basic authentications

This commit is contained in:
Lunny Xiao 2014-05-05 16:40:25 +08:00
parent 79ea34e70e
commit 1652dd5068
13 changed files with 334 additions and 49 deletions

View File

@ -2,17 +2,31 @@ package models
import (
"encoding/json"
"errors"
"time"
"github.com/go-xorm/core"
"github.com/go-xorm/xorm"
"github.com/gogits/gogs/modules/auth/ldap"
)
/*const (
// Login types.
const (
LT_PLAIN = iota + 1
LT_LDAP
LT_SMTP
)*/
)
var (
ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")
ErrAuthenticationNotExist = errors.New("Authentication is not exist")
ErrAuthenticationUserUsed = errors.New("Authentication has been used by some users")
)
var LoginTypes = map[int]string{
LT_LDAP: "LDAP",
LT_SMTP: "SMTP",
}
var _ core.Conversion = &LDAPConfig{}
@ -32,19 +46,50 @@ func (cfg *LDAPConfig) ToDB() ([]byte, error) {
type LoginSource struct {
Id int64
Type int
Name string
IsActived bool
Name string `xorm:"unique"`
IsActived bool `xorm:"not null default false"`
Cfg core.Conversion `xorm:"TEXT"`
Created time.Time `xorm:"created"`
Updated time.Time `xorm:"updated"`
}
func (source *LoginSource) TypeString() string {
return LoginTypes[source.Type]
}
func (source *LoginSource) LDAP() *LDAPConfig {
return source.Cfg.(*LDAPConfig)
}
// for xorm callback
func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
if colName == "type" {
ty := (*val).(int64)
switch ty {
case LT_LDAP:
source.Cfg = new(LDAPConfig)
}
}
}
func GetAuths() ([]*LoginSource, error) {
var auths = make([]*LoginSource, 0)
err := orm.Find(&auths)
return auths, err
}
func GetLoginSourceById(id int64) (*LoginSource, error) {
source := new(LoginSource)
has, err := orm.Id(id).Get(source)
if err != nil {
return nil, err
}
if !has {
return nil, ErrAuthenticationNotExist
}
return source, nil
}
func AddLDAPSource(name string, cfg *LDAPConfig) error {
_, err := orm.Insert(&LoginSource{Type: LT_LDAP,
Name: name,
@ -54,17 +99,19 @@ func AddLDAPSource(name string, cfg *LDAPConfig) error {
return err
}
func UpdateLDAPSource(id int64, name string, cfg *LDAPConfig) error {
_, err := orm.AllCols().Id(id).Update(&LoginSource{
Id: id,
Type: LT_LDAP,
Name: name,
Cfg: cfg,
})
func UpdateLDAPSource(source *LoginSource) error {
_, err := orm.AllCols().Id(source.Id).Update(source)
return err
}
func DelLoginSource(id int64) error {
_, err := orm.Id(id).Delete(&LoginSource{})
func DelLoginSource(source *LoginSource) error {
cnt, err := orm.Count(&User{LoginSource: source.Id})
if err != nil {
return err
}
if cnt > 0 {
return ErrAuthenticationUserUsed
}
_, err = orm.Id(source.Id).Delete(&LoginSource{})
return err
}

View File

@ -26,12 +26,6 @@ const (
UT_ORGANIZATION
)
// Login types.
const (
LT_PLAIN = iota + 1
LT_LDAP
)
var (
ErrUserOwnRepos = errors.New("User still have ownership of repositories")
ErrUserAlreadyExist = errors.New("User already exist")
@ -49,6 +43,7 @@ type User struct {
Email string `xorm:"unique not null"`
Passwd string `xorm:"not null"`
LoginType int
LoginSource int64 `xorm:"not null default 0"`
Type int
NumFollowers int
NumFollowings int

View File

@ -21,6 +21,7 @@ type AdminEditUserForm struct {
Avatar string `form:"avatar" binding:"Required;Email;MaxSize(50)"`
Active string `form:"active"`
Admin string `form:"admin"`
LoginType int `form:"login_type"`
}
func (f *AdminEditUserForm) Name(field string) string {

View File

@ -25,6 +25,7 @@ type RegisterForm struct {
Email string `form:"email" binding:"Required;Email;MaxSize(50)"`
Password string `form:"passwd" binding:"Required;MinSize(6);MaxSize(30)"`
RetypePasswd string `form:"retypepasswd"`
LoginType string `form:"logintype"`
}
func (f *RegisterForm) Name(field string) string {

View File

@ -1,6 +1,7 @@
package auth
type AuthenticationForm struct {
Id int64 `form:"id"`
Type int `form:"type"`
Name string `form:"name" binding:"MaxSize(50)"`
Domain string `form:"domain"`
@ -10,4 +11,5 @@ type AuthenticationForm struct {
Attributes string `form:"attributes"`
Filter string `form:"filter"`
MsAdSA string `form:"ms_ad_sa"`
IsActived bool `form:"is_actived"`
}

View File

@ -3,9 +3,11 @@ package admin
import (
"strings"
"github.com/go-martini/martini"
"github.com/gogits/gogs/models"
"github.com/gogits/gogs/modules/auth"
"github.com/gogits/gogs/modules/auth/ldap"
"github.com/gogits/gogs/modules/base"
"github.com/gogits/gogs/modules/middleware"
"github.com/gpmgo/gopm/log"
)
@ -13,6 +15,7 @@ import (
func NewAuthSource(ctx *middleware.Context) {
ctx.Data["Title"] = "New Authentication"
ctx.Data["PageIsAuths"] = true
ctx.Data["LoginTypes"] = models.LoginTypes
ctx.HTML(200, "admin/auths/new")
}
@ -52,11 +55,93 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
ctx.Redirect("/admin/auths")
}
func EditAuthSource(ctx *middleware.Context) {
func EditAuthSource(ctx *middleware.Context, params martini.Params) {
ctx.Data["Title"] = "Edit Authentication"
ctx.Data["PageIsAuths"] = true
id, err := base.StrTo(params["authid"]).Int64()
if err != nil {
ctx.Handle(404, "admin.auths.EditAuthSource", err)
return
}
u, err := models.GetLoginSourceById(id)
if err != nil {
ctx.Handle(500, "admin.user.EditUser", err)
return
}
ctx.Data["Source"] = u
ctx.Data["LoginTypes"] = models.LoginTypes
ctx.HTML(200, "admin/auths/edit")
}
func EditAuthSourcePost(ctx *middleware.Context) {
func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
ctx.Data["Title"] = "Edit Authentication"
ctx.Data["PageIsAuths"] = true
if ctx.HasError() {
ctx.HTML(200, "admin/auths/edit")
return
}
func DeleteAuthSource(ctx *middleware.Context) {
u := models.LoginSource{
Name: form.Name,
IsActived: form.IsActived,
Type: models.LT_LDAP,
Cfg: &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{
Host: form.Host,
Port: form.Port,
BaseDN: form.BaseDN,
Attributes: form.Attributes,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.Name,
},
},
}
if err := models.UpdateLDAPSource(&u); err != nil {
switch err {
default:
ctx.Handle(500, "admin.auths.EditAuth", err)
}
return
}
log.Trace("%s Authentication changed by admin(%s): %s", ctx.Req.RequestURI,
ctx.User.LowerName, strings.ToLower(form.Name))
ctx.Redirect("/admin/auths")
}
func DeleteAuthSource(ctx *middleware.Context, params martini.Params) {
ctx.Data["Title"] = "Delete Authentication"
ctx.Data["PageIsAuths"] = true
id, err := base.StrTo(params["authid"]).Int64()
if err != nil {
ctx.Handle(404, "admin.auths.DeleteAuth", err)
return
}
a, err := models.GetLoginSourceById(id)
if err != nil {
ctx.Handle(500, "admin.auths.DeleteAuth", err)
return
}
if err = models.DelLoginSource(a); err != nil {
switch err {
case models.ErrAuthenticationUserUsed:
ctx.Flash.Error("This authentication still has used by some users, you should move them and then delete again.")
ctx.Redirect("/admin/auths/" + params["authid"])
default:
ctx.Handle(500, "admin.auths.DeleteAuth", err)
}
return
}
log.Trace("%s Authentication deleted by admin(%s): %s", ctx.Req.RequestURI,
ctx.User.LowerName, ctx.User.LowerName)
ctx.Redirect("/admin/auths")
}

View File

@ -5,6 +5,8 @@
package admin
import (
"fmt"
"strconv"
"strings"
"github.com/go-martini/martini"
@ -19,6 +21,12 @@ import (
func NewUser(ctx *middleware.Context) {
ctx.Data["Title"] = "New Account"
ctx.Data["PageIsUsers"] = true
auths, err := models.GetAuths()
if err != nil {
ctx.Handle(500, "admin.user.NewUser", err)
return
}
ctx.Data["LoginSources"] = auths
ctx.HTML(200, "admin/users/new")
}
@ -44,6 +52,14 @@ func NewUserPost(ctx *middleware.Context, form auth.RegisterForm) {
Email: form.Email,
Passwd: form.Password,
IsActive: true,
LoginType: models.LT_PLAIN,
}
if len(form.LoginType) > 0 {
fields := strings.Split(form.LoginType, "-")
u.LoginType, _ = strconv.Atoi(fields[0])
u.LoginSource, _ = strconv.ParseInt(fields[1], 10, 64)
fmt.Println(u.LoginSource)
}
var err error
@ -84,6 +100,12 @@ func EditUser(ctx *middleware.Context, params martini.Params) {
}
ctx.Data["User"] = u
auths, err := models.GetAuths()
if err != nil {
ctx.Handle(500, "admin.user.NewUser", err)
return
}
ctx.Data["LoginSources"] = auths
ctx.HTML(200, "admin/users/edit")
}
@ -110,6 +132,7 @@ func EditUserPost(ctx *middleware.Context, params martini.Params, form auth.Admi
u.AvatarEmail = form.Avatar
u.IsActive = form.Active == "on"
u.IsAdmin = form.Admin == "on"
u.LoginType = form.LoginType
if err := models.UpdateUser(u); err != nil {
ctx.Handle(500, "admin.user.EditUser", err)
return
@ -126,7 +149,7 @@ func DeleteUser(ctx *middleware.Context, params martini.Params) {
ctx.Data["Title"] = "Delete Account"
ctx.Data["PageIsUsers"] = true
log.Info("delete")
//log.Info("delete")
uid, err := base.StrTo(params["userid"]).Int()
if err != nil {
ctx.Handle(404, "admin.user.EditUser", err)

View File

@ -27,11 +27,11 @@
<tr>
<td>{{.Id}}</td>
<td><a href="/admin/auths/{{.Id}}">{{.Name}}</a></td>
<td>{{.Type}}</td>
<td>{{.Actived}}</td>
<td>{{.TypeString}}</td>
<td><i class="fa fa{{if .IsActived}}-check{{end}}-square-o"></i></td>
<td>{{DateFormat .Updated "M d, Y"}}</td>
<td>{{DateFormat .Created "M d, Y"}}</td>
<td><a href="/admin/users/{{.Id}}"><i class="fa fa-pencil-square-o"></i></a></td>
<td><a href="/admin/auths/{{.Id}}"><i class="fa fa-pencil-square-o"></i></a></td>
</tr>
{{end}}
</tbody>

View File

@ -0,0 +1,107 @@
{{template "base/head" .}}
{{template "base/navbar" .}}
<div id="body" class="container" data-page="admin">
{{template "admin/nav" .}}
<div id="admin-container" class="col-md-9">
<div class="panel panel-default">
<div class="panel-heading">
Edit Authentication
</div>
<div class="panel-body">
<br/>
<form action="/admin/auths/{{.Source.Id}}" method="post" class="form-horizontal">
{{.CsrfTokenHtml}}
{{template "base/alert" .}}
<input type="hidden" value="{{.Source.Id}}" name="id"/>
<div class="form-group">
<label class="col-md-3 control-label">Auth Type: </label>
<div class="col-md-7">
<select class="form-control">
{{$type := .Source.Type}}
{{range $key, $val := .LoginTypes}}
<option value="{{$key}}" {{if eq $key $type}}selected{{end}}>{{$val}}</option>
{{end}}
</select>
</div>
</div>
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Name: </label>
<div class="col-md-7">
<input name="name" class="form-control" placeholder="Type account's username" value="{{.Source.Name}}" required="required">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Domain: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.Source.LDAP.Name}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Host: </label>
<div class="col-md-7">
<input name="host" class="form-control" placeholder="Type account's e-mail address" value="{{.Source.LDAP.Host}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Port: </label>
<div class="col-md-7">
<input name="port" class="form-control" placeholder="Type account's e-mail address" value="{{.Source.LDAP.Port}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Base DN: </label>
<div class="col-md-7">
<input name="base_dn" class="form-control" placeholder="Type account's e-mail address" value="{{.Source.LDAP.BaseDN}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Search Attributes: </label>
<div class="col-md-7">
<input name="attributes" class="form-control" placeholder="Type account's e-mail address" value="{{.Source.LDAP.Attributes}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Search Filter: </label>
<div class="col-md-7">
<input name="filter" class="form-control" placeholder="Type account's e-mail address" value="{{.Source.LDAP.Filter}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Ms Ad SA: </label>
<div class="col-md-7">
<input name="ms_ad_sa" class="form-control" placeholder="Type account's e-mail address" value="{{.Source.LDAP.MsAdSAFormat}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group">
<div class="col-md-7 col-md-offset-3">
<div class="checkbox">
<label>
<input type="checkbox" name="is_actived" {{if .Source.IsActived}}checked{{end}}>
<strong>This authentication has activated.</strong>
</label>
</div>
</div>
</div>
<hr/>
<div class="form-group">
<div class="col-md-offset-3 col-md-6">
<button type="submit" class="btn btn-lg btn-primary btn-block">Update authentication config</button>
<a type="button" href="/admin/auths/{{.Source.Id}}/delete" class="btn btn-lg btn-danger btn-block">Delete this authentication</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}

View File

@ -17,64 +17,65 @@
<label class="col-md-3 control-label">Auth Type: </label>
<div class="col-md-7">
<select class="form-control">
<option value=2>LDAP</option>
<option value=3>SMTP</option>
{{range $key, $val := .LoginTypes}}
<option value="{{$key}}">{{$val}}</option>
{{end}}
</select>
</div>
</div>
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Name: </label>
<div class="col-md-7">
<input name="name" class="form-control" placeholder="Type account's username" value="{{.username}}" required="required">
<input name="name" class="form-control" placeholder="Authentication's name" required="required">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Domain: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
<input name="domain" class="form-control" placeholder="Domain name" value="{{.domain}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Host: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
<input name="host" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Port: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
<input name="port" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Base DN: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
<input name="base_dn" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Search Attributes: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
<input name="attributes" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Search Filter: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
<input name="filter" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
</div>
</div>
<div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Ms Ad SA: </label>
<div class="col-md-7">
<input name="domain" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
<input name="ms_ad_sa" class="form-control" placeholder="Type account's e-mail address" value="{{.email}}" required="required" title="Email is not valid">
</div>
</div>

View File

@ -14,6 +14,18 @@
{{.CsrfTokenHtml}}
{{template "base/alert" .}}
<input type="hidden" value="{{.User.Id}}" name="userId"/>
<div class="form-group">
<label class="col-md-3 control-label">Auth Source: </label>
<div class="col-md-7">
<select name="logintype" class="form-control">
<option value="0-0"{{if eq 0 .User.LoginSource}} selected{{end}}>Local</option>
{{$tp := .User.LoginSource}}
{{range $key, $val := .LoginSources}}
<option value="{{$val.Type}}-{{$val.Id}}"{{if eq $val.Id $tp}} selected{{end}}>{{$val.Name}}</option>
{{end}}
</select>
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label">Username: </label>
<label class="control-label">{{.User.Name}}</label>

View File

@ -13,6 +13,17 @@
<form action="/admin/users/new" method="post" class="form-horizontal">
{{.CsrfTokenHtml}}
{{template "base/alert" .}}
<div class="form-group">
<label class="col-md-3 control-label">Auth Source: </label>
<div class="col-md-7">
<select name="logintype" class="form-control">
<option value="0-0">Local</option>
{{range $key, $val := .LoginSources}}
<option value="{{$val.Type}}-{{$val.Id}}">{{$val.Name}}</option>
{{end}}
</select>
</div>
</div>
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Username: </label>
<div class="col-md-7">

4
web.go
View File

@ -144,7 +144,7 @@ func runWeb(*cli.Context) {
r.Get("/new", admin.NewAuthSource)
r.Post("/new", bindIgnErr(auth.AuthenticationForm{}), admin.NewAuthSourcePost)
r.Get("/:authid", admin.EditAuthSource)
r.Post("/:authid" /*, bindIgnErr(auth.AdminEditUserForm{})*/, admin.EditAuthSourcePost)
r.Post("/:authid", bindIgnErr(auth.AuthenticationForm{}), admin.EditAuthSourcePost)
r.Get("/:authid/delete", admin.DeleteAuthSource)
}, adminReq)
@ -196,7 +196,7 @@ func runWeb(*cli.Context) {
protocol := base.Cfg.MustValue("server", "PROTOCOL", "http")
listenAddr := fmt.Sprintf("%s:%s",
base.Cfg.MustValue("server", "HTTP_ADDR"),
base.Cfg.MustValue("server", "HTTP_ADDR", "0.0.0.0"),
base.Cfg.MustValue("server", "HTTP_PORT", "3000"))
if protocol == "http" {