#1620 add allowed domains for SMTP auth

tokarchuk/v1.17
Unknwon 9 years ago
parent 373ef5d15e
commit 362d64df04
  1. 2
      conf/locale/locale_en-US.ini
  2. 24
      models/login.go
  3. 1
      modules/auth/auth_form.go
  4. 4
      modules/bindata/bindata.go
  5. 11
      routers/admin/auths.go
  6. 5
      templates/admin/auth/edit.tmpl
  7. 5
      templates/admin/auth/new.tmpl

@ -829,6 +829,8 @@ auths.ms_ad_sa = Ms Ad SA
auths.smtp_auth = SMTP Authentication Type
auths.smtphost = SMTP Host
auths.smtpport = SMTP Port
auths.allowed_domains = Allowed Domains
auths.allowed_domains_helper = Leave it empty to not restrict any domains. Multiple domains should be separated by comma ','.
auths.enable_tls = Enable TLS Encryption
auths.skip_tls_verify = Skip TLS Verify
auths.pam_service_name = PAM Service Name

@ -67,11 +67,12 @@ func (cfg *LDAPConfig) ToDB() ([]byte, error) {
}
type SMTPConfig struct {
Auth string
Host string
Port int
TLS bool
SkipVerify bool
Auth string
Host string
Port int
AllowedDomains string `xorm:"TEXT"`
TLS bool
SkipVerify bool
}
func (cfg *SMTPConfig) FromDB(bs []byte) error {
@ -383,6 +384,16 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
// Create a local user if success
// Return the same LoginUserPlain semantic
func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
// Verify allowed domains.
if len(cfg.AllowedDomains) > 0 {
idx := strings.Index(name, "@")
if idx == -1 {
return nil, ErrUserNotExist{0, name}
} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), name[idx+1:]) {
return nil, ErrUserNotExist{0, name}
}
}
var auth smtp.Auth
if cfg.Auth == SMTP_PLAIN {
auth = smtp.PlainAuth("", name, passwd, cfg.Host)
@ -394,7 +405,8 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
if err := SMTPAuth(auth, cfg); err != nil {
if strings.Contains(err.Error(), "Username and Password not accepted") {
return nil, ErrUserNotExist{u.Id, u.Name}
fmt.Println(err)
return nil, ErrUserNotExist{0, name}
}
return nil, err
}

@ -28,6 +28,7 @@ type AuthenticationForm struct {
SMTPAuth string
SMTPHost string
SMTPPort int
AllowedDomains string
TLS bool
SkipVerify bool
AllowAutoRegister bool

File diff suppressed because one or more lines are too long

@ -88,11 +88,12 @@ func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
func parseSMTPConfig(form auth.AuthenticationForm) *models.SMTPConfig {
return &models.SMTPConfig{
Auth: form.SMTPAuth,
Host: form.SMTPHost,
Port: form.SMTPPort,
TLS: form.TLS,
SkipVerify: form.SkipVerify,
Auth: form.SMTPAuth,
Host: form.SMTPHost,
Port: form.SMTPPort,
AllowedDomains: form.AllowedDomains,
TLS: form.TLS,
SkipVerify: form.SkipVerify,
}
}

@ -101,6 +101,11 @@
<label for="smtp_port">{{.i18n.Tr "admin.auths.smtpport"}}</label>
<input id="smtp_port" name="smtp_port" value="{{$cfg.Port}}" required>
</div>
<div class="field">
<label for="allowed_domains">{{.i18n.Tr "admin.auths.allowed_domains"}}</label>
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div>
{{end}}
<!-- PAM -->

@ -103,6 +103,11 @@
<label for="smtp_port">{{.i18n.Tr "admin.auths.smtpport"}}</label>
<input id="smtp_port" name="smtp_port" value="{{.smtp_port}}">
</div>
<div class="field">
<label for="allowed_domains">{{.i18n.Tr "admin.auths.allowed_domains"}}</label>
<input id="allowed_domains" name="allowed_domains" value="{{.allowed_domains}}">
<p class="help">{{.i18n.Tr "admin.auths.allowed_domains_helper"}}</p>
</div>
</div>
<!-- PAM -->

Loading…
Cancel
Save