auths.go 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "github.com/Unknwon/com"
  8. "github.com/go-xorm/core"
  9. log "gopkg.in/clog.v1"
  10. "github.com/gogs/gogs/models"
  11. "github.com/gogs/gogs/pkg/auth/ldap"
  12. "github.com/gogs/gogs/pkg/context"
  13. "github.com/gogs/gogs/pkg/form"
  14. "github.com/gogs/gogs/pkg/setting"
  15. )
  16. const (
  17. AUTHS = "admin/auth/list"
  18. AUTH_NEW = "admin/auth/new"
  19. AUTH_EDIT = "admin/auth/edit"
  20. )
  21. func Authentications(c *context.Context) {
  22. c.Title("admin.authentication")
  23. c.PageIs("Admin")
  24. c.PageIs("AdminAuthentications")
  25. var err error
  26. c.Data["Sources"], err = models.LoginSources()
  27. if err != nil {
  28. c.ServerError("LoginSources", err)
  29. return
  30. }
  31. c.Data["Total"] = models.CountLoginSources()
  32. c.Success(AUTHS)
  33. }
  34. type dropdownItem struct {
  35. Name string
  36. Type interface{}
  37. }
  38. var (
  39. authSources = []dropdownItem{
  40. {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
  41. {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
  42. {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
  43. {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
  44. }
  45. securityProtocols = []dropdownItem{
  46. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
  47. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
  48. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
  49. }
  50. )
  51. func NewAuthSource(c *context.Context) {
  52. c.Title("admin.auths.new")
  53. c.PageIs("Admin")
  54. c.PageIs("AdminAuthentications")
  55. c.Data["type"] = models.LOGIN_LDAP
  56. c.Data["CurrentTypeName"] = models.LoginNames[models.LOGIN_LDAP]
  57. c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
  58. c.Data["smtp_auth"] = "PLAIN"
  59. c.Data["is_active"] = true
  60. c.Data["is_default"] = true
  61. c.Data["AuthSources"] = authSources
  62. c.Data["SecurityProtocols"] = securityProtocols
  63. c.Data["SMTPAuths"] = models.SMTPAuths
  64. c.Success(AUTH_NEW)
  65. }
  66. func parseLDAPConfig(f form.Authentication) *models.LDAPConfig {
  67. return &models.LDAPConfig{
  68. Source: &ldap.Source{
  69. Host: f.Host,
  70. Port: f.Port,
  71. SecurityProtocol: ldap.SecurityProtocol(f.SecurityProtocol),
  72. SkipVerify: f.SkipVerify,
  73. BindDN: f.BindDN,
  74. UserDN: f.UserDN,
  75. BindPassword: f.BindPassword,
  76. UserBase: f.UserBase,
  77. AttributeUsername: f.AttributeUsername,
  78. AttributeName: f.AttributeName,
  79. AttributeSurname: f.AttributeSurname,
  80. AttributeMail: f.AttributeMail,
  81. AttributesInBind: f.AttributesInBind,
  82. Filter: f.Filter,
  83. GroupEnabled: f.GroupEnabled,
  84. GroupDN: f.GroupDN,
  85. GroupFilter: f.GroupFilter,
  86. GroupMemberUID: f.GroupMemberUID,
  87. UserUID: f.UserUID,
  88. AdminFilter: f.AdminFilter,
  89. },
  90. }
  91. }
  92. func parseSMTPConfig(f form.Authentication) *models.SMTPConfig {
  93. return &models.SMTPConfig{
  94. Auth: f.SMTPAuth,
  95. Host: f.SMTPHost,
  96. Port: f.SMTPPort,
  97. AllowedDomains: f.AllowedDomains,
  98. TLS: f.TLS,
  99. SkipVerify: f.SkipVerify,
  100. }
  101. }
  102. func NewAuthSourcePost(c *context.Context, f form.Authentication) {
  103. c.Title("admin.auths.new")
  104. c.PageIs("Admin")
  105. c.PageIs("AdminAuthentications")
  106. c.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(f.Type)]
  107. c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(f.SecurityProtocol)]
  108. c.Data["AuthSources"] = authSources
  109. c.Data["SecurityProtocols"] = securityProtocols
  110. c.Data["SMTPAuths"] = models.SMTPAuths
  111. hasTLS := false
  112. var config core.Conversion
  113. switch models.LoginType(f.Type) {
  114. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  115. config = parseLDAPConfig(f)
  116. hasTLS = ldap.SecurityProtocol(f.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
  117. case models.LOGIN_SMTP:
  118. config = parseSMTPConfig(f)
  119. hasTLS = true
  120. case models.LOGIN_PAM:
  121. config = &models.PAMConfig{
  122. ServiceName: f.PAMServiceName,
  123. }
  124. default:
  125. c.Error(400)
  126. return
  127. }
  128. c.Data["HasTLS"] = hasTLS
  129. if c.HasError() {
  130. c.Success(AUTH_NEW)
  131. return
  132. }
  133. if err := models.CreateLoginSource(&models.LoginSource{
  134. Type: models.LoginType(f.Type),
  135. Name: f.Name,
  136. IsActived: f.IsActive,
  137. IsDefault: f.IsDefault,
  138. Cfg: config,
  139. }); err != nil {
  140. if models.IsErrLoginSourceAlreadyExist(err) {
  141. c.Data["Err_Name"] = true
  142. c.RenderWithErr(c.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f)
  143. } else {
  144. c.ServerError("CreateSource", err)
  145. }
  146. return
  147. }
  148. log.Trace("Authentication created by admin(%s): %s", c.User.Name, f.Name)
  149. c.Flash.Success(c.Tr("admin.auths.new_success", f.Name))
  150. c.Redirect(setting.AppSubURL + "/admin/auths")
  151. }
  152. func EditAuthSource(c *context.Context) {
  153. c.Title("admin.auths.edit")
  154. c.PageIs("Admin")
  155. c.PageIs("AdminAuthentications")
  156. c.Data["SecurityProtocols"] = securityProtocols
  157. c.Data["SMTPAuths"] = models.SMTPAuths
  158. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  159. if err != nil {
  160. c.ServerError("GetLoginSourceByID", err)
  161. return
  162. }
  163. c.Data["Source"] = source
  164. c.Data["HasTLS"] = source.HasTLS()
  165. c.Success(AUTH_EDIT)
  166. }
  167. func EditAuthSourcePost(c *context.Context, f form.Authentication) {
  168. c.Title("admin.auths.edit")
  169. c.PageIs("Admin")
  170. c.PageIs("AdminAuthentications")
  171. c.Data["SMTPAuths"] = models.SMTPAuths
  172. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  173. if err != nil {
  174. c.ServerError("GetLoginSourceByID", err)
  175. return
  176. }
  177. c.Data["Source"] = source
  178. c.Data["HasTLS"] = source.HasTLS()
  179. if c.HasError() {
  180. c.Success(AUTH_EDIT)
  181. return
  182. }
  183. var config core.Conversion
  184. switch models.LoginType(f.Type) {
  185. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  186. config = parseLDAPConfig(f)
  187. case models.LOGIN_SMTP:
  188. config = parseSMTPConfig(f)
  189. case models.LOGIN_PAM:
  190. config = &models.PAMConfig{
  191. ServiceName: f.PAMServiceName,
  192. }
  193. default:
  194. c.Error(400)
  195. return
  196. }
  197. source.Name = f.Name
  198. source.IsActived = f.IsActive
  199. source.IsDefault = f.IsDefault
  200. source.Cfg = config
  201. if err := models.UpdateLoginSource(source); err != nil {
  202. c.ServerError("UpdateLoginSource", err)
  203. return
  204. }
  205. log.Trace("Authentication changed by admin '%s': %d", c.User.Name, source.ID)
  206. c.Flash.Success(c.Tr("admin.auths.update_success"))
  207. c.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(f.ID))
  208. }
  209. func DeleteAuthSource(c *context.Context) {
  210. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  211. if err != nil {
  212. c.ServerError("GetLoginSourceByID", err)
  213. return
  214. }
  215. if err = models.DeleteSource(source); err != nil {
  216. if models.IsErrLoginSourceInUse(err) {
  217. c.Flash.Error(c.Tr("admin.auths.still_in_used"))
  218. } else {
  219. c.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  220. }
  221. c.JSONSuccess(map[string]interface{}{
  222. "redirect": setting.AppSubURL + "/admin/auths/" + c.Params(":authid"),
  223. })
  224. return
  225. }
  226. log.Trace("Authentication deleted by admin(%s): %d", c.User.Name, source.ID)
  227. c.Flash.Success(c.Tr("admin.auths.deletion_success"))
  228. c.JSONSuccess(map[string]interface{}{
  229. "redirect": setting.AppSubURL + "/admin/auths",
  230. })
  231. }