 years ago
Add PAM authentication
10 years ago
Lint models/login_source.go
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
Lint models/login_source.go
8 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
Add tar.gz download button and other mirror updates
11 years ago
Lint models/login_source.go
8 years ago
#697 disable captcha and new admin create user UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
ldap support
11 years ago
APIs: admin users
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
basic authentications
11 years ago
Fix #165
11 years ago
basic authentications
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
#3515 use alert instead 500 for duplicated login source name
8 years ago
basic authentications
11 years ago
Lint models/login_source.go
8 years ago
add support for smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
ldap support
11 years ago
Lint models/login_source.go
8 years ago
finish new edit auth UI
9 years ago
basic authentications
11 years ago
finish new edit auth UI
9 years ago
models/login_source: code improvement
8 years ago
basic authentications
11 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
finish new edit auth UI
9 years ago
ldap support
11 years ago
add login.go
11 years ago
merge all login methods
11 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
merge all login methods
11 years ago
models/login_source: code improvement
8 years ago
minor fix on #1694
9 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
work on #672
10 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
merge all login methods
11 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
merge all login methods
11 years ago
models/login_source: code improvement
8 years ago
merge all login methods
11 years ago
work on #672
10 years ago
#2709 validate username attribute fetched from LDAP
9 years ago
models/login_source: code improvement
8 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#2709 validate username attribute fetched from LDAP
9 years ago
#3295 fix wrong logic judgement
9 years ago
#2709 validate username attribute fetched from LDAP
9 years ago
work on #672
10 years ago
#2709 validate username attribute fetched from LDAP
9 years ago
work on #672
10 years ago
models/login_source: code improvement
8 years ago
#2709 validate username attribute fetched from LDAP
9 years ago
models/login_source: code improvement
8 years ago
Added LDAP simple auth support.
9 years ago
models/login_source: code improvement
8 years ago
work on #672
10 years ago
models/login_source: code improvement
8 years ago
merge all login methods
11 years ago
models/login_source: code improvement
8 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
9 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
add smtp authentication
11 years ago
Lint models/login_source.go
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Lint models/login_source.go
8 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
add smtp authentication
11 years ago
Make gmail auth work
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
11 years ago
Clean old LDAP code
11 years ago
add smtp authentication
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
models/login_source: code improvement
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
11 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
11 years ago
Make gmail auth work
11 years ago
add smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Make gmail auth work
11 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
11 years ago
models/login_source: code improvement
8 years ago
smtp login bug fixed
11 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
models/login_source: code improvement
8 years ago
add smtp authentication
11 years ago
Add PAM authentication
10 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
golint fixed for modules/auth
8 years ago
Add PAM authentication
10 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
Add PAM authentication
10 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
10 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
#1938 #1374 disable password change for non-local users
9 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
10 years ago
models/login_source: code improvement
8 years ago
Add PAM authentication
10 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
Lint models/login_source.go
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
Fix typos
8 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
Fix typos
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
models/login_source: code improvement
8 years ago
#1625 remove auto_register and makes it default
9 years ago
fixed bug #151 caused Find should be Get (#153)
8 years ago
#1625 remove auto_register and makes it default
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
8 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"encoding/json"

  10. 	"errors"

  11. 	"fmt"

  12. 	"net/smtp"

  13. 	"net/textproto"

  14. 	"strings"

  15. 	"time"

  16. 

  17. 	"github.com/Unknwon/com"

  18. 	"github.com/go-macaron/binding"

  19. 	"github.com/go-xorm/core"

  20. 	"github.com/go-xorm/xorm"

  21. 

  22. 	"code.gitea.io/gitea/modules/auth/ldap"

  23. 	"code.gitea.io/gitea/modules/auth/pam"

  24. 	"code.gitea.io/gitea/modules/log"

  25. 	"code.gitea.io/gitea/modules/auth/oauth2"

  26. )

  27. 

  28. // LoginType represents an login type.

  29. type LoginType int

  30. 

  31. // Note: new type must append to the end of list to maintain compatibility.

  32. const (

  33. 	LoginNoType LoginType = iota

  34. 	LoginPlain   // 1

  35. 	LoginLDAP    // 2

  36. 	LoginSMTP    // 3

  37. 	LoginPAM     // 4

  38. 	LoginDLDAP   // 5

  39. 	LoginOAuth2  // 6

  40. )

  41. 

  42. // LoginNames contains the name of LoginType values.

  43. var LoginNames = map[LoginType]string{

  44. 	LoginLDAP:   "LDAP (via BindDN)",

  45. 	LoginDLDAP:  "LDAP (simple auth)", // Via direct bind

  46. 	LoginSMTP:   "SMTP",

  47. 	LoginPAM:    "PAM",

  48. 	LoginOAuth2: "OAuth2",

  49. }

  50. 

  51. // SecurityProtocolNames contains the name of SecurityProtocol values.

  52. var SecurityProtocolNames = map[ldap.SecurityProtocol]string{

  53. 	ldap.SecurityProtocolUnencrypted: "Unencrypted",

  54. 	ldap.SecurityProtocolLDAPS:       "LDAPS",

  55. 	ldap.SecurityProtocolStartTLS:    "StartTLS",

  56. }

  57. 

  58. // Ensure structs implemented interface.

  59. var (

  60. 	_ core.Conversion = &LDAPConfig{}

  61. 	_ core.Conversion = &SMTPConfig{}

  62. 	_ core.Conversion = &PAMConfig{}

  63. 	_ core.Conversion = &OAuth2Config{}

  64. )

  65. 

  66. // LDAPConfig holds configuration for LDAP login source.

  67. type LDAPConfig struct {

  68. 	*ldap.Source

  69. }

  70. 

  71. // FromDB fills up a LDAPConfig from serialized format.

  72. func (cfg *LDAPConfig) FromDB(bs []byte) error {

  73. 	return json.Unmarshal(bs, &cfg)

  74. }

  75. 

  76. // ToDB exports a LDAPConfig to a serialized format.

  77. func (cfg *LDAPConfig) ToDB() ([]byte, error) {

  78. 	return json.Marshal(cfg)

  79. }

  80. 

  81. // SecurityProtocolName returns the name of configured security

  82. // protocol.

  83. func (cfg *LDAPConfig) SecurityProtocolName() string {

  84. 	return SecurityProtocolNames[cfg.SecurityProtocol]

  85. }

  86. 

  87. // SMTPConfig holds configuration for the SMTP login source.

  88. type SMTPConfig struct {

  89. 	Auth           string

  90. 	Host           string

  91. 	Port           int

  92. 	AllowedDomains string `xorm:"TEXT"`

  93. 	TLS            bool

  94. 	SkipVerify     bool

  95. }

  96. 

  97. // FromDB fills up an SMTPConfig from serialized format.

  98. func (cfg *SMTPConfig) FromDB(bs []byte) error {

  99. 	return json.Unmarshal(bs, cfg)

  100. }

  101. 

  102. // ToDB exports an SMTPConfig to a serialized format.

  103. func (cfg *SMTPConfig) ToDB() ([]byte, error) {

  104. 	return json.Marshal(cfg)

  105. }

  106. 

  107. // PAMConfig holds configuration for the PAM login source.

  108. type PAMConfig struct {

  109. 	ServiceName string // pam service (e.g. system-auth)

  110. }

  111. 

  112. // FromDB fills up a PAMConfig from serialized format.

  113. func (cfg *PAMConfig) FromDB(bs []byte) error {

  114. 	return json.Unmarshal(bs, &cfg)

  115. }

  116. 

  117. // ToDB exports a PAMConfig to a serialized format.

  118. func (cfg *PAMConfig) ToDB() ([]byte, error) {

  119. 	return json.Marshal(cfg)

  120. }

  121. 

  122. // OAuth2Config holds configuration for the OAuth2 login source.

  123. type OAuth2Config struct {

  124. 	Provider     string

  125. 	ClientID     string

  126. 	ClientSecret string

  127. }

  128. 

  129. // FromDB fills up an OAuth2Config from serialized format.

  130. func (cfg *OAuth2Config) FromDB(bs []byte) error {

  131. 	return json.Unmarshal(bs, cfg)

  132. }

  133. 

  134. // ToDB exports an SMTPConfig to a serialized format.

  135. func (cfg *OAuth2Config) ToDB() ([]byte, error) {

  136. 	return json.Marshal(cfg)

  137. }

  138. 

  139. // LoginSource represents an external way for authorizing users.

  140. type LoginSource struct {

  141. 	ID        int64 `xorm:"pk autoincr"`

  142. 	Type      LoginType

  143. 	Name      string          `xorm:"UNIQUE"`

  144. 	IsActived bool            `xorm:"INDEX NOT NULL DEFAULT false"`

  145. 	Cfg       core.Conversion `xorm:"TEXT"`

  146. 

  147. 	Created     time.Time `xorm:"-"`

  148. 	CreatedUnix int64     `xorm:"INDEX"`

  149. 	Updated     time.Time `xorm:"-"`

  150. 	UpdatedUnix int64     `xorm:"INDEX"`

  151. }

  152. 

  153. // BeforeInsert is invoked from XORM before inserting an object of this type.

  154. func (source *LoginSource) BeforeInsert() {

  155. 	source.CreatedUnix = time.Now().Unix()

  156. 	source.UpdatedUnix = source.CreatedUnix

  157. }

  158. 

  159. // BeforeUpdate is invoked from XORM before updating this object.

  160. func (source *LoginSource) BeforeUpdate() {

  161. 	source.UpdatedUnix = time.Now().Unix()

  162. }

  163. 

  164. // Cell2Int64 converts a xorm.Cell type to int64,

  165. // and handles possible irregular cases.

  166. func Cell2Int64(val xorm.Cell) int64 {

  167. 	switch (*val).(type) {

  168. 	case []uint8:

  169. 		log.Trace("Cell2Int64 ([]uint8): %v", *val)

  170. 		return com.StrTo(string((*val).([]uint8))).MustInt64()

  171. 	}

  172. 	return (*val).(int64)

  173. }

  174. 

  175. // BeforeSet is invoked from XORM before setting the value of a field of this object.

  176. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {

  177. 	switch colName {

  178. 	case "type":

  179. 		switch LoginType(Cell2Int64(val)) {

  180. 		case LoginLDAP, LoginDLDAP:

  181. 			source.Cfg = new(LDAPConfig)

  182. 		case LoginSMTP:

  183. 			source.Cfg = new(SMTPConfig)

  184. 		case LoginPAM:

  185. 			source.Cfg = new(PAMConfig)

  186. 		case LoginOAuth2:

  187. 			source.Cfg = new(OAuth2Config)

  188. 		default:

  189. 			panic("unrecognized login source type: " + com.ToStr(*val))

  190. 		}

  191. 	}

  192. }

  193. 

  194. // AfterSet is invoked from XORM after setting the value of a field of this object.

  195. func (source *LoginSource) AfterSet(colName string, _ xorm.Cell) {

  196. 	switch colName {

  197. 	case "created_unix":

  198. 		source.Created = time.Unix(source.CreatedUnix, 0).Local()

  199. 	case "updated_unix":

  200. 		source.Updated = time.Unix(source.UpdatedUnix, 0).Local()

  201. 	}

  202. }

  203. 

  204. // TypeName return name of this login source type.

  205. func (source *LoginSource) TypeName() string {

  206. 	return LoginNames[source.Type]

  207. }

  208. 

  209. // IsLDAP returns true of this source is of the LDAP type.

  210. func (source *LoginSource) IsLDAP() bool {

  211. 	return source.Type == LoginLDAP

  212. }

  213. 

  214. // IsDLDAP returns true of this source is of the DLDAP type.

  215. func (source *LoginSource) IsDLDAP() bool {

  216. 	return source.Type == LoginDLDAP

  217. }

  218. 

  219. // IsSMTP returns true of this source is of the SMTP type.

  220. func (source *LoginSource) IsSMTP() bool {

  221. 	return source.Type == LoginSMTP

  222. }

  223. 

  224. // IsPAM returns true of this source is of the PAM type.

  225. func (source *LoginSource) IsPAM() bool {

  226. 	return source.Type == LoginPAM

  227. }

  228. 

  229. // IsOAuth2 returns true of this source is of the OAuth2 type.

  230. func (source *LoginSource) IsOAuth2() bool {

  231. 	return source.Type == LoginOAuth2

  232. }

  233. 

  234. // HasTLS returns true of this source supports TLS.

  235. func (source *LoginSource) HasTLS() bool {

  236. 	return ((source.IsLDAP() || source.IsDLDAP()) &&

  237. 		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||

  238. 		source.IsSMTP()

  239. }

  240. 

  241. // UseTLS returns true of this source is configured to use TLS.

  242. func (source *LoginSource) UseTLS() bool {

  243. 	switch source.Type {

  244. 	case LoginLDAP, LoginDLDAP:

  245. 		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted

  246. 	case LoginSMTP:

  247. 		return source.SMTP().TLS

  248. 	}

  249. 

  250. 	return false

  251. }

  252. 

  253. // SkipVerify returns true if this source is configured to skip SSL

  254. // verification.

  255. func (source *LoginSource) SkipVerify() bool {

  256. 	switch source.Type {

  257. 	case LoginLDAP, LoginDLDAP:

  258. 		return source.LDAP().SkipVerify

  259. 	case LoginSMTP:

  260. 		return source.SMTP().SkipVerify

  261. 	}

  262. 

  263. 	return false

  264. }

  265. 

  266. // LDAP returns LDAPConfig for this source, if of LDAP type.

  267. func (source *LoginSource) LDAP() *LDAPConfig {

  268. 	return source.Cfg.(*LDAPConfig)

  269. }

  270. 

  271. // SMTP returns SMTPConfig for this source, if of SMTP type.

  272. func (source *LoginSource) SMTP() *SMTPConfig {

  273. 	return source.Cfg.(*SMTPConfig)

  274. }

  275. 

  276. // PAM returns PAMConfig for this source, if of PAM type.

  277. func (source *LoginSource) PAM() *PAMConfig {

  278. 	return source.Cfg.(*PAMConfig)

  279. }

  280. 

  281. // OAuth2 returns OAuth2Config for this source, if of OAuth2 type.

  282. func (source *LoginSource) OAuth2() *OAuth2Config {

  283. 	return source.Cfg.(*OAuth2Config)

  284. }

  285. 

  286. // CreateLoginSource inserts a LoginSource in the DB if not already

  287. // existing with the given name.

  288. func CreateLoginSource(source *LoginSource) error {

  289. 	has, err := x.Get(&LoginSource{Name: source.Name})

  290. 	if err != nil {

  291. 		return err

  292. 	} else if has {

  293. 		return ErrLoginSourceAlreadyExist{source.Name}

  294. 	}

  295. 

  296. 	_, err = x.Insert(source)

  297. 	if err == nil && source.IsOAuth2() {

  298. 		oAuth2Config := source.OAuth2()

  299. 		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)

  300. 	}

  301. 	return err

  302. }

  303. 

  304. // LoginSources returns a slice of all login sources found in DB.

  305. func LoginSources() ([]*LoginSource, error) {

  306. 	auths := make([]*LoginSource, 0, 6)

  307. 	return auths, x.Find(&auths)

  308. }

  309. 

  310. // GetLoginSourceByID returns login source by given ID.

  311. func GetLoginSourceByID(id int64) (*LoginSource, error) {

  312. 	source := new(LoginSource)

  313. 	has, err := x.Id(id).Get(source)

  314. 	if err != nil {

  315. 		return nil, err

  316. 	} else if !has {

  317. 		return nil, ErrLoginSourceNotExist{id}

  318. 	}

  319. 	return source, nil

  320. }

  321. 

  322. // UpdateSource updates a LoginSource record in DB.

  323. func UpdateSource(source *LoginSource) error {

  324. 	_, err := x.Id(source.ID).AllCols().Update(source)

  325. 	if err == nil && source.IsOAuth2() {

  326. 		oAuth2Config := source.OAuth2()

  327. 		oauth2.RemoveProvider(source.Name)

  328. 		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)

  329. 	}

  330. 	return err

  331. }

  332. 

  333. // DeleteSource deletes a LoginSource record in DB.

  334. func DeleteSource(source *LoginSource) error {

  335. 	count, err := x.Count(&User{LoginSource: source.ID})

  336. 	if err != nil {

  337. 		return err

  338. 	} else if count > 0 {

  339. 		return ErrLoginSourceInUse{source.ID}

  340. 	}

  341. 

  342. 	count, err = x.Count(&ExternalLoginUser{LoginSourceID: source.ID})

  343. 	if err != nil {

  344. 		return err

  345. 	} else if count > 0 {

  346. 		return ErrLoginSourceInUse{source.ID}

  347. 	}

  348. 

  349. 	if source.IsOAuth2() {

  350. 		oauth2.RemoveProvider(source.Name)

  351. 	}

  352. 

  353. 	_, err = x.Id(source.ID).Delete(new(LoginSource))

  354. 	return err

  355. }

  356. 

  357. // CountLoginSources returns number of login sources.

  358. func CountLoginSources() int64 {

  359. 	count, _ := x.Count(new(LoginSource))

  360. 	return count

  361. }

  362. 

  363. // .____     ________      _____ __________

  364. // |    |    \______ \    /  _  \\______   \

  365. // |    |     |    |  \  /  /_\  \|     ___/

  366. // |    |___  |    `   \/    |    \    |

  367. // |_______ \/_______  /\____|__  /____|

  368. //         \/        \/         \/

  369. 

  370. func composeFullName(firstname, surname, username string) string {

  371. 	switch {

  372. 	case len(firstname) == 0 && len(surname) == 0:

  373. 		return username

  374. 	case len(firstname) == 0:

  375. 		return surname

  376. 	case len(surname) == 0:

  377. 		return firstname

  378. 	default:

  379. 		return firstname + " " + surname

  380. 	}

  381. }

  382. 

  383. // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,

  384. // and create a local user if success when enabled.

  385. func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {

  386. 	username, fn, sn, mail, isAdmin, succeed := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)

  387. 	if !succeed {

  388. 		// User not in LDAP, do nothing

  389. 		return nil, ErrUserNotExist{0, login, 0}

  390. 	}

  391. 

  392. 	if !autoRegister {

  393. 		return user, nil

  394. 	}

  395. 

  396. 	// Fallback.

  397. 	if len(username) == 0 {

  398. 		username = login

  399. 	}

  400. 	// Validate username make sure it satisfies requirement.

  401. 	if binding.AlphaDashDotPattern.MatchString(username) {

  402. 		return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", username)

  403. 	}

  404. 

  405. 	if len(mail) == 0 {

  406. 		mail = fmt.Sprintf("%s@localhost", username)

  407. 	}

  408. 

  409. 	user = &User{

  410. 		LowerName:   strings.ToLower(username),

  411. 		Name:        username,

  412. 		FullName:    composeFullName(fn, sn, username),

  413. 		Email:       mail,

  414. 		LoginType:   source.Type,

  415. 		LoginSource: source.ID,

  416. 		LoginName:   login,

  417. 		IsActive:    true,

  418. 		IsAdmin:     isAdmin,

  419. 	}

  420. 	return user, CreateUser(user)

  421. }

  422. 

  423. //   _________   __________________________

  424. //  /   _____/  /     \__    ___/\______   \

  425. //  \_____  \  /  \ /  \|    |    |     ___/

  426. //  /        \/    Y    \    |    |    |

  427. // /_______  /\____|__  /____|    |____|

  428. //         \/         \/

  429. 

  430. type smtpLoginAuth struct {

  431. 	username, password string

  432. }

  433. 

  434. func (auth *smtpLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {

  435. 	return "LOGIN", []byte(auth.username), nil

  436. }

  437. 

  438. func (auth *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {

  439. 	if more {

  440. 		switch string(fromServer) {

  441. 		case "Username:":

  442. 			return []byte(auth.username), nil

  443. 		case "Password:":

  444. 			return []byte(auth.password), nil

  445. 		}

  446. 	}

  447. 	return nil, nil

  448. }

  449. 

  450. // SMTP authentication type names.

  451. const (

  452. 	SMTPPlain = "PLAIN"

  453. 	SMTPLogin = "LOGIN"

  454. )

  455. 

  456. // SMTPAuths contains available SMTP authentication type names.

  457. var SMTPAuths = []string{SMTPPlain, SMTPLogin}

  458. 

  459. // SMTPAuth performs an SMTP authentication.

  460. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {

  461. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))

  462. 	if err != nil {

  463. 		return err

  464. 	}

  465. 	defer c.Close()

  466. 

  467. 	if err = c.Hello("gogs"); err != nil {

  468. 		return err

  469. 	}

  470. 

  471. 	if cfg.TLS {

  472. 		if ok, _ := c.Extension("STARTTLS"); ok {

  473. 			if err = c.StartTLS(&tls.Config{

  474. 				InsecureSkipVerify: cfg.SkipVerify,

  475. 				ServerName:         cfg.Host,

  476. 			}); err != nil {

  477. 				return err

  478. 			}

  479. 		} else {

  480. 			return errors.New("SMTP server unsupports TLS")

  481. 		}

  482. 	}

  483. 

  484. 	if ok, _ := c.Extension("AUTH"); ok {

  485. 		if err = c.Auth(a); err != nil {

  486. 			return err

  487. 		}

  488. 		return nil

  489. 	}

  490. 	return ErrUnsupportedLoginType

  491. }

  492. 

  493. // LoginViaSMTP queries if login/password is valid against the SMTP,

  494. // and create a local user if success when enabled.

  495. func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {

  496. 	// Verify allowed domains.

  497. 	if len(cfg.AllowedDomains) > 0 {

  498. 		idx := strings.Index(login, "@")

  499. 		if idx == -1 {

  500. 			return nil, ErrUserNotExist{0, login, 0}

  501. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), login[idx + 1:]) {

  502. 			return nil, ErrUserNotExist{0, login, 0}

  503. 		}

  504. 	}

  505. 

  506. 	var auth smtp.Auth

  507. 	if cfg.Auth == SMTPPlain {

  508. 		auth = smtp.PlainAuth("", login, password, cfg.Host)

  509. 	} else if cfg.Auth == SMTPLogin {

  510. 		auth = &smtpLoginAuth{login, password}

  511. 	} else {

  512. 		return nil, errors.New("Unsupported SMTP auth type")

  513. 	}

  514. 

  515. 	if err := SMTPAuth(auth, cfg); err != nil {

  516. 		// Check standard error format first,

  517. 		// then fallback to worse case.

  518. 		tperr, ok := err.(*textproto.Error)

  519. 		if (ok && tperr.Code == 535) ||

  520. 			strings.Contains(err.Error(), "Username and Password not accepted") {

  521. 			return nil, ErrUserNotExist{0, login, 0}

  522. 		}

  523. 		return nil, err

  524. 	}

  525. 

  526. 	if !autoRegister {

  527. 		return user, nil

  528. 	}

  529. 

  530. 	username := login

  531. 	idx := strings.Index(login, "@")

  532. 	if idx > -1 {

  533. 		username = login[:idx]

  534. 	}

  535. 

  536. 	user = &User{

  537. 		LowerName:   strings.ToLower(username),

  538. 		Name:        strings.ToLower(username),

  539. 		Email:       login,

  540. 		Passwd:      password,

  541. 		LoginType:   LoginSMTP,

  542. 		LoginSource: sourceID,

  543. 		LoginName:   login,

  544. 		IsActive:    true,

  545. 	}

  546. 	return user, CreateUser(user)

  547. }

  548. 

  549. // __________  _____      _____

  550. // \______   \/  _  \    /     \

  551. //  |     ___/  /_\  \  /  \ /  \

  552. //  |    |  /    |    \/    Y    \

  553. //  |____|  \____|__  /\____|__  /

  554. //                  \/         \/

  555. 

  556. // LoginViaPAM queries if login/password is valid against the PAM,

  557. // and create a local user if success when enabled.

  558. func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {

  559. 	if err := pam.Auth(cfg.ServiceName, login, password); err != nil {

  560. 		if strings.Contains(err.Error(), "Authentication failure") {

  561. 			return nil, ErrUserNotExist{0, login, 0}

  562. 		}

  563. 		return nil, err

  564. 	}

  565. 

  566. 	if !autoRegister {

  567. 		return user, nil

  568. 	}

  569. 

  570. 	user = &User{

  571. 		LowerName:   strings.ToLower(login),

  572. 		Name:        login,

  573. 		Email:       login,

  574. 		Passwd:      password,

  575. 		LoginType:   LoginPAM,

  576. 		LoginSource: sourceID,

  577. 		LoginName:   login,

  578. 		IsActive:    true,

  579. 	}

  580. 	return user, CreateUser(user)

  581. }

  582. 

  583. //  ________      _____          __  .__     ________

  584. //  \_____  \    /  _  \  __ ___/  |_|  |__  \_____  \

  585. //   /   |   \  /  /_\  \|  |  \   __\  |  \  /  ____/

  586. //  /    |    \/    |    \  |  /|  | |   Y  \/       \

  587. //  \_______  /\____|__  /____/ |__| |___|  /\_______ \

  588. //          \/         \/                 \/         \/

  589. 

  590. // OAuth2Provider describes the display values of a single OAuth2 provider

  591. type OAuth2Provider struct {

  592. 	Name string

  593. 	DisplayName string

  594. 	Image string

  595. }

  596. 

  597. // OAuth2Providers contains the map of registered OAuth2 providers in Gitea (based on goth)

  598. // key is used to map the OAuth2Provider with the goth provider type (also in LoginSource.OAuth2Config.Provider)

  599. // value is used to store display data

  600. var OAuth2Providers = map[string]OAuth2Provider{

  601. 	"github":   {Name: "github", DisplayName:"GitHub", Image: "/img/github.png"},

  602. }

  603. 

  604. // ExternalUserLogin attempts a login using external source types.

  605. func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {

  606. 	if !source.IsActived {

  607. 		return nil, ErrLoginSourceNotActived

  608. 	}

  609. 

  610. 	switch source.Type {

  611. 	case LoginLDAP, LoginDLDAP:

  612. 		return LoginViaLDAP(user, login, password, source, autoRegister)

  613. 	case LoginSMTP:

  614. 		return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)

  615. 	case LoginPAM:

  616. 		return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)

  617. 	}

  618. 

  619. 	return nil, ErrUnsupportedLoginType

  620. }

  621. 

  622. // UserSignIn validates user name and password.

  623. func UserSignIn(username, password string) (*User, error) {

  624. 	var user *User

  625. 	if strings.Contains(username, "@") {

  626. 		user = &User{Email: strings.ToLower(strings.TrimSpace(username))}

  627. 	} else {

  628. 		user = &User{LowerName: strings.ToLower(strings.TrimSpace(username))}

  629. 	}

  630. 

  631. 	hasUser, err := x.Get(user)

  632. 	if err != nil {

  633. 		return nil, err

  634. 	}

  635. 

  636. 	if hasUser {

  637. 		switch user.LoginType {

  638. 		case LoginNoType, LoginPlain, LoginOAuth2:

  639. 			if user.ValidatePassword(password) {

  640. 				return user, nil

  641. 			}

  642. 

  643. 			return nil, ErrUserNotExist{user.ID, user.Name, 0}

  644. 

  645. 		default:

  646. 			var source LoginSource

  647. 			hasSource, err := x.Id(user.LoginSource).Get(&source)

  648. 			if err != nil {

  649. 				return nil, err

  650. 			} else if !hasSource {

  651. 				return nil, ErrLoginSourceNotExist{user.LoginSource}

  652. 			}

  653. 

  654. 			return ExternalUserLogin(user, user.LoginName, password, &source, false)

  655. 		}

  656. 	}

  657. 

  658. 	sources := make([]*LoginSource, 0, 5)

  659. 	if err = x.UseBool().Find(&sources, &LoginSource{IsActived: true}); err != nil {

  660. 		return nil, err

  661. 	}

  662. 

  663. 	for _, source := range sources {

  664. 		if source.IsOAuth2() {

  665. 			// don't try to authenticate against OAuth2 sources

  666. 			continue

  667. 		}

  668. 		authUser, err := ExternalUserLogin(nil, username, password, source, true)

  669. 		if err == nil {

  670. 			return authUser, nil

  671. 		}

  672. 

  673. 		log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)

  674. 	}

  675. 

  676. 	return nil, ErrUserNotExist{user.ID, user.Name, 0}

  677. }

  678. 

  679. // GetActiveOAuth2ProviderLoginSources returns all actived LoginOAuth2 sources

  680. func GetActiveOAuth2ProviderLoginSources() ([]*LoginSource, error) {

  681. 	sources := make([]*LoginSource, 0, 1)

  682. 	if err := x.UseBool().Find(&sources, &LoginSource{IsActived: true, Type: LoginOAuth2}); err != nil {

  683. 		return nil, err

  684. 	}

  685. 	return sources, nil

  686. }

  687. 

  688. // GetActiveOAuth2LoginSourceByName returns a OAuth2 LoginSource based on the given name

  689. func GetActiveOAuth2LoginSourceByName(name string) (*LoginSource, error) {

  690. 	loginSource := &LoginSource{

  691. 		Name:      name,

  692. 		Type:      LoginOAuth2,

  693. 		IsActived: true,

  694. 	}

  695. 

  696. 	has, err := x.UseBool().Get(loginSource)

  697. 	if !has || err != nil {

  698. 		return nil, err

  699. 	}

  700. 

  701. 	return loginSource, nil

  702. }

  703. 

  704. // GetActiveOAuth2Providers returns the map of configured active OAuth2 providers

  705. // key is used as technical name (like in the callbackURL)

  706. // values to display

  707. func GetActiveOAuth2Providers() (map[string]OAuth2Provider, error) {

  708. 	// Maybe also seperate used and unused providers so we can force the registration of only 1 active provider for each type

  709. 

  710. 	loginSources, err := GetActiveOAuth2ProviderLoginSources()

  711. 	if err != nil {

  712. 		return nil, err

  713. 	}

  714. 

  715. 	providers := make(map[string]OAuth2Provider)

  716. 	for _, source := range loginSources {

  717. 		providers[source.Name] = OAuth2Providers[source.OAuth2().Provider]

  718. 	}

  719. 

  720. 	return providers, nil

  721. }

  722. 

  723. // InitOAuth2 initialize the OAuth2 lib and register all active OAuth2 providers in the library

  724. func InitOAuth2() {

  725. 	oauth2.Init()

  726. 	loginSources, _ := GetActiveOAuth2ProviderLoginSources()

  727. 

  728. 	for _, source := range loginSources {

  729. 		oAuth2Config := source.OAuth2()

  730. 		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)

  731. 	}

  732. }

No Description