TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 16:40:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add SkipLocal2FA option to pam and smtp sources (#17078)

Browse Source 
* Add SkipLocal2FA option to other pam and smtp sources

Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources

Signed-off-by: Andrew Thornton <art27@cantab.net>

* make SkipLocal2FA omitempty

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
zeripath
2021-09-27 02:02:01 +01:00
committed by GitHub
parent 74542ad35b
commit 7e98cd58dd
10 changed files with 48 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
routers/web/admin/auths.go
View File

@@ -161,6 +161,7 @@ func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source {
SkipVerify: form.SkipVerify, SkipVerify: form.SkipVerify,
HeloHostname: form.HeloHostname, HeloHostname: form.HeloHostname,
DisableHelo: form.DisableHelo, DisableHelo: form.DisableHelo,
SkipLocalTwoFA: form.SkipLocalTwoFA,
} }
} }
@@ -244,8 +245,9 @@ func NewAuthSourcePost(ctx *context.Context) {
hasTLS = true hasTLS = true
case login.PAM: case login.PAM:
config = &pamService.Source{ config = &pamService.Source{
ServiceName: form.PAMServiceName, ServiceName: form.PAMServiceName,
EmailDomain: form.PAMEmailDomain, EmailDomain: form.PAMEmailDomain,
SkipLocalTwoFA: form.SkipLocalTwoFA,
} }
case login.OAuth2: case login.OAuth2:
config = parseOAuth2Config(form) config = parseOAuth2Config(form)

2
services/auth/source/ldap/source.go
View File

@@ -53,7 +53,7 @@ type Source struct {
GroupFilter string // Group Name Filter GroupFilter string // Group Name Filter
GroupMemberUID string // Group Attribute containing array of UserUID GroupMemberUID string // Group Attribute containing array of UserUID
UserUID string // User Attribute listed in Group UserUID string // User Attribute listed in Group
SkipLocalTwoFA bool // Skip Local 2fa for users authenticated with this source SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

2
services/auth/source/oauth2/source.go
View File

@@ -25,7 +25,7 @@ type Source struct {
OpenIDConnectAutoDiscoveryURL string OpenIDConnectAutoDiscoveryURL string
CustomURLMapping *CustomURLMapping CustomURLMapping *CustomURLMapping
IconURL string IconURL string
SkipLocalTwoFA bool SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

5
services/auth/source/pam/source.go
View File

@@ -19,8 +19,9 @@ import (
// Source holds configuration for the PAM login source. // Source holds configuration for the PAM login source.
type Source struct { type Source struct {
ServiceName string // pam service (e.g. system-auth) ServiceName string // pam service (e.g. system-auth)
EmailDomain string EmailDomain string
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

5
services/auth/source/pam/source_authenticate.go
View File

@@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil return user, nil
} }
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
func (source *Source) IsSkipLocalTwoFA() bool {
return source.SkipLocalTwoFA
}

1
services/auth/source/smtp/source.go
View File

@@ -27,6 +27,7 @@ type Source struct {
SkipVerify bool SkipVerify bool
HeloHostname string HeloHostname string
DisableHelo bool DisableHelo bool
SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

5
services/auth/source/smtp/source_authenticate.go
View File

@@ -85,3 +85,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil return user, nil
} }
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
func (source *Source) IsSkipLocalTwoFA() bool {
return source.SkipLocalTwoFA
}

14
templates/admin/auth/edit.tmpl
View File

@@ -215,6 +215,13 @@
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}"> <input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p> <p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div> </div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
{{end}} {{end}}
<!-- PAM --> <!-- PAM -->
@@ -228,6 +235,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label> <label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}"> <input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
</div> </div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
{{end}} {{end}}
<!-- OAuth2 --> <!-- OAuth2 -->

7
templates/admin/auth/new.tmpl
View File

@@ -41,6 +41,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label> <label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}"> <input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}">
</div> </div>
<div class="pam optional field {{if not (eq .type 4)}}hide{{end}}">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
<!-- OAuth2 --> <!-- OAuth2 -->
{{ template "admin/auth/source/oauth" . }} {{ template "admin/auth/source/oauth" . }}

7
templates/admin/auth/source/smtp.tmpl
View File

@@ -49,4 +49,11 @@
<input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}"> <input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p> <p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div> </div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
</div> </div>