Files
Atay-Makhzan/models/auth/source.go
T

415 lines
11 KiB
Go
Raw Normal View History

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
2014-05-05 05:32:47 -04:00
2022-01-02 21:12:35 +08:00
package auth
2014-04-26 14:21:04 +08:00
2014-05-03 10:48:14 +08:00
import (
"fmt"
2021-07-24 11:16:34 +01:00
"reflect"
2014-04-26 14:21:04 +08:00
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util"
2019-10-17 17:26:49 +08:00
"xorm.io/xorm"
2020-03-22 23:12:55 +08:00
"xorm.io/xorm/convert"
2014-05-03 10:48:14 +08:00
)
2014-04-26 14:21:04 +08:00
// Type represents an login type.
type Type int
2016-08-31 01:22:41 -07:00
// Note: new type must append to the end of list to maintain compatibility.
2014-05-05 16:40:25 +08:00
const (
NoType Type = iota
Plain // 1
LDAP // 2
SMTP // 3
PAM // 4
DLDAP // 5
OAuth2 // 6
SSPI // 7
2014-05-05 16:40:25 +08:00
)
2021-07-24 11:16:34 +01:00
// String returns the string name of the LoginType
func (typ Type) String() string {
return Names[typ]
2021-07-24 11:16:34 +01:00
}
2021-07-25 08:09:52 +01:00
// Int returns the int value of the LoginType
func (typ Type) Int() int {
2021-07-25 08:09:52 +01:00
return int(typ)
}
// Names contains the name of LoginType values.
var Names = map[Type]string{
LDAP: "LDAP (via BindDN)",
DLDAP: "LDAP (simple auth)", // Via direct bind
SMTP: "SMTP",
PAM: "PAM",
OAuth2: "OAuth2",
SSPI: "SPNEGO with SSPI",
2014-05-05 16:40:25 +08:00
}
2014-04-26 14:21:04 +08:00
// Config represents login config as far as the db is concerned
type Config interface {
2021-07-24 11:16:34 +01:00
convert.Conversion
2014-04-26 14:21:04 +08:00
}
2021-07-24 11:16:34 +01:00
// SkipVerifiable configurations provide a IsSkipVerify to check if SkipVerify is set
type SkipVerifiable interface {
IsSkipVerify() bool
}
2021-07-24 11:16:34 +01:00
// HasTLSer configurations provide a HasTLS to check if TLS can be enabled
type HasTLSer interface {
HasTLS() bool
2014-05-11 15:49:36 +08:00
}
2021-07-24 11:16:34 +01:00
// UseTLSer configurations provide a HasTLS to check if TLS is enabled
type UseTLSer interface {
UseTLS() bool
2014-05-11 15:49:36 +08:00
}
2021-07-24 11:16:34 +01:00
// SSHKeyProvider configurations provide ProvidesSSHKeys to check if they provide SSHKeys
type SSHKeyProvider interface {
ProvidesSSHKeys() bool
2014-05-11 15:49:36 +08:00
}
2021-07-24 11:16:34 +01:00
// RegisterableSource configurations provide RegisterSource which needs to be run on creation
type RegisterableSource interface {
RegisterSource() error
UnregisterSource() error
2015-04-23 13:58:57 +02:00
}
2022-01-02 21:12:35 +08:00
var registeredConfigs = map[Type]func() Config{}
2015-04-23 13:58:57 +02:00
// RegisterTypeConfig register a config for a provided type
func RegisterTypeConfig(typ Type, exemplar Config) {
2021-07-24 11:16:34 +01:00
if reflect.TypeOf(exemplar).Kind() == reflect.Ptr {
// Pointer:
registeredConfigs[typ] = func() Config {
return reflect.New(reflect.ValueOf(exemplar).Elem().Type()).Interface().(Config)
2021-07-24 11:16:34 +01:00
}
return
}
2021-07-24 11:16:34 +01:00
// Not a Pointer
registeredConfigs[typ] = func() Config {
return reflect.New(reflect.TypeOf(exemplar)).Elem().Interface().(Config)
2021-07-24 11:16:34 +01:00
}
}
2022-01-02 21:12:35 +08:00
// SourceSettable configurations can have their authSource set on them
type SourceSettable interface {
SetAuthSource(*Source)
}
// Source represents an external way for authorizing users.
type Source struct {
2017-05-10 16:10:18 +03:00
ID int64 `xorm:"pk autoincr"`
Type Type
2020-03-22 23:12:55 +08:00
Name string `xorm:"UNIQUE"`
2021-07-24 11:16:34 +01:00
IsActive bool `xorm:"INDEX NOT NULL DEFAULT false"`
2020-03-22 23:12:55 +08:00
IsSyncEnabled bool `xorm:"INDEX NOT NULL DEFAULT false"`
Cfg convert.Conversion `xorm:"TEXT"`
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
2014-05-03 10:48:14 +08:00
}
// TableName xorm will read the table name from this method
func (Source) TableName() string {
return "login_source"
}
func init() {
db.RegisterModel(new(Source))
}
2016-11-24 12:34:38 +01:00
// BeforeSet is invoked from XORM before setting the value of a field of this object.
func (source *Source) BeforeSet(colName string, val xorm.Cell) {
2019-06-12 21:41:28 +02:00
if colName == "type" {
2022-01-02 21:12:35 +08:00
typ := Type(db.Cell2Int64(val))
constructor, ok := registeredConfigs[typ]
2021-07-24 11:16:34 +01:00
if !ok {
return
}
source.Cfg = constructor()
if settable, ok := source.Cfg.(SourceSettable); ok {
2022-01-02 21:12:35 +08:00
settable.SetAuthSource(source)
}
}
}
2016-11-24 12:34:38 +01:00
// TypeName return name of this login source type.
func (source *Source) TypeName() string {
return Names[source.Type]
2014-05-05 16:40:25 +08:00
}
2016-11-24 12:34:38 +01:00
// IsLDAP returns true of this source is of the LDAP type.
func (source *Source) IsLDAP() bool {
return source.Type == LDAP
2015-09-11 12:03:08 -04:00
}
2016-11-24 12:34:38 +01:00
// IsDLDAP returns true of this source is of the DLDAP type.
func (source *Source) IsDLDAP() bool {
return source.Type == DLDAP
2015-09-11 12:03:08 -04:00
}
2016-11-24 12:34:38 +01:00
// IsSMTP returns true of this source is of the SMTP type.
func (source *Source) IsSMTP() bool {
return source.Type == SMTP
2015-09-11 12:03:08 -04:00
}
2016-11-24 12:34:38 +01:00
// IsPAM returns true of this source is of the PAM type.
func (source *Source) IsPAM() bool {
return source.Type == PAM
2015-09-11 12:03:08 -04:00
}
2017-02-22 08:14:37 +01:00
// IsOAuth2 returns true of this source is of the OAuth2 type.
func (source *Source) IsOAuth2() bool {
return source.Type == OAuth2
2017-02-22 08:14:37 +01:00
}
// IsSSPI returns true of this source is of the SSPI type.
func (source *Source) IsSSPI() bool {
return source.Type == SSPI
}
2016-11-24 12:34:38 +01:00
// HasTLS returns true of this source supports TLS.
func (source *Source) HasTLS() bool {
2021-07-24 11:16:34 +01:00
hasTLSer, ok := source.Cfg.(HasTLSer)
return ok && hasTLSer.HasTLS()
}
2016-11-24 12:34:38 +01:00
// UseTLS returns true of this source is configured to use TLS.
func (source *Source) UseTLS() bool {
2021-07-24 11:16:34 +01:00
useTLSer, ok := source.Cfg.(UseTLSer)
return ok && useTLSer.UseTLS()
2015-09-11 12:03:08 -04:00
}
2016-11-24 12:34:38 +01:00
// SkipVerify returns true if this source is configured to skip SSL
// verification.
func (source *Source) SkipVerify() bool {
2021-07-24 11:16:34 +01:00
skipVerifiable, ok := source.Cfg.(SkipVerifiable)
return ok && skipVerifiable.IsSkipVerify()
}
2022-01-02 21:12:35 +08:00
// CreateSource inserts a AuthSource in the DB if not already
2016-11-24 12:34:38 +01:00
// existing with the given name.
func CreateSource(source *Source) error {
has, err := db.GetEngine(db.DefaultContext).Where("name=?", source.Name).Exist(new(Source))
if err != nil {
return err
} else if has {
return ErrSourceAlreadyExist{source.Name}
}
// Synchronization is only available with LDAP for now
2017-05-10 16:10:18 +03:00
if !source.IsLDAP() {
source.IsSyncEnabled = false
}
2021-09-23 16:45:36 +01:00
_, err = db.GetEngine(db.DefaultContext).Insert(source)
2021-07-24 11:16:34 +01:00
if err != nil {
return err
}
if !source.IsActive {
return nil
}
if settable, ok := source.Cfg.(SourceSettable); ok {
2022-01-02 21:12:35 +08:00
settable.SetAuthSource(source)
2021-07-25 08:09:52 +01:00
}
2021-07-24 11:16:34 +01:00
registerableSource, ok := source.Cfg.(RegisterableSource)
if !ok {
return nil
}
err = registerableSource.RegisterSource()
if err != nil {
2022-01-02 21:12:35 +08:00
// remove the AuthSource in case of errors while registering configuration
2021-09-23 16:45:36 +01:00
if _, err := db.GetEngine(db.DefaultContext).Delete(source); err != nil {
log.Error("CreateSource: Error while wrapOpenIDConnectInitializeError: %v", err)
2017-05-01 15:26:53 +02:00
}
2017-02-22 08:14:37 +01:00
}
return err
}
// Sources returns a slice of all login sources found in DB.
func Sources() ([]*Source, error) {
auths := make([]*Source, 0, 6)
2021-09-23 16:45:36 +01:00
return auths, db.GetEngine(db.DefaultContext).Find(&auths)
2014-05-03 10:48:14 +08:00
}
// SourcesByType returns all sources of the specified type
func SourcesByType(loginType Type) ([]*Source, error) {
sources := make([]*Source, 0, 1)
2021-09-23 16:45:36 +01:00
if err := db.GetEngine(db.DefaultContext).Where("type = ?", loginType).Find(&sources); err != nil {
return nil, err
}
return sources, nil
}
// AllActiveSources returns all active sources
func AllActiveSources() ([]*Source, error) {
sources := make([]*Source, 0, 5)
2021-09-23 16:45:36 +01:00
if err := db.GetEngine(db.DefaultContext).Where("is_active = ?", true).Find(&sources); err != nil {
2021-07-24 11:16:34 +01:00
return nil, err
}
return sources, nil
}
// ActiveSources returns all active sources of the specified type
func ActiveSources(tp Type) ([]*Source, error) {
sources := make([]*Source, 0, 1)
if err := db.GetEngine(db.DefaultContext).Where("is_active = ? and type = ?", true, tp).Find(&sources); err != nil {
return nil, err
}
return sources, nil
}
// IsSSPIEnabled returns true if there is at least one activated login
// source of type LoginSSPI
func IsSSPIEnabled() bool {
if !db.HasEngine {
return false
}
sources, err := ActiveSources(SSPI)
if err != nil {
log.Error("ActiveSources: %v", err)
return false
}
return len(sources) > 0
}
// GetSourceByID returns login source by given ID.
func GetSourceByID(id int64) (*Source, error) {
source := new(Source)
2021-07-24 11:16:34 +01:00
if id == 0 {
source.Cfg = registeredConfigs[NoType]()
2021-07-24 11:16:34 +01:00
// Set this source to active
// FIXME: allow disabling of db based password authentication in future
source.IsActive = true
return source, nil
}
2021-09-23 16:45:36 +01:00
has, err := db.GetEngine(db.DefaultContext).ID(id).Get(source)
2014-05-05 16:40:25 +08:00
if err != nil {
return nil, err
} else if !has {
return nil, ErrSourceNotExist{id}
2014-05-05 16:40:25 +08:00
}
return source, nil
}
// UpdateSource updates a Source record in DB.
func UpdateSource(source *Source) error {
2022-01-02 21:12:35 +08:00
var originalSource *Source
2017-05-01 15:26:53 +02:00
if source.IsOAuth2() {
// keep track of the original values so we can restore in case of errors while registering OAuth2 providers
var err error
2022-01-02 21:12:35 +08:00
if originalSource, err = GetSourceByID(source.ID); err != nil {
2017-05-01 15:26:53 +02:00
return err
}
}
has, err := db.GetEngine(db.DefaultContext).Where("name=? AND id!=?", source.Name, source.ID).Exist(new(Source))
if err != nil {
return err
} else if has {
return ErrSourceAlreadyExist{source.Name}
}
_, err = db.GetEngine(db.DefaultContext).ID(source.ID).AllCols().Update(source)
2021-07-24 11:16:34 +01:00
if err != nil {
return err
}
if !source.IsActive {
return nil
}
if settable, ok := source.Cfg.(SourceSettable); ok {
2022-01-02 21:12:35 +08:00
settable.SetAuthSource(source)
2021-07-25 08:09:52 +01:00
}
2021-07-24 11:16:34 +01:00
registerableSource, ok := source.Cfg.(RegisterableSource)
if !ok {
return nil
}
err = registerableSource.RegisterSource()
if err != nil {
// restore original values since we cannot update the provider it self
2022-01-02 21:12:35 +08:00
if _, err := db.GetEngine(db.DefaultContext).ID(source.ID).AllCols().Update(originalSource); err != nil {
2021-07-24 11:16:34 +01:00
log.Error("UpdateSource: Error while wrapOpenIDConnectInitializeError: %v", err)
2017-05-01 15:26:53 +02:00
}
2017-02-22 08:14:37 +01:00
}
2014-05-03 10:48:14 +08:00
return err
}
// CountSources returns number of login sources.
func CountSources() int64 {
count, _ := db.GetEngine(db.DefaultContext).Count(new(Source))
return count
}
2017-02-22 08:14:37 +01:00
// ErrSourceNotExist represents a "SourceNotExist" kind of error.
type ErrSourceNotExist struct {
ID int64
}
2017-02-22 08:14:37 +01:00
// IsErrSourceNotExist checks if an error is a ErrSourceNotExist.
func IsErrSourceNotExist(err error) bool {
_, ok := err.(ErrSourceNotExist)
return ok
}
2017-02-22 08:14:37 +01:00
func (err ErrSourceNotExist) Error() string {
return fmt.Sprintf("login source does not exist [id: %d]", err.ID)
2014-04-26 14:21:04 +08:00
}
2014-05-11 14:12:45 +08:00
// Unwrap unwraps this as a ErrNotExist err
func (err ErrSourceNotExist) Unwrap() error {
return util.ErrNotExist
}
// ErrSourceAlreadyExist represents a "SourceAlreadyExist" kind of error.
type ErrSourceAlreadyExist struct {
Name string
}
// IsErrSourceAlreadyExist checks if an error is a ErrSourceAlreadyExist.
func IsErrSourceAlreadyExist(err error) bool {
_, ok := err.(ErrSourceAlreadyExist)
return ok
}
func (err ErrSourceAlreadyExist) Error() string {
return fmt.Sprintf("login source already exists [name: %s]", err.Name)
}
// Unwrap unwraps this as a ErrExist err
func (err ErrSourceAlreadyExist) Unwrap() error {
return util.ErrAlreadyExist
}
// ErrSourceInUse represents a "SourceInUse" kind of error.
type ErrSourceInUse struct {
ID int64
}
// IsErrSourceInUse checks if an error is a ErrSourceInUse.
func IsErrSourceInUse(err error) bool {
_, ok := err.(ErrSourceInUse)
return ok
}
func (err ErrSourceInUse) Error() string {
return fmt.Sprintf("login source is still used by some users [id: %d]", err.ID)
2016-08-31 01:22:41 -07:00
}