login.go 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234
  1. // Copyright github.com/juju2013. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package models
  5. import (
  6. "encoding/json"
  7. "errors"
  8. "strings"
  9. "time"
  10. "github.com/go-xorm/core"
  11. "github.com/go-xorm/xorm"
  12. "github.com/gogits/gogs/modules/auth/ldap"
  13. )
  14. // Login types.
  15. const (
  16. LT_NOTYPE = iota
  17. LT_PLAIN
  18. LT_LDAP
  19. LT_SMTP
  20. )
  21. var (
  22. ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")
  23. ErrAuthenticationNotExist = errors.New("Authentication does not exist")
  24. ErrAuthenticationUserUsed = errors.New("Authentication has been used by some users")
  25. )
  26. var LoginTypes = map[int]string{
  27. LT_LDAP: "LDAP",
  28. LT_SMTP: "SMTP",
  29. }
  30. var _ core.Conversion = &LDAPConfig{}
  31. type LDAPConfig struct {
  32. ldap.Ldapsource
  33. }
  34. // implement
  35. func (cfg *LDAPConfig) FromDB(bs []byte) error {
  36. return json.Unmarshal(bs, &cfg.Ldapsource)
  37. }
  38. func (cfg *LDAPConfig) ToDB() ([]byte, error) {
  39. return json.Marshal(cfg.Ldapsource)
  40. }
  41. type LoginSource struct {
  42. Id int64
  43. Type int
  44. Name string `xorm:"unique"`
  45. IsActived bool `xorm:"not null default false"`
  46. Cfg core.Conversion `xorm:"TEXT"`
  47. Created time.Time `xorm:"created"`
  48. Updated time.Time `xorm:"updated"`
  49. AllowAutoRegisted bool `xorm:"not null default false"`
  50. }
  51. func (source *LoginSource) TypeString() string {
  52. return LoginTypes[source.Type]
  53. }
  54. func (source *LoginSource) LDAP() *LDAPConfig {
  55. return source.Cfg.(*LDAPConfig)
  56. }
  57. // for xorm callback
  58. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
  59. if colName == "type" {
  60. ty := (*val).(int64)
  61. switch ty {
  62. case LT_LDAP:
  63. source.Cfg = new(LDAPConfig)
  64. }
  65. }
  66. }
  67. func GetAuths() ([]*LoginSource, error) {
  68. var auths = make([]*LoginSource, 0)
  69. err := orm.Find(&auths)
  70. return auths, err
  71. }
  72. func GetLoginSourceById(id int64) (*LoginSource, error) {
  73. source := new(LoginSource)
  74. has, err := orm.Id(id).Get(source)
  75. if err != nil {
  76. return nil, err
  77. }
  78. if !has {
  79. return nil, ErrAuthenticationNotExist
  80. }
  81. return source, nil
  82. }
  83. func AddLDAPSource(name string, cfg *LDAPConfig) error {
  84. _, err := orm.Insert(&LoginSource{Type: LT_LDAP,
  85. Name: name,
  86. IsActived: true,
  87. Cfg: cfg,
  88. })
  89. return err
  90. }
  91. func UpdateLDAPSource(source *LoginSource) error {
  92. _, err := orm.AllCols().Id(source.Id).Update(source)
  93. return err
  94. }
  95. func DelLoginSource(source *LoginSource) error {
  96. cnt, err := orm.Count(&User{LoginSource: source.Id})
  97. if err != nil {
  98. return err
  99. }
  100. if cnt > 0 {
  101. return ErrAuthenticationUserUsed
  102. }
  103. _, err = orm.Id(source.Id).Delete(&LoginSource{})
  104. return err
  105. }
  106. // login a user
  107. func LoginUser(uname, passwd string) (*User, error) {
  108. var u *User
  109. var emailLogin bool
  110. if strings.Contains(uname, "@") {
  111. u = &User{Email: uname}
  112. emailLogin = true
  113. } else {
  114. u = &User{LowerName: strings.ToLower(uname)}
  115. }
  116. has, err := orm.Get(u)
  117. if err != nil {
  118. return nil, err
  119. }
  120. // if email login, then we cannot auto register
  121. if emailLogin {
  122. if !has {
  123. return nil, ErrUserNotExist
  124. }
  125. }
  126. if u.LoginType == LT_NOTYPE {
  127. u.LoginType = LT_PLAIN
  128. }
  129. // for plain login, user must have existed.
  130. if u.LoginType == LT_PLAIN {
  131. if !has {
  132. return nil, ErrUserNotExist
  133. }
  134. newUser := &User{Passwd: passwd, Salt: u.Salt}
  135. newUser.EncodePasswd()
  136. if u.Passwd != newUser.Passwd {
  137. return nil, ErrUserNotExist
  138. }
  139. return u, nil
  140. } else {
  141. if !has {
  142. var sources []LoginSource
  143. cond := &LoginSource{IsActived: true, AllowAutoRegisted: true}
  144. err = orm.UseBool().Find(&sources, cond)
  145. if err != nil {
  146. return nil, err
  147. }
  148. for _, source := range sources {
  149. u, err := LoginUserLdapSource(nil, u.LoginName, passwd,
  150. source.Id, source.Cfg.(*LDAPConfig), true)
  151. if err == nil {
  152. return u, err
  153. }
  154. }
  155. return nil, ErrUserNotExist
  156. }
  157. var source LoginSource
  158. hasSource, err := orm.Id(u.LoginSource).Get(&source)
  159. if err != nil {
  160. return nil, err
  161. }
  162. if !hasSource {
  163. return nil, ErrLoginSourceNotExist
  164. }
  165. if !source.IsActived {
  166. return nil, ErrLoginSourceNotActived
  167. }
  168. switch u.LoginType {
  169. case LT_LDAP:
  170. return LoginUserLdapSource(u, u.LoginName, passwd,
  171. source.Id, source.Cfg.(*LDAPConfig), false)
  172. case LT_SMTP:
  173. }
  174. return nil, ErrUnsupportedLoginType
  175. }
  176. }
  177. // Query if name/passwd can login against the LDAP direcotry pool
  178. // Create a local user if success
  179. // Return the same LoginUserPlain semantic
  180. func LoginUserLdapSource(user *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
  181. mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
  182. if !logged {
  183. // user not in LDAP, do nothing
  184. return nil, ErrUserNotExist
  185. }
  186. if !autoRegister {
  187. return user, nil
  188. }
  189. // fake a local user creation
  190. user = &User{
  191. LowerName: strings.ToLower(name),
  192. Name: strings.ToLower(name),
  193. LoginType: LT_LDAP,
  194. LoginSource: sourceId,
  195. LoginName: name,
  196. IsActive: true,
  197. Passwd: passwd,
  198. Email: mail,
  199. }
  200. return RegisterUser(user)
  201. }