gitea/models/login.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package models

import (
	"crypto/tls"
	"encoding/json"
	"errors"
	"fmt"
	"net/smtp"
	"strings"
	"time"

	"github.com/go-xorm/core"
	"github.com/go-xorm/xorm"

	"github.com/gogits/gogs/modules/auth/ldap"
	"github.com/gogits/gogs/modules/auth/pam"
	"github.com/gogits/gogs/modules/log"
)

type LoginType int

// Note: new type must be added at the end of list to maintain compatibility.
const (
	NOTYPE LoginType = iota
	PLAIN
	LDAP
	SMTP
	PAM
	DLDAP
)

var (
	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")
	ErrAuthenticationNotExist     = errors.New("Authentication does not exist")
	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")
)

var LoginTypes = map[LoginType]string{
	LDAP:  "LDAP (via BindDN)",
	DLDAP: "LDAP (simple auth)",
	SMTP:  "SMTP",
	PAM:   "PAM",
}

// Ensure structs implemented interface.
var (
	_ core.Conversion = &LDAPConfig{}
	_ core.Conversion = &SMTPConfig{}
	_ core.Conversion = &PAMConfig{}
)

type LDAPConfig struct {
	ldap.Ldapsource
}

func (cfg *LDAPConfig) FromDB(bs []byte) error {
	return json.Unmarshal(bs, &cfg.Ldapsource)
}

func (cfg *LDAPConfig) ToDB() ([]byte, error) {
	return json.Marshal(cfg.Ldapsource)
}

type SMTPConfig struct {
	Auth       string
	Host       string
	Port       int
	TLS        bool
	SkipVerify bool
}

func (cfg *SMTPConfig) FromDB(bs []byte) error {
	return json.Unmarshal(bs, cfg)
}

func (cfg *SMTPConfig) ToDB() ([]byte, error) {
	return json.Marshal(cfg)
}

type PAMConfig struct {
	ServiceName string // pam service (e.g. system-auth)
}

func (cfg *PAMConfig) FromDB(bs []byte) error {
	return json.Unmarshal(bs, &cfg)
}

func (cfg *PAMConfig) ToDB() ([]byte, error) {
	return json.Marshal(cfg)
}

type LoginSource struct {
	ID                int64 `xorm:"pk autoincr"`
	Type              LoginType
	Name              string          `xorm:"UNIQUE"`
	IsActived         bool            `xorm:"NOT NULL DEFAULT false"`
	Cfg               core.Conversion `xorm:"TEXT"`
	AllowAutoRegister bool            `xorm:"NOT NULL DEFAULT false"`
	Created           time.Time       `xorm:"CREATED"`
	Updated           time.Time       `xorm:"UPDATED"`
}

func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
	switch colName {
	case "type":
		switch LoginType((*val).(int64)) {
		case LDAP, DLDAP:
			source.Cfg = new(LDAPConfig)
		case SMTP:
			source.Cfg = new(SMTPConfig)
		case PAM:
			source.Cfg = new(PAMConfig)
		}
	}
}

func (source *LoginSource) TypeString() string {
	return LoginTypes[source.Type]
}

func (source *LoginSource) LDAP() *LDAPConfig {
	return source.Cfg.(*LDAPConfig)
}

func (source *LoginSource) SMTP() *SMTPConfig {
	return source.Cfg.(*SMTPConfig)
}

func (source *LoginSource) PAM() *PAMConfig {
	return source.Cfg.(*PAMConfig)
}

func CreateSource(source *LoginSource) error {
	_, err := x.Insert(source)
	return err
}

func GetAuths() ([]*LoginSource, error) {
	auths := make([]*LoginSource, 0, 5)
	return auths, x.Find(&auths)
}

func GetLoginSourceByID(id int64) (*LoginSource, error) {
	source := new(LoginSource)
	has, err := x.Id(id).Get(source)
	if err != nil {
		return nil, err
	} else if !has {
		return nil, ErrAuthenticationNotExist
	}
	return source, nil
}

func UpdateSource(source *LoginSource) error {
	_, err := x.Id(source.ID).AllCols().Update(source)
	return err
}

func DelLoginSource(source *LoginSource) error {
	cnt, err := x.Count(&User{LoginSource: source.ID})
	if err != nil {
		return err
	}
	if cnt > 0 {
		return ErrAuthenticationUserUsed
	}
	_, err = x.Id(source.ID).Delete(&LoginSource{})
	return err
}

// UserSignIn validates user name and password.
func UserSignIn(uname, passwd string) (*User, error) {
	var u *User
	if strings.Contains(uname, "@") {
		u = &User{Email: uname}
	} else {
		u = &User{LowerName: strings.ToLower(uname)}
	}

	userExists, err := x.Get(u)
	if err != nil {
		return nil, err
	}

	if userExists {
		switch u.LoginType {
		case NOTYPE:
			fallthrough
		case PLAIN:
			if u.ValidatePassword(passwd) {
				return u, nil
			}

			return nil, ErrUserNotExist{u.Id, u.Name}
		default:
			var source LoginSource
			hasSource, err := x.Id(u.LoginSource).Get(&source)
			if err != nil {
				return nil, err
			} else if !hasSource {
				return nil, ErrLoginSourceNotExist
			}

			return ExternalUserLogin(u, u.LoginName, passwd, &source, false)
		}
	}

	var sources []LoginSource
	if err = x.UseBool().Find(&sources, &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {
		return nil, err
	}

	for _, source := range sources {
		u, err := ExternalUserLogin(nil, uname, passwd, &source, true)
		if err == nil {
			return u, nil
		}

		log.Warn("Failed to login '%s' via '%s': %v", uname, source.Name, err)
	}

	return nil, ErrUserNotExist{u.Id, u.Name}
}

func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
	if !source.IsActived {
		return nil, ErrLoginSourceNotActived
	}

	switch source.Type {
	case LDAP, DLDAP:
		return LoginUserLdapSource(u, name, passwd, source, autoRegister)
	case SMTP:
		return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
	case PAM:
		return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)
	}

	return nil, ErrUnsupportedLoginType
}

// Query if name/passwd can login against the LDAP directory pool
// Create a local user if success
// Return the same LoginUserPlain semantic
// FIXME: https://github.com/gogits/gogs/issues/672
func LoginUserLdapSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
	cfg := source.Cfg.(*LDAPConfig)
	directBind := (source.Type == DLDAP)
	fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind)
	if !logged {
		// User not in LDAP, do nothing
		return nil, ErrUserNotExist{0, name}
	}

	if !autoRegister {
		return u, nil
	}

	// Fallback.
	if len(mail) == 0 {
		mail = fmt.Sprintf("%s@localhost", name)
	}

	u = &User{
		LowerName:   strings.ToLower(name),
		Name:        name,
		FullName:    fn + " " + sn,
		LoginType:   source.Type,
		LoginSource: source.ID,
		LoginName:   name,
		Passwd:      passwd,
		Email:       mail,
		IsAdmin:     admin,
		IsActive:    true,
	}
	return u, CreateUser(u)
}

type loginAuth struct {
	username, password string
}

func LoginAuth(username, password string) smtp.Auth {
	return &loginAuth{username, password}
}

func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
	return "LOGIN", []byte(a.username), nil
}

func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
	if more {
		switch string(fromServer) {
		case "Username:":
			return []byte(a.username), nil
		case "Password:":
			return []byte(a.password), nil
		}
	}
	return nil, nil
}

const (
	SMTP_PLAIN = "PLAIN"
	SMTP_LOGIN = "LOGIN"
)

var (
	SMTPAuths = []string{SMTP_PLAIN, SMTP_LOGIN}
)

func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))
	if err != nil {
		return err
	}
	defer c.Close()

	if err = c.Hello("gogs"); err != nil {
		return err
	}

	if cfg.TLS {
		if ok, _ := c.Extension("STARTTLS"); ok {
			if err = c.StartTLS(&tls.Config{
				InsecureSkipVerify: cfg.SkipVerify,
				ServerName:         cfg.Host,
			}); err != nil {
				return err
			}
		} else {
			return errors.New("SMTP server unsupports TLS")
		}
	}

	if ok, _ := c.Extension("AUTH"); ok {
		if err = c.Auth(a); err != nil {
			return err
		}
		return nil
	}
	return ErrUnsupportedLoginType
}

// Query if name/passwd can login against the LDAP directory pool
// Create a local user if success
// Return the same LoginUserPlain semantic
func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
	var auth smtp.Auth
	if cfg.Auth == SMTP_PLAIN {
		auth = smtp.PlainAuth("", name, passwd, cfg.Host)
	} else if cfg.Auth == SMTP_LOGIN {
		auth = LoginAuth(name, passwd)
	} else {
		return nil, errors.New("Unsupported SMTP auth type")
	}

	if err := SMTPAuth(auth, cfg); err != nil {
		if strings.Contains(err.Error(), "Username and Password not accepted") {
			return nil, ErrUserNotExist{u.Id, u.Name}
		}
		return nil, err
	}

	if !autoRegister {
		return u, nil
	}

	var loginName = name
	idx := strings.Index(name, "@")
	if idx > -1 {
		loginName = name[:idx]
	}
	// fake a local user creation
	u = &User{
		LowerName:   strings.ToLower(loginName),
		Name:        strings.ToLower(loginName),
		LoginType:   SMTP,
		LoginSource: sourceId,
		LoginName:   name,
		IsActive:    true,
		Passwd:      passwd,
		Email:       name,
	}
	err := CreateUser(u)
	return u, err
}

// Query if name/passwd can login against PAM
// Create a local user if success
// Return the same LoginUserPlain semantic
func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
	if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
		if strings.Contains(err.Error(), "Authentication failure") {
			return nil, ErrUserNotExist{u.Id, u.Name}
		}
		return nil, err
	}

	if !autoRegister {
		return u, nil
	}

	// fake a local user creation
	u = &User{
		LowerName:   strings.ToLower(name),
		Name:        strings.ToLower(name),
		LoginType:   PAM,
		LoginSource: sourceId,
		LoginName:   name,
		IsActive:    true,
		Passwd:      passwd,
		Email:       name,
	}
	err := CreateUser(u)
	return u, err
}
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
fix code 2014-05-05 13:32:47 +04:00			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

add login.go 2014-04-26 10:21:04 +04:00			`package models`

ldap support 2014-05-03 06:48:14 +04:00			`import (`
Make gmail auth work 2014-05-15 22:46:04 +04:00			`"crypto/tls"`
ldap support 2014-05-03 06:48:14 +04:00			`"encoding/json"`
basic authentications 2014-05-05 12:40:25 +04:00			`"errors"`
add smtp authentication 2014-05-11 11:49:36 +04:00			`"fmt"`
			`"net/smtp"`
merge all login methods 2014-05-11 10:12:45 +04:00			`"strings"`
ldap support 2014-05-03 06:48:14 +04:00			`"time"`
add login.go 2014-04-26 10:21:04 +04:00
ldap support 2014-05-03 06:48:14 +04:00			`"github.com/go-xorm/core"`
basic authentications 2014-05-05 12:40:25 +04:00			`"github.com/go-xorm/xorm"`
fix code 2014-05-05 13:32:47 +04:00
ldap support 2014-05-03 06:48:14 +04:00			`"github.com/gogits/gogs/modules/auth/ldap"`
Add PAM authentication 2015-04-23 14:58:57 +03:00			`"github.com/gogits/gogs/modules/auth/pam"`
bug fixed #193 2014-05-15 18:34:36 +04:00			`"github.com/gogits/gogs/modules/log"`
ldap support 2014-05-03 06:48:14 +04:00			`)`
add login.go 2014-04-26 10:21:04 +04:00
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`type LoginType int`

minor fix on #1581 2015-09-10 22:03:14 +03:00			`// Note: new type must be added at the end of list to maintain compatibility.`
basic authentications 2014-05-05 12:40:25 +04:00			`const (`
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`NOTYPE LoginType = iota`
			`PLAIN`
			`LDAP`
			`SMTP`
Add PAM authentication 2015-04-23 14:58:57 +03:00			`PAM`
minor fix on #1581 2015-09-10 22:03:14 +03:00			`DLDAP`
basic authentications 2014-05-05 12:40:25 +04:00			`)`

			`var (`
			`ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")`
fix code 2014-05-05 13:32:47 +04:00			`ErrAuthenticationNotExist = errors.New("Authentication does not exist")`
basic authentications 2014-05-05 12:40:25 +04:00			`ErrAuthenticationUserUsed = errors.New("Authentication has been used by some users")`
			`)`

Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`var LoginTypes = map[LoginType]string{`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`LDAP: "LDAP (via BindDN)",`
			`DLDAP: "LDAP (simple auth)",`
			`SMTP: "SMTP",`
			`PAM: "PAM",`
basic authentications 2014-05-05 12:40:25 +04:00			`}`
add login.go 2014-04-26 10:21:04 +04:00
Fix spelling errors in comments. 2014-12-07 04:22:48 +03:00			`// Ensure structs implemented interface.`
Fix edit auth page bug 2014-05-12 19:02:36 +04:00			`var (`
			`_ core.Conversion = &LDAPConfig{}`
			`_ core.Conversion = &SMTPConfig{}`
Add PAM authentication 2015-04-23 14:58:57 +03:00			`_ core.Conversion = &PAMConfig{}`
Fix edit auth page bug 2014-05-12 19:02:36 +04:00			`)`
add login.go 2014-04-26 10:21:04 +04:00
			`type LDAPConfig struct {`
ldap support 2014-05-03 06:48:14 +04:00			`ldap.Ldapsource`
add login.go 2014-04-26 10:21:04 +04:00			`}`

			`func (cfg *LDAPConfig) FromDB(bs []byte) error {`
ldap support 2014-05-03 06:48:14 +04:00			`return json.Unmarshal(bs, &cfg.Ldapsource)`
add login.go 2014-04-26 10:21:04 +04:00			`}`

			`func (cfg *LDAPConfig) ToDB() ([]byte, error) {`
ldap support 2014-05-03 06:48:14 +04:00			`return json.Marshal(cfg.Ldapsource)`
add login.go 2014-04-26 10:21:04 +04:00			`}`

add smtp authentication 2014-05-11 11:49:36 +04:00			`type SMTPConfig struct {`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`Auth string`
			`Host string`
			`Port int`
			`TLS bool`
			`SkipVerify bool`
add smtp authentication 2014-05-11 11:49:36 +04:00			`}`

			`func (cfg *SMTPConfig) FromDB(bs []byte) error {`
			`return json.Unmarshal(bs, cfg)`
			`}`

			`func (cfg *SMTPConfig) ToDB() ([]byte, error) {`
			`return json.Marshal(cfg)`
			`}`

Add PAM authentication 2015-04-23 14:58:57 +03:00			`type PAMConfig struct {`
			`ServiceName string // pam service (e.g. system-auth)`
			`}`

			`func (cfg *PAMConfig) FromDB(bs []byte) error {`
			`return json.Unmarshal(bs, &cfg)`
			`}`

			`func (cfg *PAMConfig) ToDB() ([]byte, error) {`
			`return json.Marshal(cfg)`
			`}`

add login.go 2014-04-26 10:21:04 +04:00			`type LoginSource struct {`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			ID int64 `xorm:"pk autoincr"`
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`Type LoginType`
			Name string `xorm:"UNIQUE"`
			IsActived bool `xorm:"NOT NULL DEFAULT false"`
merge all login methods 2014-05-11 10:12:45 +04:00			Cfg core.Conversion `xorm:"TEXT"`
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			AllowAutoRegister bool `xorm:"NOT NULL DEFAULT false"`
			Created time.Time `xorm:"CREATED"`
			Updated time.Time `xorm:"UPDATED"`
ldap support 2014-05-03 06:48:14 +04:00			`}`

#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {`
			`switch colName {`
			`case "type":`
			`switch LoginType((*val).(int64)) {`
minor fix on #1581 2015-09-10 22:03:14 +03:00			`case LDAP, DLDAP:`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`source.Cfg = new(LDAPConfig)`
			`case SMTP:`
			`source.Cfg = new(SMTPConfig)`
			`case PAM:`
			`source.Cfg = new(PAMConfig)`
			`}`
			`}`
			`}`

basic authentications 2014-05-05 12:40:25 +04:00			`func (source *LoginSource) TypeString() string {`
			`return LoginTypes[source.Type]`
			`}`

			`func (source LoginSource) LDAP() LDAPConfig {`
			`return source.Cfg.(*LDAPConfig)`
			`}`

add smtp authentication 2014-05-11 11:49:36 +04:00			`func (source LoginSource) SMTP() SMTPConfig {`
			`return source.Cfg.(*SMTPConfig)`
			`}`

Add PAM authentication 2015-04-23 14:58:57 +03:00			`func (source LoginSource) PAM() PAMConfig {`
			`return source.Cfg.(*PAMConfig)`
			`}`

Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`func CreateSource(source *LoginSource) error {`
Fix #165 2014-06-21 08:51:41 +04:00			`_, err := x.Insert(source)`
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`return err`
			`}`

ldap support 2014-05-03 06:48:14 +04:00			`func GetAuths() ([]*LoginSource, error) {`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`auths := make([]*LoginSource, 0, 5)`
			`return auths, x.Find(&auths)`
ldap support 2014-05-03 06:48:14 +04:00			`}`

#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`func GetLoginSourceByID(id int64) (*LoginSource, error) {`
basic authentications 2014-05-05 12:40:25 +04:00			`source := new(LoginSource)`
Fix #165 2014-06-21 08:51:41 +04:00			`has, err := x.Id(id).Get(source)`
basic authentications 2014-05-05 12:40:25 +04:00			`if err != nil {`
			`return nil, err`
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`} else if !has {`
basic authentications 2014-05-05 12:40:25 +04:00			`return nil, ErrAuthenticationNotExist`
			`}`
			`return source, nil`
			`}`

add support for smtp authentication 2014-05-11 14:10:37 +04:00			`func UpdateSource(source *LoginSource) error {`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`_, err := x.Id(source.ID).AllCols().Update(source)`
ldap support 2014-05-03 06:48:14 +04:00			`return err`
			`}`

basic authentications 2014-05-05 12:40:25 +04:00			`func DelLoginSource(source *LoginSource) error {`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`cnt, err := x.Count(&User{LoginSource: source.ID})`
basic authentications 2014-05-05 12:40:25 +04:00			`if err != nil {`
			`return err`
			`}`
			`if cnt > 0 {`
			`return ErrAuthenticationUserUsed`
			`}`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`_, err = x.Id(source.ID).Delete(&LoginSource{})`
ldap support 2014-05-03 06:48:14 +04:00			`return err`
add login.go 2014-04-26 10:21:04 +04:00			`}`
merge all login methods 2014-05-11 10:12:45 +04:00
Code convention 2014-06-06 06:07:35 +04:00			`// UserSignIn validates user name and password.`
			`func UserSignIn(uname, passwd string) (*User, error) {`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`var u *User`
merge all login methods 2014-05-11 10:12:45 +04:00			`if strings.Contains(uname, "@") {`
			`u = &User{Email: uname}`
			`} else {`
			`u = &User{LowerName: strings.ToLower(uname)}`
			`}`

Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`userExists, err := x.Get(u)`
merge all login methods 2014-05-11 10:12:45 +04:00			`if err != nil {`
			`return nil, err`
			`}`

Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`if userExists {`
			`switch u.LoginType {`
			`case NOTYPE:`
			`fallthrough`
			`case PLAIN:`
			`if u.ValidatePassword(passwd) {`
			`return u, nil`
			`}`
merge all login methods 2014-05-11 10:12:45 +04:00
allow anonymous SSH clone 2015-08-05 06:14:17 +03:00			`return nil, ErrUserNotExist{u.Id, u.Name}`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`default:`
			`var source LoginSource`
			`hasSource, err := x.Id(u.LoginSource).Get(&source)`
			`if err != nil {`
			`return nil, err`
			`} else if !hasSource {`
			`return nil, ErrLoginSourceNotExist`
			`}`

			`return ExternalUserLogin(u, u.LoginName, passwd, &source, false)`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`
routers/repo/setting.go: fix LDAP cannot validate password #1006 2015-03-06 03:20:27 +03:00			`}`

Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`var sources []LoginSource`
			`if err = x.UseBool().Find(&sources, &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {`
			`return nil, err`
			`}`
merge all login methods 2014-05-11 10:12:45 +04:00
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`for _, source := range sources {`
			`u, err := ExternalUserLogin(nil, uname, passwd, &source, true)`
			`if err == nil {`
			`return u, nil`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`

Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`log.Warn("Failed to login '%s' via '%s': %v", uname, source.Name, err)`
routers/repo/setting.go: fix LDAP cannot validate password #1006 2015-03-06 03:20:27 +03:00			`}`
merge all login methods 2014-05-11 10:12:45 +04:00
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`return nil, ErrUserNotExist{u.Id, u.Name}`
			`}`

			`func ExternalUserLogin(u User, name, passwd string, source LoginSource, autoRegister bool) (*User, error) {`
			`if !source.IsActived {`
routers/repo/setting.go: fix LDAP cannot validate password #1006 2015-03-06 03:20:27 +03:00			`return nil, ErrLoginSourceNotActived`
			`}`

Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`switch source.Type {`
minor fix on #1581 2015-09-10 22:03:14 +03:00			`case LDAP, DLDAP:`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`return LoginUserLdapSource(u, name, passwd, source, autoRegister)`
routers/repo/setting.go: fix LDAP cannot validate password #1006 2015-03-06 03:20:27 +03:00			`case SMTP:`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)`
Add PAM authentication 2015-04-23 14:58:57 +03:00			`case PAM:`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00
routers/repo/setting.go: fix LDAP cannot validate password #1006 2015-03-06 03:20:27 +03:00			`return nil, ErrUnsupportedLoginType`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`

Fix spelling errors in comments. 2014-12-07 04:22:48 +03:00			`// Query if name/passwd can login against the LDAP directory pool`
merge all login methods 2014-05-11 10:12:45 +04:00			`// Create a local user if success`
			`// Return the same LoginUserPlain semantic`
work on #672 2014-12-06 02:08:09 +03:00			`// FIXME: https://github.com/gogits/gogs/issues/672`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`func LoginUserLdapSource(u User, name, passwd string, source LoginSource, autoRegister bool) (*User, error) {`
			`cfg := source.Cfg.(*LDAPConfig)`
			`directBind := (source.Type == DLDAP)`
			`fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind)`
merge all login methods 2014-05-11 10:12:45 +04:00			`if !logged {`
work on #672 2014-12-06 02:08:09 +03:00			`// User not in LDAP, do nothing`
Significantly enhanced LDAP support in Gogs. 2015-08-13 02:58:27 +03:00			`return nil, ErrUserNotExist{0, name}`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`
Significantly enhanced LDAP support in Gogs. 2015-08-13 02:58:27 +03:00
merge all login methods 2014-05-11 10:12:45 +04:00			`if !autoRegister {`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`return u, nil`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`

work on #672 2014-12-06 02:08:09 +03:00			`// Fallback.`
			`if len(mail) == 0 {`
Significantly enhanced LDAP support in Gogs. 2015-08-13 02:58:27 +03:00			`mail = fmt.Sprintf("%s@localhost", name)`
work on #672 2014-12-06 02:08:09 +03:00			`}`

New UI merge in progress 2014-07-26 08:24:27 +04:00			`u = &User{`
#1124 lower_name of LDAP user not assigned 2015-03-23 17:51:43 +03:00			`LowerName: strings.ToLower(name),`
work on #672 2014-12-06 02:08:09 +03:00			`Name: name,`
Get username, name, surname and e-mail from LDAP server 2015-02-08 02:49:51 +03:00			`FullName: fn + " " + sn,`
Added LDAP simple auth support. 2015-09-05 06:39:23 +03:00			`LoginType: source.Type,`
			`LoginSource: source.ID,`
merge all login methods 2014-05-11 10:12:45 +04:00			`LoginName: name,`
			`Passwd: passwd,`
			`Email: mail,`
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation. 2015-08-19 07:34:03 +03:00			`IsAdmin: admin,`
work on #672 2014-12-06 02:08:09 +03:00			`IsActive: true,`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`
work on #672 2014-12-06 02:08:09 +03:00			`return u, CreateUser(u)`
merge all login methods 2014-05-11 10:12:45 +04:00			`}`
add smtp authentication 2014-05-11 11:49:36 +04:00
			`type loginAuth struct {`
			`username, password string`
			`}`

			`func LoginAuth(username, password string) smtp.Auth {`
			`return &loginAuth{username, password}`
			`}`

			`func (a loginAuth) Start(server smtp.ServerInfo) (string, []byte, error) {`
			`return "LOGIN", []byte(a.username), nil`
			`}`

			`func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {`
			`if more {`
			`switch string(fromServer) {`
			`case "Username:":`
			`return []byte(a.username), nil`
			`case "Password:":`
			`return []byte(a.password), nil`
			`}`
			`}`
			`return nil, nil`
			`}`

#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`const (`
add support for smtp authentication 2014-05-11 14:10:37 +04:00			`SMTP_PLAIN = "PLAIN"`
			`SMTP_LOGIN = "LOGIN"`
add smtp authentication 2014-05-11 11:49:36 +04:00			`)`

#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`var (`
			`SMTPAuths = []string{SMTP_PLAIN, SMTP_LOGIN}`
			`)`

			`func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {`
			`c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))`
add smtp authentication 2014-05-11 11:49:36 +04:00			`if err != nil {`
			`return err`
			`}`
			`defer c.Close()`

Make gmail auth work 2014-05-15 22:46:04 +04:00			`if err = c.Hello("gogs"); err != nil {`
			`return err`
			`}`

#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`if cfg.TLS {`
smtp login bug fixed 2014-05-11 16:04:28 +04:00			`if ok, _ := c.Extension("STARTTLS"); ok {`
#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`if err = c.StartTLS(&tls.Config{`
			`InsecureSkipVerify: cfg.SkipVerify,`
			`ServerName: cfg.Host,`
			`}); err != nil {`
smtp login bug fixed 2014-05-11 16:04:28 +04:00			`return err`
			`}`
			`} else {`
Clean old LDAP code 2014-05-16 07:03:26 +04:00			`return errors.New("SMTP server unsupports TLS")`
add smtp authentication 2014-05-11 11:49:36 +04:00			`}`
			`}`

			`if ok, _ := c.Extension("AUTH"); ok {`
			`if err = c.Auth(a); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`return ErrUnsupportedLoginType`
add smtp authentication 2014-05-11 11:49:36 +04:00			`}`

Fix spelling errors in comments. 2014-12-07 04:22:48 +03:00			`// Query if name/passwd can login against the LDAP directory pool`
add smtp authentication 2014-05-11 11:49:36 +04:00			`// Create a local user if success`
			`// Return the same LoginUserPlain semantic`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`func LoginUserSMTPSource(u User, name, passwd string, sourceId int64, cfg SMTPConfig, autoRegister bool) (*User, error) {`
add smtp authentication 2014-05-11 11:49:36 +04:00			`var auth smtp.Auth`
add support for smtp authentication 2014-05-11 14:10:37 +04:00			`if cfg.Auth == SMTP_PLAIN {`
add smtp authentication 2014-05-11 11:49:36 +04:00			`auth = smtp.PlainAuth("", name, passwd, cfg.Host)`
add support for smtp authentication 2014-05-11 14:10:37 +04:00			`} else if cfg.Auth == SMTP_LOGIN {`
add smtp authentication 2014-05-11 11:49:36 +04:00			`auth = LoginAuth(name, passwd)`
smtp login bug fixed 2014-05-11 16:04:28 +04:00			`} else {`
Make gmail auth work 2014-05-15 22:46:04 +04:00			`return nil, errors.New("Unsupported SMTP auth type")`
add smtp authentication 2014-05-11 11:49:36 +04:00			`}`

#1542 A way to skip TLS verify for SMTP authentication 2015-08-29 10:45:58 +03:00			`if err := SMTPAuth(auth, cfg); err != nil {`
Make gmail auth work 2014-05-15 22:46:04 +04:00			`if strings.Contains(err.Error(), "Username and Password not accepted") {`
allow anonymous SSH clone 2015-08-05 06:14:17 +03:00			`return nil, ErrUserNotExist{u.Id, u.Name}`
Make gmail auth work 2014-05-15 22:46:04 +04:00			`}`
add smtp authentication 2014-05-11 11:49:36 +04:00			`return nil, err`
			`}`

			`if !autoRegister {`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`return u, nil`
add smtp authentication 2014-05-11 11:49:36 +04:00			`}`

smtp login bug fixed 2014-05-11 16:04:28 +04:00			`var loginName = name`
			`idx := strings.Index(name, "@")`
			`if idx > -1 {`
			`loginName = name[:idx]`
			`}`
add smtp authentication 2014-05-11 11:49:36 +04:00			`// fake a local user creation`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`u = &User{`
smtp login bug fixed 2014-05-11 16:04:28 +04:00			`LowerName: strings.ToLower(loginName),`
			`Name: strings.ToLower(loginName),`
Add tar.gz download button and other mirror updates 2014-06-09 01:53:53 +04:00			`LoginType: SMTP,`
add smtp authentication 2014-05-11 11:49:36 +04:00			`LoginSource: sourceId,`
			`LoginName: name,`
			`IsActive: true,`
			`Passwd: passwd,`
			`Email: name,`
			`}`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`err := CreateUser(u)`
			`return u, err`
add smtp authentication 2014-05-11 11:49:36 +04:00			`}`
Add PAM authentication 2015-04-23 14:58:57 +03:00
			`// Query if name/passwd can login against PAM`
			`// Create a local user if success`
			`// Return the same LoginUserPlain semantic`
			`func LoginUserPAMSource(u User, name, passwd string, sourceId int64, cfg PAMConfig, autoRegister bool) (*User, error) {`
			`if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {`
			`if strings.Contains(err.Error(), "Authentication failure") {`
allow anonymous SSH clone 2015-08-05 06:14:17 +03:00			`return nil, ErrUserNotExist{u.Id, u.Name}`
Add PAM authentication 2015-04-23 14:58:57 +03:00			`}`
			`return nil, err`
			`}`

			`if !autoRegister {`
			`return u, nil`
			`}`

			`// fake a local user creation`
			`u = &User{`
			`LowerName: strings.ToLower(name),`
			`Name: strings.ToLower(name),`
			`LoginType: PAM,`
			`LoginSource: sourceId,`
			`LoginName: name,`
			`IsActive: true,`
			`Passwd: passwd,`
			`Email: name,`
			`}`
			`err := CreateUser(u)`
			`return u, err`
			`}`