mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Add single sign-on support via SSPI on Windows (#8463)
* Add single sign-on support via SSPI on Windows * Ensure plugins implement interface * Ensure plugins implement interface * Move functions used only by the SSPI auth method to sspi_windows.go * Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected * Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links. * Update documentation for the new 'SPNEGO with SSPI' login source * Mention in documentation that ROOT_URL should contain the FQDN of the server * Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing) * Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources) * Add option in SSPIConfig for removing of domains from logon names * Update helper text for StripDomainNames option * Make sure handleSignIn() is called after a new user object is created by SSPI auth method * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates * Remove code duplication * Log errors in ActiveLoginSources Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert suffix of randomly generated E-mails for Reverse proxy authentication Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert unneeded white-space change in template Co-Authored-By: Lauris BH <lauris@nix.lv> * Add copyright comments at the top of new files * Use loopback name for randomly generated emails * Add locale tag for the SSPISeparatorReplacement field with proper casing * Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields * Update docs/content/doc/features/authentication.en-us.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Remove Priority() method and define the order in which SSO auth methods should be executed in one place * Log authenticated username only if it's not empty * Rephrase helper text for automatic creation of users * Return error if more than one active SSPI auth source is found * Change newUser() function to return error, letting caller log/handle the error * Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed * Refactor initialization of the list containing SSO auth methods * Validate SSPI settings on POST * Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page * Make 'Default language' in SSPI config empty, unless changed by admin * Show error if admin tries to add a second authentication source of type SSPI * Simplify declaration of global variable * Rebuild gitgraph.js on Linux * Make sure config values containing only whitespace are not accepted
This commit is contained in:
QuaSoft
Lauris BH
@@ -270,6 +270,7 @@ authorize_title = Authorize "%s" to access your account?
|
||||
authorization_failed = Authorization failed
|
||||
authorization_failed_desc = The authorization failed because we detected an invalid request. Please contact the maintainer of the app you've tried to authorize.
|
||||
disable_forgot_password_mail = Account recovery is disabled. Please contact your site administrator.
|
||||
sspi_auth_failed = SSPI authentication failed
|
||||
|
||||
[mail]
|
||||
activate_account = Please activate your account
|
||||
@@ -303,6 +304,9 @@ CommitChoice = Commit choice
|
||||
TreeName = File path
|
||||
Content = Content
|
||||
|
||||
SSPISeparatorReplacement = Separator
|
||||
SSPIDefaultLanguage = Default Language
|
||||
|
||||
require_error = ` cannot be empty.`
|
||||
alpha_dash_error = ` should contain only alphanumeric, dash ('-') and underscore ('_') characters.`
|
||||
alpha_dash_dot_error = ` should contain only alphanumeric, dash ('-'), underscore ('_') and dot ('.') characters.`
|
||||
@@ -317,6 +321,7 @@ glob_pattern_error = ` glob pattern is invalid: %s.`
|
||||
unknown_error = Unknown error:
|
||||
captcha_incorrect = The CAPTCHA code is incorrect.
|
||||
password_not_match = The passwords do not match.
|
||||
lang_select_error = Select a language from the list.
|
||||
|
||||
username_been_taken = The username is already taken.
|
||||
repo_name_been_taken = The repository name is already used.
|
||||
@@ -1809,6 +1814,16 @@ auths.oauth2_authURL = Authorize URL
|
||||
auths.oauth2_profileURL = Profile URL
|
||||
auths.oauth2_emailURL = Email URL
|
||||
auths.enable_auto_register = Enable Auto Registration
|
||||
auths.sspi_auto_create_users = Automatically create users
|
||||
auths.sspi_auto_create_users_helper = Allow SSPI auth method to automatically create new accounts for users that login for the first time
|
||||
auths.sspi_auto_activate_users = Automatically activate users
|
||||
auths.sspi_auto_activate_users_helper = Allow SSPI auth method to automatically activate new users
|
||||
auths.sspi_strip_domain_names = Remove domain names from usernames
|
||||
auths.sspi_strip_domain_names_helper = If checked, domain names will be removed from logon names (eg. "DOMAIN\user" and "user@example.org" both will become just "user").
|
||||
auths.sspi_separator_replacement = Separator to use instead of \, / and @
|
||||
auths.sspi_separator_replacement_helper = The character to use to replace the separators of down-level logon names (eg. the \ in "DOMAIN\user") and user principal names (eg. the @ in "user@example.org").
|
||||
auths.sspi_default_language = Default user language
|
||||
auths.sspi_default_language_helper = Default language for users automatically created by SSPI auth method. Leave empty if you prefer language to be automatically detected.
|
||||
auths.tips = Tips
|
||||
auths.tips.oauth2.general = OAuth2 Authentication
|
||||
auths.tips.oauth2.general.tip = When registering a new OAuth2 authentication, the callback/redirect URL should be: <host>/user/oauth2/<Authentication Name>/callback
|
||||
@@ -1834,6 +1849,7 @@ auths.delete_auth_desc = Deleting an authentication source prevents users from u
|
||||
auths.still_in_used = The authentication source is still in use. Convert or delete any users using this authentication source first.
|
||||
auths.deletion_success = The authentication source has been deleted.
|
||||
auths.login_source_exist = The authentication source '%s' already exists.
|
||||
auths.login_source_of_type_exist = An authentication source of this type already exists.
|
||||
|
||||
config.server_config = Server Configuration
|
||||
config.app_name = Site Title
|
||||
|
||||
Reference in New Issue
Block a user