githaven-fork/templates/admin/auth/new.tmpl
QuaSoft 7b4d2f7a2a Add single sign-on support via SSPI on Windows (#8463)
* Add single sign-on support via SSPI on Windows

* Ensure plugins implement interface

* Ensure plugins implement interface

* Move functions used only by the SSPI auth method to sspi_windows.go

* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected

* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.

* Update documentation for the new 'SPNEGO with SSPI' login source

* Mention in documentation that ROOT_URL should contain the FQDN of the server

* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)

* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)

* Add option in SSPIConfig for removing of domains from logon names

* Update helper text for StripDomainNames option

* Make sure handleSignIn() is called after a new user object is created by SSPI auth method

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates

* Remove code duplication

* Log errors in ActiveLoginSources

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert suffix of randomly generated E-mails for Reverse proxy authentication

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert unneeded white-space change in template

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Add copyright comments at the top of new files

* Use loopback name for randomly generated emails

* Add locale tag for the SSPISeparatorReplacement field with proper casing

* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields

* Update docs/content/doc/features/authentication.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Remove Priority() method and define the order in which SSO auth methods should be executed in one place

* Log authenticated username only if it's not empty

* Rephrase helper text for automatic creation of users

* Return error if more than one active SSPI auth source is found

* Change newUser() function to return error, letting caller log/handle the error

* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed

* Refactor initialization of the list containing SSO auth methods

* Validate SSPI settings on POST

* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page

* Make 'Default language' in SSPI config empty, unless changed by admin

* Show error if admin tries to add a second authentication source of type SSPI

* Simplify declaration of global variable

* Rebuild gitgraph.js on Linux

* Make sure config values containing only whitespace are not accepted
2019-11-23 01:33:31 +02:00

123 lines
4.4 KiB
Cheetah

{{template "base/head" .}}
<div class="admin new authentication">
{{template "admin/navbar" .}}
<div class="ui container">
{{template "base/alert" .}}
<h4 class="ui top attached header">
{{.i18n.Tr "admin.auths.new"}}
</h4>
<div class="ui attached segment">
<form class="ui form" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}}
<!-- Types and name -->
<div class="inline required field {{if .Err_Type}}error{{end}}">
<label>{{.i18n.Tr "admin.auths.auth_type"}}</label>
<div class="ui selection type dropdown">
<input type="hidden" id="auth_type" name="type" value="{{.type}}">
<div class="text">{{.CurrentTypeName}}</div>
<i class="dropdown icon"></i>
<div class="menu">
{{range .AuthSources}}
<div class="item" data-value="{{.Type}}">{{.Name}}</div>
{{end}}
</div>
</div>
</div>
<div class="required inline field {{if .Err_Name}}error{{end}}">
<label for="name">{{.i18n.Tr "admin.auths.auth_name"}}</label>
<input id="name" name="name" value="{{.name}}" autofocus required>
</div>
<!-- LDAP and DLDAP -->
{{ template "admin/auth/source/ldap" . }}
<!-- SMTP -->
{{ template "admin/auth/source/smtp" . }}
<!-- PAM -->
<div class="pam required field {{if not (eq .type 4)}}hide{{end}}">
<label for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label>
<input id="pam_service_name" name="pam_service_name" value="{{.pam_service_name}}" />
</div>
<!-- OAuth2 -->
{{ template "admin/auth/source/oauth" . }}
<!-- SSPI -->
{{ template "admin/auth/source/sspi" . }}
<div class="ldap field">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.attributes_in_bind"}}</strong></label>
<input name="attributes_in_bind" type="checkbox" {{if .attributes_in_bind}}checked{{end}}>
</div>
</div>
<div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.enable_tls"}}</strong></label>
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
</div>
</div>
<div class="has-tls inline field {{if not .HasTLS}}hide{{end}}">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>
</div>
</div>
<div class="ldap inline field {{if not (eq .type 2)}}hide{{end}}">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.syncenabled"}}</strong></label>
<input name="is_sync_enabled" type="checkbox" {{if .is_sync_enabled}}checked{{end}}>
</div>
</div>
<div class="inline field">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>
<input name="is_active" type="checkbox" {{if .is_active}}checked{{end}}>
</div>
</div>
<div class="field">
<button class="ui green button">{{.i18n.Tr "admin.auths.new"}}</button>
</div>
</form>
</div>
<h4 class="ui top attached header">
{{.i18n.Tr "admin.auths.tips"}}
</h4>
<div class="ui attached segment">
<h5>GMail Settings:</h5>
<p>Host: smtp.gmail.com, Port: 587, Enable TLS Encryption: true</p>
<h5>{{.i18n.Tr "admin.auths.tips.oauth2.general"}}:</h5>
<p>{{.i18n.Tr "admin.auths.tips.oauth2.general.tip"}}</p>
<h5 class="ui top attached header">{{.i18n.Tr "admin.auths.tip.oauth2_provider"}}</h5>
<div class="ui attached segment">
<li>Bitbucket</li>
<span>{{.i18n.Tr "admin.auths.tip.bitbucket"}}</span>
<li>Dropbox</li>
<span>{{.i18n.Tr "admin.auths.tip.dropbox"}}</span>
<li>Facebook</li>
<span>{{.i18n.Tr "admin.auths.tip.facebook"}}</span>
<li>GitHub</li>
<span>{{.i18n.Tr "admin.auths.tip.github"}}</span>
<li>GitLab</li>
<span>{{.i18n.Tr "admin.auths.tip.gitlab"}}</span>
<li>Google</li>
<span>{{.i18n.Tr "admin.auths.tip.google_plus"}}</span>
<li>OpenID Connect</li>
<span>{{.i18n.Tr "admin.auths.tip.openid_connect"}}</span>
<li>Twitter</li>
<span>{{.i18n.Tr "admin.auths.tip.twitter"}}</span>
<li>Discord</li>
<span>{{.i18n.Tr "admin.auths.tip.discord"}}</span>
<li>Gitea</li>
<span>{{.i18n.Tr "admin.auths.tip.gitea"}}</span>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}