auths.go 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "github.com/Unknwon/com"
  8. "github.com/go-xorm/core"
  9. log "gopkg.in/clog.v1"
  10. "github.com/gogits/gogs/models"
  11. "github.com/gogits/gogs/modules/auth/ldap"
  12. "github.com/gogits/gogs/modules/base"
  13. "github.com/gogits/gogs/modules/context"
  14. "github.com/gogits/gogs/modules/form"
  15. "github.com/gogits/gogs/modules/setting"
  16. )
  17. const (
  18. AUTHS base.TplName = "admin/auth/list"
  19. AUTH_NEW base.TplName = "admin/auth/new"
  20. AUTH_EDIT base.TplName = "admin/auth/edit"
  21. )
  22. func Authentications(ctx *context.Context) {
  23. ctx.Data["Title"] = ctx.Tr("admin.authentication")
  24. ctx.Data["PageIsAdmin"] = true
  25. ctx.Data["PageIsAdminAuthentications"] = true
  26. var err error
  27. ctx.Data["Sources"], err = models.LoginSources()
  28. if err != nil {
  29. ctx.Handle(500, "LoginSources", err)
  30. return
  31. }
  32. ctx.Data["Total"] = models.CountLoginSources()
  33. ctx.HTML(200, AUTHS)
  34. }
  35. type dropdownItem struct {
  36. Name string
  37. Type interface{}
  38. }
  39. var (
  40. authSources = []dropdownItem{
  41. {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
  42. {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
  43. {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
  44. {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
  45. }
  46. securityProtocols = []dropdownItem{
  47. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
  48. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
  49. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
  50. }
  51. )
  52. func NewAuthSource(ctx *context.Context) {
  53. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  54. ctx.Data["PageIsAdmin"] = true
  55. ctx.Data["PageIsAdminAuthentications"] = true
  56. ctx.Data["type"] = models.LOGIN_LDAP
  57. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LOGIN_LDAP]
  58. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
  59. ctx.Data["smtp_auth"] = "PLAIN"
  60. ctx.Data["is_active"] = true
  61. ctx.Data["AuthSources"] = authSources
  62. ctx.Data["SecurityProtocols"] = securityProtocols
  63. ctx.Data["SMTPAuths"] = models.SMTPAuths
  64. ctx.HTML(200, AUTH_NEW)
  65. }
  66. func parseLDAPConfig(f form.Authentication) *models.LDAPConfig {
  67. return &models.LDAPConfig{
  68. Source: &ldap.Source{
  69. Name: f.Name,
  70. Host: f.Host,
  71. Port: f.Port,
  72. SecurityProtocol: ldap.SecurityProtocol(f.SecurityProtocol),
  73. SkipVerify: f.SkipVerify,
  74. BindDN: f.BindDN,
  75. UserDN: f.UserDN,
  76. BindPassword: f.BindPassword,
  77. UserBase: f.UserBase,
  78. AttributeUsername: f.AttributeUsername,
  79. AttributeName: f.AttributeName,
  80. AttributeSurname: f.AttributeSurname,
  81. AttributeMail: f.AttributeMail,
  82. AttributesInBind: f.AttributesInBind,
  83. Filter: f.Filter,
  84. AdminFilter: f.AdminFilter,
  85. Enabled: true,
  86. },
  87. }
  88. }
  89. func parseSMTPConfig(f form.Authentication) *models.SMTPConfig {
  90. return &models.SMTPConfig{
  91. Auth: f.SMTPAuth,
  92. Host: f.SMTPHost,
  93. Port: f.SMTPPort,
  94. AllowedDomains: f.AllowedDomains,
  95. TLS: f.TLS,
  96. SkipVerify: f.SkipVerify,
  97. }
  98. }
  99. func NewAuthSourcePost(ctx *context.Context, f form.Authentication) {
  100. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  101. ctx.Data["PageIsAdmin"] = true
  102. ctx.Data["PageIsAdminAuthentications"] = true
  103. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(f.Type)]
  104. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(f.SecurityProtocol)]
  105. ctx.Data["AuthSources"] = authSources
  106. ctx.Data["SecurityProtocols"] = securityProtocols
  107. ctx.Data["SMTPAuths"] = models.SMTPAuths
  108. hasTLS := false
  109. var config core.Conversion
  110. switch models.LoginType(f.Type) {
  111. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  112. config = parseLDAPConfig(f)
  113. hasTLS = ldap.SecurityProtocol(f.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
  114. case models.LOGIN_SMTP:
  115. config = parseSMTPConfig(f)
  116. hasTLS = true
  117. case models.LOGIN_PAM:
  118. config = &models.PAMConfig{
  119. ServiceName: f.PAMServiceName,
  120. }
  121. default:
  122. ctx.Error(400)
  123. return
  124. }
  125. ctx.Data["HasTLS"] = hasTLS
  126. if ctx.HasError() {
  127. ctx.HTML(200, AUTH_NEW)
  128. return
  129. }
  130. if err := models.CreateLoginSource(&models.LoginSource{
  131. Type: models.LoginType(f.Type),
  132. Name: f.Name,
  133. IsActived: f.IsActive,
  134. Cfg: config,
  135. }); err != nil {
  136. if models.IsErrLoginSourceAlreadyExist(err) {
  137. ctx.Data["Err_Name"] = true
  138. ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f)
  139. } else {
  140. ctx.Handle(500, "CreateSource", err)
  141. }
  142. return
  143. }
  144. log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, f.Name)
  145. ctx.Flash.Success(ctx.Tr("admin.auths.new_success", f.Name))
  146. ctx.Redirect(setting.AppSubUrl + "/admin/auths")
  147. }
  148. func EditAuthSource(ctx *context.Context) {
  149. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  150. ctx.Data["PageIsAdmin"] = true
  151. ctx.Data["PageIsAdminAuthentications"] = true
  152. ctx.Data["SecurityProtocols"] = securityProtocols
  153. ctx.Data["SMTPAuths"] = models.SMTPAuths
  154. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  155. if err != nil {
  156. ctx.Handle(500, "GetLoginSourceByID", err)
  157. return
  158. }
  159. ctx.Data["Source"] = source
  160. ctx.Data["HasTLS"] = source.HasTLS()
  161. ctx.HTML(200, AUTH_EDIT)
  162. }
  163. func EditAuthSourcePost(ctx *context.Context, f form.Authentication) {
  164. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  165. ctx.Data["PageIsAdmin"] = true
  166. ctx.Data["PageIsAdminAuthentications"] = true
  167. ctx.Data["SMTPAuths"] = models.SMTPAuths
  168. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  169. if err != nil {
  170. ctx.Handle(500, "GetLoginSourceByID", err)
  171. return
  172. }
  173. ctx.Data["Source"] = source
  174. ctx.Data["HasTLS"] = source.HasTLS()
  175. if ctx.HasError() {
  176. ctx.HTML(200, AUTH_EDIT)
  177. return
  178. }
  179. var config core.Conversion
  180. switch models.LoginType(f.Type) {
  181. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  182. config = parseLDAPConfig(f)
  183. case models.LOGIN_SMTP:
  184. config = parseSMTPConfig(f)
  185. case models.LOGIN_PAM:
  186. config = &models.PAMConfig{
  187. ServiceName: f.PAMServiceName,
  188. }
  189. default:
  190. ctx.Error(400)
  191. return
  192. }
  193. source.Name = f.Name
  194. source.IsActived = f.IsActive
  195. source.Cfg = config
  196. if err := models.UpdateSource(source); err != nil {
  197. ctx.Handle(500, "UpdateSource", err)
  198. return
  199. }
  200. log.Trace("Authentication changed by admin(%s): %d", ctx.User.Name, source.ID)
  201. ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
  202. ctx.Redirect(setting.AppSubUrl + "/admin/auths/" + com.ToStr(f.ID))
  203. }
  204. func DeleteAuthSource(ctx *context.Context) {
  205. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  206. if err != nil {
  207. ctx.Handle(500, "GetLoginSourceByID", err)
  208. return
  209. }
  210. if err = models.DeleteSource(source); err != nil {
  211. if models.IsErrLoginSourceInUse(err) {
  212. ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
  213. } else {
  214. ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  215. }
  216. ctx.JSON(200, map[string]interface{}{
  217. "redirect": setting.AppSubUrl + "/admin/auths/" + ctx.Params(":authid"),
  218. })
  219. return
  220. }
  221. log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
  222. ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
  223. ctx.JSON(200, map[string]interface{}{
  224. "redirect": setting.AppSubUrl + "/admin/auths",
  225. })
  226. }