#1938 #1374 disable password change for non-local users

tokarchuk/v1.17
Unknwon 9 years ago
parent ddcc8d998c
commit 3d5d61778a
  1. 2
      README.md
  2. 1
      conf/locale/locale_en-US.ini
  3. 2
      gogs.go
  4. 64
      models/login.go
  5. 5
      models/user.go
  6. 4
      modules/bindata/bindata.go
  7. 24
      routers/admin/auths.go
  8. 2
      routers/admin/users.go
  9. 2
      routers/api/v1/admin/users.go
  10. 2
      templates/.VERSION
  11. 6
      templates/user/settings/password.tmpl

@ -5,7 +5,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
![](public/img/gogs-large-resize.png)
##### Current version: 0.7.40 Beta
##### Current version: 0.7.41 Beta
| Web | UI | Preview |
|:-------------:|:-------:|:-------:|

@ -272,6 +272,7 @@ new_password = New Password
retype_new_password = Retype New Password
password_incorrect = Current password is not correct.
change_password_success = Your password was successfully changed. You can now sign using this new password.
password_change_disabled = Non-local type users are not allowed to change their password.
emails = Email Addresses
manage_emails = Manage email addresses

@ -18,7 +18,7 @@ import (
"github.com/gogits/gogs/modules/setting"
)
const APP_VER = "0.7.40.1210 Beta"
const APP_VER = "0.7.41.1210 Beta"
func init() {
runtime.GOMAXPROCS(runtime.NumCPU())

@ -26,12 +26,12 @@ type LoginType int
// Note: new type must be added at the end of list to maintain compatibility.
const (
NOTYPE LoginType = iota
PLAIN
LDAP
SMTP
PAM
DLDAP
LOGIN_NOTYPE LoginType = iota
LOGIN_PLAIN
LOGIN_LDAP
LOGIN_SMTP
LOGIN_PAM
LOGIN_DLDAP
)
var (
@ -40,10 +40,10 @@ var (
)
var LoginNames = map[LoginType]string{
LDAP: "LDAP (via BindDN)",
DLDAP: "LDAP (simple auth)",
SMTP: "SMTP",
PAM: "PAM",
LOGIN_LDAP: "LDAP (via BindDN)",
LOGIN_DLDAP: "LDAP (simple auth)",
LOGIN_SMTP: "SMTP",
LOGIN_PAM: "PAM",
}
// Ensure structs implemented interface.
@ -108,11 +108,11 @@ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
switch colName {
case "type":
switch LoginType((*val).(int64)) {
case LDAP, DLDAP:
case LOGIN_LDAP, LOGIN_DLDAP:
source.Cfg = new(LDAPConfig)
case SMTP:
case LOGIN_SMTP:
source.Cfg = new(SMTPConfig)
case PAM:
case LOGIN_PAM:
source.Cfg = new(PAMConfig)
default:
panic("unrecognized login source type: " + com.ToStr(*val))
@ -125,26 +125,26 @@ func (source *LoginSource) TypeName() string {
}
func (source *LoginSource) IsLDAP() bool {
return source.Type == LDAP
return source.Type == LOGIN_LDAP
}
func (source *LoginSource) IsDLDAP() bool {
return source.Type == DLDAP
return source.Type == LOGIN_DLDAP
}
func (source *LoginSource) IsSMTP() bool {
return source.Type == SMTP
return source.Type == LOGIN_SMTP
}
func (source *LoginSource) IsPAM() bool {
return source.Type == PAM
return source.Type == LOGIN_PAM
}
func (source *LoginSource) UseTLS() bool {
switch source.Type {
case LDAP, DLDAP:
case LOGIN_LDAP, LOGIN_DLDAP:
return source.LDAP().UseSSL
case SMTP:
case LOGIN_SMTP:
return source.SMTP().TLS
}
@ -153,9 +153,9 @@ func (source *LoginSource) UseTLS() bool {
func (source *LoginSource) SkipVerify() bool {
switch source.Type {
case LDAP, DLDAP:
case LOGIN_LDAP, LOGIN_DLDAP:
return source.LDAP().SkipVerify
case SMTP:
case LOGIN_SMTP:
return source.SMTP().SkipVerify
}
@ -230,7 +230,7 @@ func DeleteSource(source *LoginSource) error {
// It returns the same LoginUserPlain semantic.
func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
cfg := source.Cfg.(*LDAPConfig)
directBind := (source.Type == DLDAP)
directBind := (source.Type == LOGIN_DLDAP)
name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)
if !logged {
// User not in LDAP, do nothing
@ -350,7 +350,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
// Query if name/passwd can login against the LDAP directory pool
// Create a local user if success
// Return the same LoginUserPlain semantic
func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
func LoginUserSMTPSource(u *User, name, passwd string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
// Verify allowed domains.
if len(cfg.AllowedDomains) > 0 {
idx := strings.Index(name, "@")
@ -390,8 +390,8 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
u = &User{
LowerName: strings.ToLower(loginName),
Name: strings.ToLower(loginName),
LoginType: SMTP,
LoginSource: sourceId,
LoginType: LOGIN_SMTP,
LoginSource: sourceID,
LoginName: name,
IsActive: true,
Passwd: passwd,
@ -411,7 +411,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
// Query if name/passwd can login against PAM
// Create a local user if success
// Return the same LoginUserPlain semantic
func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
func LoginUserPAMSource(u *User, name, passwd string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
if strings.Contains(err.Error(), "Authentication failure") {
return nil, ErrUserNotExist{0, name}
@ -427,8 +427,8 @@ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMCo
u = &User{
LowerName: strings.ToLower(name),
Name: name,
LoginType: PAM,
LoginSource: sourceId,
LoginType: LOGIN_PAM,
LoginSource: sourceID,
LoginName: name,
IsActive: true,
Passwd: passwd,
@ -443,11 +443,11 @@ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRe
}
switch source.Type {
case LDAP, DLDAP:
case LOGIN_LDAP, LOGIN_DLDAP:
return LoginUserLDAPSource(u, name, passwd, source, autoRegister)
case SMTP:
case LOGIN_SMTP:
return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
case PAM:
case LOGIN_PAM:
return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)
}
@ -470,7 +470,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
if userExists {
switch u.LoginType {
case NOTYPE, PLAIN:
case LOGIN_NOTYPE, LOGIN_PLAIN:
if u.ValidatePassword(passwd) {
return u, nil
}

@ -118,6 +118,11 @@ func (u *User) AfterSet(colName string, _ xorm.Cell) {
}
}
// returns true if user login type is LOGIN_PLAIN.
func (u *User) IsLocal() bool {
return u.LoginType <= LOGIN_PLAIN
}
// HasForkedRepo checks if user has already forked a repository with given ID.
func (u *User) HasForkedRepo(repoID int64) bool {
_, has := HasForkedRepo(u.Id, repoID)

File diff suppressed because one or more lines are too long

@ -45,10 +45,10 @@ type AuthSource struct {
}
var authSources = []AuthSource{
{models.LoginNames[models.LDAP], models.LDAP},
{models.LoginNames[models.DLDAP], models.DLDAP},
{models.LoginNames[models.SMTP], models.SMTP},
{models.LoginNames[models.PAM], models.PAM},
{models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
{models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
{models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
{models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
}
func NewAuthSource(ctx *middleware.Context) {
@ -56,8 +56,8 @@ func NewAuthSource(ctx *middleware.Context) {
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminAuthentications"] = true
ctx.Data["type"] = models.LDAP
ctx.Data["CurTypeName"] = models.LoginNames[models.LDAP]
ctx.Data["type"] = models.LOGIN_LDAP
ctx.Data["CurTypeName"] = models.LoginNames[models.LOGIN_LDAP]
ctx.Data["smtp_auth"] = "PLAIN"
ctx.Data["is_active"] = true
ctx.Data["AuthSources"] = authSources
@ -115,11 +115,11 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
var config core.Conversion
switch models.LoginType(form.Type) {
case models.LDAP, models.DLDAP:
case models.LOGIN_LDAP, models.LOGIN_DLDAP:
config = parseLDAPConfig(form)
case models.SMTP:
case models.LOGIN_SMTP:
config = parseSMTPConfig(form)
case models.PAM:
case models.LOGIN_PAM:
config = &models.PAMConfig{
ServiceName: form.PAMServiceName,
}
@ -181,11 +181,11 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
var config core.Conversion
switch models.LoginType(form.Type) {
case models.LDAP, models.DLDAP:
case models.LOGIN_LDAP, models.LOGIN_DLDAP:
config = parseLDAPConfig(form)
case models.SMTP:
case models.LOGIN_SMTP:
config = parseSMTPConfig(form)
case models.PAM:
case models.LOGIN_PAM:
config = &models.PAMConfig{
ServiceName: form.PAMServiceName,
}

@ -90,7 +90,7 @@ func NewUserPost(ctx *middleware.Context, form auth.AdminCrateUserForm) {
Email: form.Email,
Passwd: form.Password,
IsActive: true,
LoginType: models.PLAIN,
LoginType: models.LOGIN_PLAIN,
}
if len(form.LoginType) > 0 {

@ -43,7 +43,7 @@ func CreateUser(ctx *middleware.Context, form api.CreateUserOption) {
Email: form.Email,
Passwd: form.Password,
IsActive: true,
LoginType: models.PLAIN,
LoginType: models.LOGIN_PLAIN,
}
parseLoginSource(ctx, u, form.SourceID, form.LoginName)

@ -1 +1 @@
0.7.40.1210 Beta
0.7.41.1210 Beta

@ -9,6 +9,7 @@
{{.i18n.Tr "settings.change_password"}}
</h4>
<div class="ui attached segment">
{{if .SignedUser.IsLocal}}
<form class="ui form" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}}
<div class="required field {{if .Err_OldPassword}}error{{end}}">
@ -28,6 +29,11 @@
<button class="ui green button">{{$.i18n.Tr "settings.change_password"}}</button>
</div>
</form>
{{else}}
<div class="ui info message">
<p class="text left">{{$.i18n.Tr "settings.password_change_disabled"}}</p>
</div>
{{end}}
</div>
</div>
</div>

Loading…
Cancel
Save