From 7e98cd58dd670fd83c0ace5e9c8ef9a0407fd575 Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 27 Sep 2021 02:02:01 +0100 Subject: [PATCH] Add SkipLocal2FA option to pam and smtp sources (#17078) * Add SkipLocal2FA option to other pam and smtp sources Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources Signed-off-by: Andrew Thornton * make SkipLocal2FA omitempty Signed-off-by: Andrew Thornton Co-authored-by: 6543 <6543@obermui.de> --- routers/web/admin/auths.go | 6 ++++-- services/auth/source/ldap/source.go | 2 +- services/auth/source/oauth2/source.go | 2 +- services/auth/source/pam/source.go | 5 +++-- services/auth/source/pam/source_authenticate.go | 5 +++++ services/auth/source/smtp/source.go | 1 + services/auth/source/smtp/source_authenticate.go | 5 +++++ templates/admin/auth/edit.tmpl | 14 ++++++++++++++ templates/admin/auth/new.tmpl | 7 +++++++ templates/admin/auth/source/smtp.tmpl | 7 +++++++ 10 files changed, 48 insertions(+), 6 deletions(-) diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go index 1b005e5c7..a394b4fdc 100644 --- a/routers/web/admin/auths.go +++ b/routers/web/admin/auths.go @@ -161,6 +161,7 @@ func parseSMTPConfig(form forms.AuthenticationForm) *smtp.Source { SkipVerify: form.SkipVerify, HeloHostname: form.HeloHostname, DisableHelo: form.DisableHelo, + SkipLocalTwoFA: form.SkipLocalTwoFA, } } @@ -244,8 +245,9 @@ func NewAuthSourcePost(ctx *context.Context) { hasTLS = true case login.PAM: config = &pamService.Source{ - ServiceName: form.PAMServiceName, - EmailDomain: form.PAMEmailDomain, + ServiceName: form.PAMServiceName, + EmailDomain: form.PAMEmailDomain, + SkipLocalTwoFA: form.SkipLocalTwoFA, } case login.OAuth2: config = parseOAuth2Config(form) diff --git a/services/auth/source/ldap/source.go b/services/auth/source/ldap/source.go index 82ff7313b..3d02be4dc 100644 --- a/services/auth/source/ldap/source.go +++ b/services/auth/source/ldap/source.go @@ -53,7 +53,7 @@ type Source struct { GroupFilter string // Group Name Filter GroupMemberUID string // Group Attribute containing array of UserUID UserUID string // User Attribute listed in Group - SkipLocalTwoFA bool // Skip Local 2fa for users authenticated with this source + SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/oauth2/source.go b/services/auth/source/oauth2/source.go index 49bb9a014..60845e3b0 100644 --- a/services/auth/source/oauth2/source.go +++ b/services/auth/source/oauth2/source.go @@ -25,7 +25,7 @@ type Source struct { OpenIDConnectAutoDiscoveryURL string CustomURLMapping *CustomURLMapping IconURL string - SkipLocalTwoFA bool + SkipLocalTwoFA bool `json:",omitempty"` // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/pam/source.go b/services/auth/source/pam/source.go index 0bfa7cdb0..73850cd9a 100644 --- a/services/auth/source/pam/source.go +++ b/services/auth/source/pam/source.go @@ -19,8 +19,9 @@ import ( // Source holds configuration for the PAM login source. type Source struct { - ServiceName string // pam service (e.g. system-auth) - EmailDomain string + ServiceName string // pam service (e.g. system-auth) + EmailDomain string + SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go index ad6fbb5cc..cb5ffc286 100644 --- a/services/auth/source/pam/source_authenticate.go +++ b/services/auth/source/pam/source_authenticate.go @@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string) return user, nil } + +// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication +func (source *Source) IsSkipLocalTwoFA() bool { + return source.SkipLocalTwoFA +} diff --git a/services/auth/source/smtp/source.go b/services/auth/source/smtp/source.go index 487375c30..52e250567 100644 --- a/services/auth/source/smtp/source.go +++ b/services/auth/source/smtp/source.go @@ -27,6 +27,7 @@ type Source struct { SkipVerify bool HeloHostname string DisableHelo bool + SkipLocalTwoFA bool `json:",omitempty"` // reference to the loginSource loginSource *login.Source diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go index f50baa56a..f51c884c3 100644 --- a/services/auth/source/smtp/source_authenticate.go +++ b/services/auth/source/smtp/source_authenticate.go @@ -85,3 +85,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string) return user, nil } + +// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication +func (source *Source) IsSkipLocalTwoFA() bool { + return source.SkipLocalTwoFA +} diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl index 9ff806638..142c537b1 100644 --- a/templates/admin/auth/edit.tmpl +++ b/templates/admin/auth/edit.tmpl @@ -215,6 +215,13 @@

{{.i18n.Tr "admin.auths.allowed_domains_helper"}}

+
+
+ + +

{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}

+
+
{{end}} @@ -228,6 +235,13 @@ +
+
+ + +

{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}

+
+
{{end}} diff --git a/templates/admin/auth/new.tmpl b/templates/admin/auth/new.tmpl index ba1f145a4..13e1366c8 100644 --- a/templates/admin/auth/new.tmpl +++ b/templates/admin/auth/new.tmpl @@ -41,6 +41,13 @@ +
+
+ + +

{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}

+
+
{{ template "admin/auth/source/oauth" . }} diff --git a/templates/admin/auth/source/smtp.tmpl b/templates/admin/auth/source/smtp.tmpl index b0f643b8c..8572d6dc5 100644 --- a/templates/admin/auth/source/smtp.tmpl +++ b/templates/admin/auth/source/smtp.tmpl @@ -49,4 +49,11 @@

{{.i18n.Tr "admin.auths.allowed_domains_helper"}}

+
+
+ + +

{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}

+
+