2021-07-24 04:16:34 -06:00
|
|
|
// Copyright 2021 The Gitea Authors. All rights reserved.
|
2022-11-27 11:20:29 -07:00
|
|
|
// SPDX-License-Identifier: MIT
|
2021-07-24 04:16:34 -06:00
|
|
|
|
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
2023-09-14 11:09:32 -06:00
|
|
|
"context"
|
2021-07-24 04:16:34 -06:00
|
|
|
"strings"
|
|
|
|
|
2022-01-02 06:12:35 -07:00
|
|
|
"code.gitea.io/gitea/models/auth"
|
2021-09-19 05:49:59 -06:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2021-11-11 00:03:30 -07:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2021-07-24 04:16:34 -06:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2024-03-02 08:42:31 -07:00
|
|
|
"code.gitea.io/gitea/modules/optional"
|
2021-11-27 04:59:51 -07:00
|
|
|
"code.gitea.io/gitea/services/auth/source/oauth2"
|
|
|
|
"code.gitea.io/gitea/services/auth/source/smtp"
|
2021-07-24 04:16:34 -06:00
|
|
|
|
2021-11-24 02:49:20 -07:00
|
|
|
_ "code.gitea.io/gitea/services/auth/source/db" // register the sources (and below)
|
|
|
|
_ "code.gitea.io/gitea/services/auth/source/ldap" // register the ldap source
|
2021-11-27 04:59:51 -07:00
|
|
|
_ "code.gitea.io/gitea/services/auth/source/pam" // register the pam source
|
2021-11-24 02:49:20 -07:00
|
|
|
_ "code.gitea.io/gitea/services/auth/source/sspi" // register the sspi source
|
2021-07-24 04:16:34 -06:00
|
|
|
)
|
|
|
|
|
|
|
|
// UserSignIn validates user name and password.
|
2023-09-14 11:09:32 -06:00
|
|
|
func UserSignIn(ctx context.Context, username, password string) (*user_model.User, *auth.Source, error) {
|
2021-11-24 02:49:20 -07:00
|
|
|
var user *user_model.User
|
2022-03-31 07:20:25 -06:00
|
|
|
isEmail := false
|
2021-07-24 04:16:34 -06:00
|
|
|
if strings.Contains(username, "@") {
|
2022-03-31 07:20:25 -06:00
|
|
|
isEmail = true
|
2022-02-18 02:33:00 -07:00
|
|
|
emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))}
|
2021-07-24 04:16:34 -06:00
|
|
|
// check same email
|
2023-09-14 11:09:32 -06:00
|
|
|
has, err := db.GetEngine(ctx).Get(&emailAddress)
|
2021-07-24 04:16:34 -06:00
|
|
|
if err != nil {
|
2021-09-17 05:43:47 -06:00
|
|
|
return nil, nil, err
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
2022-03-31 07:20:25 -06:00
|
|
|
if has {
|
|
|
|
if !emailAddress.IsActivated {
|
|
|
|
return nil, nil, user_model.ErrEmailAddressNotExist{
|
|
|
|
Email: username,
|
|
|
|
}
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
2022-03-31 07:20:25 -06:00
|
|
|
user = &user_model.User{ID: emailAddress.UID}
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
trimmedUsername := strings.TrimSpace(username)
|
|
|
|
if len(trimmedUsername) == 0 {
|
2021-11-24 02:49:20 -07:00
|
|
|
return nil, nil, user_model.ErrUserNotExist{Name: username}
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
|
|
|
|
2021-11-24 02:49:20 -07:00
|
|
|
user = &user_model.User{LowerName: strings.ToLower(trimmedUsername)}
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
|
|
|
|
2022-03-31 07:20:25 -06:00
|
|
|
if user != nil {
|
2023-09-14 11:09:32 -06:00
|
|
|
hasUser, err := user_model.GetUser(ctx, user)
|
2021-07-24 04:16:34 -06:00
|
|
|
if err != nil {
|
2021-09-17 05:43:47 -06:00
|
|
|
return nil, nil, err
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
|
|
|
|
2022-03-31 07:20:25 -06:00
|
|
|
if hasUser {
|
2023-10-10 22:24:07 -06:00
|
|
|
source, err := auth.GetSourceByID(ctx, user.LoginSource)
|
2022-03-31 07:20:25 -06:00
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2021-07-24 04:16:34 -06:00
|
|
|
|
2022-03-31 07:20:25 -06:00
|
|
|
if !source.IsActive {
|
2023-06-08 10:35:29 -06:00
|
|
|
return nil, nil, oauth2.ErrAuthSourceNotActivated
|
2022-03-31 07:20:25 -06:00
|
|
|
}
|
2021-07-24 04:16:34 -06:00
|
|
|
|
2022-03-31 07:20:25 -06:00
|
|
|
authenticator, ok := source.Cfg.(PasswordAuthenticator)
|
|
|
|
if !ok {
|
|
|
|
return nil, nil, smtp.ErrUnsupportedLoginType
|
|
|
|
}
|
2021-07-24 04:16:34 -06:00
|
|
|
|
2023-09-14 11:09:32 -06:00
|
|
|
user, err := authenticator.Authenticate(ctx, user, user.LoginName, password)
|
2022-03-31 07:20:25 -06:00
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2021-07-24 04:16:34 -06:00
|
|
|
|
2022-03-31 07:20:25 -06:00
|
|
|
// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
|
|
|
|
// user could be hint to resend confirm email.
|
|
|
|
if user.ProhibitLogin {
|
|
|
|
return nil, nil, user_model.ErrUserProhibitLogin{UID: user.ID, Name: user.Name}
|
|
|
|
}
|
|
|
|
|
|
|
|
return user, source, nil
|
|
|
|
}
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
|
|
|
|
2023-11-23 20:49:41 -07:00
|
|
|
sources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{
|
2024-03-02 08:42:31 -07:00
|
|
|
IsActive: optional.Some(true),
|
2023-11-02 19:41:00 -06:00
|
|
|
})
|
2021-07-24 04:16:34 -06:00
|
|
|
if err != nil {
|
2021-09-17 05:43:47 -06:00
|
|
|
return nil, nil, err
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, source := range sources {
|
|
|
|
if !source.IsActive {
|
|
|
|
// don't try to authenticate non-active sources
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
authenticator, ok := source.Cfg.(PasswordAuthenticator)
|
|
|
|
if !ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2023-09-14 11:09:32 -06:00
|
|
|
authUser, err := authenticator.Authenticate(ctx, nil, username, password)
|
2021-07-24 04:16:34 -06:00
|
|
|
|
|
|
|
if err == nil {
|
|
|
|
if !authUser.ProhibitLogin {
|
2021-09-17 05:43:47 -06:00
|
|
|
return authUser, source, nil
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
2021-11-24 02:49:20 -07:00
|
|
|
err = user_model.ErrUserProhibitLogin{UID: authUser.ID, Name: authUser.Name}
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|
|
|
|
|
2021-11-24 02:49:20 -07:00
|
|
|
if user_model.IsErrUserNotExist(err) {
|
2021-07-24 04:16:34 -06:00
|
|
|
log.Debug("Failed to login '%s' via '%s': %v", username, source.Name, err)
|
|
|
|
} else {
|
|
|
|
log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-31 07:20:25 -06:00
|
|
|
if isEmail {
|
|
|
|
return nil, nil, user_model.ErrEmailAddressNotExist{Email: username}
|
|
|
|
}
|
|
|
|
|
2021-11-24 02:49:20 -07:00
|
|
|
return nil, nil, user_model.ErrUserNotExist{Name: username}
|
2021-07-24 04:16:34 -06:00
|
|
|
}
|