mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Make LDAP be able to skip local 2FA (#16954)
This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources. Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
@@ -175,7 +175,7 @@ func SignInPost(ctx *context.Context) {
|
||||
}
|
||||
|
||||
form := web.GetForm(ctx).(*forms.SignInForm)
|
||||
u, err := auth.UserSignIn(form.UserName, form.Password)
|
||||
u, source, err := auth.UserSignIn(form.UserName, form.Password)
|
||||
if err != nil {
|
||||
if models.IsErrUserNotExist(err) {
|
||||
ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
|
||||
@@ -201,6 +201,15 @@ func SignInPost(ctx *context.Context) {
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Now handle 2FA:
|
||||
|
||||
// First of all if the source can skip local two fa we're done
|
||||
if skipper, ok := source.Cfg.(auth.LocalTwoFASkipper); ok && skipper.IsSkipLocalTwoFA() {
|
||||
handleSignIn(ctx, u, form.Remember)
|
||||
return
|
||||
}
|
||||
|
||||
// If this user is enrolled in 2FA, we can't sign the user in just yet.
|
||||
// Instead, redirect them to the 2FA authentication page.
|
||||
_, err = models.GetTwoFactorByUID(u.ID)
|
||||
@@ -905,7 +914,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
u, err := auth.UserSignIn(signInForm.UserName, signInForm.Password)
|
||||
u, _, err := auth.UserSignIn(signInForm.UserName, signInForm.Password)
|
||||
if err != nil {
|
||||
if models.IsErrUserNotExist(err) {
|
||||
ctx.Data["user_exists"] = true
|
||||
@@ -924,6 +933,7 @@ func linkAccount(ctx *context.Context, u *models.User, gothUser goth.User, remem
|
||||
|
||||
// If this user is enrolled in 2FA, we can't sign the user in just yet.
|
||||
// Instead, redirect them to the 2FA authentication page.
|
||||
// We deliberately ignore the skip local 2fa setting here because we are linking to a previous user here
|
||||
_, err := models.GetTwoFactorByUID(u.ID)
|
||||
if err != nil {
|
||||
if !models.IsErrTwoFactorNotEnrolled(err) {
|
||||
|
Reference in New Issue
Block a user