Add SkipLocal2FA option to pam and smtp sources (#17078)
* Add SkipLocal2FA option to other pam and smtp sources Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources Signed-off-by: Andrew Thornton <art27@cantab.net> * make SkipLocal2FA omitempty Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
parent
74542ad35b
commit
7e98cd58dd
10 changed files with 48 additions and 6 deletions
|
@ -161,6 +161,7 @@ func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source {
|
||||||
SkipVerify: form.SkipVerify,
|
SkipVerify: form.SkipVerify,
|
||||||
HeloHostname: form.HeloHostname,
|
HeloHostname: form.HeloHostname,
|
||||||
DisableHelo: form.DisableHelo,
|
DisableHelo: form.DisableHelo,
|
||||||
|
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -246,6 +247,7 @@ func NewAuthSourcePost(ctx *context.Context) {
|
||||||
config = &pamService.Source{
|
config = &pamService.Source{
|
||||||
ServiceName: form.PAMServiceName,
|
ServiceName: form.PAMServiceName,
|
||||||
EmailDomain: form.PAMEmailDomain,
|
EmailDomain: form.PAMEmailDomain,
|
||||||
|
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
||||||
}
|
}
|
||||||
case login.OAuth2:
|
case login.OAuth2:
|
||||||
config = parseOAuth2Config(form)
|
config = parseOAuth2Config(form)
|
||||||
|
|
|
@ -53,7 +53,7 @@ type Source struct {
|
||||||
GroupFilter string // Group Name Filter
|
GroupFilter string // Group Name Filter
|
||||||
GroupMemberUID string // Group Attribute containing array of UserUID
|
GroupMemberUID string // Group Attribute containing array of UserUID
|
||||||
UserUID string // User Attribute listed in Group
|
UserUID string // User Attribute listed in Group
|
||||||
SkipLocalTwoFA bool // Skip Local 2fa for users authenticated with this source
|
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
|
||||||
|
|
||||||
// reference to the loginSource
|
// reference to the loginSource
|
||||||
loginSource *login.Source
|
loginSource *login.Source
|
||||||
|
|
|
@ -25,7 +25,7 @@ type Source struct {
|
||||||
OpenIDConnectAutoDiscoveryURL string
|
OpenIDConnectAutoDiscoveryURL string
|
||||||
CustomURLMapping *CustomURLMapping
|
CustomURLMapping *CustomURLMapping
|
||||||
IconURL string
|
IconURL string
|
||||||
SkipLocalTwoFA bool
|
SkipLocalTwoFA bool `json:",omitempty"`
|
||||||
|
|
||||||
// reference to the loginSource
|
// reference to the loginSource
|
||||||
loginSource *login.Source
|
loginSource *login.Source
|
||||||
|
|
|
@ -21,6 +21,7 @@ import (
|
||||||
type Source struct {
|
type Source struct {
|
||||||
ServiceName string // pam service (e.g. system-auth)
|
ServiceName string // pam service (e.g. system-auth)
|
||||||
EmailDomain string
|
EmailDomain string
|
||||||
|
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
|
||||||
|
|
||||||
// reference to the loginSource
|
// reference to the loginSource
|
||||||
loginSource *login.Source
|
loginSource *login.Source
|
||||||
|
|
|
@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||||
|
|
||||||
return user, nil
|
return user, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
|
||||||
|
func (source *Source) IsSkipLocalTwoFA() bool {
|
||||||
|
return source.SkipLocalTwoFA
|
||||||
|
}
|
||||||
|
|
|
@ -27,6 +27,7 @@ type Source struct {
|
||||||
SkipVerify bool
|
SkipVerify bool
|
||||||
HeloHostname string
|
HeloHostname string
|
||||||
DisableHelo bool
|
DisableHelo bool
|
||||||
|
SkipLocalTwoFA bool `json:",omitempty"`
|
||||||
|
|
||||||
// reference to the loginSource
|
// reference to the loginSource
|
||||||
loginSource *login.Source
|
loginSource *login.Source
|
||||||
|
|
|
@ -85,3 +85,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||||
|
|
||||||
return user, nil
|
return user, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
|
||||||
|
func (source *Source) IsSkipLocalTwoFA() bool {
|
||||||
|
return source.SkipLocalTwoFA
|
||||||
|
}
|
||||||
|
|
|
@ -215,6 +215,13 @@
|
||||||
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
|
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
|
||||||
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
|
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="optional field">
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
||||||
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
|
||||||
|
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
||||||
<!-- PAM -->
|
<!-- PAM -->
|
||||||
|
@ -228,6 +235,13 @@
|
||||||
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
|
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
|
||||||
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
|
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
|
||||||
</div>
|
</div>
|
||||||
|
<div class="optional field">
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
||||||
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
|
||||||
|
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
||||||
<!-- OAuth2 -->
|
<!-- OAuth2 -->
|
||||||
|
|
|
@ -41,6 +41,13 @@
|
||||||
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
|
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
|
||||||
<input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}">
|
<input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}">
|
||||||
</div>
|
</div>
|
||||||
|
<div class="pam optional field {{if not (eq .type 4)}}hide{{end}}">
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
||||||
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
|
||||||
|
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<!-- OAuth2 -->
|
<!-- OAuth2 -->
|
||||||
{{ template "admin/auth/source/oauth" . }}
|
{{ template "admin/auth/source/oauth" . }}
|
||||||
|
|
|
@ -49,4 +49,11 @@
|
||||||
<input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}">
|
<input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}">
|
||||||
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
|
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="optional field">
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
||||||
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
|
||||||
|
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
Reference in a new issue