OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
Browse Source

Merge pull request #1507 from cloudron-io/develop 

Set IsAdmin using LDAP
tags/v1.2.0-rc1
无闻 9 years ago
parent
0ca8536c25 0beabbda4a
commit
7703fe626d
7 changed files with 38 additions and 8 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      conf/locale/locale_en-US.ini
  2. +2
    -1
      models/login.go
  3. +1
    -0
      modules/auth/auth_form.go
  4. +24
    -7
      modules/auth/ldap/ldap.go
  5. +2
    -0
      routers/admin/auths.go
  6. +4
    -0
      templates/admin/auth/edit.tmpl
  7. +4
    -0
      templates/admin/auth/new.tmpl

+ 1
- 0
conf/locale/locale_en-US.ini View File

@@ -761,6 +761,7 @@ auths.attribute_name = First name attribute
auths.attribute_surname = Surname attribute auths.attribute_surname = Surname attribute
auths.attribute_mail = E-mail attribute auths.attribute_mail = E-mail attribute
auths.filter = User Filter auths.filter = User Filter
auths.admin_filter = Admin Filter
auths.ms_ad_sa = Ms Ad SA auths.ms_ad_sa = Ms Ad SA
auths.smtp_auth = SMTP Authorization Type auths.smtp_auth = SMTP Authorization Type
auths.smtphost = SMTP Host auths.smtphost = SMTP Host


+ 2
- 1
models/login.go View File

@@ -257,7 +257,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
// Return the same LoginUserPlain semantic // Return the same LoginUserPlain semantic
// FIXME: https://github.com/gogits/gogs/issues/672 // FIXME: https://github.com/gogits/gogs/issues/672
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) { func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd)
if !logged { if !logged {
// User not in LDAP, do nothing // User not in LDAP, do nothing
return nil, ErrUserNotExist{0, name} return nil, ErrUserNotExist{0, name}
@@ -281,6 +281,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
LoginName: name, LoginName: name,
Passwd: passwd, Passwd: passwd,
Email: mail, Email: mail,
IsAdmin: admin,
IsActive: true, IsActive: true,
} }
return u, CreateUser(u) return u, CreateUser(u)


+ 1
- 0
modules/auth/auth_form.go View File

@@ -23,6 +23,7 @@ type AuthenticationForm struct {
AttributeSurname string AttributeSurname string
AttributeMail string AttributeMail string
Filter string Filter string
AdminFilter string
IsActived bool IsActived bool
SMTPAuth string `form:"smtp_auth"` SMTPAuth string `form:"smtp_auth"`
SMTPHost string `form:"smtp_host"` SMTPHost string `form:"smtp_host"`


+ 24
- 7
modules/auth/ldap/ldap.go View File

@@ -26,6 +26,7 @@ type Ldapsource struct {
AttributeSurname string // Surname attribute AttributeSurname string // Surname attribute
AttributeMail string // E-mail attribute AttributeMail string // E-mail attribute
Filter string // Query filter to validate entry Filter string // Query filter to validate entry
AdminFilter string // Query filter to check if user is admin
Enabled bool // if this source is disabled Enabled bool // if this source is disabled
} }


@@ -77,17 +78,17 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
} }


// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool) {
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool, bool) {
userDN, found := ls.FindUserDN(name) userDN, found := ls.FindUserDN(name)
if !found { if !found {
return "", "", "", false
return "", "", "", false, false
} }


l, err := ldapDial(ls) l, err := ldapDial(ls)
if err != nil { if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
ls.Enabled = false ls.Enabled = false
return "", "", "", false
return "", "", "", false, false
} }


defer l.Close() defer l.Close()
@@ -96,7 +97,7 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, b
err = l.Bind(userDN, passwd) err = l.Bind(userDN, passwd)
if err != nil { if err != nil {
log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err) log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)
return "", "", "", false
return "", "", "", false, false
} }


log.Trace("Bound successfully with userDN: %s", userDN) log.Trace("Bound successfully with userDN: %s", userDN)
@@ -109,16 +110,32 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, b
sr, err := l.Search(search) sr, err := l.Search(search)
if err != nil { if err != nil {
log.Error(4, "LDAP Search failed unexpectedly! (%v)", err) log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
return "", "", "", false
return "", "", "", false, false
} else if len(sr.Entries) < 1 { } else if len(sr.Entries) < 1 {
log.Error(4, "LDAP Search failed unexpectedly! (0 entries)") log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
return "", "", "", false
return "", "", "", false, false
} }


name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName) name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)
sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname) sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail) mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
return name_attr, sn_attr, mail_attr, true

search = ldap.NewSearchRequest(
userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
[]string{ls.AttributeName},
nil)

sr, err = l.Search(search)
admin_attr := false
if err != nil {
log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)
} else if len(sr.Entries) < 1 {
log.Error(4, "LDAP Admin Search failed")
} else {
admin_attr = true
}

return name_attr, sn_attr, mail_attr, admin_attr, true
} }


func ldapDial(ls Ldapsource) (*ldap.Conn, error) { func ldapDial(ls Ldapsource) (*ldap.Conn, error) {


+ 2
- 0
routers/admin/auths.go View File

@@ -71,6 +71,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
BindPassword: form.BindPassword, BindPassword: form.BindPassword,
UserBase: form.UserBase, UserBase: form.UserBase,
Filter: form.Filter, Filter: form.Filter,
AdminFilter: form.AdminFilter,
AttributeName: form.AttributeName, AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname, AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail, AttributeMail: form.AttributeMail,
@@ -160,6 +161,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
AttributeSurname: form.AttributeSurname, AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail, AttributeMail: form.AttributeMail,
Filter: form.Filter, Filter: form.Filter,
AdminFilter: form.AdminFilter,
Enabled: true, Enabled: true,
}, },
} }


+ 4
- 0
templates/admin/auth/edit.tmpl View File

@@ -60,6 +60,10 @@
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.Source.LDAP.Filter}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.Source.LDAP.Filter}}" />
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.admin_filter"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_AdminFilter}}ipt-error{{end}}" id="admin_filter" name="admin_filter" value="{{.Source.LDAP.AdminFilter}}" />
</div>
<div class="field">
<label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label> <label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" />
</div> </div>


+ 4
- 0
templates/admin/auth/new.tmpl View File

@@ -56,6 +56,10 @@
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.filter}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.filter}}" />
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.admin_filter"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_AdminFilter}}ipt-error{{end}}" id="admin_filter" name="admin_filter" value="{{.admin_filter}}" />
</div>
<div class="field">
<label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label> <label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_AttributeName}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.attribute_name}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_AttributeName}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.attribute_name}}" />
</div> </div>


Write Preview
Loading…
Cancel
Save