mirror of
1
Fork 0
Commit Graph

54 Commits

Author SHA1 Message Date
Magnus Lindvall cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Lauris BH 501fb228e6
Add option to use paged LDAP search when synchronizing users (#3895) 2018-05-05 17:30:47 +03:00
Morgan Bazalgette 65861900cd Handle refactor (#3339)
* Replace all ctx.Handle with ctx.ServerError or ctx.NotFound

* Change Handle(403) to NotFound, avoid using macaron's NotFound
2018-01-10 23:34:17 +02:00
Lauris BH 524885dd65 LDAP user synchronization (#1478) 2017-05-10 15:10:18 +02:00
Willem van Dreumel 950f2e2074 Additional OAuth2 providers (#1010)
* add google+

* sort signin oauth2 providers based on the name so order is always the same

* update auth tip for google+

* add gitlab provider

* add bitbucket provider (and some go fmt)

* add twitter provider

* add facebook provider

* add dropbox provider

* add openid connect provider incl. new format of tips section in "Add New Source"

* lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow)

* imports according to goimport and code style

* make it possible to set custom urls to gitlab and github provider (only these could have a different host)

* split up oauth2 into multiple files

* small typo in comment

* fix indention

* fix indentation

* fix new line before external import

* fix layout of signin part

* update "broken" dependency
2017-05-01 21:26:53 +08:00
Willem van Dreumel 01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Alexander Lunegov d5d21b67d2 Fix string format verbs (#3637) 2016-12-22 08:18:41 +01:00
Lunny Xiao 94da472717 Golint fixed for modules/setting (#262)
* golint fixed for modules/setting

* typo fixed and renamed UNIXSOCKET to UnixSocket
2016-11-27 18:14:25 +08:00
Lunny Xiao 659bc2814c go lint fixed for routers/admin 2016-11-21 11:29:25 +08:00
Sandro Santilli 4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
Sandro Santilli 864d1b1f9f Fix type in unused constant name (#111)
* Write LDAP, SMTP, PAM, DLDAP back to all uppercase

* Fix type in unused constant name

* Other MixCased fixes

* Complete MixerCasing of template constants

* Re uppercase LTS and LDAPS suffixes

* Uppercase JSON suffix in constant names

* Proper case LoginNoType

* Prefix unexported template path constants with "tpl"
2016-11-07 18:58:22 -02:00
Sandro Santilli 05fd9d3f09 Security protocols 2016-11-07 17:38:43 +01:00
Sandro Santilli 7612b5ec40 More mixage 2016-11-07 17:37:28 +01:00
Sandro Santilli 60c82a8780 More... 2016-11-07 17:30:04 +01:00
Rémy Boulanouar 2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
Unknwon 152e715999 models/login_source: code improvement 2016-08-31 01:22:41 -07:00
Unknwon 99c2ae7b35 #3515 use alert instead 500 for duplicated login source name 2016-08-31 00:56:10 -07:00
Unknwon 401bf944ef Use SecurityProtocol to replace UseSSL in LDAP config
Initially proposed by #2376 and fixes #3068 as well.
2016-07-08 07:25:09 +08:00
Unknwon 514382e2eb Rename module: middleware -> context 2016-03-11 11:56:52 -05:00
Unknwon 045f14fbd0 #1146 finsih UI work for access mode of collaborators
Collaborators have write access as default, and can be changed via repository
collaboration settings page to change between read, write and admin.
2016-03-05 18:08:42 -05:00
Adam Strzelecki 834d92a47b LDAP: Fetch attributes in Bind DN context option
This is feature is workaround for #2628 (JumpCloud) and some other services
that allow LDAP search only under BindDN user account, but not allow any LDAP
search query in logged user DN context.

Such approach is an alternative to minimal permissions security pattern for
BindDN user.
2016-02-20 14:12:32 +01:00
Unknwon 3d5d61778a #1938 #1374 disable password change for non-local users 2015-12-10 19:02:57 -05:00
Adam Strzelecki 573305f3d3 LDAP: Optional user name attribute specification
Consider following LDAP search query example:

    (&(objectClass=Person)(|(uid=%s)(mail=%s)))

Right now on first login attempt Gogs will use the text supplied on login form
as the newly created user name. In example query above the text matches against
both e-mail or user name. So if user puts the e-mail then the new Gogs user
name will be e-mail which may be undesired.

Using optional user name attribute setting we can explicitly say we want Gogs
user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail
to login 1st time, the new account will receive correct user name.
2015-12-02 00:20:14 +01:00
Unknwon f5c7f22cc8 #1637 able to skip verify for LDAP 2015-09-14 15:48:51 -04:00
Unknwon 8e0a69f86a #697 disable captcha and new admin create user UI 2015-09-13 09:51:51 -04:00
Unknwon cd37fccdfb #1625 remove auto_register and makes it default 2015-09-12 20:58:51 -04:00
Unknwon 362d64df04 #1620 add allowed domains for SMTP auth 2015-09-11 13:32:33 -04:00
Unknwon 121a81a2c5 finish new edit auth UI 2015-09-11 12:03:08 -04:00
Unknwon 0617448282 finish new add auth UI 2015-09-10 17:11:41 -04:00
Unknwon fa728d8dff more minor fix on 1581 2015-09-10 15:45:03 -04:00
Sergio Benitez 2d1db4bf05 Added LDAP simple auth support. 2015-09-04 20:48:34 -07:00
Unknwon ea454c21f7 #1542 A way to skip TLS verify for SMTP authentication 2015-08-29 15:45:58 +08:00
Girish Ramakrishnan 24d7a86a8d Set IsAdmin using LDAP
The IsAdmin flag is set based on whether the admin filter
returned any result. The admin filter is applied with the user dn
as the search root.

In the future, we should update IsAdmin as well on each login.
Alternately, we can have a periodic sync operation.
2015-08-18 23:49:12 -07:00
Sergio Benitez 7d84d4a8f0 Significantly enhanced LDAP support in Gogs. 2015-08-12 17:01:22 -07:00
Paolo Borelli 182003aa41 Add PAM authentication 2015-04-24 10:13:01 +02:00
Unknwon 211596f407 #1124 LDAP add and edit form are misleading 2015-03-24 19:04:16 -04:00
Lauris BH 00653e52ee Get username, name, surname and e-mail from LDAP server 2015-02-08 01:49:51 +02:00
Unknwon 7ba9257a7f Add suburl support 2014-09-19 20:11:34 -04:00
Martin van Beurden 0055cbd365 Allow Gogs to run from a suburl behind a reverse proxy. e.g. http://mydomain.com/gogs/
Conflicts:
	modules/setting/setting.go

Conflicts:
	templates/repo/release/list.tmpl
	templates/user/dashboard/dashboard.tmpl

Conflicts:
	routers/repo/setting.go
2014-09-18 20:50:48 +02:00
Unknwon d2aff9a46a Continue working on new admin pages 2014-08-29 20:50:43 +08:00
Unknown 9924e65ca1 In progress of name template name constant 2014-06-22 13:14:03 -04:00
Unknown f160b4f33c Add tar.gz download button and other mirror updates 2014-06-08 17:53:53 -04:00
Unknown 4744996f9a Make gmail auth work 2014-05-15 14:46:04 -04:00
Lunny Xiao f4486f3eec bug fixed #193 2014-05-15 22:34:36 +08:00
Lunny Xiao 7869cfccb9 Merge pull request #192 from DerDackel/ldapssl
Add LDAP over SSL support
2014-05-15 20:52:05 +08:00
Sebastian Jackel eb264a112b Add LDAP over SSL support 2014-05-15 14:27:16 +02:00
Unknown f1130ce5e9 Fix edit auth page bug 2014-05-12 11:02:36 -04:00
Unknown 2c73ced0db Fix #173 2014-05-11 10:37:31 -04:00
Lunny Xiao f68e279150 spell bug fixed 2014-05-11 20:18:57 +08:00
Unknown c5dbc24ca4 UI fix 2014-05-11 07:43:57 -04:00