Restore PAM user autocreation functionality (#15825)
* Restore PAM user autocreation functionality PAM autoregistration of users currently fails due to email invalidity. This PR adds a new setting to PAM to allow an email domain to be set or just sets the email to the noreply address and if that fails falls back to uuid@localhost Fix #15702 Signed-off-by: Andrew Thornton <art27@cantab.net> * As per KN4CKER Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
9545c345a8
commit
d234d37aa8
6 changed files with 24 additions and 1 deletions
|
@ -21,6 +21,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/timeutil"
|
"code.gitea.io/gitea/modules/timeutil"
|
||||||
"code.gitea.io/gitea/modules/util"
|
"code.gitea.io/gitea/modules/util"
|
||||||
|
gouuid "github.com/google/uuid"
|
||||||
jsoniter "github.com/json-iterator/go"
|
jsoniter "github.com/json-iterator/go"
|
||||||
|
|
||||||
"xorm.io/xorm"
|
"xorm.io/xorm"
|
||||||
|
@ -116,6 +117,7 @@ func (cfg *SMTPConfig) ToDB() ([]byte, error) {
|
||||||
// PAMConfig holds configuration for the PAM login source.
|
// PAMConfig holds configuration for the PAM login source.
|
||||||
type PAMConfig struct {
|
type PAMConfig struct {
|
||||||
ServiceName string // pam service (e.g. system-auth)
|
ServiceName string // pam service (e.g. system-auth)
|
||||||
|
EmailDomain string
|
||||||
}
|
}
|
||||||
|
|
||||||
// FromDB fills up a PAMConfig from serialized format.
|
// FromDB fills up a PAMConfig from serialized format.
|
||||||
|
@ -696,15 +698,26 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon
|
||||||
|
|
||||||
// Allow PAM sources with `@` in their name, like from Active Directory
|
// Allow PAM sources with `@` in their name, like from Active Directory
|
||||||
username := pamLogin
|
username := pamLogin
|
||||||
|
email := pamLogin
|
||||||
idx := strings.Index(pamLogin, "@")
|
idx := strings.Index(pamLogin, "@")
|
||||||
if idx > -1 {
|
if idx > -1 {
|
||||||
username = pamLogin[:idx]
|
username = pamLogin[:idx]
|
||||||
}
|
}
|
||||||
|
if ValidateEmail(email) != nil {
|
||||||
|
if cfg.EmailDomain != "" {
|
||||||
|
email = fmt.Sprintf("%s@%s", username, cfg.EmailDomain)
|
||||||
|
} else {
|
||||||
|
email = fmt.Sprintf("%s@%s", username, setting.Service.NoReplyAddress)
|
||||||
|
}
|
||||||
|
if ValidateEmail(email) != nil {
|
||||||
|
email = gouuid.New().String() + "@localhost"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
user = &User{
|
user = &User{
|
||||||
LowerName: strings.ToLower(username),
|
LowerName: strings.ToLower(username),
|
||||||
Name: username,
|
Name: username,
|
||||||
Email: pamLogin,
|
Email: email,
|
||||||
Passwd: password,
|
Passwd: password,
|
||||||
LoginType: LoginPAM,
|
LoginType: LoginPAM,
|
||||||
LoginSource: sourceID,
|
LoginSource: sourceID,
|
||||||
|
|
|
@ -2313,6 +2313,7 @@ auths.allowed_domains_helper = Leave empty to allow all domains. Separate multip
|
||||||
auths.enable_tls = Enable TLS Encryption
|
auths.enable_tls = Enable TLS Encryption
|
||||||
auths.skip_tls_verify = Skip TLS Verify
|
auths.skip_tls_verify = Skip TLS Verify
|
||||||
auths.pam_service_name = PAM Service Name
|
auths.pam_service_name = PAM Service Name
|
||||||
|
auths.pam_email_domain = PAM Email Domain (optional)
|
||||||
auths.oauth2_provider = OAuth2 Provider
|
auths.oauth2_provider = OAuth2 Provider
|
||||||
auths.oauth2_icon_url = Icon URL
|
auths.oauth2_icon_url = Icon URL
|
||||||
auths.oauth2_clientID = Client ID (Key)
|
auths.oauth2_clientID = Client ID (Key)
|
||||||
|
|
|
@ -240,6 +240,7 @@ func NewAuthSourcePost(ctx *context.Context) {
|
||||||
case models.LoginPAM:
|
case models.LoginPAM:
|
||||||
config = &models.PAMConfig{
|
config = &models.PAMConfig{
|
||||||
ServiceName: form.PAMServiceName,
|
ServiceName: form.PAMServiceName,
|
||||||
|
EmailDomain: form.PAMEmailDomain,
|
||||||
}
|
}
|
||||||
case models.LoginOAuth2:
|
case models.LoginOAuth2:
|
||||||
config = parseOAuth2Config(form)
|
config = parseOAuth2Config(form)
|
||||||
|
@ -347,6 +348,7 @@ func EditAuthSourcePost(ctx *context.Context) {
|
||||||
case models.LoginPAM:
|
case models.LoginPAM:
|
||||||
config = &models.PAMConfig{
|
config = &models.PAMConfig{
|
||||||
ServiceName: form.PAMServiceName,
|
ServiceName: form.PAMServiceName,
|
||||||
|
EmailDomain: form.PAMEmailDomain,
|
||||||
}
|
}
|
||||||
case models.LoginOAuth2:
|
case models.LoginOAuth2:
|
||||||
config = parseOAuth2Config(form)
|
config = parseOAuth2Config(form)
|
||||||
|
|
|
@ -51,6 +51,7 @@ type AuthenticationForm struct {
|
||||||
TLS bool
|
TLS bool
|
||||||
SkipVerify bool
|
SkipVerify bool
|
||||||
PAMServiceName string
|
PAMServiceName string
|
||||||
|
PAMEmailDomain string
|
||||||
Oauth2Provider string
|
Oauth2Provider string
|
||||||
Oauth2Key string
|
Oauth2Key string
|
||||||
Oauth2Secret string
|
Oauth2Secret string
|
||||||
|
|
|
@ -188,6 +188,10 @@
|
||||||
<label for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label>
|
<label for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label>
|
||||||
<input id="pam_service_name" name="pam_service_name" value="{{$cfg.ServiceName}}" required>
|
<input id="pam_service_name" name="pam_service_name" value="{{$cfg.ServiceName}}" required>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="field">
|
||||||
|
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
|
||||||
|
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
|
||||||
|
</div>
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
||||||
<!-- OAuth2 -->
|
<!-- OAuth2 -->
|
||||||
|
|
|
@ -38,6 +38,8 @@
|
||||||
<div class="pam required field {{if not (eq .type 4)}}hide{{end}}">
|
<div class="pam required field {{if not (eq .type 4)}}hide{{end}}">
|
||||||
<label for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label>
|
<label for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label>
|
||||||
<input id="pam_service_name" name="pam_service_name" value="{{.pam_service_name}}" />
|
<input id="pam_service_name" name="pam_service_name" value="{{.pam_service_name}}" />
|
||||||
|
<label for="pam_email_domain">{{.i18n.Tr "admin.auths.pam_email_domain"}}</label>
|
||||||
|
<input id="pam_email_domain" name="pam_email_domain" value="{{.pam_email_domain}}">
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- OAuth2 -->
|
<!-- OAuth2 -->
|
||||||
|
|
Reference in a new issue