code.gitea.io/gitea@v1.21.7/services/auth/source/ldap/source.go

code.gitea.io/gitea@v1.21.7/services/auth/source/ldap/source.go (about)

     1  // Copyright 2021 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package ldap
     5  
     6  import (
     7  	"strings"
     8  
     9  	"code.gitea.io/gitea/models/auth"
    10  	"code.gitea.io/gitea/modules/json"
    11  	"code.gitea.io/gitea/modules/secret"
    12  	"code.gitea.io/gitea/modules/setting"
    13  )
    14  
    15  // .____     ________      _____ __________
    16  // |    |    \______ \    /  _  \\______   \
    17  // |    |     |    |  \  /  /_\  \|     ___/
    18  // |    |___  |    `   \/    |    \    |
    19  // |_______ \/_______  /\____|__  /____|
    20  //         \/        \/         \/
    21  
    22  // Package ldap provide functions & structure to query a LDAP ldap directory
    23  // For now, it's mainly tested again an MS Active Directory service, see README.md for more information
    24  
    25  // Source Basic LDAP authentication service
    26  type Source struct {
    27  	Name                  string // canonical name (ie. corporate.ad)
    28  	Host                  string // LDAP host
    29  	Port                  int    // port number
    30  	SecurityProtocol      SecurityProtocol
    31  	SkipVerify            bool
    32  	BindDN                string // DN to bind with
    33  	BindPasswordEncrypt   string // Encrypted Bind BN password
    34  	BindPassword          string // Bind DN password
    35  	UserBase              string // Base search path for users
    36  	UserDN                string // Template for the DN of the user for simple auth
    37  	AttributeUsername     string // Username attribute
    38  	AttributeName         string // First name attribute
    39  	AttributeSurname      string // Surname attribute
    40  	AttributeMail         string // E-mail attribute
    41  	AttributesInBind      bool   // fetch attributes in bind context (not user)
    42  	AttributeSSHPublicKey string // LDAP SSH Public Key attribute
    43  	AttributeAvatar       string
    44  	SearchPageSize        uint32 // Search with paging page size
    45  	Filter                string // Query filter to validate entry
    46  	AdminFilter           string // Query filter to check if user is admin
    47  	RestrictedFilter      string // Query filter to check if user is restricted
    48  	Enabled               bool   // if this source is disabled
    49  	AllowDeactivateAll    bool   // Allow an empty search response to deactivate all users from this source
    50  	GroupsEnabled         bool   // if the group checking is enabled
    51  	GroupDN               string // Group Search Base
    52  	GroupFilter           string // Group Name Filter
    53  	GroupMemberUID        string // Group Attribute containing array of UserUID
    54  	GroupTeamMap          string // Map LDAP groups to teams
    55  	GroupTeamMapRemoval   bool   // Remove user from teams which are synchronized and user is not a member of the corresponding LDAP group
    56  	UserUID               string // User Attribute listed in Group
    57  	SkipLocalTwoFA        bool   `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
    58  
    59  	// reference to the authSource
    60  	authSource *auth.Source
    61  }
    62  
    63  // FromDB fills up a LDAPConfig from serialized format.
    64  func (source *Source) FromDB(bs []byte) error {
    65  	err := json.UnmarshalHandleDoubleEncode(bs, &source)
    66  	if err != nil {
    67  		return err
    68  	}
    69  	if source.BindPasswordEncrypt != "" {
    70  		source.BindPassword, err = secret.DecryptSecret(setting.SecretKey, source.BindPasswordEncrypt)
    71  		source.BindPasswordEncrypt = ""
    72  	}
    73  	return err
    74  }
    75  
    76  // ToDB exports a LDAPConfig to a serialized format.
    77  func (source *Source) ToDB() ([]byte, error) {
    78  	var err error
    79  	source.BindPasswordEncrypt, err = secret.EncryptSecret(setting.SecretKey, source.BindPassword)
    80  	if err != nil {
    81  		return nil, err
    82  	}
    83  	source.BindPassword = ""
    84  	return json.Marshal(source)
    85  }
    86  
    87  // SecurityProtocolName returns the name of configured security
    88  // protocol.
    89  func (source *Source) SecurityProtocolName() string {
    90  	return SecurityProtocolNames[source.SecurityProtocol]
    91  }
    92  
    93  // IsSkipVerify returns if SkipVerify is set
    94  func (source *Source) IsSkipVerify() bool {
    95  	return source.SkipVerify
    96  }
    97  
    98  // HasTLS returns if HasTLS
    99  func (source *Source) HasTLS() bool {
   100  	return source.SecurityProtocol > SecurityProtocolUnencrypted
   101  }
   102  
   103  // UseTLS returns if UseTLS
   104  func (source *Source) UseTLS() bool {
   105  	return source.SecurityProtocol != SecurityProtocolUnencrypted
   106  }
   107  
   108  // ProvidesSSHKeys returns if this source provides SSH Keys
   109  func (source *Source) ProvidesSSHKeys() bool {
   110  	return len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
   111  }
   112  
   113  // SetAuthSource sets the related AuthSource
   114  func (source *Source) SetAuthSource(authSource *auth.Source) {
   115  	source.authSource = authSource
   116  }
   117  
   118  func init() {
   119  	auth.RegisterTypeConfig(auth.LDAP, &Source{})
   120  	auth.RegisterTypeConfig(auth.DLDAP, &Source{})
   121  }