2014-05-05 13:32:47 +04:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-05-03 06:48:14 +04:00
package admin
import (
2016-03-06 02:08:42 +03:00
"fmt"
2016-11-10 19:24:48 +03:00
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/auth/ldap"
2017-05-01 16:26:53 +03:00
"code.gitea.io/gitea/modules/auth/oauth2"
2016-11-10 19:24:48 +03:00
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
2017-05-01 16:26:53 +03:00
"github.com/Unknwon/com"
"github.com/go-xorm/core"
2014-05-03 06:48:14 +04:00
)
2014-06-22 21:14:03 +04:00
const (
2016-11-21 06:21:24 +03:00
tplAuths base . TplName = "admin/auth/list"
tplAuthNew base . TplName = "admin/auth/new"
tplAuthEdit base . TplName = "admin/auth/edit"
2014-06-22 21:14:03 +04:00
)
2016-11-21 06:21:24 +03:00
// Authentications show authentication config page
2016-03-11 19:56:52 +03:00
func Authentications ( ctx * context . Context ) {
2014-08-29 16:50:43 +04:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.authentication" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminAuthentications" ] = true
var err error
2015-09-13 16:51:51 +03:00
ctx . Data [ "Sources" ] , err = models . LoginSources ( )
2014-08-29 16:50:43 +04:00
if err != nil {
2015-09-13 16:51:51 +03:00
ctx . Handle ( 500 , "LoginSources" , err )
2014-08-29 16:50:43 +04:00
return
}
2015-09-10 22:45:03 +03:00
ctx . Data [ "Total" ] = models . CountLoginSources ( )
2016-11-21 06:21:24 +03:00
ctx . HTML ( 200 , tplAuths )
2014-08-29 16:50:43 +04:00
}
2016-07-08 02:25:09 +03:00
type dropdownItem struct {
2015-09-11 00:11:41 +03:00
Name string
2016-07-08 02:25:09 +03:00
Type interface { }
2015-09-11 00:11:41 +03:00
}
2016-07-08 02:25:09 +03:00
var (
authSources = [ ] dropdownItem {
2016-11-07 23:58:22 +03:00
{ models . LoginNames [ models . LoginLDAP ] , models . LoginLDAP } ,
{ models . LoginNames [ models . LoginDLDAP ] , models . LoginDLDAP } ,
{ models . LoginNames [ models . LoginSMTP ] , models . LoginSMTP } ,
{ models . LoginNames [ models . LoginPAM ] , models . LoginPAM } ,
2017-02-22 10:14:37 +03:00
{ models . LoginNames [ models . LoginOAuth2 ] , models . LoginOAuth2 } ,
2016-07-08 02:25:09 +03:00
}
securityProtocols = [ ] dropdownItem {
2016-11-07 19:38:43 +03:00
{ models . SecurityProtocolNames [ ldap . SecurityProtocolUnencrypted ] , ldap . SecurityProtocolUnencrypted } ,
2016-11-07 23:58:22 +03:00
{ models . SecurityProtocolNames [ ldap . SecurityProtocolLDAPS ] , ldap . SecurityProtocolLDAPS } ,
{ models . SecurityProtocolNames [ ldap . SecurityProtocolStartTLS ] , ldap . SecurityProtocolStartTLS } ,
2016-07-08 02:25:09 +03:00
}
)
2015-09-11 00:11:41 +03:00
2016-11-21 06:21:24 +03:00
// NewAuthSource render adding a new auth source page
2016-03-11 19:56:52 +03:00
func NewAuthSource ( ctx * context . Context ) {
2014-08-29 16:50:43 +04:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.auths.new" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminAuthentications" ] = true
2015-09-11 00:11:41 +03:00
2016-11-07 23:58:22 +03:00
ctx . Data [ "type" ] = models . LoginLDAP
ctx . Data [ "CurrentTypeName" ] = models . LoginNames [ models . LoginLDAP ]
2016-11-07 19:38:43 +03:00
ctx . Data [ "CurrentSecurityProtocol" ] = models . SecurityProtocolNames [ ldap . SecurityProtocolUnencrypted ]
2015-09-11 00:11:41 +03:00
ctx . Data [ "smtp_auth" ] = "PLAIN"
ctx . Data [ "is_active" ] = true
2017-05-10 16:10:18 +03:00
ctx . Data [ "is_sync_enabled" ] = true
2015-09-11 00:11:41 +03:00
ctx . Data [ "AuthSources" ] = authSources
2016-07-08 02:25:09 +03:00
ctx . Data [ "SecurityProtocols" ] = securityProtocols
2014-05-11 14:10:37 +04:00
ctx . Data [ "SMTPAuths" ] = models . SMTPAuths
2017-02-22 10:14:37 +03:00
ctx . Data [ "OAuth2Providers" ] = models . OAuth2Providers
2017-05-01 16:26:53 +03:00
ctx . Data [ "OAuth2DefaultCustomURLMappings" ] = models . OAuth2DefaultCustomURLMappings
2017-02-22 10:14:37 +03:00
// only the first as default
for key := range models . OAuth2Providers {
ctx . Data [ "oauth2_provider" ] = key
break
}
2016-11-21 06:21:24 +03:00
ctx . HTML ( 200 , tplAuthNew )
2014-05-03 06:48:14 +04:00
}
2015-09-11 19:03:08 +03:00
func parseLDAPConfig ( form auth . AuthenticationForm ) * models . LDAPConfig {
return & models . LDAPConfig {
2015-09-14 22:48:51 +03:00
Source : & ldap . Source {
2015-12-01 16:49:49 +03:00
Name : form . Name ,
Host : form . Host ,
Port : form . Port ,
2016-07-08 02:25:09 +03:00
SecurityProtocol : ldap . SecurityProtocol ( form . SecurityProtocol ) ,
2015-12-01 16:49:49 +03:00
SkipVerify : form . SkipVerify ,
BindDN : form . BindDN ,
UserDN : form . UserDN ,
BindPassword : form . BindPassword ,
UserBase : form . UserBase ,
AttributeUsername : form . AttributeUsername ,
AttributeName : form . AttributeName ,
AttributeSurname : form . AttributeSurname ,
AttributeMail : form . AttributeMail ,
2016-02-16 14:33:16 +03:00
AttributesInBind : form . AttributesInBind ,
2015-12-01 16:49:49 +03:00
Filter : form . Filter ,
AdminFilter : form . AdminFilter ,
Enabled : true ,
2015-09-11 19:03:08 +03:00
} ,
}
}
func parseSMTPConfig ( form auth . AuthenticationForm ) * models . SMTPConfig {
return & models . SMTPConfig {
2015-09-11 20:32:33 +03:00
Auth : form . SMTPAuth ,
Host : form . SMTPHost ,
Port : form . SMTPPort ,
AllowedDomains : form . AllowedDomains ,
TLS : form . TLS ,
SkipVerify : form . SkipVerify ,
2015-09-11 19:03:08 +03:00
}
}
2017-02-22 10:14:37 +03:00
func parseOAuth2Config ( form auth . AuthenticationForm ) * models . OAuth2Config {
2017-05-01 16:26:53 +03:00
var customURLMapping * oauth2 . CustomURLMapping
if form . Oauth2UseCustomURL {
customURLMapping = & oauth2 . CustomURLMapping {
TokenURL : form . Oauth2TokenURL ,
AuthURL : form . Oauth2AuthURL ,
ProfileURL : form . Oauth2ProfileURL ,
EmailURL : form . Oauth2EmailURL ,
}
} else {
customURLMapping = nil
}
2017-02-22 10:14:37 +03:00
return & models . OAuth2Config {
2017-05-01 16:26:53 +03:00
Provider : form . Oauth2Provider ,
ClientID : form . Oauth2Key ,
ClientSecret : form . Oauth2Secret ,
OpenIDConnectAutoDiscoveryURL : form . OpenIDConnectAutoDiscoveryURL ,
CustomURLMapping : customURLMapping ,
2017-02-22 10:14:37 +03:00
}
}
2016-11-21 06:21:24 +03:00
// NewAuthSourcePost response for adding an auth source
2016-03-11 19:56:52 +03:00
func NewAuthSourcePost ( ctx * context . Context , form auth . AuthenticationForm ) {
2014-08-29 16:50:43 +04:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.auths.new" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminAuthentications" ] = true
2015-09-11 00:11:41 +03:00
2016-07-08 02:25:09 +03:00
ctx . Data [ "CurrentTypeName" ] = models . LoginNames [ models . LoginType ( form . Type ) ]
ctx . Data [ "CurrentSecurityProtocol" ] = models . SecurityProtocolNames [ ldap . SecurityProtocol ( form . SecurityProtocol ) ]
2015-09-11 00:11:41 +03:00
ctx . Data [ "AuthSources" ] = authSources
2016-07-08 02:25:09 +03:00
ctx . Data [ "SecurityProtocols" ] = securityProtocols
2014-05-11 14:10:37 +04:00
ctx . Data [ "SMTPAuths" ] = models . SMTPAuths
2017-02-22 10:14:37 +03:00
ctx . Data [ "OAuth2Providers" ] = models . OAuth2Providers
2017-05-01 16:26:53 +03:00
ctx . Data [ "OAuth2DefaultCustomURLMappings" ] = models . OAuth2DefaultCustomURLMappings
2014-05-03 06:48:14 +04:00
2016-07-08 02:25:09 +03:00
hasTLS := false
2015-09-11 19:03:08 +03:00
var config core . Conversion
2014-06-09 01:53:53 +04:00
switch models . LoginType ( form . Type ) {
2016-11-07 23:58:22 +03:00
case models . LoginLDAP , models . LoginDLDAP :
2015-09-11 19:03:08 +03:00
config = parseLDAPConfig ( form )
2016-11-07 19:38:43 +03:00
hasTLS = ldap . SecurityProtocol ( form . SecurityProtocol ) > ldap . SecurityProtocolUnencrypted
2016-11-07 23:58:22 +03:00
case models . LoginSMTP :
2015-09-11 19:03:08 +03:00
config = parseSMTPConfig ( form )
2016-07-08 02:25:09 +03:00
hasTLS = true
2016-11-07 23:58:22 +03:00
case models . LoginPAM :
2015-09-11 19:03:08 +03:00
config = & models . PAMConfig {
2015-04-23 14:58:57 +03:00
ServiceName : form . PAMServiceName ,
}
2017-02-22 10:14:37 +03:00
case models . LoginOAuth2 :
config = parseOAuth2Config ( form )
2014-05-11 15:43:57 +04:00
default :
ctx . Error ( 400 )
return
2014-05-11 14:10:37 +04:00
}
2016-07-08 02:25:09 +03:00
ctx . Data [ "HasTLS" ] = hasTLS
if ctx . HasError ( ) {
2016-11-21 06:21:24 +03:00
ctx . HTML ( 200 , tplAuthNew )
2016-07-08 02:25:09 +03:00
return
}
2014-05-11 14:10:37 +04:00
2016-08-31 10:56:10 +03:00
if err := models . CreateLoginSource ( & models . LoginSource {
2017-05-10 16:10:18 +03:00
Type : models . LoginType ( form . Type ) ,
Name : form . Name ,
IsActived : form . IsActive ,
IsSyncEnabled : form . IsSyncEnabled ,
Cfg : config ,
2015-09-11 19:03:08 +03:00
} ) ; err != nil {
2016-08-31 10:56:10 +03:00
if models . IsErrLoginSourceAlreadyExist ( err ) {
ctx . Data [ "Err_Name" ] = true
2016-11-21 06:21:24 +03:00
ctx . RenderWithErr ( ctx . Tr ( "admin.auths.login_source_exist" , err . ( models . ErrLoginSourceAlreadyExist ) . Name ) , tplAuthNew , form )
2016-08-31 10:56:10 +03:00
} else {
ctx . Handle ( 500 , "CreateSource" , err )
}
2014-05-03 06:48:14 +04:00
return
}
2015-03-25 02:04:16 +03:00
log . Trace ( "Authentication created by admin(%s): %s" , ctx . User . Name , form . Name )
2015-09-11 19:03:08 +03:00
ctx . Flash . Success ( ctx . Tr ( "admin.auths.new_success" , form . Name ) )
2016-11-27 13:14:25 +03:00
ctx . Redirect ( setting . AppSubURL + "/admin/auths" )
2014-05-03 06:48:14 +04:00
}
2016-11-21 06:21:24 +03:00
// EditAuthSource render editing auth source page
2016-03-11 19:56:52 +03:00
func EditAuthSource ( ctx * context . Context ) {
2014-08-29 16:50:43 +04:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.auths.edit" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminAuthentications" ] = true
2015-09-11 19:03:08 +03:00
2016-07-08 02:25:09 +03:00
ctx . Data [ "SecurityProtocols" ] = securityProtocols
2014-05-11 14:10:37 +04:00
ctx . Data [ "SMTPAuths" ] = models . SMTPAuths
2017-02-22 10:14:37 +03:00
ctx . Data [ "OAuth2Providers" ] = models . OAuth2Providers
2017-05-01 16:26:53 +03:00
ctx . Data [ "OAuth2DefaultCustomURLMappings" ] = models . OAuth2DefaultCustomURLMappings
2014-05-11 14:10:37 +04:00
2015-09-11 19:03:08 +03:00
source , err := models . GetLoginSourceByID ( ctx . ParamsInt64 ( ":authid" ) )
2014-05-05 12:40:25 +04:00
if err != nil {
2015-09-11 19:03:08 +03:00
ctx . Handle ( 500 , "GetLoginSourceByID" , err )
2014-05-05 12:40:25 +04:00
return
}
2015-09-11 19:03:08 +03:00
ctx . Data [ "Source" ] = source
2016-07-08 02:25:09 +03:00
ctx . Data [ "HasTLS" ] = source . HasTLS ( )
2017-02-22 10:14:37 +03:00
if source . IsOAuth2 ( ) {
ctx . Data [ "CurrentOAuth2Provider" ] = models . OAuth2Providers [ source . OAuth2 ( ) . Provider ]
}
2016-11-21 06:21:24 +03:00
ctx . HTML ( 200 , tplAuthEdit )
2014-05-03 06:48:14 +04:00
}
2017-02-22 10:14:37 +03:00
// EditAuthSourcePost response for editing auth source
2016-03-11 19:56:52 +03:00
func EditAuthSourcePost ( ctx * context . Context , form auth . AuthenticationForm ) {
2014-08-29 16:50:43 +04:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.auths.edit" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminAuthentications" ] = true
2015-09-11 19:03:08 +03:00
2014-05-11 14:10:37 +04:00
ctx . Data [ "SMTPAuths" ] = models . SMTPAuths
2017-02-22 10:14:37 +03:00
ctx . Data [ "OAuth2Providers" ] = models . OAuth2Providers
2017-05-01 16:26:53 +03:00
ctx . Data [ "OAuth2DefaultCustomURLMappings" ] = models . OAuth2DefaultCustomURLMappings
2014-05-05 12:40:25 +04:00
2015-09-11 19:03:08 +03:00
source , err := models . GetLoginSourceByID ( ctx . ParamsInt64 ( ":authid" ) )
if err != nil {
ctx . Handle ( 500 , "GetLoginSourceByID" , err )
return
}
ctx . Data [ "Source" ] = source
2016-07-08 02:25:09 +03:00
ctx . Data [ "HasTLS" ] = source . HasTLS ( )
2015-09-11 19:03:08 +03:00
2014-05-05 12:40:25 +04:00
if ctx . HasError ( ) {
2016-11-21 06:21:24 +03:00
ctx . HTML ( 200 , tplAuthEdit )
2014-05-05 12:40:25 +04:00
return
}
2014-05-11 14:10:37 +04:00
var config core . Conversion
2014-06-09 01:53:53 +04:00
switch models . LoginType ( form . Type ) {
2016-11-07 23:58:22 +03:00
case models . LoginLDAP , models . LoginDLDAP :
2015-09-11 19:03:08 +03:00
config = parseLDAPConfig ( form )
2016-11-07 23:58:22 +03:00
case models . LoginSMTP :
2015-09-11 19:03:08 +03:00
config = parseSMTPConfig ( form )
2016-11-07 23:58:22 +03:00
case models . LoginPAM :
2015-04-23 14:58:57 +03:00
config = & models . PAMConfig {
ServiceName : form . PAMServiceName ,
}
2017-02-22 10:14:37 +03:00
case models . LoginOAuth2 :
config = parseOAuth2Config ( form )
2014-05-11 18:37:31 +04:00
default :
ctx . Error ( 400 )
return
2014-05-11 14:10:37 +04:00
}
2015-09-11 19:03:08 +03:00
source . Name = form . Name
source . IsActived = form . IsActive
2017-05-10 16:10:18 +03:00
source . IsSyncEnabled = form . IsSyncEnabled
2015-09-11 19:03:08 +03:00
source . Cfg = config
if err := models . UpdateSource ( source ) ; err != nil {
2017-05-01 16:26:53 +03:00
if models . IsErrOpenIDConnectInitialize ( err ) {
ctx . Flash . Error ( err . Error ( ) , true )
ctx . HTML ( 200 , tplAuthEdit )
} else {
ctx . Handle ( 500 , "UpdateSource" , err )
}
2014-05-05 12:40:25 +04:00
return
}
2016-12-21 10:09:43 +03:00
log . Trace ( "Authentication changed by admin(%s): %d" , ctx . User . Name , source . ID )
2014-05-05 12:40:25 +04:00
2014-08-29 16:50:43 +04:00
ctx . Flash . Success ( ctx . Tr ( "admin.auths.update_success" ) )
2016-11-27 13:14:25 +03:00
ctx . Redirect ( setting . AppSubURL + "/admin/auths/" + com . ToStr ( form . ID ) )
2014-05-03 06:48:14 +04:00
}
2016-11-21 06:21:24 +03:00
// DeleteAuthSource response for deleting an auth source
2016-03-11 19:56:52 +03:00
func DeleteAuthSource ( ctx * context . Context ) {
2015-09-11 19:03:08 +03:00
source , err := models . GetLoginSourceByID ( ctx . ParamsInt64 ( ":authid" ) )
2014-05-05 12:40:25 +04:00
if err != nil {
2015-09-11 19:03:08 +03:00
ctx . Handle ( 500 , "GetLoginSourceByID" , err )
2014-05-05 12:40:25 +04:00
return
}
2015-09-11 19:03:08 +03:00
if err = models . DeleteSource ( source ) ; err != nil {
2016-08-31 11:22:41 +03:00
if models . IsErrLoginSourceInUse ( err ) {
2016-03-06 02:08:42 +03:00
ctx . Flash . Error ( ctx . Tr ( "admin.auths.still_in_used" ) )
2016-08-31 11:22:41 +03:00
} else {
2016-03-06 02:08:42 +03:00
ctx . Flash . Error ( fmt . Sprintf ( "DeleteSource: %v" , err ) )
2014-05-05 12:40:25 +04:00
}
2016-03-06 02:08:42 +03:00
ctx . JSON ( 200 , map [ string ] interface { } {
2016-11-27 13:14:25 +03:00
"redirect" : setting . AppSubURL + "/admin/auths/" + ctx . Params ( ":authid" ) ,
2016-03-06 02:08:42 +03:00
} )
2014-05-05 12:40:25 +04:00
return
}
2015-09-11 19:03:08 +03:00
log . Trace ( "Authentication deleted by admin(%s): %d" , ctx . User . Name , source . ID )
ctx . Flash . Success ( ctx . Tr ( "admin.auths.deletion_success" ) )
ctx . JSON ( 200 , map [ string ] interface { } {
2016-11-27 13:14:25 +03:00
"redirect" : setting . AppSubURL + "/admin/auths" ,
2015-09-11 19:03:08 +03:00
} )
2014-05-03 06:48:14 +04:00
}