Add SkipLocal2FA option to pam and smtp sources (#17078)

* Add SkipLocal2FA option to other pam and smtp sources

Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources

Signed-off-by: Andrew Thornton <art27@cantab.net>

* make SkipLocal2FA omitempty

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
zeripath 2021-09-27 02:02:01 +01:00 committed by GitHub
parent 74542ad35b
commit 7e98cd58dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 48 additions and 6 deletions

View file

@ -161,6 +161,7 @@ func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source {
SkipVerify: form.SkipVerify, SkipVerify: form.SkipVerify,
HeloHostname: form.HeloHostname, HeloHostname: form.HeloHostname,
DisableHelo: form.DisableHelo, DisableHelo: form.DisableHelo,
SkipLocalTwoFA: form.SkipLocalTwoFA,
} }
} }
@ -246,6 +247,7 @@ func NewAuthSourcePost(ctx *context.Context) {
config = &pamService.Source{ config = &pamService.Source{
ServiceName: form.PAMServiceName, ServiceName: form.PAMServiceName,
EmailDomain: form.PAMEmailDomain, EmailDomain: form.PAMEmailDomain,
SkipLocalTwoFA: form.SkipLocalTwoFA,
} }
case login.OAuth2: case login.OAuth2:
config = parseOAuth2Config(form) config = parseOAuth2Config(form)

View file

@ -53,7 +53,7 @@ type Source struct {
GroupFilter string // Group Name Filter GroupFilter string // Group Name Filter
GroupMemberUID string // Group Attribute containing array of UserUID GroupMemberUID string // Group Attribute containing array of UserUID
UserUID string // User Attribute listed in Group UserUID string // User Attribute listed in Group
SkipLocalTwoFA bool // Skip Local 2fa for users authenticated with this source SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

View file

@ -25,7 +25,7 @@ type Source struct {
OpenIDConnectAutoDiscoveryURL string OpenIDConnectAutoDiscoveryURL string
CustomURLMapping *CustomURLMapping CustomURLMapping *CustomURLMapping
IconURL string IconURL string
SkipLocalTwoFA bool SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

View file

@ -21,6 +21,7 @@ import (
type Source struct { type Source struct {
ServiceName string // pam service (e.g. system-auth) ServiceName string // pam service (e.g. system-auth)
EmailDomain string EmailDomain string
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

View file

@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil return user, nil
} }
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
func (source *Source) IsSkipLocalTwoFA() bool {
return source.SkipLocalTwoFA
}

View file

@ -27,6 +27,7 @@ type Source struct {
SkipVerify bool SkipVerify bool
HeloHostname string HeloHostname string
DisableHelo bool DisableHelo bool
SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource // reference to the loginSource
loginSource *login.Source loginSource *login.Source

View file

@ -85,3 +85,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
return user, nil return user, nil
} }
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
func (source *Source) IsSkipLocalTwoFA() bool {
return source.SkipLocalTwoFA
}

View file

@ -215,6 +215,13 @@
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}"> <input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p> <p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div> </div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
{{end}} {{end}}
<!-- PAM --> <!-- PAM -->
@ -228,6 +235,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label> <label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}"> <input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
</div> </div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
{{end}} {{end}}
<!-- OAuth2 --> <!-- OAuth2 -->

View file

@ -41,6 +41,13 @@
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label> <label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
<input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}"> <input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}">
</div> </div>
<div class="pam optional field {{if not (eq .type 4)}}hide{{end}}">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
<!-- OAuth2 --> <!-- OAuth2 -->
{{ template "admin/auth/source/oauth" . }} {{ template "admin/auth/source/oauth" . }}

View file

@ -49,4 +49,11 @@
<input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}"> <input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p> <p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div> </div>
<div class="optional field">
<div class="ui checkbox">
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
</div>
</div>
</div> </div>