This reverts #25165 (5bb8d1924d), as there
was a chance some important reviews got missed.
so after reverting this patch it will be resubmitted for reviewing again
https://github.com/go-gitea/gitea/pull/25165#issuecomment-1960670242
temporary Open #5512 again
This commit is contained in:
6543
GitHub
parent
875f5ea6d8
commit
4ba642d07d
37 changed files with 69 additions and 1440 deletions
|
|
@ -1,12 +1,9 @@
|
|||
// Copyright 2014 The Gogs Authors. All rights reserved.
|
||||
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package admin
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
|
@ -28,7 +25,6 @@ import (
|
|||
"code.gitea.io/gitea/services/auth/source/ldap"
|
||||
"code.gitea.io/gitea/services/auth/source/oauth2"
|
||||
pam_service "code.gitea.io/gitea/services/auth/source/pam"
|
||||
"code.gitea.io/gitea/services/auth/source/saml"
|
||||
"code.gitea.io/gitea/services/auth/source/smtp"
|
||||
"code.gitea.io/gitea/services/auth/source/sspi"
|
||||
"code.gitea.io/gitea/services/forms"
|
||||
|
|
@ -75,7 +71,6 @@ var (
|
|||
{auth.SMTP.String(), auth.SMTP},
|
||||
{auth.OAuth2.String(), auth.OAuth2},
|
||||
{auth.SSPI.String(), auth.SSPI},
|
||||
{auth.SAML.String(), auth.SAML},
|
||||
}
|
||||
if pam.Supported {
|
||||
items = append(items, dropdownItem{auth.Names[auth.PAM], auth.PAM})
|
||||
|
|
@ -88,16 +83,6 @@ var (
|
|||
{ldap.SecurityProtocolNames[ldap.SecurityProtocolLDAPS], ldap.SecurityProtocolLDAPS},
|
||||
{ldap.SecurityProtocolNames[ldap.SecurityProtocolStartTLS], ldap.SecurityProtocolStartTLS},
|
||||
}
|
||||
|
||||
nameIDFormats = []dropdownItem{
|
||||
{saml.NameIDFormatNames[saml.SAML20Persistent], saml.SAML20Persistent}, // use this as default value
|
||||
{saml.NameIDFormatNames[saml.SAML11Email], saml.SAML11Email},
|
||||
{saml.NameIDFormatNames[saml.SAML11Persistent], saml.SAML11Persistent},
|
||||
{saml.NameIDFormatNames[saml.SAML11Unspecified], saml.SAML11Unspecified},
|
||||
{saml.NameIDFormatNames[saml.SAML20Email], saml.SAML20Email},
|
||||
{saml.NameIDFormatNames[saml.SAML20Transient], saml.SAML20Transient},
|
||||
{saml.NameIDFormatNames[saml.SAML20Unspecified], saml.SAML20Unspecified},
|
||||
}
|
||||
)
|
||||
|
||||
// NewAuthSource render adding a new auth source page
|
||||
|
|
@ -113,8 +98,6 @@ func NewAuthSource(ctx *context.Context) {
|
|||
ctx.Data["is_sync_enabled"] = true
|
||||
ctx.Data["AuthSources"] = authSources
|
||||
ctx.Data["SecurityProtocols"] = securityProtocols
|
||||
ctx.Data["CurrentNameIDFormat"] = saml.NameIDFormatNames[saml.SAML20Persistent]
|
||||
ctx.Data["NameIDFormats"] = nameIDFormats
|
||||
ctx.Data["SMTPAuths"] = smtp.Authenticators
|
||||
oauth2providers := oauth2.GetSupportedOAuth2Providers()
|
||||
ctx.Data["OAuth2Providers"] = oauth2providers
|
||||
|
|
@ -248,52 +231,6 @@ func parseSSPIConfig(ctx *context.Context, form forms.AuthenticationForm) (*sspi
|
|||
}, nil
|
||||
}
|
||||
|
||||
func parseSAMLConfig(ctx *context.Context, form forms.AuthenticationForm) (*saml.Source, error) {
|
||||
if util.IsEmptyString(form.IdentityProviderMetadata) && util.IsEmptyString(form.IdentityProviderMetadataURL) {
|
||||
return nil, fmt.Errorf("%s %s", ctx.Tr("form.SAMLMetadata"), ctx.Tr("form.require_error"))
|
||||
}
|
||||
|
||||
if !util.IsEmptyString(form.IdentityProviderMetadataURL) {
|
||||
_, err := url.Parse(form.IdentityProviderMetadataURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%s", ctx.Tr("form.SAMLMetadataURL"))
|
||||
}
|
||||
}
|
||||
|
||||
// check the integrity of the certificate and private key (autogenerated if these form fields are blank)
|
||||
if !util.IsEmptyString(form.ServiceProviderCertificate) && !util.IsEmptyString(form.ServiceProviderPrivateKey) {
|
||||
keyPair, err := tls.X509KeyPair([]byte(form.ServiceProviderCertificate), []byte(form.ServiceProviderPrivateKey))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else {
|
||||
privateKey, cert, err := saml.GenerateSAMLSPKeypair()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
form.ServiceProviderPrivateKey = privateKey
|
||||
form.ServiceProviderCertificate = cert
|
||||
}
|
||||
|
||||
return &saml.Source{
|
||||
IdentityProviderMetadata: form.IdentityProviderMetadata,
|
||||
IdentityProviderMetadataURL: form.IdentityProviderMetadataURL,
|
||||
InsecureSkipAssertionSignatureValidation: form.InsecureSkipAssertionSignatureValidation,
|
||||
NameIDFormat: saml.NameIDFormat(form.NameIDFormat),
|
||||
ServiceProviderCertificate: form.ServiceProviderCertificate,
|
||||
ServiceProviderPrivateKey: form.ServiceProviderPrivateKey,
|
||||
EmailAssertionKey: form.EmailAssertionKey,
|
||||
NameAssertionKey: form.NameAssertionKey,
|
||||
UsernameAssertionKey: form.UsernameAssertionKey,
|
||||
IconURL: form.SAMLIconURL,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// NewAuthSourcePost response for adding an auth source
|
||||
func NewAuthSourcePost(ctx *context.Context) {
|
||||
form := *web.GetForm(ctx).(*forms.AuthenticationForm)
|
||||
|
|
@ -307,8 +244,6 @@ func NewAuthSourcePost(ctx *context.Context) {
|
|||
ctx.Data["SMTPAuths"] = smtp.Authenticators
|
||||
oauth2providers := oauth2.GetSupportedOAuth2Providers()
|
||||
ctx.Data["OAuth2Providers"] = oauth2providers
|
||||
ctx.Data["CurrentNameIDFormat"] = saml.NameIDFormatNames[saml.NameIDFormat(form.NameIDFormat)]
|
||||
ctx.Data["NameIDFormats"] = nameIDFormats
|
||||
|
||||
ctx.Data["SSPIAutoCreateUsers"] = true
|
||||
ctx.Data["SSPIAutoActivateUsers"] = true
|
||||
|
|
@ -355,13 +290,6 @@ func NewAuthSourcePost(ctx *context.Context) {
|
|||
ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_of_type_exist"), tplAuthNew, form)
|
||||
return
|
||||
}
|
||||
case auth.SAML:
|
||||
var err error
|
||||
config, err = parseSAMLConfig(ctx, form)
|
||||
if err != nil {
|
||||
ctx.RenderWithErr(err.Error(), tplAuthNew, form)
|
||||
return
|
||||
}
|
||||
default:
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
|
|
@ -408,7 +336,6 @@ func EditAuthSource(ctx *context.Context) {
|
|||
ctx.Data["SMTPAuths"] = smtp.Authenticators
|
||||
oauth2providers := oauth2.GetSupportedOAuth2Providers()
|
||||
ctx.Data["OAuth2Providers"] = oauth2providers
|
||||
ctx.Data["NameIDFormats"] = nameIDFormats
|
||||
|
||||
source, err := auth.GetSourceByID(ctx, ctx.ParamsInt64(":authid"))
|
||||
if err != nil {
|
||||
|
|
@ -417,9 +344,6 @@ func EditAuthSource(ctx *context.Context) {
|
|||
}
|
||||
ctx.Data["Source"] = source
|
||||
ctx.Data["HasTLS"] = source.HasTLS()
|
||||
if source.IsSAML() {
|
||||
ctx.Data["CurrentNameIDFormat"] = saml.NameIDFormatNames[source.Cfg.(*saml.Source).NameIDFormat]
|
||||
}
|
||||
|
||||
if source.IsOAuth2() {
|
||||
type Named interface {
|
||||
|
|
@ -454,8 +378,6 @@ func EditAuthSourcePost(ctx *context.Context) {
|
|||
}
|
||||
ctx.Data["Source"] = source
|
||||
ctx.Data["HasTLS"] = source.HasTLS()
|
||||
ctx.Data["CurrentNameIDFormat"] = saml.NameIDFormatNames[saml.SAML20Persistent]
|
||||
ctx.Data["NameIDFormats"] = nameIDFormats
|
||||
|
||||
if ctx.HasError() {
|
||||
ctx.HTML(http.StatusOK, tplAuthEdit)
|
||||
|
|
@ -490,12 +412,6 @@ func EditAuthSourcePost(ctx *context.Context) {
|
|||
ctx.RenderWithErr(err.Error(), tplAuthEdit, form)
|
||||
return
|
||||
}
|
||||
case auth.SAML:
|
||||
config, err = parseSAMLConfig(ctx, form)
|
||||
if err != nil {
|
||||
ctx.RenderWithErr(err.Error(), tplAuthEdit, form)
|
||||
return
|
||||
}
|
||||
default:
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue