mirror of
https://github.com/go-gitea/gitea.git
synced 2024-12-21 10:15:09 +01:00
5bb8d1924d
Closes https://github.com/go-gitea/gitea/issues/5512 This PR adds basic SAML support - Adds SAML 2.0 as an auth source - Adds SAML configuration documentation - Adds integration test: - Use bare-bones SAML IdP to test protocol flow and test account is linked successfully (only runs on Postgres by default) - Adds documentation for configuring and running SAML integration test locally Future PRs: - Support group mapping - Support auto-registration (account linking) Co-Authored-By: @jackHay22 --------- Co-authored-by: jackHay22 <jack@allspice.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: morphelinho <morphelinho@users.noreply.github.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io>
105 lines
3.7 KiB
Go
105 lines
3.7 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package forms
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/web/middleware"
|
|
|
|
"gitea.com/go-chi/binding"
|
|
)
|
|
|
|
// AuthenticationForm form for authentication
|
|
type AuthenticationForm struct {
|
|
ID int64
|
|
Type int `binding:"Range(2,9)"`
|
|
Name string `binding:"Required;MaxSize(30)"`
|
|
Host string
|
|
Port int
|
|
BindDN string
|
|
BindPassword string
|
|
UserBase string
|
|
UserDN string
|
|
AttributeUsername string
|
|
AttributeName string
|
|
AttributeSurname string
|
|
AttributeMail string
|
|
AttributeSSHPublicKey string
|
|
AttributeAvatar string
|
|
AttributesInBind bool
|
|
UsePagedSearch bool
|
|
SearchPageSize int
|
|
Filter string
|
|
AdminFilter string
|
|
GroupsEnabled bool
|
|
GroupDN string
|
|
GroupFilter string
|
|
GroupMemberUID string
|
|
UserUID string
|
|
RestrictedFilter string
|
|
AllowDeactivateAll bool
|
|
IsActive bool
|
|
IsSyncEnabled bool
|
|
SMTPAuth string
|
|
SMTPHost string
|
|
SMTPPort int
|
|
AllowedDomains string
|
|
SecurityProtocol int `binding:"Range(0,2)"`
|
|
TLS bool
|
|
SkipVerify bool
|
|
HeloHostname string
|
|
DisableHelo bool
|
|
ForceSMTPS bool
|
|
PAMServiceName string
|
|
PAMEmailDomain string
|
|
Oauth2Provider string
|
|
Oauth2Key string
|
|
Oauth2Secret string
|
|
OpenIDConnectAutoDiscoveryURL string
|
|
Oauth2UseCustomURL bool
|
|
Oauth2TokenURL string
|
|
Oauth2AuthURL string
|
|
Oauth2ProfileURL string
|
|
Oauth2EmailURL string
|
|
Oauth2IconURL string
|
|
Oauth2Tenant string
|
|
Oauth2Scopes string
|
|
Oauth2RequiredClaimName string
|
|
Oauth2RequiredClaimValue string
|
|
Oauth2GroupClaimName string
|
|
Oauth2AdminGroup string
|
|
Oauth2RestrictedGroup string
|
|
Oauth2GroupTeamMap string `binding:"ValidGroupTeamMap"`
|
|
Oauth2GroupTeamMapRemoval bool
|
|
SkipLocalTwoFA bool
|
|
SSPIAutoCreateUsers bool
|
|
SSPIAutoActivateUsers bool
|
|
SSPIStripDomainNames bool
|
|
SSPISeparatorReplacement string `binding:"AlphaDashDot;MaxSize(5)"`
|
|
SSPIDefaultLanguage string
|
|
GroupTeamMap string `binding:"ValidGroupTeamMap"`
|
|
GroupTeamMapRemoval bool
|
|
|
|
// SAML Settings
|
|
NameIDFormat int
|
|
IdentityProviderMetadata string
|
|
IdentityProviderMetadataURL string
|
|
InsecureSkipAssertionSignatureValidation bool
|
|
ServiceProviderCertificate string
|
|
ServiceProviderPrivateKey string
|
|
EmailAssertionKey string
|
|
NameAssertionKey string
|
|
UsernameAssertionKey string
|
|
SAMLIconURL string
|
|
}
|
|
|
|
// Validate validates fields
|
|
func (f *AuthenticationForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
|
|
ctx := context.GetValidateContext(req)
|
|
return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
|
|
}
|