Browse Source

#1938 #1374 disable password change for non-local users

pull/2145/head
Unknwon 9 years ago
parent
commit
3d5d61778a
  1. 2
      README.md
  2. 1
      conf/locale/locale_en-US.ini
  3. 2
      gogs.go
  4. 64
      models/login.go
  5. 5
      models/user.go
  6. 4
      modules/bindata/bindata.go
  7. 24
      routers/admin/auths.go
  8. 2
      routers/admin/users.go
  9. 2
      routers/api/v1/admin/users.go
  10. 2
      templates/.VERSION
  11. 6
      templates/user/settings/password.tmpl

2
README.md

@ -5,7 +5,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
![](public/img/gogs-large-resize.png) ![](public/img/gogs-large-resize.png)
##### Current version: 0.7.40 Beta ##### Current version: 0.7.41 Beta
| Web | UI | Preview | | Web | UI | Preview |
|:-------------:|:-------:|:-------:| |:-------------:|:-------:|:-------:|

1
conf/locale/locale_en-US.ini

@ -272,6 +272,7 @@ new_password = New Password
retype_new_password = Retype New Password retype_new_password = Retype New Password
password_incorrect = Current password is not correct. password_incorrect = Current password is not correct.
change_password_success = Your password was successfully changed. You can now sign using this new password. change_password_success = Your password was successfully changed. You can now sign using this new password.
password_change_disabled = Non-local type users are not allowed to change their password.
emails = Email Addresses emails = Email Addresses
manage_emails = Manage email addresses manage_emails = Manage email addresses

2
gogs.go

@ -18,7 +18,7 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
const APP_VER = "0.7.40.1210 Beta" const APP_VER = "0.7.41.1210 Beta"
func init() { func init() {
runtime.GOMAXPROCS(runtime.NumCPU()) runtime.GOMAXPROCS(runtime.NumCPU())

64
models/login.go

@ -26,12 +26,12 @@ type LoginType int
// Note: new type must be added at the end of list to maintain compatibility. // Note: new type must be added at the end of list to maintain compatibility.
const ( const (
NOTYPE LoginType = iota LOGIN_NOTYPE LoginType = iota
PLAIN LOGIN_PLAIN
LDAP LOGIN_LDAP
SMTP LOGIN_SMTP
PAM LOGIN_PAM
DLDAP LOGIN_DLDAP
) )
var ( var (
@ -40,10 +40,10 @@ var (
) )
var LoginNames = map[LoginType]string{ var LoginNames = map[LoginType]string{
LDAP: "LDAP (via BindDN)", LOGIN_LDAP: "LDAP (via BindDN)",
DLDAP: "LDAP (simple auth)", LOGIN_DLDAP: "LDAP (simple auth)",
SMTP: "SMTP", LOGIN_SMTP: "SMTP",
PAM: "PAM", LOGIN_PAM: "PAM",
} }
// Ensure structs implemented interface. // Ensure structs implemented interface.
@ -108,11 +108,11 @@ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
switch colName { switch colName {
case "type": case "type":
switch LoginType((*val).(int64)) { switch LoginType((*val).(int64)) {
case LDAP, DLDAP: case LOGIN_LDAP, LOGIN_DLDAP:
source.Cfg = new(LDAPConfig) source.Cfg = new(LDAPConfig)
case SMTP: case LOGIN_SMTP:
source.Cfg = new(SMTPConfig) source.Cfg = new(SMTPConfig)
case PAM: case LOGIN_PAM:
source.Cfg = new(PAMConfig) source.Cfg = new(PAMConfig)
default: default:
panic("unrecognized login source type: " + com.ToStr(*val)) panic("unrecognized login source type: " + com.ToStr(*val))
@ -125,26 +125,26 @@ func (source *LoginSource) TypeName() string {
} }
func (source *LoginSource) IsLDAP() bool { func (source *LoginSource) IsLDAP() bool {
return source.Type == LDAP return source.Type == LOGIN_LDAP
} }
func (source *LoginSource) IsDLDAP() bool { func (source *LoginSource) IsDLDAP() bool {
return source.Type == DLDAP return source.Type == LOGIN_DLDAP
} }
func (source *LoginSource) IsSMTP() bool { func (source *LoginSource) IsSMTP() bool {
return source.Type == SMTP return source.Type == LOGIN_SMTP
} }
func (source *LoginSource) IsPAM() bool { func (source *LoginSource) IsPAM() bool {
return source.Type == PAM return source.Type == LOGIN_PAM
} }
func (source *LoginSource) UseTLS() bool { func (source *LoginSource) UseTLS() bool {
switch source.Type { switch source.Type {
case LDAP, DLDAP: case LOGIN_LDAP, LOGIN_DLDAP:
return source.LDAP().UseSSL return source.LDAP().UseSSL
case SMTP: case LOGIN_SMTP:
return source.SMTP().TLS return source.SMTP().TLS
} }
@ -153,9 +153,9 @@ func (source *LoginSource) UseTLS() bool {
func (source *LoginSource) SkipVerify() bool { func (source *LoginSource) SkipVerify() bool {
switch source.Type { switch source.Type {
case LDAP, DLDAP: case LOGIN_LDAP, LOGIN_DLDAP:
return source.LDAP().SkipVerify return source.LDAP().SkipVerify
case SMTP: case LOGIN_SMTP:
return source.SMTP().SkipVerify return source.SMTP().SkipVerify
} }
@ -230,7 +230,7 @@ func DeleteSource(source *LoginSource) error {
// It returns the same LoginUserPlain semantic. // It returns the same LoginUserPlain semantic.
func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) { func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
cfg := source.Cfg.(*LDAPConfig) cfg := source.Cfg.(*LDAPConfig)
directBind := (source.Type == DLDAP) directBind := (source.Type == LOGIN_DLDAP)
name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind) name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)
if !logged { if !logged {
// User not in LDAP, do nothing // User not in LDAP, do nothing
@ -350,7 +350,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
// Query if name/passwd can login against the LDAP directory pool // Query if name/passwd can login against the LDAP directory pool
// Create a local user if success // Create a local user if success
// Return the same LoginUserPlain semantic // Return the same LoginUserPlain semantic
func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) { func LoginUserSMTPSource(u *User, name, passwd string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
// Verify allowed domains. // Verify allowed domains.
if len(cfg.AllowedDomains) > 0 { if len(cfg.AllowedDomains) > 0 {
idx := strings.Index(name, "@") idx := strings.Index(name, "@")
@ -390,8 +390,8 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
u = &User{ u = &User{
LowerName: strings.ToLower(loginName), LowerName: strings.ToLower(loginName),
Name: strings.ToLower(loginName), Name: strings.ToLower(loginName),
LoginType: SMTP, LoginType: LOGIN_SMTP,
LoginSource: sourceId, LoginSource: sourceID,
LoginName: name, LoginName: name,
IsActive: true, IsActive: true,
Passwd: passwd, Passwd: passwd,
@ -411,7 +411,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
// Query if name/passwd can login against PAM // Query if name/passwd can login against PAM
// Create a local user if success // Create a local user if success
// Return the same LoginUserPlain semantic // Return the same LoginUserPlain semantic
func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) { func LoginUserPAMSource(u *User, name, passwd string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil { if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
if strings.Contains(err.Error(), "Authentication failure") { if strings.Contains(err.Error(), "Authentication failure") {
return nil, ErrUserNotExist{0, name} return nil, ErrUserNotExist{0, name}
@ -427,8 +427,8 @@ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMCo
u = &User{ u = &User{
LowerName: strings.ToLower(name), LowerName: strings.ToLower(name),
Name: name, Name: name,
LoginType: PAM, LoginType: LOGIN_PAM,
LoginSource: sourceId, LoginSource: sourceID,
LoginName: name, LoginName: name,
IsActive: true, IsActive: true,
Passwd: passwd, Passwd: passwd,
@ -443,11 +443,11 @@ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRe
} }
switch source.Type { switch source.Type {
case LDAP, DLDAP: case LOGIN_LDAP, LOGIN_DLDAP:
return LoginUserLDAPSource(u, name, passwd, source, autoRegister) return LoginUserLDAPSource(u, name, passwd, source, autoRegister)
case SMTP: case LOGIN_SMTP:
return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister) return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
case PAM: case LOGIN_PAM:
return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister) return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)
} }
@ -470,7 +470,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
if userExists { if userExists {
switch u.LoginType { switch u.LoginType {
case NOTYPE, PLAIN: case LOGIN_NOTYPE, LOGIN_PLAIN:
if u.ValidatePassword(passwd) { if u.ValidatePassword(passwd) {
return u, nil return u, nil
} }

5
models/user.go

@ -118,6 +118,11 @@ func (u *User) AfterSet(colName string, _ xorm.Cell) {
} }
} }
// returns true if user login type is LOGIN_PLAIN.
func (u *User) IsLocal() bool {
return u.LoginType <= LOGIN_PLAIN
}
// HasForkedRepo checks if user has already forked a repository with given ID. // HasForkedRepo checks if user has already forked a repository with given ID.
func (u *User) HasForkedRepo(repoID int64) bool { func (u *User) HasForkedRepo(repoID int64) bool {
_, has := HasForkedRepo(u.Id, repoID) _, has := HasForkedRepo(u.Id, repoID)

4
modules/bindata/bindata.go

File diff suppressed because one or more lines are too long

24
routers/admin/auths.go

@ -45,10 +45,10 @@ type AuthSource struct {
} }
var authSources = []AuthSource{ var authSources = []AuthSource{
{models.LoginNames[models.LDAP], models.LDAP}, {models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
{models.LoginNames[models.DLDAP], models.DLDAP}, {models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
{models.LoginNames[models.SMTP], models.SMTP}, {models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
{models.LoginNames[models.PAM], models.PAM}, {models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
} }
func NewAuthSource(ctx *middleware.Context) { func NewAuthSource(ctx *middleware.Context) {
@ -56,8 +56,8 @@ func NewAuthSource(ctx *middleware.Context) {
ctx.Data["PageIsAdmin"] = true ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true ctx.Data["PageIsAdminAuthentications"] = true
ctx.Data["type"] = models.LDAP ctx.Data["type"] = models.LOGIN_LDAP
ctx.Data["CurTypeName"] = models.LoginNames[models.LDAP] ctx.Data["CurTypeName"] = models.LoginNames[models.LOGIN_LDAP]
ctx.Data["smtp_auth"] = "PLAIN" ctx.Data["smtp_auth"] = "PLAIN"
ctx.Data["is_active"] = true ctx.Data["is_active"] = true
ctx.Data["AuthSources"] = authSources ctx.Data["AuthSources"] = authSources
@ -115,11 +115,11 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
var config core.Conversion var config core.Conversion
switch models.LoginType(form.Type) { switch models.LoginType(form.Type) {
case models.LDAP, models.DLDAP: case models.LOGIN_LDAP, models.LOGIN_DLDAP:
config = parseLDAPConfig(form) config = parseLDAPConfig(form)
case models.SMTP: case models.LOGIN_SMTP:
config = parseSMTPConfig(form) config = parseSMTPConfig(form)
case models.PAM: case models.LOGIN_PAM:
config = &models.PAMConfig{ config = &models.PAMConfig{
ServiceName: form.PAMServiceName, ServiceName: form.PAMServiceName,
} }
@ -181,11 +181,11 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
var config core.Conversion var config core.Conversion
switch models.LoginType(form.Type) { switch models.LoginType(form.Type) {
case models.LDAP, models.DLDAP: case models.LOGIN_LDAP, models.LOGIN_DLDAP:
config = parseLDAPConfig(form) config = parseLDAPConfig(form)
case models.SMTP: case models.LOGIN_SMTP:
config = parseSMTPConfig(form) config = parseSMTPConfig(form)
case models.PAM: case models.LOGIN_PAM:
config = &models.PAMConfig{ config = &models.PAMConfig{
ServiceName: form.PAMServiceName, ServiceName: form.PAMServiceName,
} }

2
routers/admin/users.go

@ -90,7 +90,7 @@ func NewUserPost(ctx *middleware.Context, form auth.AdminCrateUserForm) {
Email: form.Email, Email: form.Email,
Passwd: form.Password, Passwd: form.Password,
IsActive: true, IsActive: true,
LoginType: models.PLAIN, LoginType: models.LOGIN_PLAIN,
} }
if len(form.LoginType) > 0 { if len(form.LoginType) > 0 {

2
routers/api/v1/admin/users.go

@ -43,7 +43,7 @@ func CreateUser(ctx *middleware.Context, form api.CreateUserOption) {
Email: form.Email, Email: form.Email,
Passwd: form.Password, Passwd: form.Password,
IsActive: true, IsActive: true,
LoginType: models.PLAIN, LoginType: models.LOGIN_PLAIN,
} }
parseLoginSource(ctx, u, form.SourceID, form.LoginName) parseLoginSource(ctx, u, form.SourceID, form.LoginName)

2
templates/.VERSION

@ -1 +1 @@
0.7.40.1210 Beta 0.7.41.1210 Beta

6
templates/user/settings/password.tmpl

@ -9,6 +9,7 @@
{{.i18n.Tr "settings.change_password"}} {{.i18n.Tr "settings.change_password"}}
</h4> </h4>
<div class="ui attached segment"> <div class="ui attached segment">
{{if .SignedUser.IsLocal}}
<form class="ui form" action="{{.Link}}" method="post"> <form class="ui form" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}} {{.CsrfTokenHtml}}
<div class="required field {{if .Err_OldPassword}}error{{end}}"> <div class="required field {{if .Err_OldPassword}}error{{end}}">
@ -28,6 +29,11 @@
<button class="ui green button">{{$.i18n.Tr "settings.change_password"}}</button> <button class="ui green button">{{$.i18n.Tr "settings.change_password"}}</button>
</div> </div>
</form> </form>
{{else}}
<div class="ui info message">
<p class="text left">{{$.i18n.Tr "settings.password_change_disabled"}}</p>
</div>
{{end}}
</div> </div>
</div> </div>
</div> </div>

Loading…
Cancel
Save