mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 16:52:14 +01:00
7b4d2f7a2a
* Add single sign-on support via SSPI on Windows * Ensure plugins implement interface * Ensure plugins implement interface * Move functions used only by the SSPI auth method to sspi_windows.go * Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected * Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links. * Update documentation for the new 'SPNEGO with SSPI' login source * Mention in documentation that ROOT_URL should contain the FQDN of the server * Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing) * Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources) * Add option in SSPIConfig for removing of domains from logon names * Update helper text for StripDomainNames option * Make sure handleSignIn() is called after a new user object is created by SSPI auth method * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates * Remove code duplication * Log errors in ActiveLoginSources Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert suffix of randomly generated E-mails for Reverse proxy authentication Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert unneeded white-space change in template Co-Authored-By: Lauris BH <lauris@nix.lv> * Add copyright comments at the top of new files * Use loopback name for randomly generated emails * Add locale tag for the SSPISeparatorReplacement field with proper casing * Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields * Update docs/content/doc/features/authentication.en-us.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Remove Priority() method and define the order in which SSO auth methods should be executed in one place * Log authenticated username only if it's not empty * Rephrase helper text for automatic creation of users * Return error if more than one active SSPI auth source is found * Change newUser() function to return error, letting caller log/handle the error * Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed * Refactor initialization of the list containing SSO auth methods * Validate SSPI settings on POST * Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page * Make 'Default language' in SSPI config empty, unless changed by admin * Show error if admin tries to add a second authentication source of type SSPI * Simplify declaration of global variable * Rebuild gitgraph.js on Linux * Make sure config values containing only whitespace are not accepted
122 lines
4.4 KiB
Cheetah
122 lines
4.4 KiB
Cheetah
{{template "base/head" .}}
|
|
<div class="admin new authentication">
|
|
{{template "admin/navbar" .}}
|
|
<div class="ui container">
|
|
{{template "base/alert" .}}
|
|
<h4 class="ui top attached header">
|
|
{{.i18n.Tr "admin.auths.new"}}
|
|
</h4>
|
|
<div class="ui attached segment">
|
|
<form class="ui form" action="{{.Link}}" method="post">
|
|
{{.CsrfTokenHtml}}
|
|
<!-- Types and name -->
|
|
<div class="inline required field {{if .Err_Type}}error{{end}}">
|
|
<label>{{.i18n.Tr "admin.auths.auth_type"}}</label>
|
|
<div class="ui selection type dropdown">
|
|
<input type="hidden" id="auth_type" name="type" value="{{.type}}">
|
|
<div class="text">{{.CurrentTypeName}}</div>
|
|
<i class="dropdown icon"></i>
|
|
<div class="menu">
|
|
{{range .AuthSources}}
|
|
<div class="item" data-value="{{.Type}}">{{.Name}}</div>
|
|
{{end}}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="required inline field {{if .Err_Name}}error{{end}}">
|
|
<label for="name">{{.i18n.Tr "admin.auths.auth_name"}}</label>
|
|
<input id="name" name="name" value="{{.name}}" autofocus required>
|
|
</div>
|
|
|
|
<!-- LDAP and DLDAP -->
|
|
{{ template "admin/auth/source/ldap" . }}
|
|
|
|
<!-- SMTP -->
|
|
{{ template "admin/auth/source/smtp" . }}
|
|
|
|
<!-- PAM -->
|
|
<div class="pam required field {{if not (eq .type 4)}}hide{{end}}">
|
|
<label for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label>
|
|
<input id="pam_service_name" name="pam_service_name" value="{{.pam_service_name}}" />
|
|
</div>
|
|
|
|
<!-- OAuth2 -->
|
|
{{ template "admin/auth/source/oauth" . }}
|
|
|
|
<!-- SSPI -->
|
|
{{ template "admin/auth/source/sspi" . }}
|
|
|
|
<div class="ldap field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.i18n.Tr "admin.auths.attributes_in_bind"}}</strong></label>
|
|
<input name="attributes_in_bind" type="checkbox" {{if .attributes_in_bind}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.i18n.Tr "admin.auths.enable_tls"}}</strong></label>
|
|
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="has-tls inline field {{if not .HasTLS}}hide{{end}}">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
|
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="ldap inline field {{if not (eq .type 2)}}hide{{end}}">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.i18n.Tr "admin.auths.syncenabled"}}</strong></label>
|
|
<input name="is_sync_enabled" type="checkbox" {{if .is_sync_enabled}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>
|
|
<input name="is_active" type="checkbox" {{if .is_active}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="field">
|
|
<button class="ui green button">{{.i18n.Tr "admin.auths.new"}}</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
|
|
<h4 class="ui top attached header">
|
|
{{.i18n.Tr "admin.auths.tips"}}
|
|
</h4>
|
|
<div class="ui attached segment">
|
|
<h5>GMail Settings:</h5>
|
|
<p>Host: smtp.gmail.com, Port: 587, Enable TLS Encryption: true</p>
|
|
|
|
<h5>{{.i18n.Tr "admin.auths.tips.oauth2.general"}}:</h5>
|
|
<p>{{.i18n.Tr "admin.auths.tips.oauth2.general.tip"}}</p>
|
|
|
|
<h5 class="ui top attached header">{{.i18n.Tr "admin.auths.tip.oauth2_provider"}}</h5>
|
|
<div class="ui attached segment">
|
|
<li>Bitbucket</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.bitbucket"}}</span>
|
|
<li>Dropbox</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.dropbox"}}</span>
|
|
<li>Facebook</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.facebook"}}</span>
|
|
<li>GitHub</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.github"}}</span>
|
|
<li>GitLab</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.gitlab"}}</span>
|
|
<li>Google</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.google_plus"}}</span>
|
|
<li>OpenID Connect</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.openid_connect"}}</span>
|
|
<li>Twitter</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.twitter"}}</span>
|
|
<li>Discord</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.discord"}}</span>
|
|
<li>Gitea</li>
|
|
<span>{{.i18n.Tr "admin.auths.tip.gitea"}}</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|