Add SkipLocal2FA option to pam and smtp sources (#17078)

* Add SkipLocal2FA option to other pam and smtp sources

Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources

Signed-off-by: Andrew Thornton <art27@cantab.net>

* make SkipLocal2FA omitempty

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
zeripath 2021-09-27 02:02:01 +01:00 committed by GitHub
parent 74542ad35b
commit 7e98cd58dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 48 additions and 6 deletions

View file

@ -161,6 +161,7 @@ func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source {
SkipVerify: form.SkipVerify,
HeloHostname: form.HeloHostname,
DisableHelo: form.DisableHelo,
SkipLocalTwoFA: form.SkipLocalTwoFA,
}
}
@ -244,8 +245,9 @@ func NewAuthSourcePost(ctx *context.Context) {
hasTLS = true
case login.PAM:
config = &pamService.Source{
ServiceName: form.PAMServiceName,
EmailDomain: form.PAMEmailDomain,
ServiceName: form.PAMServiceName,
EmailDomain: form.PAMEmailDomain,
SkipLocalTwoFA: form.SkipLocalTwoFA,
}
case login.OAuth2:
config = parseOAuth2Config(form)

View file

@ -53,7 +53,7 @@ type Source struct {
GroupFilter string // Group Name Filter
GroupMemberUID string // Group Attribute containing array of UserUID
UserUID string // User Attribute listed in Group
SkipLocalTwoFA bool // Skip Local 2fa for users authenticated with this source
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource
loginSource *login.Source

View file

@ -25,7 +25,7 @@ type Source struct {
OpenIDConnectAutoDiscoveryURL string
CustomURLMapping *CustomURLMapping
IconURL string
SkipLocalTwoFA bool
SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource
loginSource *login.Source

View file

@ -19,8 +19,9 @@ import (
// Source holds configuration for the PAM login source.
type Source struct {
ServiceName string // pam service (e.g. system-auth)
EmailDomain string
ServiceName string // pam service (e.g. system-auth)
EmailDomain string
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource
loginSource *login.Source

View file

@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil
}
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
func (source *Source) IsSkipLocalTwoFA() bool {
return source.SkipLocalTwoFA
}

View file

@ -27,6 +27,7 @@ type Source struct {
SkipVerify bool
HeloHostname string
DisableHelo bool
SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource
loginSource *login.Source

View file

@ -85,3 +85,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil
}
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
func (source *Source) IsSkipLocalTwoFA() bool {
return source.SkipLocalTwoFA
}

View file

@ -215,6 +215,13 @@
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
{{end}}
<!-- PAM -->
@ -228,6 +235,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
</div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
{{end}}
<!-- OAuth2 -->

View file

@ -41,6 +41,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}">
</div>
<div class="pam optional field {{if not (eq .type 4)}}hide{{end}}">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
<!-- OAuth2 -->
{{ template "admin/auth/source/oauth" . }}

View file

@ -49,4 +49,11 @@
<input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
</div>