auths.go 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "github.com/Unknwon/com"
  8. "github.com/go-xorm/core"
  9. log "gopkg.in/clog.v1"
  10. "github.com/gogits/gogs/models"
  11. "github.com/gogits/gogs/pkg/auth/ldap"
  12. "github.com/gogits/gogs/pkg/context"
  13. "github.com/gogits/gogs/pkg/form"
  14. "github.com/gogits/gogs/pkg/setting"
  15. )
  16. const (
  17. AUTHS = "admin/auth/list"
  18. AUTH_NEW = "admin/auth/new"
  19. AUTH_EDIT = "admin/auth/edit"
  20. )
  21. func Authentications(c *context.Context) {
  22. c.Data["Title"] = c.Tr("admin.authentication")
  23. c.Data["PageIsAdmin"] = true
  24. c.Data["PageIsAdminAuthentications"] = true
  25. var err error
  26. c.Data["Sources"], err = models.LoginSources()
  27. if err != nil {
  28. c.Handle(500, "LoginSources", err)
  29. return
  30. }
  31. c.Data["Total"] = models.CountLoginSources()
  32. c.HTML(200, AUTHS)
  33. }
  34. type dropdownItem struct {
  35. Name string
  36. Type interface{}
  37. }
  38. var (
  39. authSources = []dropdownItem{
  40. {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
  41. {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
  42. {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
  43. {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
  44. }
  45. securityProtocols = []dropdownItem{
  46. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
  47. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
  48. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
  49. }
  50. )
  51. func NewAuthSource(c *context.Context) {
  52. c.Data["Title"] = c.Tr("admin.auths.new")
  53. c.Data["PageIsAdmin"] = true
  54. c.Data["PageIsAdminAuthentications"] = true
  55. c.Data["type"] = models.LOGIN_LDAP
  56. c.Data["CurrentTypeName"] = models.LoginNames[models.LOGIN_LDAP]
  57. c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
  58. c.Data["smtp_auth"] = "PLAIN"
  59. c.Data["is_active"] = true
  60. c.Data["AuthSources"] = authSources
  61. c.Data["SecurityProtocols"] = securityProtocols
  62. c.Data["SMTPAuths"] = models.SMTPAuths
  63. c.HTML(200, AUTH_NEW)
  64. }
  65. func parseLDAPConfig(f form.Authentication) *models.LDAPConfig {
  66. return &models.LDAPConfig{
  67. Source: &ldap.Source{
  68. Name: f.Name,
  69. Host: f.Host,
  70. Port: f.Port,
  71. SecurityProtocol: ldap.SecurityProtocol(f.SecurityProtocol),
  72. SkipVerify: f.SkipVerify,
  73. BindDN: f.BindDN,
  74. UserDN: f.UserDN,
  75. BindPassword: f.BindPassword,
  76. UserBase: f.UserBase,
  77. AttributeUsername: f.AttributeUsername,
  78. AttributeName: f.AttributeName,
  79. AttributeSurname: f.AttributeSurname,
  80. AttributeMail: f.AttributeMail,
  81. AttributesInBind: f.AttributesInBind,
  82. Filter: f.Filter,
  83. GroupEnabled: f.GroupEnabled,
  84. GroupDN: f.GroupDN,
  85. GroupFilter: f.GroupFilter,
  86. GroupMemberUID: f.GroupMemberUID,
  87. UserUID: f.UserUID,
  88. AdminFilter: f.AdminFilter,
  89. Enabled: true,
  90. },
  91. }
  92. }
  93. func parseSMTPConfig(f form.Authentication) *models.SMTPConfig {
  94. return &models.SMTPConfig{
  95. Auth: f.SMTPAuth,
  96. Host: f.SMTPHost,
  97. Port: f.SMTPPort,
  98. AllowedDomains: f.AllowedDomains,
  99. TLS: f.TLS,
  100. SkipVerify: f.SkipVerify,
  101. }
  102. }
  103. func NewAuthSourcePost(c *context.Context, f form.Authentication) {
  104. c.Data["Title"] = c.Tr("admin.auths.new")
  105. c.Data["PageIsAdmin"] = true
  106. c.Data["PageIsAdminAuthentications"] = true
  107. c.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(f.Type)]
  108. c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(f.SecurityProtocol)]
  109. c.Data["AuthSources"] = authSources
  110. c.Data["SecurityProtocols"] = securityProtocols
  111. c.Data["SMTPAuths"] = models.SMTPAuths
  112. hasTLS := false
  113. var config core.Conversion
  114. switch models.LoginType(f.Type) {
  115. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  116. config = parseLDAPConfig(f)
  117. hasTLS = ldap.SecurityProtocol(f.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
  118. case models.LOGIN_SMTP:
  119. config = parseSMTPConfig(f)
  120. hasTLS = true
  121. case models.LOGIN_PAM:
  122. config = &models.PAMConfig{
  123. ServiceName: f.PAMServiceName,
  124. }
  125. default:
  126. c.Error(400)
  127. return
  128. }
  129. c.Data["HasTLS"] = hasTLS
  130. if c.HasError() {
  131. c.HTML(200, AUTH_NEW)
  132. return
  133. }
  134. if err := models.CreateLoginSource(&models.LoginSource{
  135. Type: models.LoginType(f.Type),
  136. Name: f.Name,
  137. IsActived: f.IsActive,
  138. Cfg: config,
  139. }); err != nil {
  140. if models.IsErrLoginSourceAlreadyExist(err) {
  141. c.Data["Err_Name"] = true
  142. c.RenderWithErr(c.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f)
  143. } else {
  144. c.Handle(500, "CreateSource", err)
  145. }
  146. return
  147. }
  148. log.Trace("Authentication created by admin(%s): %s", c.User.Name, f.Name)
  149. c.Flash.Success(c.Tr("admin.auths.new_success", f.Name))
  150. c.Redirect(setting.AppSubURL + "/admin/auths")
  151. }
  152. func EditAuthSource(c *context.Context) {
  153. c.Data["Title"] = c.Tr("admin.auths.edit")
  154. c.Data["PageIsAdmin"] = true
  155. c.Data["PageIsAdminAuthentications"] = true
  156. c.Data["SecurityProtocols"] = securityProtocols
  157. c.Data["SMTPAuths"] = models.SMTPAuths
  158. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  159. if err != nil {
  160. c.Handle(500, "GetLoginSourceByID", err)
  161. return
  162. }
  163. c.Data["Source"] = source
  164. c.Data["HasTLS"] = source.HasTLS()
  165. c.HTML(200, AUTH_EDIT)
  166. }
  167. func EditAuthSourcePost(c *context.Context, f form.Authentication) {
  168. c.Data["Title"] = c.Tr("admin.auths.edit")
  169. c.Data["PageIsAdmin"] = true
  170. c.Data["PageIsAdminAuthentications"] = true
  171. c.Data["SMTPAuths"] = models.SMTPAuths
  172. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  173. if err != nil {
  174. c.Handle(500, "GetLoginSourceByID", err)
  175. return
  176. }
  177. c.Data["Source"] = source
  178. c.Data["HasTLS"] = source.HasTLS()
  179. if c.HasError() {
  180. c.HTML(200, AUTH_EDIT)
  181. return
  182. }
  183. var config core.Conversion
  184. switch models.LoginType(f.Type) {
  185. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  186. config = parseLDAPConfig(f)
  187. case models.LOGIN_SMTP:
  188. config = parseSMTPConfig(f)
  189. case models.LOGIN_PAM:
  190. config = &models.PAMConfig{
  191. ServiceName: f.PAMServiceName,
  192. }
  193. default:
  194. c.Error(400)
  195. return
  196. }
  197. source.Name = f.Name
  198. source.IsActived = f.IsActive
  199. source.Cfg = config
  200. if err := models.UpdateSource(source); err != nil {
  201. c.Handle(500, "UpdateSource", err)
  202. return
  203. }
  204. log.Trace("Authentication changed by admin(%s): %d", c.User.Name, source.ID)
  205. c.Flash.Success(c.Tr("admin.auths.update_success"))
  206. c.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(f.ID))
  207. }
  208. func DeleteAuthSource(c *context.Context) {
  209. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  210. if err != nil {
  211. c.Handle(500, "GetLoginSourceByID", err)
  212. return
  213. }
  214. if err = models.DeleteSource(source); err != nil {
  215. if models.IsErrLoginSourceInUse(err) {
  216. c.Flash.Error(c.Tr("admin.auths.still_in_used"))
  217. } else {
  218. c.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  219. }
  220. c.JSON(200, map[string]interface{}{
  221. "redirect": setting.AppSubURL + "/admin/auths/" + c.Params(":authid"),
  222. })
  223. return
  224. }
  225. log.Trace("Authentication deleted by admin(%s): %d", c.User.Name, source.ID)
  226. c.Flash.Success(c.Tr("admin.auths.deletion_success"))
  227. c.JSON(200, map[string]interface{}{
  228. "redirect": setting.AppSubURL + "/admin/auths",
  229. })
  230. }