#1938 #1374 disable password change for non-local users

README.md

@@ -5,7 +5,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
 
 ![](public/img/gogs-large-resize.png)
 
-##### Current version: 0.7.40 Beta
+##### Current version: 0.7.41 Beta
 
 | Web | UI  | Preview  |
 |:-------------:|:-------:|:-------:|

conf/locale/locale_en-US.ini

@@ -272,6 +272,7 @@ new_password = New Password
 retype_new_password = Retype New Password
 password_incorrect = Current password is not correct.
 change_password_success = Your password was successfully changed. You can now sign using this new password.
+password_change_disabled = Non-local type users are not allowed to change their password.
 
 emails = Email Addresses
 manage_emails = Manage email addresses

gogs.go

@@ -18,7 +18,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.7.40.1210 Beta"
+const APP_VER = "0.7.41.1210 Beta"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())

models/login.go

@@ -26,12 +26,12 @@ type LoginType int
 
 // Note: new type must be added at the end of list to maintain compatibility.
 const (
-	NOTYPE LoginType = iota
-	PLAIN
-	LDAP
-	SMTP
-	PAM
-	DLDAP
+	LOGIN_NOTYPE LoginType = iota
+	LOGIN_PLAIN
+	LOGIN_LDAP
+	LOGIN_SMTP
+	LOGIN_PAM
+	LOGIN_DLDAP
 )
 
 var (
@@ -40,10 +40,10 @@ var (
 )
 
 var LoginNames = map[LoginType]string{
-	LDAP:  "LDAP (via BindDN)",
-	DLDAP: "LDAP (simple auth)",
-	SMTP:  "SMTP",
-	PAM:   "PAM",
+	LOGIN_LDAP:  "LDAP (via BindDN)",
+	LOGIN_DLDAP: "LDAP (simple auth)",
+	LOGIN_SMTP:  "SMTP",
+	LOGIN_PAM:   "PAM",
 }
 
 // Ensure structs implemented interface.
@@ -108,11 +108,11 @@ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
 	switch colName {
 	case "type":
 		switch LoginType((*val).(int64)) {
-		case LDAP, DLDAP:
+		case LOGIN_LDAP, LOGIN_DLDAP:
 			source.Cfg = new(LDAPConfig)
-		case SMTP:
+		case LOGIN_SMTP:
 			source.Cfg = new(SMTPConfig)
-		case PAM:
+		case LOGIN_PAM:
 			source.Cfg = new(PAMConfig)
 		default:
 			panic("unrecognized login source type: " + com.ToStr(*val))
@@ -125,26 +125,26 @@ func (source *LoginSource) TypeName() string {
 }
 
 func (source *LoginSource) IsLDAP() bool {
-	return source.Type == LDAP
+	return source.Type == LOGIN_LDAP
 }
 
 func (source *LoginSource) IsDLDAP() bool {
-	return source.Type == DLDAP
+	return source.Type == LOGIN_DLDAP
 }
 
 func (source *LoginSource) IsSMTP() bool {
-	return source.Type == SMTP
+	return source.Type == LOGIN_SMTP
 }
 
 func (source *LoginSource) IsPAM() bool {
-	return source.Type == PAM
+	return source.Type == LOGIN_PAM
 }
 
 func (source *LoginSource) UseTLS() bool {
 	switch source.Type {
-	case LDAP, DLDAP:
+	case LOGIN_LDAP, LOGIN_DLDAP:
 		return source.LDAP().UseSSL
-	case SMTP:
+	case LOGIN_SMTP:
 		return source.SMTP().TLS
 	}
 
@@ -153,9 +153,9 @@ func (source *LoginSource) UseTLS() bool {
 
 func (source *LoginSource) SkipVerify() bool {
 	switch source.Type {
-	case LDAP, DLDAP:
+	case LOGIN_LDAP, LOGIN_DLDAP:
 		return source.LDAP().SkipVerify
-	case SMTP:
+	case LOGIN_SMTP:
 		return source.SMTP().SkipVerify
 	}
 
@@ -230,7 +230,7 @@ func DeleteSource(source *LoginSource) error {
 // It returns the same LoginUserPlain semantic.
 func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
 	cfg := source.Cfg.(*LDAPConfig)
-	directBind := (source.Type == DLDAP)
+	directBind := (source.Type == LOGIN_DLDAP)
 	name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)
 	if !logged {
 		// User not in LDAP, do nothing
@@ -350,7 +350,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
 // Query if name/passwd can login against the LDAP directory pool
 // Create a local user if success
 // Return the same LoginUserPlain semantic
-func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
+func LoginUserSMTPSource(u *User, name, passwd string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
 	// Verify allowed domains.
 	if len(cfg.AllowedDomains) > 0 {
 		idx := strings.Index(name, "@")
@@ -390,8 +390,8 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
 	u = &User{
 		LowerName:   strings.ToLower(loginName),
 		Name:        strings.ToLower(loginName),
-		LoginType:   SMTP,
-		LoginSource: sourceId,
+		LoginType:   LOGIN_SMTP,
+		LoginSource: sourceID,
 		LoginName:   name,
 		IsActive:    true,
 		Passwd:      passwd,
@@ -411,7 +411,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
 // Query if name/passwd can login against PAM
 // Create a local user if success
 // Return the same LoginUserPlain semantic
-func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
+func LoginUserPAMSource(u *User, name, passwd string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
 	if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
 		if strings.Contains(err.Error(), "Authentication failure") {
 			return nil, ErrUserNotExist{0, name}
@@ -427,8 +427,8 @@ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMCo
 	u = &User{
 		LowerName:   strings.ToLower(name),
 		Name:        name,
-		LoginType:   PAM,
-		LoginSource: sourceId,
+		LoginType:   LOGIN_PAM,
+		LoginSource: sourceID,
 		LoginName:   name,
 		IsActive:    true,
 		Passwd:      passwd,
@@ -443,11 +443,11 @@ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRe
 	}
 
 	switch source.Type {
-	case LDAP, DLDAP:
+	case LOGIN_LDAP, LOGIN_DLDAP:
 		return LoginUserLDAPSource(u, name, passwd, source, autoRegister)
-	case SMTP:
+	case LOGIN_SMTP:
 		return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
-	case PAM:
+	case LOGIN_PAM:
 		return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)
 	}
 
@@ -470,7 +470,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
 
 	if userExists {
 		switch u.LoginType {
-		case NOTYPE, PLAIN:
+		case LOGIN_NOTYPE, LOGIN_PLAIN:
 			if u.ValidatePassword(passwd) {
 				return u, nil
 			}

models/user.go

@@ -118,6 +118,11 @@ func (u *User) AfterSet(colName string, _ xorm.Cell) {
 	}
 }
 
+// returns true if user login type is LOGIN_PLAIN.
+func (u *User) IsLocal() bool {
+	return u.LoginType <= LOGIN_PLAIN
+}
+
 // HasForkedRepo checks if user has already forked a repository with given ID.
 func (u *User) HasForkedRepo(repoID int64) bool {
 	_, has := HasForkedRepo(u.Id, repoID)

routers/admin/auths.go

@@ -45,10 +45,10 @@ type AuthSource struct {
 }
 
 var authSources = []AuthSource{
-	{models.LoginNames[models.LDAP], models.LDAP},
-	{models.LoginNames[models.DLDAP], models.DLDAP},
-	{models.LoginNames[models.SMTP], models.SMTP},
-	{models.LoginNames[models.PAM], models.PAM},
+	{models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
+	{models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
+	{models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
+	{models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
 }
 
 func NewAuthSource(ctx *middleware.Context) {
@@ -56,8 +56,8 @@ func NewAuthSource(ctx *middleware.Context) {
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminAuthentications"] = true
 
-	ctx.Data["type"] = models.LDAP
-	ctx.Data["CurTypeName"] = models.LoginNames[models.LDAP]
+	ctx.Data["type"] = models.LOGIN_LDAP
+	ctx.Data["CurTypeName"] = models.LoginNames[models.LOGIN_LDAP]
 	ctx.Data["smtp_auth"] = "PLAIN"
 	ctx.Data["is_active"] = true
 	ctx.Data["AuthSources"] = authSources
@@ -115,11 +115,11 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 
 	var config core.Conversion
 	switch models.LoginType(form.Type) {
-	case models.LDAP, models.DLDAP:
+	case models.LOGIN_LDAP, models.LOGIN_DLDAP:
 		config = parseLDAPConfig(form)
-	case models.SMTP:
+	case models.LOGIN_SMTP:
 		config = parseSMTPConfig(form)
-	case models.PAM:
+	case models.LOGIN_PAM:
 		config = &models.PAMConfig{
 			ServiceName: form.PAMServiceName,
 		}
@@ -181,11 +181,11 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 
 	var config core.Conversion
 	switch models.LoginType(form.Type) {
-	case models.LDAP, models.DLDAP:
+	case models.LOGIN_LDAP, models.LOGIN_DLDAP:
 		config = parseLDAPConfig(form)
-	case models.SMTP:
+	case models.LOGIN_SMTP:
 		config = parseSMTPConfig(form)
-	case models.PAM:
+	case models.LOGIN_PAM:
 		config = &models.PAMConfig{
 			ServiceName: form.PAMServiceName,
 		}

routers/admin/users.go

@@ -90,7 +90,7 @@ func NewUserPost(ctx *middleware.Context, form auth.AdminCrateUserForm) {
 		Email:     form.Email,
 		Passwd:    form.Password,
 		IsActive:  true,
-		LoginType: models.PLAIN,
+		LoginType: models.LOGIN_PLAIN,
 	}
 
 	if len(form.LoginType) > 0 {

routers/api/v1/admin/users.go

@@ -43,7 +43,7 @@ func CreateUser(ctx *middleware.Context, form api.CreateUserOption) {
 		Email:     form.Email,
 		Passwd:    form.Password,
 		IsActive:  true,
-		LoginType: models.PLAIN,
+		LoginType: models.LOGIN_PLAIN,
 	}
 
 	parseLoginSource(ctx, u, form.SourceID, form.LoginName)

templates/.VERSION

@@ -1 +1 @@
-0.7.40.1210 Beta
+0.7.41.1210 Beta

templates/user/settings/password.tmpl

@@ -9,6 +9,7 @@
 					{{.i18n.Tr "settings.change_password"}}
 				</h4>
 				<div class="ui attached segment">
+					{{if .SignedUser.IsLocal}}
 					<form class="ui form" action="{{.Link}}" method="post">
 						{{.CsrfTokenHtml}}
 						<div class="required field {{if .Err_OldPassword}}error{{end}}">
@@ -28,6 +29,11 @@
 							<button class="ui green button">{{$.i18n.Tr "settings.change_password"}}</button>
 						</div>
 					</form>
+					{{else}}
+					<div class="ui info message">
+						<p class="text left">{{$.i18n.Tr "settings.password_change_disabled"}}</p>
+					</div>
+					{{end}} 
 				</div>
 			</div>
 		</div>