mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-05 01:39:13 +01:00
e8186f1c0f
Fixes #19555 Test-Instructions: https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000 This PR implements the mapping of user groups provided by OIDC providers to orgs teams in Gitea. The main part is a refactoring of the existing LDAP code to make it usable from different providers. Refactorings: - Moved the router auth code from module to service because of import cycles - Changed some model methods to take a `Context` parameter - Moved the mapping code from LDAP to a common location I've tested it with Keycloak but other providers should work too. The JSON mapping format is the same as for LDAP. ![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png) --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
91 lines
3.2 KiB
Go
91 lines
3.2 KiB
Go
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package forms
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/web/middleware"
|
|
|
|
"gitea.com/go-chi/binding"
|
|
)
|
|
|
|
// AuthenticationForm form for authentication
|
|
type AuthenticationForm struct {
|
|
ID int64
|
|
Type int `binding:"Range(2,7)"`
|
|
Name string `binding:"Required;MaxSize(30)"`
|
|
Host string
|
|
Port int
|
|
BindDN string
|
|
BindPassword string
|
|
UserBase string
|
|
UserDN string
|
|
AttributeUsername string
|
|
AttributeName string
|
|
AttributeSurname string
|
|
AttributeMail string
|
|
AttributeSSHPublicKey string
|
|
AttributeAvatar string
|
|
AttributesInBind bool
|
|
UsePagedSearch bool
|
|
SearchPageSize int
|
|
Filter string
|
|
AdminFilter string
|
|
GroupsEnabled bool
|
|
GroupDN string
|
|
GroupFilter string
|
|
GroupMemberUID string
|
|
UserUID string
|
|
RestrictedFilter string
|
|
AllowDeactivateAll bool
|
|
IsActive bool
|
|
IsSyncEnabled bool
|
|
SMTPAuth string
|
|
SMTPHost string
|
|
SMTPPort int
|
|
AllowedDomains string
|
|
SecurityProtocol int `binding:"Range(0,2)"`
|
|
TLS bool
|
|
SkipVerify bool
|
|
HeloHostname string
|
|
DisableHelo bool
|
|
ForceSMTPS bool
|
|
PAMServiceName string
|
|
PAMEmailDomain string
|
|
Oauth2Provider string
|
|
Oauth2Key string
|
|
Oauth2Secret string
|
|
OpenIDConnectAutoDiscoveryURL string
|
|
Oauth2UseCustomURL bool
|
|
Oauth2TokenURL string
|
|
Oauth2AuthURL string
|
|
Oauth2ProfileURL string
|
|
Oauth2EmailURL string
|
|
Oauth2IconURL string
|
|
Oauth2Tenant string
|
|
Oauth2Scopes string
|
|
Oauth2RequiredClaimName string
|
|
Oauth2RequiredClaimValue string
|
|
Oauth2GroupClaimName string
|
|
Oauth2AdminGroup string
|
|
Oauth2RestrictedGroup string
|
|
Oauth2GroupTeamMap string `binding:"ValidGroupTeamMap"`
|
|
Oauth2GroupTeamMapRemoval bool
|
|
SkipLocalTwoFA bool
|
|
SSPIAutoCreateUsers bool
|
|
SSPIAutoActivateUsers bool
|
|
SSPIStripDomainNames bool
|
|
SSPISeparatorReplacement string `binding:"AlphaDashDot;MaxSize(5)"`
|
|
SSPIDefaultLanguage string
|
|
GroupTeamMap string `binding:"ValidGroupTeamMap"`
|
|
GroupTeamMapRemoval bool
|
|
}
|
|
|
|
// Validate validates fields
|
|
func (f *AuthenticationForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
|
|
ctx := context.GetContext(req)
|
|
return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
|
|
}
|