summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorUnknwon <u@gogs.io>2016-07-08 01:25:09 +0200
committerUnknwon <u@gogs.io>2016-07-08 01:25:09 +0200
commit401bf944ef4b09e7d4ca85d7272dbd32e7e950a0 (patch)
tree7e9af9199616f4704d4e1e9e0bfcf97d537693e4 /routers
parentUpgrade frontend assets (diff)
downloadforgejo-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.tar.xz
forgejo-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.zip
Use SecurityProtocol to replace UseSSL in LDAP config
Initially proposed by #2376 and fixes #3068 as well.
Diffstat (limited to 'routers')
-rw-r--r--routers/admin/auths.go51
1 files changed, 35 insertions, 16 deletions
diff --git a/routers/admin/auths.go b/routers/admin/auths.go
index 4a26532bf4..ff811d5574 100644
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -41,17 +41,24 @@ func Authentications(ctx *context.Context) {
ctx.HTML(200, AUTHS)
}
-type AuthSource struct {
+type dropdownItem struct {
Name string
- Type models.LoginType
+ Type interface{}
}
-var authSources = []AuthSource{
- {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
- {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
- {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
- {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
-}
+var (
+ authSources = []dropdownItem{
+ {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
+ {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
+ {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
+ {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
+ }
+ securityProtocols = []dropdownItem{
+ {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
+ {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
+ {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
+ }
+)
func NewAuthSource(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("admin.auths.new")
@@ -59,10 +66,12 @@ func NewAuthSource(ctx *context.Context) {
ctx.Data["PageIsAdminAuthentications"] = true
ctx.Data["type"] = models.LOGIN_LDAP
- ctx.Data["CurTypeName"] = models.LoginNames[models.LOGIN_LDAP]
+ ctx.Data["CurrentTypeName"] = models.LoginNames[models.LOGIN_LDAP]
+ ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
ctx.Data["smtp_auth"] = "PLAIN"
ctx.Data["is_active"] = true
ctx.Data["AuthSources"] = authSources
+ ctx.Data["SecurityProtocols"] = securityProtocols
ctx.Data["SMTPAuths"] = models.SMTPAuths
ctx.HTML(200, AUTH_NEW)
}
@@ -73,7 +82,7 @@ func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
Name: form.Name,
Host: form.Host,
Port: form.Port,
- UseSSL: form.TLS,
+ SecurityProtocol: ldap.SecurityProtocol(form.SecurityProtocol),
SkipVerify: form.SkipVerify,
BindDN: form.BindDN,
UserDN: form.UserDN,
@@ -107,21 +116,21 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
- ctx.Data["CurTypeName"] = models.LoginNames[models.LoginType(form.Type)]
+ ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(form.Type)]
+ ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(form.SecurityProtocol)]
ctx.Data["AuthSources"] = authSources
+ ctx.Data["SecurityProtocols"] = securityProtocols
ctx.Data["SMTPAuths"] = models.SMTPAuths
- if ctx.HasError() {
- ctx.HTML(200, AUTH_NEW)
- return
- }
-
+ hasTLS := false
var config core.Conversion
switch models.LoginType(form.Type) {
case models.LOGIN_LDAP, models.LOGIN_DLDAP:
config = parseLDAPConfig(form)
+ hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
case models.LOGIN_SMTP:
config = parseSMTPConfig(form)
+ hasTLS = true
case models.LOGIN_PAM:
config = &models.PAMConfig{
ServiceName: form.PAMServiceName,
@@ -130,6 +139,12 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
ctx.Error(400)
return
}
+ ctx.Data["HasTLS"] = hasTLS
+
+ if ctx.HasError() {
+ ctx.HTML(200, AUTH_NEW)
+ return
+ }
if err := models.CreateSource(&models.LoginSource{
Type: models.LoginType(form.Type),
@@ -152,6 +167,7 @@ func EditAuthSource(ctx *context.Context) {
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
+ ctx.Data["SecurityProtocols"] = securityProtocols
ctx.Data["SMTPAuths"] = models.SMTPAuths
source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
@@ -160,6 +176,8 @@ func EditAuthSource(ctx *context.Context) {
return
}
ctx.Data["Source"] = source
+ ctx.Data["HasTLS"] = source.HasTLS()
+
ctx.HTML(200, AUTH_EDIT)
}
@@ -176,6 +194,7 @@ func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
return
}
ctx.Data["Source"] = source
+ ctx.Data["HasTLS"] = source.HasTLS()
if ctx.HasError() {
ctx.HTML(200, AUTH_EDIT)