auths.go 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package admin
  5. import (
  6. "fmt"
  7. "github.com/Unknwon/com"
  8. "github.com/go-xorm/core"
  9. log "gopkg.in/clog.v1"
  10. "github.com/gogits/gogs/models"
  11. "github.com/gogits/gogs/pkg/auth/ldap"
  12. "github.com/gogits/gogs/pkg/context"
  13. "github.com/gogits/gogs/pkg/form"
  14. "github.com/gogits/gogs/pkg/setting"
  15. )
  16. const (
  17. AUTHS = "admin/auth/list"
  18. AUTH_NEW = "admin/auth/new"
  19. AUTH_EDIT = "admin/auth/edit"
  20. )
  21. func Authentications(ctx *context.Context) {
  22. ctx.Data["Title"] = ctx.Tr("admin.authentication")
  23. ctx.Data["PageIsAdmin"] = true
  24. ctx.Data["PageIsAdminAuthentications"] = true
  25. var err error
  26. ctx.Data["Sources"], err = models.LoginSources()
  27. if err != nil {
  28. ctx.Handle(500, "LoginSources", err)
  29. return
  30. }
  31. ctx.Data["Total"] = models.CountLoginSources()
  32. ctx.HTML(200, AUTHS)
  33. }
  34. type dropdownItem struct {
  35. Name string
  36. Type interface{}
  37. }
  38. var (
  39. authSources = []dropdownItem{
  40. {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
  41. {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
  42. {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
  43. {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
  44. }
  45. securityProtocols = []dropdownItem{
  46. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
  47. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
  48. {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
  49. }
  50. )
  51. func NewAuthSource(ctx *context.Context) {
  52. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  53. ctx.Data["PageIsAdmin"] = true
  54. ctx.Data["PageIsAdminAuthentications"] = true
  55. ctx.Data["type"] = models.LOGIN_LDAP
  56. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LOGIN_LDAP]
  57. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
  58. ctx.Data["smtp_auth"] = "PLAIN"
  59. ctx.Data["is_active"] = true
  60. ctx.Data["AuthSources"] = authSources
  61. ctx.Data["SecurityProtocols"] = securityProtocols
  62. ctx.Data["SMTPAuths"] = models.SMTPAuths
  63. ctx.HTML(200, AUTH_NEW)
  64. }
  65. func parseLDAPConfig(f form.Authentication) *models.LDAPConfig {
  66. return &models.LDAPConfig{
  67. Source: &ldap.Source{
  68. Name: f.Name,
  69. Host: f.Host,
  70. Port: f.Port,
  71. SecurityProtocol: ldap.SecurityProtocol(f.SecurityProtocol),
  72. SkipVerify: f.SkipVerify,
  73. BindDN: f.BindDN,
  74. UserDN: f.UserDN,
  75. BindPassword: f.BindPassword,
  76. UserBase: f.UserBase,
  77. AttributeUsername: f.AttributeUsername,
  78. AttributeName: f.AttributeName,
  79. AttributeSurname: f.AttributeSurname,
  80. AttributeMail: f.AttributeMail,
  81. AttributesInBind: f.AttributesInBind,
  82. Filter: f.Filter,
  83. AdminFilter: f.AdminFilter,
  84. Enabled: true,
  85. },
  86. }
  87. }
  88. func parseSMTPConfig(f form.Authentication) *models.SMTPConfig {
  89. return &models.SMTPConfig{
  90. Auth: f.SMTPAuth,
  91. Host: f.SMTPHost,
  92. Port: f.SMTPPort,
  93. AllowedDomains: f.AllowedDomains,
  94. TLS: f.TLS,
  95. SkipVerify: f.SkipVerify,
  96. }
  97. }
  98. func NewAuthSourcePost(ctx *context.Context, f form.Authentication) {
  99. ctx.Data["Title"] = ctx.Tr("admin.auths.new")
  100. ctx.Data["PageIsAdmin"] = true
  101. ctx.Data["PageIsAdminAuthentications"] = true
  102. ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(f.Type)]
  103. ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(f.SecurityProtocol)]
  104. ctx.Data["AuthSources"] = authSources
  105. ctx.Data["SecurityProtocols"] = securityProtocols
  106. ctx.Data["SMTPAuths"] = models.SMTPAuths
  107. hasTLS := false
  108. var config core.Conversion
  109. switch models.LoginType(f.Type) {
  110. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  111. config = parseLDAPConfig(f)
  112. hasTLS = ldap.SecurityProtocol(f.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
  113. case models.LOGIN_SMTP:
  114. config = parseSMTPConfig(f)
  115. hasTLS = true
  116. case models.LOGIN_PAM:
  117. config = &models.PAMConfig{
  118. ServiceName: f.PAMServiceName,
  119. }
  120. default:
  121. ctx.Error(400)
  122. return
  123. }
  124. ctx.Data["HasTLS"] = hasTLS
  125. if ctx.HasError() {
  126. ctx.HTML(200, AUTH_NEW)
  127. return
  128. }
  129. if err := models.CreateLoginSource(&models.LoginSource{
  130. Type: models.LoginType(f.Type),
  131. Name: f.Name,
  132. IsActived: f.IsActive,
  133. Cfg: config,
  134. }); err != nil {
  135. if models.IsErrLoginSourceAlreadyExist(err) {
  136. ctx.Data["Err_Name"] = true
  137. ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f)
  138. } else {
  139. ctx.Handle(500, "CreateSource", err)
  140. }
  141. return
  142. }
  143. log.Trace("Authentication created by admin(%s): %s", ctx.User.Name, f.Name)
  144. ctx.Flash.Success(ctx.Tr("admin.auths.new_success", f.Name))
  145. ctx.Redirect(setting.AppSubURL + "/admin/auths")
  146. }
  147. func EditAuthSource(ctx *context.Context) {
  148. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  149. ctx.Data["PageIsAdmin"] = true
  150. ctx.Data["PageIsAdminAuthentications"] = true
  151. ctx.Data["SecurityProtocols"] = securityProtocols
  152. ctx.Data["SMTPAuths"] = models.SMTPAuths
  153. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  154. if err != nil {
  155. ctx.Handle(500, "GetLoginSourceByID", err)
  156. return
  157. }
  158. ctx.Data["Source"] = source
  159. ctx.Data["HasTLS"] = source.HasTLS()
  160. ctx.HTML(200, AUTH_EDIT)
  161. }
  162. func EditAuthSourcePost(ctx *context.Context, f form.Authentication) {
  163. ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
  164. ctx.Data["PageIsAdmin"] = true
  165. ctx.Data["PageIsAdminAuthentications"] = true
  166. ctx.Data["SMTPAuths"] = models.SMTPAuths
  167. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  168. if err != nil {
  169. ctx.Handle(500, "GetLoginSourceByID", err)
  170. return
  171. }
  172. ctx.Data["Source"] = source
  173. ctx.Data["HasTLS"] = source.HasTLS()
  174. if ctx.HasError() {
  175. ctx.HTML(200, AUTH_EDIT)
  176. return
  177. }
  178. var config core.Conversion
  179. switch models.LoginType(f.Type) {
  180. case models.LOGIN_LDAP, models.LOGIN_DLDAP:
  181. config = parseLDAPConfig(f)
  182. case models.LOGIN_SMTP:
  183. config = parseSMTPConfig(f)
  184. case models.LOGIN_PAM:
  185. config = &models.PAMConfig{
  186. ServiceName: f.PAMServiceName,
  187. }
  188. default:
  189. ctx.Error(400)
  190. return
  191. }
  192. source.Name = f.Name
  193. source.IsActived = f.IsActive
  194. source.Cfg = config
  195. if err := models.UpdateSource(source); err != nil {
  196. ctx.Handle(500, "UpdateSource", err)
  197. return
  198. }
  199. log.Trace("Authentication changed by admin(%s): %d", ctx.User.Name, source.ID)
  200. ctx.Flash.Success(ctx.Tr("admin.auths.update_success"))
  201. ctx.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(f.ID))
  202. }
  203. func DeleteAuthSource(ctx *context.Context) {
  204. source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  205. if err != nil {
  206. ctx.Handle(500, "GetLoginSourceByID", err)
  207. return
  208. }
  209. if err = models.DeleteSource(source); err != nil {
  210. if models.IsErrLoginSourceInUse(err) {
  211. ctx.Flash.Error(ctx.Tr("admin.auths.still_in_used"))
  212. } else {
  213. ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
  214. }
  215. ctx.JSON(200, map[string]interface{}{
  216. "redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),
  217. })
  218. return
  219. }
  220. log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
  221. ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
  222. ctx.JSON(200, map[string]interface{}{
  223. "redirect": setting.AppSubURL + "/admin/auths",
  224. })
  225. }