2016-08-13 17:11:52 -06:00
// Copyright 2016 The Gogs Authors. All rights reserved.
2016-12-21 05:13:17 -07:00
// Copyright 2016 The Gitea Authors. All rights reserved.
2022-11-27 11:20:29 -07:00
// SPDX-License-Identifier: MIT
2016-08-13 17:11:52 -06:00
package cmd
import (
2018-10-30 15:34:25 -06:00
"errors"
2016-08-13 17:11:52 -06:00
"fmt"
2023-03-09 23:14:43 -07:00
"net/url"
2018-09-12 08:46:02 -06:00
"os"
2020-12-17 00:57:32 -07:00
"strings"
2018-09-12 08:46:02 -06:00
"text/tabwriter"
2016-08-13 17:11:52 -06:00
2021-12-10 01:14:24 -07:00
asymkey_model "code.gitea.io/gitea/models/asymkey"
2022-08-24 20:31:57 -06:00
auth_model "code.gitea.io/gitea/models/auth"
2021-09-24 05:32:56 -06:00
"code.gitea.io/gitea/models/db"
2022-06-06 02:01:49 -06:00
repo_model "code.gitea.io/gitea/models/repo"
2019-03-27 03:33:00 -06:00
"code.gitea.io/gitea/modules/git"
2020-01-20 13:01:19 -07:00
"code.gitea.io/gitea/modules/graceful"
2017-12-31 07:45:46 -07:00
"code.gitea.io/gitea/modules/log"
2020-01-20 13:01:19 -07:00
repo_module "code.gitea.io/gitea/modules/repository"
2022-04-29 13:38:11 -06:00
"code.gitea.io/gitea/modules/util"
2021-09-24 05:32:56 -06:00
auth_service "code.gitea.io/gitea/services/auth"
2021-07-24 04:16:34 -06:00
"code.gitea.io/gitea/services/auth/source/oauth2"
2022-01-12 15:54:53 -07:00
"code.gitea.io/gitea/services/auth/source/smtp"
2021-11-17 08:17:31 -07:00
repo_service "code.gitea.io/gitea/services/repository"
2017-04-12 01:44:54 -06:00
2023-07-21 03:28:19 -06:00
"github.com/urfave/cli/v2"
2016-08-13 17:11:52 -06:00
)
var (
2016-11-04 05:42:18 -06:00
// CmdAdmin represents the available admin sub-command.
2023-07-21 03:28:19 -06:00
CmdAdmin = & cli . Command {
2016-08-13 17:11:52 -06:00
Name : "admin" ,
2018-01-12 15:16:49 -07:00
Usage : "Command line interface to perform common administrative operations" ,
2023-07-21 03:28:19 -06:00
Subcommands : [ ] * cli . Command {
2020-10-15 20:48:38 -06:00
subcmdUser ,
2017-12-31 07:45:46 -07:00
subcmdRepoSyncReleases ,
2018-05-16 19:35:07 -06:00
subcmdRegenerate ,
2018-09-12 08:46:02 -06:00
subcmdAuth ,
2020-10-24 14:38:14 -06:00
subcmdSendMail ,
2016-08-13 17:11:52 -06:00
} ,
}
2023-07-21 03:28:19 -06:00
subcmdRepoSyncReleases = & cli . Command {
2017-12-31 07:45:46 -07:00
Name : "repo-sync-releases" ,
Usage : "Synchronize repository releases with tags" ,
Action : runRepoSyncReleases ,
}
2018-05-16 19:35:07 -06:00
2023-07-21 03:28:19 -06:00
subcmdRegenerate = & cli . Command {
2018-05-16 19:35:07 -06:00
Name : "regenerate" ,
Usage : "Regenerate specific files" ,
2023-07-21 03:28:19 -06:00
Subcommands : [ ] * cli . Command {
2018-05-16 19:35:07 -06:00
microcmdRegenHooks ,
microcmdRegenKeys ,
} ,
}
2023-07-21 03:28:19 -06:00
microcmdRegenHooks = & cli . Command {
2018-05-16 19:35:07 -06:00
Name : "hooks" ,
Usage : "Regenerate git-hooks" ,
Action : runRegenerateHooks ,
}
2023-07-21 03:28:19 -06:00
microcmdRegenKeys = & cli . Command {
2018-05-16 19:35:07 -06:00
Name : "keys" ,
Usage : "Regenerate authorized_keys file" ,
Action : runRegenerateKeys ,
}
2018-09-12 08:46:02 -06:00
2023-07-21 03:28:19 -06:00
subcmdAuth = & cli . Command {
2018-09-12 08:46:02 -06:00
Name : "auth" ,
Usage : "Modify external auth providers" ,
2023-07-21 03:28:19 -06:00
Subcommands : [ ] * cli . Command {
2018-09-12 08:46:02 -06:00
microcmdAuthAddOauth ,
microcmdAuthUpdateOauth ,
2019-06-17 12:32:20 -06:00
cmdAuthAddLdapBindDn ,
cmdAuthUpdateLdapBindDn ,
cmdAuthAddLdapSimpleAuth ,
cmdAuthUpdateLdapSimpleAuth ,
2022-01-12 15:54:53 -07:00
microcmdAuthAddSMTP ,
microcmdAuthUpdateSMTP ,
2018-09-12 08:46:02 -06:00
microcmdAuthList ,
microcmdAuthDelete ,
} ,
}
2023-07-21 03:28:19 -06:00
microcmdAuthList = & cli . Command {
2018-09-12 08:46:02 -06:00
Name : "list" ,
Usage : "List auth sources" ,
Action : runListAuth ,
2020-03-27 15:26:43 -06:00
Flags : [ ] cli . Flag {
2023-07-21 03:28:19 -06:00
& cli . IntFlag {
2020-03-27 15:26:43 -06:00
Name : "min-width" ,
Usage : "Minimal cell width including any padding for the formatted table" ,
Value : 0 ,
} ,
2023-07-21 03:28:19 -06:00
& cli . IntFlag {
2020-03-27 15:26:43 -06:00
Name : "tab-width" ,
Usage : "width of tab characters in formatted table (equivalent number of spaces)" ,
Value : 8 ,
} ,
2023-07-21 03:28:19 -06:00
& cli . IntFlag {
2020-03-27 15:26:43 -06:00
Name : "padding" ,
Usage : "padding added to a cell before computing its width" ,
Value : 1 ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2020-03-27 15:26:43 -06:00
Name : "pad-char" ,
Usage : ` ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result) ` ,
Value : "\t" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2020-03-27 15:26:43 -06:00
Name : "vertical-bars" ,
Usage : "Set to true to print vertical bars between columns" ,
} ,
} ,
2018-09-12 08:46:02 -06:00
}
2023-07-21 03:28:19 -06:00
idFlag = & cli . Int64Flag {
2018-09-12 08:46:02 -06:00
Name : "id" ,
2019-06-17 12:32:20 -06:00
Usage : "ID of authentication source" ,
2018-09-12 08:46:02 -06:00
}
2023-07-21 03:28:19 -06:00
microcmdAuthDelete = & cli . Command {
2018-09-12 08:46:02 -06:00
Name : "delete" ,
Usage : "Delete specific auth source" ,
2020-01-07 16:41:16 -07:00
Flags : [ ] cli . Flag { idFlag } ,
2018-09-12 08:46:02 -06:00
Action : runDeleteAuth ,
}
oauthCLIFlags = [ ] cli . Flag {
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "name" ,
Value : "" ,
Usage : "Application Name" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "provider" ,
Value : "" ,
Usage : "OAuth2 Provider" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "key" ,
Value : "" ,
Usage : "Client ID (Key)" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "secret" ,
Value : "" ,
Usage : "Client Secret" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "auto-discover-url" ,
Value : "" ,
Usage : "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "use-custom-urls" ,
Value : "false" ,
Usage : "Use custom URLs for GitLab/GitHub OAuth endpoints" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2023-02-05 21:12:13 -07:00
Name : "custom-tenant-id" ,
Value : "" ,
Usage : "Use custom Tenant ID for OAuth endpoints" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "custom-auth-url" ,
Value : "" ,
Usage : "Use a custom Authorization URL (option for GitLab/GitHub)" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "custom-token-url" ,
Value : "" ,
Usage : "Use a custom Token URL (option for GitLab/GitHub)" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "custom-profile-url" ,
Value : "" ,
Usage : "Use a custom Profile URL (option for GitLab/GitHub)" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2018-09-12 08:46:02 -06:00
Name : "custom-email-url" ,
Value : "" ,
Usage : "Use a custom Email URL (option for GitHub)" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2020-12-28 01:39:12 -07:00
Name : "icon-url" ,
Value : "" ,
Usage : "Custom icon URL for OAuth2 login source" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2021-09-10 10:37:57 -06:00
Name : "skip-local-2fa" ,
Usage : "Set to true to skip local 2fa for users authenticated by this source" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringSliceFlag {
2021-12-14 01:37:11 -07:00
Name : "scopes" ,
Value : nil ,
Usage : "Scopes to request when to authenticate against this OAuth2 source" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2021-12-14 01:37:11 -07:00
Name : "required-claim-name" ,
Value : "" ,
Usage : "Claim name that has to be set to allow users to login with this source" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2021-12-14 01:37:11 -07:00
Name : "required-claim-value" ,
Value : "" ,
Usage : "Claim value that has to be set to allow users to login with this source" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2021-12-14 01:37:11 -07:00
Name : "group-claim-name" ,
Value : "" ,
Usage : "Claim name providing group names for this source" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2021-12-14 01:37:11 -07:00
Name : "admin-group" ,
Value : "" ,
Usage : "Group Claim value for administrator users" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2021-12-14 01:37:11 -07:00
Name : "restricted-group" ,
Value : "" ,
Usage : "Group Claim value for restricted users" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2023-02-07 23:44:42 -07:00
Name : "group-team-map" ,
Value : "" ,
Usage : "JSON mapping between groups and org teams" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2023-02-07 23:44:42 -07:00
Name : "group-team-map-removal" ,
Usage : "Activate automatic team membership removal depending on groups" ,
} ,
2018-09-12 08:46:02 -06:00
}
2023-07-21 03:28:19 -06:00
microcmdAuthUpdateOauth = & cli . Command {
2018-09-12 08:46:02 -06:00
Name : "update-oauth" ,
Usage : "Update existing Oauth authentication source" ,
Action : runUpdateOauth ,
Flags : append ( oauthCLIFlags [ : 1 ] , append ( [ ] cli . Flag { idFlag } , oauthCLIFlags [ 1 : ] ... ) ... ) ,
}
2023-07-21 03:28:19 -06:00
microcmdAuthAddOauth = & cli . Command {
2018-09-12 08:46:02 -06:00
Name : "add-oauth" ,
Usage : "Add new Oauth authentication source" ,
Action : runAddOauth ,
Flags : oauthCLIFlags ,
}
2020-10-24 14:38:14 -06:00
2023-07-21 03:28:19 -06:00
subcmdSendMail = & cli . Command {
2020-10-24 14:38:14 -06:00
Name : "sendmail" ,
Usage : "Send a message to all users" ,
Action : runSendMail ,
Flags : [ ] cli . Flag {
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2020-10-24 14:38:14 -06:00
Name : "title" ,
Usage : ` a title of a message ` ,
Value : "" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2020-10-24 14:38:14 -06:00
Name : "content" ,
Usage : "a content of a message" ,
Value : "" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
Name : "force" ,
Aliases : [ ] string { "f" } ,
Usage : "A flag to bypass a confirmation step" ,
2020-10-24 14:38:14 -06:00
} ,
} ,
}
2022-01-12 15:54:53 -07:00
smtpCLIFlags = [ ] cli . Flag {
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2022-01-12 15:54:53 -07:00
Name : "name" ,
Value : "" ,
Usage : "Application Name" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2022-01-12 15:54:53 -07:00
Name : "auth-type" ,
Value : "PLAIN" ,
Usage : "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2022-11-10 14:12:23 -07:00
Name : "host" ,
2022-01-12 15:54:53 -07:00
Value : "" ,
2022-11-10 14:12:23 -07:00
Usage : "SMTP Host" ,
2022-01-12 15:54:53 -07:00
} ,
2023-07-21 03:28:19 -06:00
& cli . IntFlag {
2022-01-12 15:54:53 -07:00
Name : "port" ,
Usage : "SMTP Port" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2022-01-12 15:54:53 -07:00
Name : "force-smtps" ,
Usage : "SMTPS is always used on port 465. Set this to force SMTPS on other ports." ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2022-01-12 15:54:53 -07:00
Name : "skip-verify" ,
Usage : "Skip TLS verify." ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2022-01-12 15:54:53 -07:00
Name : "helo-hostname" ,
Value : "" ,
Usage : "Hostname sent with HELO. Leave blank to send current hostname" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2022-01-12 15:54:53 -07:00
Name : "disable-helo" ,
Usage : "Disable SMTP helo." ,
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
2022-01-12 15:54:53 -07:00
Name : "allowed-domains" ,
Value : "" ,
Usage : "Leave empty to allow all domains. Separate multiple domains with a comma (',')" ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2022-01-12 15:54:53 -07:00
Name : "skip-local-2fa" ,
Usage : "Skip 2FA to log on." ,
} ,
2023-07-21 03:28:19 -06:00
& cli . BoolFlag {
2022-01-12 15:54:53 -07:00
Name : "active" ,
Usage : "This Authentication Source is Activated." ,
} ,
}
2023-07-21 03:28:19 -06:00
microcmdAuthAddSMTP = & cli . Command {
2022-01-12 15:54:53 -07:00
Name : "add-smtp" ,
Usage : "Add new SMTP authentication source" ,
Action : runAddSMTP ,
Flags : smtpCLIFlags ,
}
2023-07-21 03:28:19 -06:00
microcmdAuthUpdateSMTP = & cli . Command {
2022-01-12 15:54:53 -07:00
Name : "update-smtp" ,
Usage : "Update existing SMTP authentication source" ,
Action : runUpdateSMTP ,
Flags : append ( smtpCLIFlags [ : 1 ] , append ( [ ] cli . Flag { idFlag } , smtpCLIFlags [ 1 : ] ... ) ... ) ,
}
2016-08-13 17:11:52 -06:00
)
2021-04-09 01:40:34 -06:00
func runRepoSyncReleases ( _ * cli . Context ) error {
2021-11-06 21:11:27 -06:00
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
2018-01-12 15:16:49 -07:00
return err
2017-12-31 07:45:46 -07:00
}
log . Trace ( "Synchronizing repository releases (this may take a while)" )
for page := 1 ; ; page ++ {
2022-11-19 01:12:33 -07:00
repos , count , err := repo_model . SearchRepositoryByName ( ctx , & repo_model . SearchRepoOptions {
2021-09-24 05:32:56 -06:00
ListOptions : db . ListOptions {
2022-06-06 02:01:49 -06:00
PageSize : repo_model . RepositoryListDefaultPageSize ,
2020-01-24 12:00:29 -07:00
Page : page ,
} ,
Private : true ,
2017-12-31 07:45:46 -07:00
} )
if err != nil {
2022-10-24 13:29:17 -06:00
return fmt . Errorf ( "SearchRepositoryByName: %w" , err )
2017-12-31 07:45:46 -07:00
}
if len ( repos ) == 0 {
break
}
log . Trace ( "Processing next %d repos of %d" , len ( repos ) , count )
for _ , repo := range repos {
log . Trace ( "Synchronizing repo %s with path %s" , repo . FullName ( ) , repo . RepoPath ( ) )
2022-03-29 13:13:41 -06:00
gitRepo , err := git . OpenRepository ( ctx , repo . RepoPath ( ) )
2017-12-31 07:45:46 -07:00
if err != nil {
log . Warn ( "OpenRepository: %v" , err )
continue
}
2018-01-12 15:16:49 -07:00
oldnum , err := getReleaseCount ( repo . ID )
2017-12-31 07:45:46 -07:00
if err != nil {
log . Warn ( " GetReleaseCountByRepoID: %v" , err )
}
log . Trace ( " currentNumReleases is %d, running SyncReleasesWithTags" , oldnum )
2020-01-20 13:01:19 -07:00
if err = repo_module . SyncReleasesWithTags ( repo , gitRepo ) ; err != nil {
2017-12-31 07:45:46 -07:00
log . Warn ( " SyncReleasesWithTags: %v" , err )
2019-11-13 00:01:19 -07:00
gitRepo . Close ( )
2017-12-31 07:45:46 -07:00
continue
}
2018-01-12 15:16:49 -07:00
count , err = getReleaseCount ( repo . ID )
2017-12-31 07:45:46 -07:00
if err != nil {
log . Warn ( " GetReleaseCountByRepoID: %v" , err )
2019-11-13 00:01:19 -07:00
gitRepo . Close ( )
2017-12-31 07:45:46 -07:00
continue
}
log . Trace ( " repo %s releases synchronized to tags: from %d to %d" ,
repo . FullName ( ) , oldnum , count )
2019-11-13 00:01:19 -07:00
gitRepo . Close ( )
2017-12-31 07:45:46 -07:00
}
}
return nil
}
2018-01-12 15:16:49 -07:00
func getReleaseCount ( id int64 ) ( int64 , error ) {
2022-08-24 20:31:57 -06:00
return repo_model . GetReleaseCountByRepoID (
2022-12-09 19:46:31 -07:00
db . DefaultContext ,
2018-01-12 15:16:49 -07:00
id ,
2022-08-24 20:31:57 -06:00
repo_model . FindReleasesOptions {
2018-01-12 15:16:49 -07:00
IncludeTags : true ,
} ,
)
}
2018-05-16 19:35:07 -06:00
2021-04-09 01:40:34 -06:00
func runRegenerateHooks ( _ * cli . Context ) error {
2021-11-06 21:11:27 -06:00
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
2018-05-16 19:35:07 -06:00
return err
}
2021-11-17 08:17:31 -07:00
return repo_service . SyncRepositoryHooks ( graceful . GetManager ( ) . ShutdownContext ( ) )
2018-05-16 19:35:07 -06:00
}
2021-04-09 01:40:34 -06:00
func runRegenerateKeys ( _ * cli . Context ) error {
2021-11-06 21:11:27 -06:00
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
2018-05-16 19:35:07 -06:00
return err
}
2021-12-10 01:14:24 -07:00
return asymkey_model . RewriteAllPublicKeys ( )
2018-05-16 19:35:07 -06:00
}
2018-09-12 08:46:02 -06:00
2021-07-24 04:16:34 -06:00
func parseOAuth2Config ( c * cli . Context ) * oauth2 . Source {
2018-09-12 08:46:02 -06:00
var customURLMapping * oauth2 . CustomURLMapping
if c . IsSet ( "use-custom-urls" ) {
customURLMapping = & oauth2 . CustomURLMapping {
TokenURL : c . String ( "custom-token-url" ) ,
AuthURL : c . String ( "custom-auth-url" ) ,
ProfileURL : c . String ( "custom-profile-url" ) ,
EmailURL : c . String ( "custom-email-url" ) ,
2023-02-05 21:12:13 -07:00
Tenant : c . String ( "custom-tenant-id" ) ,
2018-09-12 08:46:02 -06:00
}
} else {
customURLMapping = nil
}
2021-07-24 04:16:34 -06:00
return & oauth2 . Source {
2018-09-12 08:46:02 -06:00
Provider : c . String ( "provider" ) ,
ClientID : c . String ( "key" ) ,
ClientSecret : c . String ( "secret" ) ,
OpenIDConnectAutoDiscoveryURL : c . String ( "auto-discover-url" ) ,
CustomURLMapping : customURLMapping ,
2020-12-28 01:39:12 -07:00
IconURL : c . String ( "icon-url" ) ,
2021-09-10 10:37:57 -06:00
SkipLocalTwoFA : c . Bool ( "skip-local-2fa" ) ,
2021-12-14 01:37:11 -07:00
Scopes : c . StringSlice ( "scopes" ) ,
RequiredClaimName : c . String ( "required-claim-name" ) ,
RequiredClaimValue : c . String ( "required-claim-value" ) ,
GroupClaimName : c . String ( "group-claim-name" ) ,
AdminGroup : c . String ( "admin-group" ) ,
RestrictedGroup : c . String ( "restricted-group" ) ,
2023-02-07 23:44:42 -07:00
GroupTeamMap : c . String ( "group-team-map" ) ,
GroupTeamMapRemoval : c . Bool ( "group-team-map-removal" ) ,
2018-09-12 08:46:02 -06:00
}
}
func runAddOauth ( c * cli . Context ) error {
2021-11-06 21:11:27 -06:00
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
2018-09-12 08:46:02 -06:00
return err
}
2023-03-09 23:14:43 -07:00
config := parseOAuth2Config ( c )
if config . Provider == "openidConnect" {
discoveryURL , err := url . Parse ( config . OpenIDConnectAutoDiscoveryURL )
if err != nil || ( discoveryURL . Scheme != "http" && discoveryURL . Scheme != "https" ) {
return fmt . Errorf ( "invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)" , config . OpenIDConnectAutoDiscoveryURL )
}
}
2022-08-24 20:31:57 -06:00
return auth_model . CreateSource ( & auth_model . Source {
Type : auth_model . OAuth2 ,
2021-07-24 04:16:34 -06:00
Name : c . String ( "name" ) ,
IsActive : true ,
2023-03-09 23:14:43 -07:00
Cfg : config ,
2018-10-17 22:51:07 -06:00
} )
2018-09-12 08:46:02 -06:00
}
func runUpdateOauth ( c * cli . Context ) error {
if ! c . IsSet ( "id" ) {
return fmt . Errorf ( "--id flag is missing" )
}
2021-11-06 21:11:27 -06:00
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
2018-09-12 08:46:02 -06:00
return err
}
2022-08-24 20:31:57 -06:00
source , err := auth_model . GetSourceByID ( c . Int64 ( "id" ) )
2018-09-12 08:46:02 -06:00
if err != nil {
return err
}
2021-07-24 04:16:34 -06:00
oAuth2Config := source . Cfg . ( * oauth2 . Source )
2018-09-12 08:46:02 -06:00
if c . IsSet ( "name" ) {
source . Name = c . String ( "name" )
}
if c . IsSet ( "provider" ) {
oAuth2Config . Provider = c . String ( "provider" )
}
if c . IsSet ( "key" ) {
oAuth2Config . ClientID = c . String ( "key" )
}
if c . IsSet ( "secret" ) {
oAuth2Config . ClientSecret = c . String ( "secret" )
}
if c . IsSet ( "auto-discover-url" ) {
oAuth2Config . OpenIDConnectAutoDiscoveryURL = c . String ( "auto-discover-url" )
}
2020-12-28 01:39:12 -07:00
if c . IsSet ( "icon-url" ) {
oAuth2Config . IconURL = c . String ( "icon-url" )
}
2021-12-14 01:37:11 -07:00
if c . IsSet ( "scopes" ) {
oAuth2Config . Scopes = c . StringSlice ( "scopes" )
}
if c . IsSet ( "required-claim-name" ) {
oAuth2Config . RequiredClaimName = c . String ( "required-claim-name" )
}
if c . IsSet ( "required-claim-value" ) {
oAuth2Config . RequiredClaimValue = c . String ( "required-claim-value" )
}
if c . IsSet ( "group-claim-name" ) {
oAuth2Config . GroupClaimName = c . String ( "group-claim-name" )
}
if c . IsSet ( "admin-group" ) {
oAuth2Config . AdminGroup = c . String ( "admin-group" )
}
if c . IsSet ( "restricted-group" ) {
oAuth2Config . RestrictedGroup = c . String ( "restricted-group" )
}
2023-02-07 23:44:42 -07:00
if c . IsSet ( "group-team-map" ) {
oAuth2Config . GroupTeamMap = c . String ( "group-team-map" )
}
if c . IsSet ( "group-team-map-removal" ) {
oAuth2Config . GroupTeamMapRemoval = c . Bool ( "group-team-map-removal" )
}
2021-12-14 01:37:11 -07:00
2018-09-12 08:46:02 -06:00
// update custom URL mapping
2022-01-20 10:46:10 -07:00
customURLMapping := & oauth2 . CustomURLMapping { }
2018-09-12 08:46:02 -06:00
if oAuth2Config . CustomURLMapping != nil {
customURLMapping . TokenURL = oAuth2Config . CustomURLMapping . TokenURL
customURLMapping . AuthURL = oAuth2Config . CustomURLMapping . AuthURL
customURLMapping . ProfileURL = oAuth2Config . CustomURLMapping . ProfileURL
customURLMapping . EmailURL = oAuth2Config . CustomURLMapping . EmailURL
2023-02-05 21:12:13 -07:00
customURLMapping . Tenant = oAuth2Config . CustomURLMapping . Tenant
2018-09-12 08:46:02 -06:00
}
if c . IsSet ( "use-custom-urls" ) && c . IsSet ( "custom-token-url" ) {
customURLMapping . TokenURL = c . String ( "custom-token-url" )
}
if c . IsSet ( "use-custom-urls" ) && c . IsSet ( "custom-auth-url" ) {
customURLMapping . AuthURL = c . String ( "custom-auth-url" )
}
if c . IsSet ( "use-custom-urls" ) && c . IsSet ( "custom-profile-url" ) {
customURLMapping . ProfileURL = c . String ( "custom-profile-url" )
}
if c . IsSet ( "use-custom-urls" ) && c . IsSet ( "custom-email-url" ) {
customURLMapping . EmailURL = c . String ( "custom-email-url" )
}
2023-02-05 21:12:13 -07:00
if c . IsSet ( "use-custom-urls" ) && c . IsSet ( "custom-tenant-id" ) {
customURLMapping . Tenant = c . String ( "custom-tenant-id" )
}
2018-09-12 08:46:02 -06:00
oAuth2Config . CustomURLMapping = customURLMapping
source . Cfg = oAuth2Config
2022-08-24 20:31:57 -06:00
return auth_model . UpdateSource ( source )
2018-09-12 08:46:02 -06:00
}
2022-01-12 15:54:53 -07:00
func parseSMTPConfig ( c * cli . Context , conf * smtp . Source ) error {
if c . IsSet ( "auth-type" ) {
conf . Auth = c . String ( "auth-type" )
validAuthTypes := [ ] string { "PLAIN" , "LOGIN" , "CRAM-MD5" }
Improve utils of slices (#22379)
- Move the file `compare.go` and `slice.go` to `slice.go`.
- Fix `ExistsInSlice`, it's buggy
- It uses `sort.Search`, so it assumes that the input slice is sorted.
- It passes `func(i int) bool { return slice[i] == target })` to
`sort.Search`, that's incorrect, check the doc of `sort.Search`.
- Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string,
[]string)` to `SliceContains[T]([]T, T)`.
- Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string,
[]string)` to `SliceSortedEqual[T]([]T, T)`.
- Add `SliceEqual[T]([]T, T)` as a distinction from
`SliceSortedEqual[T]([]T, T)`.
- Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to
`SliceRemoveAll[T]([]T, T) []T`.
- Add `SliceContainsFunc[T]([]T, func(T) bool)` and
`SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use.
- Add comments to explain why not `golang.org/x/exp/slices`.
- Add unit tests.
2023-01-10 22:31:16 -07:00
if ! util . SliceContainsString ( validAuthTypes , strings . ToUpper ( c . String ( "auth-type" ) ) ) {
2022-01-12 15:54:53 -07:00
return errors . New ( "Auth must be one of PLAIN/LOGIN/CRAM-MD5" )
}
conf . Auth = c . String ( "auth-type" )
}
2022-11-10 14:12:23 -07:00
if c . IsSet ( "host" ) {
conf . Host = c . String ( "host" )
2022-01-12 15:54:53 -07:00
}
if c . IsSet ( "port" ) {
conf . Port = c . Int ( "port" )
}
if c . IsSet ( "allowed-domains" ) {
conf . AllowedDomains = c . String ( "allowed-domains" )
}
if c . IsSet ( "force-smtps" ) {
2023-07-21 03:28:19 -06:00
conf . ForceSMTPS = c . Bool ( "force-smtps" )
2022-01-12 15:54:53 -07:00
}
if c . IsSet ( "skip-verify" ) {
2023-07-21 03:28:19 -06:00
conf . SkipVerify = c . Bool ( "skip-verify" )
2022-01-12 15:54:53 -07:00
}
if c . IsSet ( "helo-hostname" ) {
conf . HeloHostname = c . String ( "helo-hostname" )
}
if c . IsSet ( "disable-helo" ) {
2023-07-21 03:28:19 -06:00
conf . DisableHelo = c . Bool ( "disable-helo" )
2022-01-12 15:54:53 -07:00
}
if c . IsSet ( "skip-local-2fa" ) {
2023-07-21 03:28:19 -06:00
conf . SkipLocalTwoFA = c . Bool ( "skip-local-2fa" )
2022-01-12 15:54:53 -07:00
}
return nil
}
func runAddSMTP ( c * cli . Context ) error {
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
return err
}
if ! c . IsSet ( "name" ) || len ( c . String ( "name" ) ) == 0 {
return errors . New ( "name must be set" )
}
if ! c . IsSet ( "host" ) || len ( c . String ( "host" ) ) == 0 {
return errors . New ( "host must be set" )
}
if ! c . IsSet ( "port" ) {
return errors . New ( "port must be set" )
}
2022-01-20 10:46:10 -07:00
active := true
2022-01-12 15:54:53 -07:00
if c . IsSet ( "active" ) {
2023-07-21 03:28:19 -06:00
active = c . Bool ( "active" )
2022-01-12 15:54:53 -07:00
}
var smtpConfig smtp . Source
if err := parseSMTPConfig ( c , & smtpConfig ) ; err != nil {
return err
}
// If not set default to PLAIN
if len ( smtpConfig . Auth ) == 0 {
smtpConfig . Auth = "PLAIN"
}
2022-08-24 20:31:57 -06:00
return auth_model . CreateSource ( & auth_model . Source {
Type : auth_model . SMTP ,
2022-01-12 15:54:53 -07:00
Name : c . String ( "name" ) ,
IsActive : active ,
Cfg : & smtpConfig ,
} )
}
func runUpdateSMTP ( c * cli . Context ) error {
if ! c . IsSet ( "id" ) {
return fmt . Errorf ( "--id flag is missing" )
}
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
return err
}
2022-08-24 20:31:57 -06:00
source , err := auth_model . GetSourceByID ( c . Int64 ( "id" ) )
2022-01-12 15:54:53 -07:00
if err != nil {
return err
}
smtpConfig := source . Cfg . ( * smtp . Source )
if err := parseSMTPConfig ( c , smtpConfig ) ; err != nil {
return err
}
if c . IsSet ( "name" ) {
source . Name = c . String ( "name" )
}
if c . IsSet ( "active" ) {
2023-07-21 03:28:19 -06:00
source . IsActive = c . Bool ( "active" )
2022-01-12 15:54:53 -07:00
}
source . Cfg = smtpConfig
2022-08-24 20:31:57 -06:00
return auth_model . UpdateSource ( source )
2022-01-12 15:54:53 -07:00
}
2018-09-12 08:46:02 -06:00
func runListAuth ( c * cli . Context ) error {
2021-11-06 21:11:27 -06:00
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
2018-09-12 08:46:02 -06:00
return err
}
2022-08-24 20:31:57 -06:00
authSources , err := auth_model . Sources ( )
2018-09-12 08:46:02 -06:00
if err != nil {
return err
}
2020-03-27 15:26:43 -06:00
flags := tabwriter . AlignRight
if c . Bool ( "vertical-bars" ) {
flags |= tabwriter . Debug
}
padChar := byte ( '\t' )
if len ( c . String ( "pad-char" ) ) > 0 {
padChar = c . String ( "pad-char" ) [ 0 ]
}
2018-09-12 08:46:02 -06:00
// loop through each source and print
2020-03-27 15:26:43 -06:00
w := tabwriter . NewWriter ( os . Stdout , c . Int ( "min-width" ) , c . Int ( "tab-width" ) , c . Int ( "padding" ) , padChar , flags )
2020-01-07 16:41:16 -07:00
fmt . Fprintf ( w , "ID\tName\tType\tEnabled\n" )
2022-01-02 06:12:35 -07:00
for _ , source := range authSources {
2021-09-24 05:32:56 -06:00
fmt . Fprintf ( w , "%d\t%s\t%s\t%t\n" , source . ID , source . Name , source . Type . String ( ) , source . IsActive )
2018-09-12 08:46:02 -06:00
}
w . Flush ( )
return nil
}
func runDeleteAuth ( c * cli . Context ) error {
if ! c . IsSet ( "id" ) {
return fmt . Errorf ( "--id flag is missing" )
}
2021-11-06 21:11:27 -06:00
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
2018-09-12 08:46:02 -06:00
return err
}
2022-08-24 20:31:57 -06:00
source , err := auth_model . GetSourceByID ( c . Int64 ( "id" ) )
2018-09-12 08:46:02 -06:00
if err != nil {
return err
}
2022-01-02 06:12:35 -07:00
return auth_service . DeleteSource ( source )
2018-09-12 08:46:02 -06:00
}