wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
3769 Commits
197 Branches
346 MB
572 Download
Tree: ad513a20e9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ad513a20e9'
${ noResults }
aiforge/models/login.go

login.go 13 kB
Raw Normal View History

Add tar.gz download button and other mirror updates
11 years ago
fix code
11 years ago
add login.go
11 years ago
ldap support
11 years ago
Make gmail auth work
11 years ago
ldap support
11 years ago
basic authentications
11 years ago
add smtp authentication
11 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
10 years ago
merge all login methods
11 years ago
ldap support
11 years ago
add login.go
11 years ago
finish new edit auth UI
10 years ago
ldap support
11 years ago
basic authentications
11 years ago
fix code
11 years ago
ldap support
11 years ago
Add PAM authentication
10 years ago
bug fixed #193
11 years ago
ldap support
11 years ago
add login.go
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
minor fix on #1581
10 years ago
basic authentications
11 years ago
#1938 #1374 disable password change for non-local users
10 years ago
Minor fix for #2634 Add AttributesInBind option in new auth source form.
9 years ago
basic authentications
11 years ago
finish new add auth UI
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
Minor fix for #2634 Add AttributesInBind option in new auth source form.
9 years ago
#1938 #1374 disable password change for non-local users
10 years ago
basic authentications
11 years ago
add login.go
11 years ago
Fix spelling errors in comments.
11 years ago
Fix edit auth page bug
11 years ago
Add PAM authentication
10 years ago
Fix edit auth page bug
11 years ago
add login.go
11 years ago
#1637 able to skip verify for LDAP
10 years ago
add login.go
11 years ago
#1637 able to skip verify for LDAP
10 years ago
add login.go
11 years ago
#1637 able to skip verify for LDAP
10 years ago
add login.go
11 years ago
add smtp authentication
11 years ago
#1620 add allowed domains for SMTP auth
10 years ago
add smtp authentication
11 years ago
Add PAM authentication
10 years ago
add login.go
11 years ago
#1625 remove auto_register and makes it default
10 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
ldap support
11 years ago
#2349 try to handle []int8 case
10 years ago
#2349 fix convert type
10 years ago
#2349 try to handle []int8 case
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
#2349 try to handle []int8 case
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
finish new edit auth UI
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
finish new add auth UI
10 years ago
basic authentications
11 years ago
finish new edit auth UI
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
finish new edit auth UI
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
finish new edit auth UI
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
finish new edit auth UI
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
finish new edit auth UI
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
finish new edit auth UI
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
finish new edit auth UI
10 years ago
#1637 able to skip verify for LDAP
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1637 able to skip verify for LDAP
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1637 able to skip verify for LDAP
10 years ago
basic authentications
11 years ago
add smtp authentication
11 years ago
Add PAM authentication
10 years ago
more minor fix on 1581
10 years ago
Add tar.gz download button and other mirror updates
11 years ago
Fix #165
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
#697 disable captcha and new admin create user UI
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
ldap support
11 years ago
APIs: admin users
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
basic authentications
11 years ago
Fix #165
11 years ago
basic authentications
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
APIs: admin users
10 years ago
basic authentications
11 years ago
add support for smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
ldap support
11 years ago
finish new edit auth UI
10 years ago
basic authentications
11 years ago
finish new edit auth UI
10 years ago
basic authentications
11 years ago
finish new edit auth UI
10 years ago
ldap support
11 years ago
add login.go
11 years ago
merge all login methods
11 years ago
#1625 remove auto_register and makes it default
10 years ago
merge all login methods
11 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
minor fix on #1694
10 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
Added LDAP simple auth support.
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
merge all login methods
11 years ago
work on #672
11 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
merge all login methods
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
merge all login methods
11 years ago
New UI merge in progress
11 years ago
merge all login methods
11 years ago
work on #672
11 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
work on #672
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
work on #672
11 years ago
New UI merge in progress
11 years ago
#1124 lower_name of LDAP user not assigned
10 years ago
work on #672
11 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
Added LDAP simple auth support.
10 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
merge all login methods
11 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
work on #672
11 years ago
merge all login methods
11 years ago
work on #672
11 years ago
merge all login methods
11 years ago
add smtp authentication
11 years ago
LDAP: Optional user name attribute specification Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
10 years ago
#1625 remove auto_register and makes it default
10 years ago
add smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
add support for smtp authentication
11 years ago
add smtp authentication
11 years ago
finish new add auth UI
10 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
add smtp authentication
11 years ago
Make gmail auth work
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
smtp login bug fixed
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
smtp login bug fixed
11 years ago
Clean old LDAP code
11 years ago
add smtp authentication
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
add smtp authentication
11 years ago
Fix spelling errors in comments.
11 years ago
add smtp authentication
11 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1620 add allowed domains for SMTP auth
10 years ago
add smtp authentication
11 years ago
add support for smtp authentication
11 years ago
add smtp authentication
11 years ago
add support for smtp authentication
11 years ago
add smtp authentication
11 years ago
smtp login bug fixed
11 years ago
Make gmail auth work
11 years ago
add smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
10 years ago
#2152 fix SMTP authentication makes invalid assumption on protocol
10 years ago
#1620 add allowed domains for SMTP auth
10 years ago
Make gmail auth work
11 years ago
add smtp authentication
11 years ago
New UI merge in progress
11 years ago
add smtp authentication
11 years ago
smtp login bug fixed
11 years ago
add smtp authentication
11 years ago
New UI merge in progress
11 years ago
smtp login bug fixed
11 years ago
#1938 #1374 disable password change for non-local users
10 years ago
add smtp authentication
11 years ago
New UI merge in progress
11 years ago
add smtp authentication
11 years ago
Add PAM authentication
10 years ago
#1625 remove auto_register and makes it default
10 years ago
Add PAM authentication
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
Add PAM authentication
10 years ago
#1635 PAM return error bug
10 years ago
Add PAM authentication
10 years ago
some fix to #2026
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
Add PAM authentication
10 years ago
some fix to #2026
10 years ago
Add PAM authentication
10 years ago
#1625 remove auto_register and makes it default
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1625 remove auto_register and makes it default
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1625 remove auto_register and makes it default
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1625 remove auto_register and makes it default
10 years ago
some fix to #2026
10 years ago
#1625 remove auto_register and makes it default
10 years ago
#1938 #1374 disable password change for non-local users
10 years ago
#1625 remove auto_register and makes it default
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"encoding/json"

  10. 	"errors"

  11. 	"fmt"

  12. 	"net/smtp"

  13. 	"net/textproto"

  14. 	"strings"

  15. 	"time"

  16. 

  17. 	"github.com/Unknwon/com"

  18. 	"github.com/go-xorm/core"

  19. 	"github.com/go-xorm/xorm"

  20. 

  21. 	"github.com/gogits/gogs/modules/auth/ldap"

  22. 	"github.com/gogits/gogs/modules/auth/pam"

  23. 	"github.com/gogits/gogs/modules/log"

  24. )

  25. 

  26. type LoginType int

  27. 

  28. // Note: new type must be added at the end of list to maintain compatibility.

  29. const (

  30. 	LOGIN_NOTYPE LoginType = iota

  31. 	LOGIN_PLAIN            // 1

  32. 	LOGIN_LDAP             // 2

  33. 	LOGIN_SMTP             // 3

  34. 	LOGIN_PAM              // 4

  35. 	LOGIN_DLDAP            // 5

  36. )

  37. 

  38. var (

  39. 	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")

  40. 	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")

  41. )

  42. 

  43. var LoginNames = map[LoginType]string{

  44. 	LOGIN_LDAP:  "LDAP (via BindDN)",

  45. 	LOGIN_DLDAP: "LDAP (simple auth)", // Via direct bind

  46. 	LOGIN_SMTP:  "SMTP",

  47. 	LOGIN_PAM:   "PAM",

  48. }

  49. 

  50. // Ensure structs implemented interface.

  51. var (

  52. 	_ core.Conversion = &LDAPConfig{}

  53. 	_ core.Conversion = &SMTPConfig{}

  54. 	_ core.Conversion = &PAMConfig{}

  55. )

  56. 

  57. type LDAPConfig struct {

  58. 	*ldap.Source

  59. }

  60. 

  61. func (cfg *LDAPConfig) FromDB(bs []byte) error {

  62. 	return json.Unmarshal(bs, &cfg)

  63. }

  64. 

  65. func (cfg *LDAPConfig) ToDB() ([]byte, error) {

  66. 	return json.Marshal(cfg)

  67. }

  68. 

  69. type SMTPConfig struct {

  70. 	Auth           string

  71. 	Host           string

  72. 	Port           int

  73. 	AllowedDomains string `xorm:"TEXT"`

  74. 	TLS            bool

  75. 	SkipVerify     bool

  76. }

  77. 

  78. func (cfg *SMTPConfig) FromDB(bs []byte) error {

  79. 	return json.Unmarshal(bs, cfg)

  80. }

  81. 

  82. func (cfg *SMTPConfig) ToDB() ([]byte, error) {

  83. 	return json.Marshal(cfg)

  84. }

  85. 

  86. type PAMConfig struct {

  87. 	ServiceName string // pam service (e.g. system-auth)

  88. }

  89. 

  90. func (cfg *PAMConfig) FromDB(bs []byte) error {

  91. 	return json.Unmarshal(bs, &cfg)

  92. }

  93. 

  94. func (cfg *PAMConfig) ToDB() ([]byte, error) {

  95. 	return json.Marshal(cfg)

  96. }

  97. 

  98. type LoginSource struct {

  99. 	ID        int64 `xorm:"pk autoincr"`

  100. 	Type      LoginType

  101. 	Name      string          `xorm:"UNIQUE"`

  102. 	IsActived bool            `xorm:"NOT NULL DEFAULT false"`

  103. 	Cfg       core.Conversion `xorm:"TEXT"`

  104. 

  105. 	Created     time.Time `xorm:"-"`

  106. 	CreatedUnix int64

  107. 	Updated     time.Time `xorm:"-"`

  108. 	UpdatedUnix int64

  109. }

  110. 

  111. func (s *LoginSource) BeforeInsert() {

  112. 	s.CreatedUnix = time.Now().UTC().Unix()

  113. 	s.UpdatedUnix = s.CreatedUnix

  114. }

  115. 

  116. func (s *LoginSource) BeforeUpdate() {

  117. 	s.UpdatedUnix = time.Now().UTC().Unix()

  118. }

  119. 

  120. // Cell2Int64 converts a xorm.Cell type to int64,

  121. // and handles possible irregular cases.

  122. func Cell2Int64(val xorm.Cell) int64 {

  123. 	switch (*val).(type) {

  124. 	case []uint8:

  125. 		log.Trace("Cell2Int64 ([]uint8): %v", *val)

  126. 		return com.StrTo(string((*val).([]uint8))).MustInt64()

  127. 	}

  128. 	return (*val).(int64)

  129. }

  130. 

  131. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {

  132. 	switch colName {

  133. 	case "type":

  134. 		switch LoginType(Cell2Int64(val)) {

  135. 		case LOGIN_LDAP, LOGIN_DLDAP:

  136. 			source.Cfg = new(LDAPConfig)

  137. 		case LOGIN_SMTP:

  138. 			source.Cfg = new(SMTPConfig)

  139. 		case LOGIN_PAM:

  140. 			source.Cfg = new(PAMConfig)

  141. 		default:

  142. 			panic("unrecognized login source type: " + com.ToStr(*val))

  143. 		}

  144. 	}

  145. }

  146. 

  147. func (s *LoginSource) AfterSet(colName string, _ xorm.Cell) {

  148. 	switch colName {

  149. 	case "created_unix":

  150. 		s.Created = time.Unix(s.CreatedUnix, 0).Local()

  151. 	case "updated_unix":

  152. 		s.Updated = time.Unix(s.UpdatedUnix, 0).Local()

  153. 	}

  154. }

  155. 

  156. func (source *LoginSource) TypeName() string {

  157. 	return LoginNames[source.Type]

  158. }

  159. 

  160. func (source *LoginSource) IsLDAP() bool {

  161. 	return source.Type == LOGIN_LDAP

  162. }

  163. 

  164. func (source *LoginSource) IsDLDAP() bool {

  165. 	return source.Type == LOGIN_DLDAP

  166. }

  167. 

  168. func (source *LoginSource) IsSMTP() bool {

  169. 	return source.Type == LOGIN_SMTP

  170. }

  171. 

  172. func (source *LoginSource) IsPAM() bool {

  173. 	return source.Type == LOGIN_PAM

  174. }

  175. 

  176. func (source *LoginSource) UseTLS() bool {

  177. 	switch source.Type {

  178. 	case LOGIN_LDAP, LOGIN_DLDAP:

  179. 		return source.LDAP().UseSSL

  180. 	case LOGIN_SMTP:

  181. 		return source.SMTP().TLS

  182. 	}

  183. 

  184. 	return false

  185. }

  186. 

  187. func (source *LoginSource) SkipVerify() bool {

  188. 	switch source.Type {

  189. 	case LOGIN_LDAP, LOGIN_DLDAP:

  190. 		return source.LDAP().SkipVerify

  191. 	case LOGIN_SMTP:

  192. 		return source.SMTP().SkipVerify

  193. 	}

  194. 

  195. 	return false

  196. }

  197. 

  198. func (source *LoginSource) LDAP() *LDAPConfig {

  199. 	return source.Cfg.(*LDAPConfig)

  200. }

  201. 

  202. func (source *LoginSource) SMTP() *SMTPConfig {

  203. 	return source.Cfg.(*SMTPConfig)

  204. }

  205. 

  206. func (source *LoginSource) PAM() *PAMConfig {

  207. 	return source.Cfg.(*PAMConfig)

  208. }

  209. 

  210. // CountLoginSources returns number of login sources.

  211. func CountLoginSources() int64 {

  212. 	count, _ := x.Count(new(LoginSource))

  213. 	return count

  214. }

  215. 

  216. func CreateSource(source *LoginSource) error {

  217. 	_, err := x.Insert(source)

  218. 	return err

  219. }

  220. 

  221. func LoginSources() ([]*LoginSource, error) {

  222. 	auths := make([]*LoginSource, 0, 5)

  223. 	return auths, x.Find(&auths)

  224. }

  225. 

  226. // GetLoginSourceByID returns login source by given ID.

  227. func GetLoginSourceByID(id int64) (*LoginSource, error) {

  228. 	source := new(LoginSource)

  229. 	has, err := x.Id(id).Get(source)

  230. 	if err != nil {

  231. 		return nil, err

  232. 	} else if !has {

  233. 		return nil, ErrAuthenticationNotExist{id}

  234. 	}

  235. 	return source, nil

  236. }

  237. 

  238. func UpdateSource(source *LoginSource) error {

  239. 	_, err := x.Id(source.ID).AllCols().Update(source)

  240. 	return err

  241. }

  242. 

  243. func DeleteSource(source *LoginSource) error {

  244. 	count, err := x.Count(&User{LoginSource: source.ID})

  245. 	if err != nil {

  246. 		return err

  247. 	} else if count > 0 {

  248. 		return ErrAuthenticationUserUsed

  249. 	}

  250. 	_, err = x.Id(source.ID).Delete(new(LoginSource))

  251. 	return err

  252. }

  253. 

  254. // .____     ________      _____ __________

  255. // |    |    \______ \    /  _  \\______   \

  256. // |    |     |    |  \  /  /_\  \|     ___/

  257. // |    |___  |    `   \/    |    \    |

  258. // |_______ \/_______  /\____|__  /____|

  259. //         \/        \/         \/

  260. 

  261. // LoginUserLDAPSource queries if loginName/passwd can login against the LDAP directory pool,

  262. // and create a local user if success when enabled.

  263. // It returns the same LoginUserPlain semantic.

  264. func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {

  265. 	cfg := source.Cfg.(*LDAPConfig)

  266. 	directBind := (source.Type == LOGIN_DLDAP)

  267. 	name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)

  268. 	if !logged {

  269. 		// User not in LDAP, do nothing

  270. 		return nil, ErrUserNotExist{0, loginName}

  271. 	}

  272. 

  273. 	if !autoRegister {

  274. 		return u, nil

  275. 	}

  276. 

  277. 	// Fallback.

  278. 	if len(name) == 0 {

  279. 		name = loginName

  280. 	}

  281. 	if len(mail) == 0 {

  282. 		mail = fmt.Sprintf("%s@localhost", name)

  283. 	}

  284. 

  285. 	u = &User{

  286. 		LowerName:   strings.ToLower(name),

  287. 		Name:        name,

  288. 		FullName:    composeFullName(fn, sn, name),

  289. 		LoginType:   source.Type,

  290. 		LoginSource: source.ID,

  291. 		LoginName:   loginName,

  292. 		Email:       mail,

  293. 		IsAdmin:     admin,

  294. 		IsActive:    true,

  295. 	}

  296. 	return u, CreateUser(u)

  297. }

  298. 

  299. func composeFullName(firstName, surename, userName string) string {

  300. 	switch {

  301. 	case len(firstName) == 0 && len(surename) == 0:

  302. 		return userName

  303. 	case len(firstName) == 0:

  304. 		return surename

  305. 	case len(surename) == 0:

  306. 		return firstName

  307. 	default:

  308. 		return firstName + " " + surename

  309. 	}

  310. }

  311. 

  312. //   _________   __________________________

  313. //  /   _____/  /     \__    ___/\______   \

  314. //  \_____  \  /  \ /  \|    |    |     ___/

  315. //  /        \/    Y    \    |    |    |

  316. // /_______  /\____|__  /____|    |____|

  317. //         \/         \/

  318. 

  319. type loginAuth struct {

  320. 	username, password string

  321. }

  322. 

  323. func LoginAuth(username, password string) smtp.Auth {

  324. 	return &loginAuth{username, password}

  325. }

  326. 

  327. func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {

  328. 	return "LOGIN", []byte(a.username), nil

  329. }

  330. 

  331. func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {

  332. 	if more {

  333. 		switch string(fromServer) {

  334. 		case "Username:":

  335. 			return []byte(a.username), nil

  336. 		case "Password:":

  337. 			return []byte(a.password), nil

  338. 		}

  339. 	}

  340. 	return nil, nil

  341. }

  342. 

  343. const (

  344. 	SMTP_PLAIN = "PLAIN"

  345. 	SMTP_LOGIN = "LOGIN"

  346. )

  347. 

  348. var SMTPAuths = []string{SMTP_PLAIN, SMTP_LOGIN}

  349. 

  350. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {

  351. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))

  352. 	if err != nil {

  353. 		return err

  354. 	}

  355. 	defer c.Close()

  356. 

  357. 	if err = c.Hello("gogs"); err != nil {

  358. 		return err

  359. 	}

  360. 

  361. 	if cfg.TLS {

  362. 		if ok, _ := c.Extension("STARTTLS"); ok {

  363. 			if err = c.StartTLS(&tls.Config{

  364. 				InsecureSkipVerify: cfg.SkipVerify,

  365. 				ServerName:         cfg.Host,

  366. 			}); err != nil {

  367. 				return err

  368. 			}

  369. 		} else {

  370. 			return errors.New("SMTP server unsupports TLS")

  371. 		}

  372. 	}

  373. 

  374. 	if ok, _ := c.Extension("AUTH"); ok {

  375. 		if err = c.Auth(a); err != nil {

  376. 			return err

  377. 		}

  378. 		return nil

  379. 	}

  380. 	return ErrUnsupportedLoginType

  381. }

  382. 

  383. // Query if name/passwd can login against the LDAP directory pool

  384. // Create a local user if success

  385. // Return the same LoginUserPlain semantic

  386. func LoginUserSMTPSource(u *User, name, passwd string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {

  387. 	// Verify allowed domains.

  388. 	if len(cfg.AllowedDomains) > 0 {

  389. 		idx := strings.Index(name, "@")

  390. 		if idx == -1 {

  391. 			return nil, ErrUserNotExist{0, name}

  392. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), name[idx+1:]) {

  393. 			return nil, ErrUserNotExist{0, name}

  394. 		}

  395. 	}

  396. 

  397. 	var auth smtp.Auth

  398. 	if cfg.Auth == SMTP_PLAIN {

  399. 		auth = smtp.PlainAuth("", name, passwd, cfg.Host)

  400. 	} else if cfg.Auth == SMTP_LOGIN {

  401. 		auth = LoginAuth(name, passwd)

  402. 	} else {

  403. 		return nil, errors.New("Unsupported SMTP auth type")

  404. 	}

  405. 

  406. 	if err := SMTPAuth(auth, cfg); err != nil {

  407. 		// Check standard error format first,

  408. 		// then fallback to worse case.

  409. 		tperr, ok := err.(*textproto.Error)

  410. 		if (ok && tperr.Code == 535) ||

  411. 			strings.Contains(err.Error(), "Username and Password not accepted") {

  412. 			return nil, ErrUserNotExist{0, name}

  413. 		}

  414. 		return nil, err

  415. 	}

  416. 

  417. 	if !autoRegister {

  418. 		return u, nil

  419. 	}

  420. 

  421. 	var loginName = name

  422. 	idx := strings.Index(name, "@")

  423. 	if idx > -1 {

  424. 		loginName = name[:idx]

  425. 	}

  426. 	// fake a local user creation

  427. 	u = &User{

  428. 		LowerName:   strings.ToLower(loginName),

  429. 		Name:        strings.ToLower(loginName),

  430. 		LoginType:   LOGIN_SMTP,

  431. 		LoginSource: sourceID,

  432. 		LoginName:   name,

  433. 		IsActive:    true,

  434. 		Passwd:      passwd,

  435. 		Email:       name,

  436. 	}

  437. 	err := CreateUser(u)

  438. 	return u, err

  439. }

  440. 

  441. // __________  _____      _____

  442. // \______   \/  _  \    /     \

  443. //  |     ___/  /_\  \  /  \ /  \

  444. //  |    |  /    |    \/    Y    \

  445. //  |____|  \____|__  /\____|__  /

  446. //                  \/         \/

  447. 

  448. // Query if name/passwd can login against PAM

  449. // Create a local user if success

  450. // Return the same LoginUserPlain semantic

  451. func LoginUserPAMSource(u *User, name, passwd string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {

  452. 	if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {

  453. 		if strings.Contains(err.Error(), "Authentication failure") {

  454. 			return nil, ErrUserNotExist{0, name}

  455. 		}

  456. 		return nil, err

  457. 	}

  458. 

  459. 	if !autoRegister {

  460. 		return u, nil

  461. 	}

  462. 

  463. 	// fake a local user creation

  464. 	u = &User{

  465. 		LowerName:   strings.ToLower(name),

  466. 		Name:        name,

  467. 		LoginType:   LOGIN_PAM,

  468. 		LoginSource: sourceID,

  469. 		LoginName:   name,

  470. 		IsActive:    true,

  471. 		Passwd:      passwd,

  472. 		Email:       name,

  473. 	}

  474. 	return u, CreateUser(u)

  475. }

  476. 

  477. func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {

  478. 	if !source.IsActived {

  479. 		return nil, ErrLoginSourceNotActived

  480. 	}

  481. 

  482. 	switch source.Type {

  483. 	case LOGIN_LDAP, LOGIN_DLDAP:

  484. 		return LoginUserLDAPSource(u, name, passwd, source, autoRegister)

  485. 	case LOGIN_SMTP:

  486. 		return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)

  487. 	case LOGIN_PAM:

  488. 		return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)

  489. 	}

  490. 

  491. 	return nil, ErrUnsupportedLoginType

  492. }

  493. 

  494. // UserSignIn validates user name and password.

  495. func UserSignIn(uname, passwd string) (*User, error) {

  496. 	var u *User

  497. 	if strings.Contains(uname, "@") {

  498. 		u = &User{Email: strings.ToLower(uname)}

  499. 	} else {

  500. 		u = &User{LowerName: strings.ToLower(uname)}

  501. 	}

  502. 

  503. 	userExists, err := x.Get(u)

  504. 	if err != nil {

  505. 		return nil, err

  506. 	}

  507. 

  508. 	if userExists {

  509. 		switch u.LoginType {

  510. 		case LOGIN_NOTYPE, LOGIN_PLAIN:

  511. 			if u.ValidatePassword(passwd) {

  512. 				return u, nil

  513. 			}

  514. 

  515. 			return nil, ErrUserNotExist{u.Id, u.Name}

  516. 

  517. 		default:

  518. 			var source LoginSource

  519. 			hasSource, err := x.Id(u.LoginSource).Get(&source)

  520. 			if err != nil {

  521. 				return nil, err

  522. 			} else if !hasSource {

  523. 				return nil, ErrLoginSourceNotExist

  524. 			}

  525. 

  526. 			return ExternalUserLogin(u, u.LoginName, passwd, &source, false)

  527. 		}

  528. 	}

  529. 

  530. 	var sources []LoginSource

  531. 	if err = x.UseBool().Find(&sources, &LoginSource{IsActived: true}); err != nil {

  532. 		return nil, err

  533. 	}

  534. 

  535. 	for _, source := range sources {

  536. 		u, err := ExternalUserLogin(nil, uname, passwd, &source, true)

  537. 		if err == nil {

  538. 			return u, nil

  539. 		}

  540. 

  541. 		log.Warn("Failed to login '%s' via '%s': %v", uname, source.Name, err)

  542. 	}

  543. 

  544. 	return nil, ErrUserNotExist{u.Id, u.Name}

  545. }

No Description