public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-29 10:57:44 +09:00
Code Issues Packages Projects Releases Wiki Activity

Support SAML authentication (#25165)

Browse Source 
Closes https://github.com/go-gitea/gitea/issues/5512

This PR adds basic SAML support
- Adds SAML 2.0 as an auth source
- Adds SAML configuration documentation
- Adds integration test:
- Use bare-bones SAML IdP to test protocol flow and test account is
linked successfully (only runs on Postgres by default)
- Adds documentation for configuring and running SAML integration test
locally

Future PRs:
- Support group mapping
- Support auto-registration (account linking)

Co-Authored-By: @jackHay22

---------

Co-authored-by: jackHay22 <jack@allspice.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: morphelinho <morphelinho@users.noreply.github.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
techknowlogick
2024-02-22 19:08:17 -05:00
committed by GitHub
parent c4b0cb4d0d
commit 5bb8d1924d
37 changed files with 1440 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
models/auth/source.go
View File

@@ -14,6 +14,7 @@ import (
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util"
"github.com/markbates/goth"
"xorm.io/builder"
"xorm.io/xorm"
"xorm.io/xorm/convert"
@@ -32,6 +33,7 @@ const (
DLDAP // 5
OAuth2 // 6
SSPI // 7
SAML // 8
)
// String returns the string name of the LoginType
@@ -52,6 +54,7 @@ var Names = map[Type]string{
PAM: "PAM",
OAuth2: "OAuth2",
SSPI: "SPNEGO with SSPI",
SAML: "SAML",
}
// Config represents login config as far as the db is concerned
@@ -121,6 +124,12 @@ type Source struct {
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
}
// LinkAccountUser is used to link an external user with a local user
type LinkAccountUser struct {
Type Type
GothUser goth.User
}
// TableName xorm will read the table name from this method
func (Source) TableName() string {
return "login_source"
@@ -180,6 +189,11 @@ func (source *Source) IsSSPI() bool {
return source.Type == SSPI
}
// IsSAML returns true of this source is of the SAML type.
func (source *Source) IsSAML() bool {
return source.Type == SAML
}
// HasTLS returns true of this source supports TLS.
func (source *Source) HasTLS() bool {
hasTLSer, ok := source.Cfg.(HasTLSer)
@@ -392,3 +406,27 @@ func IsErrSourceInUse(err error) bool {
func (err ErrSourceInUse) Error() string {
return fmt.Sprintf("login source is still used by some users [id: %d]", err.ID)
}
// GetActiveAuthProviderSources returns all activated sources
func GetActiveAuthProviderSources(ctx context.Context, authType Type) ([]*Source, error) {
sources := make([]*Source, 0, 1)
if err := db.GetEngine(ctx).Where("is_active = ? and type = ?", true, authType).Find(&sources); err != nil {
return nil, err
}
return sources, nil
}
// GetActiveAuthSourceByName returns an AuthSource based on the given name and type
func GetActiveAuthSourceByName(ctx context.Context, name string, authType Type) (*Source, error) {
authSource := new(Source)
has, err := db.GetEngine(ctx).Where("name = ? and type = ? and is_active = ?", name, authType, true).Get(authSource)
if err != nil {
return nil, err
}
if !has {
return nil, fmt.Errorf("auth source not found, name: %q", name)
}
return authSource, nil
}