auths.go 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "github.com/Unknwon/com"
  8. "github.com/go-xorm/core"
  9. log "gopkg.in/clog.v1"
  10. "github.com/gogs/gogs/models"
  11. "github.com/gogs/gogs/pkg/auth/ldap"
  12. "github.com/gogs/gogs/pkg/context"
  13. "github.com/gogs/gogs/pkg/form"
  14. "github.com/gogs/gogs/pkg/setting"
  15. )
  16. const (
  17. AUTHS = "admin/auth/list"
  18. AUTH_NEW = "admin/auth/new"
  19. AUTH_EDIT = "admin/auth/edit"
  20. )
  21. func Authentications(c *context.Context) {
  22. c.Title("admin.authentication")
  23. c.PageIs("Admin")
  24. c.PageIs("AdminAuthentications")
  25. var err error
  26. c.Data["Sources"], err = models.LoginSources()
  27. if err != nil {
  28. c.ServerError("LoginSources", err)
  29. return
  30. }
  31. c.Data["Total"] = models.CountLoginSources()
  32. c.Success(AUTHS)
  33. }
  34. type dropdownItem struct {
  35. Name string
  36. Type interface{}
  37. }
  38. var (
  39. authSources = []dropdownItem{
  40. {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
  41. {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
  42. {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
  43. {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
  44. }
  45. securityProtocols = []dropdownItem{
  46. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
  47. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
  48. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
  49. }
  50. )
  51. func NewAuthSource(c *context.Context) {
  52. c.Title("admin.auths.new")
  53. c.PageIs("Admin")
  54. c.PageIs("AdminAuthentications")
  55. c.Data["type"] = models.LOGIN_LDAP
  56. c.Data["CurrentTypeName"] = models.LoginNames[models.LOGIN_LDAP]
  57. c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
  58. c.Data["smtp_auth"] = "PLAIN"
  59. c.Data["is_active"] = true
  60. c.Data["AuthSources"] = authSources
  61. c.Data["SecurityProtocols"] = securityProtocols
  62. c.Data["SMTPAuths"] = models.SMTPAuths
  63. c.Success(AUTH_NEW)
  64. }
  65. func parseLDAPConfig(f form.Authentication) *models.LDAPConfig {
  66. return &models.LDAPConfig{
  67. Source: &ldap.Source{
  68. Host: f.Host,
  69. Port: f.Port,
  70. SecurityProtocol: ldap.SecurityProtocol(f.SecurityProtocol),
  71. SkipVerify: f.SkipVerify,
  72. BindDN: f.BindDN,
  73. UserDN: f.UserDN,
  74. BindPassword: f.BindPassword,
  75. UserBase: f.UserBase,
  76. AttributeUsername: f.AttributeUsername,
  77. AttributeName: f.AttributeName,
  78. AttributeSurname: f.AttributeSurname,
  79. AttributeMail: f.AttributeMail,
  80. AttributesInBind: f.AttributesInBind,
  81. Filter: f.Filter,
  82. GroupEnabled: f.GroupEnabled,
  83. GroupDN: f.GroupDN,
  84. GroupFilter: f.GroupFilter,
  85. GroupMemberUID: f.GroupMemberUID,
  86. UserUID: f.UserUID,
  87. AdminFilter: f.AdminFilter,
  88. },
  89. }
  90. }
  91. func parseSMTPConfig(f form.Authentication) *models.SMTPConfig {
  92. return &models.SMTPConfig{
  93. Auth: f.SMTPAuth,
  94. Host: f.SMTPHost,
  95. Port: f.SMTPPort,
  96. AllowedDomains: f.AllowedDomains,
  97. TLS: f.TLS,
  98. SkipVerify: f.SkipVerify,
  99. }
  100. }
  101. func NewAuthSourcePost(c *context.Context, f form.Authentication) {
  102. c.Title("admin.auths.new")
  103. c.PageIs("Admin")
  104. c.PageIs("AdminAuthentications")
  105. c.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(f.Type)]
  106. c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(f.SecurityProtocol)]
  107. c.Data["AuthSources"] = authSources
  108. c.Data["SecurityProtocols"] = securityProtocols
  109. c.Data["SMTPAuths"] = models.SMTPAuths
  110. hasTLS := false
  111. var config core.Conversion
  112. switch models.LoginType(f.Type) {
  113. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  114. config = parseLDAPConfig(f)
  115. hasTLS = ldap.SecurityProtocol(f.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
  116. case models.LOGIN_SMTP:
  117. config = parseSMTPConfig(f)
  118. hasTLS = true
  119. case models.LOGIN_PAM:
  120. config = &models.PAMConfig{
  121. ServiceName: f.PAMServiceName,
  122. }
  123. default:
  124. c.Error(400)
  125. return
  126. }
  127. c.Data["HasTLS"] = hasTLS
  128. if c.HasError() {
  129. c.Success(AUTH_NEW)
  130. return
  131. }
  132. if err := models.CreateLoginSource(&models.LoginSource{
  133. Type: models.LoginType(f.Type),
  134. Name: f.Name,
  135. IsActived: f.IsActive,
  136. Cfg: config,
  137. }); err != nil {
  138. if models.IsErrLoginSourceAlreadyExist(err) {
  139. c.Data["Err_Name"] = true
  140. c.RenderWithErr(c.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f)
  141. } else {
  142. c.ServerError("CreateSource", err)
  143. }
  144. return
  145. }
  146. log.Trace("Authentication created by admin(%s): %s", c.User.Name, f.Name)
  147. c.Flash.Success(c.Tr("admin.auths.new_success", f.Name))
  148. c.Redirect(setting.AppSubURL + "/admin/auths")
  149. }
  150. func EditAuthSource(c *context.Context) {
  151. c.Title("admin.auths.edit")
  152. c.PageIs("Admin")
  153. c.PageIs("AdminAuthentications")
  154. c.Data["SecurityProtocols"] = securityProtocols
  155. c.Data["SMTPAuths"] = models.SMTPAuths
  156. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  157. if err != nil {
  158. c.ServerError("GetLoginSourceByID", err)
  159. return
  160. }
  161. c.Data["Source"] = source
  162. c.Data["HasTLS"] = source.HasTLS()
  163. c.Success(AUTH_EDIT)
  164. }
  165. func EditAuthSourcePost(c *context.Context, f form.Authentication) {
  166. c.Title("admin.auths.edit")
  167. c.PageIs("Admin")
  168. c.PageIs("AdminAuthentications")
  169. c.Data["SMTPAuths"] = models.SMTPAuths
  170. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  171. if err != nil {
  172. c.ServerError("GetLoginSourceByID", err)
  173. return
  174. }
  175. c.Data["Source"] = source
  176. c.Data["HasTLS"] = source.HasTLS()
  177. if c.HasError() {
  178. c.Success(AUTH_EDIT)
  179. return
  180. }
  181. var config core.Conversion
  182. switch models.LoginType(f.Type) {
  183. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  184. config = parseLDAPConfig(f)
  185. case models.LOGIN_SMTP:
  186. config = parseSMTPConfig(f)
  187. case models.LOGIN_PAM:
  188. config = &models.PAMConfig{
  189. ServiceName: f.PAMServiceName,
  190. }
  191. default:
  192. c.Error(400)
  193. return
  194. }
  195. source.Name = f.Name
  196. source.IsActived = f.IsActive
  197. source.Cfg = config
  198. if err := models.UpdateLoginSource(source); err != nil {
  199. c.ServerError("UpdateLoginSource", err)
  200. return
  201. }
  202. log.Trace("Authentication changed by admin '%s': %d", c.User.Name, source.ID)
  203. c.Flash.Success(c.Tr("admin.auths.update_success"))
  204. c.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(f.ID))
  205. }
  206. func DeleteAuthSource(c *context.Context) {
  207. source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
  208. if err != nil {
  209. c.ServerError("GetLoginSourceByID", err)
  210. return
  211. }
  212. if err = models.DeleteSource(source); err != nil {
  213. if models.IsErrLoginSourceInUse(err) {
  214. c.Flash.Error(c.Tr("admin.auths.still_in_used"))
  215. } else {
  216. c.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  217. }
  218. c.JSONSuccess(map[string]interface{}{
  219. "redirect": setting.AppSubURL + "/admin/auths/" + c.Params(":authid"),
  220. })
  221. return
  222. }
  223. log.Trace("Authentication deleted by admin(%s): %d", c.User.Name, source.ID)
  224. c.Flash.Success(c.Tr("admin.auths.deletion_success"))
  225. c.JSONSuccess(map[string]interface{}{
  226. "redirect": setting.AppSubURL + "/admin/auths",
  227. })
  228. }