mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-29 09:31:11 -05:00
e8186f1c0f
Fixes #19555 Test-Instructions: https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000 This PR implements the mapping of user groups provided by OIDC providers to orgs teams in Gitea. The main part is a refactoring of the existing LDAP code to make it usable from different providers. Refactorings: - Moved the router auth code from module to service because of import cycles - Changed some model methods to take a `Context` parameter - Moved the mapping code from LDAP to a common location I've tested it with Keycloak but other providers should work too. The JSON mapping format is the same as for LDAP. ![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png) --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
453 lines
24 KiB
Handlebars
453 lines
24 KiB
Handlebars
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content admin edit authentication">
|
|
{{template "admin/navbar" .}}
|
|
<div class="ui container">
|
|
{{template "base/alert" .}}
|
|
<h4 class="ui top attached header">
|
|
{{.locale.Tr "admin.auths.edit"}}
|
|
</h4>
|
|
<div class="ui attached segment">
|
|
<form class="ui form" action="{{.Link}}" method="post">
|
|
{{template "base/disable_form_autofill"}}
|
|
{{.CsrfTokenHtml}}
|
|
<input type="hidden" name="id" value="{{.Source.ID}}">
|
|
<div class="inline field">
|
|
<label>{{$.locale.Tr "admin.auths.auth_type"}}</label>
|
|
<input type="hidden" id="auth_type" name="type" value="{{.Source.Type.Int}}">
|
|
<span>{{.Source.TypeName}}</span>
|
|
</div>
|
|
<div class="required inline field {{if .Err_Name}}error{{end}}">
|
|
<label for="name">{{.locale.Tr "admin.auths.auth_name"}}</label>
|
|
<input id="name" name="name" value="{{.Source.Name}}" autofocus required>
|
|
</div>
|
|
|
|
<!-- LDAP and DLDAP -->
|
|
{{if or .Source.IsLDAP .Source.IsDLDAP}}
|
|
{{$cfg:=.Source.Cfg}}
|
|
<div class="inline required field {{if .Err_SecurityProtocol}}error{{end}}">
|
|
<label>{{.locale.Tr "admin.auths.security_protocol"}}</label>
|
|
<div class="ui selection security-protocol dropdown">
|
|
<input type="hidden" id="security_protocol" name="security_protocol" value="{{$cfg.SecurityProtocol.Int}}">
|
|
<div class="text">{{$cfg.SecurityProtocolName}}</div>
|
|
{{svg "octicon-triangle-down" 14 "dropdown icon"}}
|
|
<div class="menu">
|
|
{{range .SecurityProtocols}}
|
|
<div class="item" data-value="{{.Type.Int}}">{{.Name}}</div>
|
|
{{end}}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="host">{{.locale.Tr "admin.auths.host"}}</label>
|
|
<input id="host" name="host" value="{{$cfg.Host}}" placeholder="e.g. mydomain.com" required>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="port">{{.locale.Tr "admin.auths.port"}}</label>
|
|
<input id="port" name="port" value="{{$cfg.Port}}" placeholder="e.g. 636" required>
|
|
</div>
|
|
<div class="has-tls inline field {{if not .HasTLS}}hide{{end}}">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.locale.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
|
<input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
{{if .Source.IsLDAP}}
|
|
<div class="field">
|
|
<label for="bind_dn">{{.locale.Tr "admin.auths.bind_dn"}}</label>
|
|
<input id="bind_dn" name="bind_dn" value="{{$cfg.BindDN}}" placeholder="e.g. cn=Search,dc=mydomain,dc=com">
|
|
</div>
|
|
<div class="field">
|
|
<label for="bind_password">{{.locale.Tr "admin.auths.bind_password"}}</label>
|
|
<input id="bind_password" name="bind_password" type="password" value="{{$cfg.BindPassword}}">
|
|
</div>
|
|
{{end}}
|
|
<div class="{{if .Source.IsLDAP}}required{{end}} field">
|
|
<label for="user_base">{{.locale.Tr "admin.auths.user_base"}}</label>
|
|
<input id="user_base" name="user_base" value="{{$cfg.UserBase}}" placeholder="e.g. ou=Users,dc=mydomain,dc=com" {{if .Source.IsLDAP}}required{{end}}>
|
|
</div>
|
|
{{if .Source.IsDLDAP}}
|
|
<div class="required field">
|
|
<label for="user_dn">{{.locale.Tr "admin.auths.user_dn"}}</label>
|
|
<input id="user_dn" name="user_dn" value="{{$cfg.UserDN}}" placeholder="e.g. uid=%s,ou=Users,dc=mydomain,dc=com" required>
|
|
</div>
|
|
{{end}}
|
|
<div class="required field">
|
|
<label for="filter">{{.locale.Tr "admin.auths.filter"}}</label>
|
|
<input id="filter" name="filter" value="{{$cfg.Filter}}" placeholder="e.g. (&(objectClass=posixAccount)(uid=%s))" required>
|
|
</div>
|
|
<div class="field">
|
|
<label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label>
|
|
<input id="admin_filter" name="admin_filter" value="{{$cfg.AdminFilter}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="restricted_filter">{{.locale.Tr "admin.auths.restricted_filter"}}</label>
|
|
<input id="restricted_filter" name="restricted_filter" value="{{$cfg.RestrictedFilter}}">
|
|
<p class="help">{{.locale.Tr "admin.auths.restricted_filter_helper"}}</p>
|
|
</div>
|
|
<div class="field">
|
|
<label for="attribute_username">{{.locale.Tr "admin.auths.attribute_username"}}</label>
|
|
<input id="attribute_username" name="attribute_username" value="{{$cfg.AttributeUsername}}" placeholder="{{.locale.Tr "admin.auths.attribute_username_placeholder"}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="attribute_name">{{.locale.Tr "admin.auths.attribute_name"}}</label>
|
|
<input id="attribute_name" name="attribute_name" value="{{$cfg.AttributeName}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="attribute_surname">{{.locale.Tr "admin.auths.attribute_surname"}}</label>
|
|
<input id="attribute_surname" name="attribute_surname" value="{{$cfg.AttributeSurname}}">
|
|
</div>
|
|
<div class="required field">
|
|
<label for="attribute_mail">{{.locale.Tr "admin.auths.attribute_mail"}}</label>
|
|
<input id="attribute_mail" name="attribute_mail" value="{{$cfg.AttributeMail}}" placeholder="e.g. mail" required>
|
|
</div>
|
|
<div class="field">
|
|
<label for="attribute_ssh_public_key">{{.locale.Tr "admin.auths.attribute_ssh_public_key"}}</label>
|
|
<input id="attribute_ssh_public_key" name="attribute_ssh_public_key" value="{{$cfg.AttributeSSHPublicKey}}" placeholder="e.g. SshPublicKey">
|
|
</div>
|
|
<div class="field">
|
|
<label for="attribute_avatar">{{.locale.Tr "admin.auths.attribute_avatar"}}</label>
|
|
<input id="attribute_avatar" name="attribute_avatar" value="{{$cfg.AttributeAvatar}}" placeholder="e.g. jpegPhoto">
|
|
</div>
|
|
|
|
|
|
<!-- ldap group begin -->
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.locale.Tr "admin.auths.enable_ldap_groups"}}</strong></label>
|
|
<input type="checkbox" name="groups_enabled" class="js-ldap-group-toggle" {{if $cfg.GroupsEnabled}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div id="ldap-group-options" class="ui segment secondary" {{if not $cfg.GroupsEnabled}}hidden{{end}}>
|
|
<div class="field">
|
|
<label>{{.locale.Tr "admin.auths.group_search_base"}}</label>
|
|
<input name="group_dn" value="{{$cfg.GroupDN}}" placeholder="e.g. ou=group,dc=mydomain,dc=com">
|
|
</div>
|
|
<div class="field">
|
|
<label>{{.locale.Tr "admin.auths.group_attribute_list_users"}}</label>
|
|
<input name="group_member_uid" value="{{$cfg.GroupMemberUID}}" placeholder="e.g. memberUid">
|
|
</div>
|
|
<div class="field">
|
|
<label>{{.locale.Tr "admin.auths.user_attribute_in_group"}}</label>
|
|
<input name="user_uid" value="{{$cfg.UserUID}}" placeholder="e.g. uid">
|
|
</div>
|
|
<div class="field">
|
|
<label>{{.locale.Tr "admin.auths.verify_group_membership"}}</label>
|
|
<input name="group_filter" value="{{$cfg.GroupFilter}}" placeholder="e.g. (|(cn=gitea_users)(cn=admins))">
|
|
</div>
|
|
<div class="field">
|
|
<label>{{.locale.Tr "admin.auths.map_group_to_team"}}</label>
|
|
<input name="group_team_map" value="{{$cfg.GroupTeamMap}}" placeholder='e.g. {"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}'>
|
|
</div>
|
|
<div class="ui checkbox">
|
|
<label>{{.locale.Tr "admin.auths.map_group_to_team_removal"}}</label>
|
|
<input name="group_team_map_removal" type="checkbox" {{if $cfg.GroupTeamMapRemoval}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<!-- ldap group end -->
|
|
|
|
{{if .Source.IsLDAP}}
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label for="use_paged_search"><strong>{{.locale.Tr "admin.auths.use_paged_search"}}</strong></label>
|
|
<input id="use_paged_search" name="use_paged_search" type="checkbox" {{if $cfg.UsePagedSearch}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="field required search-page-size{{if not $cfg.UsePagedSearch}} hide{{end}}">
|
|
<label for="search_page_size">{{.locale.Tr "admin.auths.search_page_size"}}</label>
|
|
<input id="search_page_size" name="search_page_size" value="{{if $cfg.UsePagedSearch}}{{$cfg.SearchPageSize}}{{end}}">
|
|
</div>
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.locale.Tr "admin.auths.attributes_in_bind"}}</strong></label>
|
|
<input name="attributes_in_bind" type="checkbox" {{if $cfg.AttributesInBind}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
{{end}}
|
|
<div class="optional field">
|
|
<div class="ui checkbox">
|
|
<label for="skip_local_two_fa"><strong>{{.locale.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
|
|
<p class="help">{{.locale.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label for="allow_deactivate_all"><strong>{{.locale.Tr "admin.auths.allow_deactivate_all"}}</strong></label>
|
|
<input id="allow_deactivate_all" name="allow_deactivate_all" type="checkbox" {{if $cfg.AllowDeactivateAll}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
{{end}}
|
|
|
|
<!-- SMTP -->
|
|
{{if .Source.IsSMTP}}
|
|
{{$cfg:=.Source.Cfg}}
|
|
<div class="inline required field">
|
|
<label>{{.locale.Tr "admin.auths.smtp_auth"}}</label>
|
|
<div class="ui selection type dropdown">
|
|
<input type="hidden" id="smtp_auth" name="smtp_auth" value="{{$cfg.Auth}}" required>
|
|
<div class="text">{{$cfg.Auth}}</div>
|
|
{{svg "octicon-triangle-down" 14 "dropdown icon"}}
|
|
<div class="menu">
|
|
{{range .SMTPAuths}}
|
|
<div class="item" data-value="{{.}}">{{.}}</div>
|
|
{{end}}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="smtp_host">{{.locale.Tr "admin.auths.smtphost"}}</label>
|
|
<input id="smtp_host" name="smtp_host" value="{{$cfg.Host}}" required>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="smtp_port">{{.locale.Tr "admin.auths.smtpport"}}</label>
|
|
<input id="smtp_port" name="smtp_port" value="{{$cfg.Port}}" required>
|
|
</div>
|
|
<div class="field">
|
|
<div class="ui checkbox">
|
|
<label for="force_smtps"><strong>{{.locale.Tr "admin.auths.force_smtps"}}</strong></label>
|
|
<input id="force_smtps" name="force_smtps" type="checkbox" {{if $cfg.ForceSMTPS}}checked{{end}}>
|
|
</div>
|
|
<p class="help">{{.locale.Tr "admin.auths.force_smtps_helper"}}</p>
|
|
</div>
|
|
<div class="has-tls inline field {{if not .HasTLS}}hide{{end}}">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.locale.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
|
<input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="field">
|
|
<label for="helo_hostname">{{.locale.Tr "admin.auths.helo_hostname"}}</label>
|
|
<input id="helo_hostname" name="helo_hostname" value="{{$cfg.HeloHostname}}">
|
|
<p class="help">{{.locale.Tr "admin.auths.helo_hostname_helper"}}</p>
|
|
</div>
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label for="disable_helo"><strong>{{.locale.Tr "admin.auths.disable_helo"}}</strong></label>
|
|
<input id="disable_helo" name="disable_helo" type="checkbox" {{if $cfg.DisableHelo}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="field">
|
|
<label for="allowed_domains">{{.locale.Tr "admin.auths.allowed_domains"}}</label>
|
|
<input id="allowed_domains" name="allowed_domains" value="{{$cfg.AllowedDomains}}">
|
|
<p class="help">{{.locale.Tr "admin.auths.allowed_domains_helper"}}</p>
|
|
</div>
|
|
<div class="optional field">
|
|
<div class="ui checkbox">
|
|
<label for="skip_local_two_fa"><strong>{{.locale.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
|
|
<p class="help">{{.locale.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
{{end}}
|
|
|
|
<!-- PAM -->
|
|
{{if .Source.IsPAM}}
|
|
{{$cfg:=.Source.Cfg}}
|
|
<div class="required field">
|
|
<label for="pam_service_name">{{.locale.Tr "admin.auths.pam_service_name"}}</label>
|
|
<input id="pam_service_name" name="pam_service_name" value="{{$cfg.ServiceName}}" required>
|
|
</div>
|
|
<div class="field">
|
|
<label for="pam_email_domain">{{.locale.Tr "admin.auths.pam_email_domain"}}</label>
|
|
<input id="pam_email_domain" name="pam_email_domain" value="{{$cfg.EmailDomain}}">
|
|
</div>
|
|
<div class="optional field">
|
|
<div class="ui checkbox">
|
|
<label for="skip_local_two_fa"><strong>{{.locale.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
|
|
<p class="help">{{.locale.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
{{end}}
|
|
|
|
<!-- OAuth2 -->
|
|
{{if .Source.IsOAuth2}}
|
|
{{$cfg:=.Source.Cfg}}
|
|
<div class="inline required field">
|
|
<label>{{.locale.Tr "admin.auths.oauth2_provider"}}</label>
|
|
<div class="ui selection type dropdown">
|
|
<input type="hidden" id="oauth2_provider" name="oauth2_provider" value="{{$cfg.Provider}}" required>
|
|
<div class="text">{{.CurrentOAuth2Provider.DisplayName}}</div>
|
|
{{svg "octicon-triangle-down" 14 "dropdown icon"}}
|
|
<div class="menu">
|
|
{{range .OAuth2Providers}}
|
|
<div class="item" data-value="{{.Name}}">{{.DisplayName}}</div>
|
|
{{end}}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="oauth2_key">{{.locale.Tr "admin.auths.oauth2_clientID"}}</label>
|
|
<input id="oauth2_key" name="oauth2_key" value="{{$cfg.ClientID}}" required>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="oauth2_secret">{{.locale.Tr "admin.auths.oauth2_clientSecret"}}</label>
|
|
<input id="oauth2_secret" name="oauth2_secret" value="{{$cfg.ClientSecret}}" required>
|
|
</div>
|
|
<div class="optional field">
|
|
<label for="oauth2_icon_url">{{.locale.Tr "admin.auths.oauth2_icon_url"}}</label>
|
|
<input id="oauth2_icon_url" name="oauth2_icon_url" value="{{$cfg.IconURL}}">
|
|
</div>
|
|
<div class="open_id_connect_auto_discovery_url required field">
|
|
<label for="open_id_connect_auto_discovery_url">{{.locale.Tr "admin.auths.openIdConnectAutoDiscoveryURL"}}</label>
|
|
<input id="open_id_connect_auto_discovery_url" name="open_id_connect_auto_discovery_url" value="{{$cfg.OpenIDConnectAutoDiscoveryURL}}">
|
|
</div>
|
|
<div class="optional field">
|
|
<div class="ui checkbox">
|
|
<label for="skip_local_two_fa"><strong>{{.locale.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if $cfg.SkipLocalTwoFA}}checked{{end}}>
|
|
<p class="help">{{.locale.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
<div class="oauth2_use_custom_url inline field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.locale.Tr "admin.auths.oauth2_use_custom_url"}}</strong></label>
|
|
<input id="oauth2_use_custom_url" name="oauth2_use_custom_url" type="checkbox" {{if $cfg.CustomURLMapping}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_auth_url required field">
|
|
<label for="oauth2_auth_url">{{.locale.Tr "admin.auths.oauth2_authURL"}}</label>
|
|
<input id="oauth2_auth_url" name="oauth2_auth_url" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.AuthURL}}{{end}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_token_url required field">
|
|
<label for="oauth2_token_url">{{.locale.Tr "admin.auths.oauth2_tokenURL"}}</label>
|
|
<input id="oauth2_token_url" name="oauth2_token_url" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.TokenURL}}{{end}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_profile_url required field">
|
|
<label for="oauth2_profile_url">{{.locale.Tr "admin.auths.oauth2_profileURL"}}</label>
|
|
<input id="oauth2_profile_url" name="oauth2_profile_url" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.ProfileURL}}{{end}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_email_url required field">
|
|
<label for="oauth2_email_url">{{.locale.Tr "admin.auths.oauth2_emailURL"}}</label>
|
|
<input id="oauth2_email_url" name="oauth2_email_url" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.EmailURL}}{{end}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_tenant required field">
|
|
<label for="oauth2_tenant">{{.locale.Tr "admin.auths.oauth2_tenant"}}</label>
|
|
<input id="oauth2_tenant" name="oauth2_tenant" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.Tenant}}{{end}}">
|
|
</div>
|
|
|
|
{{range .OAuth2Providers}}{{if .CustomURLSettings}}
|
|
<input id="{{.Name}}_customURLSettings" type="hidden" data-required="{{.CustomURLSettings.Required}}" data-available="true">
|
|
<input id="{{.Name}}_token_url" value="{{.CustomURLSettings.TokenURL.Value}}" data-available="{{.CustomURLSettings.TokenURL.Available}}" data-required="{{.CustomURLSettings.TokenURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_auth_url" value="{{.CustomURLSettings.AuthURL.Value}}" data-available="{{.CustomURLSettings.AuthURL.Available}}" data-required="{{.CustomURLSettings.AuthURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_profile_url" value="{{.CustomURLSettings.ProfileURL.Value}}" data-available="{{.CustomURLSettings.ProfileURL.Available}}" data-required="{{.CustomURLSettings.ProfileURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden" />
|
|
{{end}}{{end}}
|
|
|
|
<div class="field">
|
|
<label for="oauth2_scopes">{{.locale.Tr "admin.auths.oauth2_scopes"}}</label>
|
|
<input id="oauth2_scopes" name="oauth2_scopes" value="{{if $cfg.Scopes}}{{Join $cfg.Scopes ","}}{{end}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_required_claim_name">{{.locale.Tr "admin.auths.oauth2_required_claim_name"}}</label>
|
|
<input id="oauth2_required_claim_name" name="oauth2_required_claim_name" value="{{$cfg.RequiredClaimName}}">
|
|
<p class="help">{{.locale.Tr "admin.auths.oauth2_required_claim_name_helper"}}</p>
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_required_claim_value">{{.locale.Tr "admin.auths.oauth2_required_claim_value"}}</label>
|
|
<input id="oauth2_required_claim_value" name="oauth2_required_claim_value" value="{{$cfg.RequiredClaimValue}}">
|
|
<p class="help">{{.locale.Tr "admin.auths.oauth2_required_claim_value_helper"}}</p>
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_group_claim_name">{{.locale.Tr "admin.auths.oauth2_group_claim_name"}}</label>
|
|
<input id="oauth2_group_claim_name" name="oauth2_group_claim_name" value="{{$cfg.GroupClaimName}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_admin_group">{{.locale.Tr "admin.auths.oauth2_admin_group"}}</label>
|
|
<input id="oauth2_admin_group" name="oauth2_admin_group" value="{{$cfg.AdminGroup}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_restricted_group">{{.locale.Tr "admin.auths.oauth2_restricted_group"}}</label>
|
|
<input id="oauth2_restricted_group" name="oauth2_restricted_group" value="{{$cfg.RestrictedGroup}}">
|
|
</div>
|
|
<div class="field">
|
|
<label>{{.locale.Tr "admin.auths.oauth2_map_group_to_team"}}</label>
|
|
<input name="oauth2_group_team_map" value="{{$cfg.GroupTeamMap}}" placeholder='e.g. {"Developer": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}'>
|
|
</div>
|
|
<div class="ui checkbox">
|
|
<label>{{.locale.Tr "admin.auths.oauth2_map_group_to_team_removal"}}</label>
|
|
<input name="oauth2_group_team_map_removal" type="checkbox" {{if $cfg.GroupTeamMapRemoval}}checked{{end}}>
|
|
</div>
|
|
{{end}}
|
|
|
|
<!-- SSPI -->
|
|
{{if .Source.IsSSPI}}
|
|
{{$cfg:=.Source.Cfg}}
|
|
<div class="field">
|
|
<div class="ui checkbox">
|
|
<label for="sspi_auto_create_users"><strong>{{.locale.Tr "admin.auths.sspi_auto_create_users"}}</strong></label>
|
|
<input id="sspi_auto_create_users" name="sspi_auto_create_users" class="sspi-auto-create-users" type="checkbox" {{if $cfg.AutoCreateUsers}}checked{{end}}>
|
|
<p class="help">{{.locale.Tr "admin.auths.sspi_auto_create_users_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
<div class="field">
|
|
<div class="ui checkbox">
|
|
<label for="sspi_auto_activate_users"><strong>{{.locale.Tr "admin.auths.sspi_auto_activate_users"}}</strong></label>
|
|
<input id="sspi_auto_activate_users" name="sspi_auto_activate_users" class="sspi-auto-activate-users" type="checkbox" {{if $cfg.AutoActivateUsers}}checked{{end}}>
|
|
<p class="help">{{.locale.Tr "admin.auths.sspi_auto_activate_users_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
<div class="field">
|
|
<div class="ui checkbox">
|
|
<label for="sspi_strip_domain_names"><strong>{{.locale.Tr "admin.auths.sspi_strip_domain_names"}}</strong></label>
|
|
<input id="sspi_strip_domain_names" name="sspi_strip_domain_names" class="sspi-strip-domain-names" type="checkbox" {{if $cfg.StripDomainNames}}checked{{end}}>
|
|
<p class="help">{{.locale.Tr "admin.auths.sspi_strip_domain_names_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="sspi_separator_replacement">{{.locale.Tr "admin.auths.sspi_separator_replacement"}}</label>
|
|
<input id="sspi_separator_replacement" name="sspi_separator_replacement" value="{{$cfg.SeparatorReplacement}}" required>
|
|
<p class="help">{{.locale.Tr "admin.auths.sspi_separator_replacement_helper"}}</p>
|
|
</div>
|
|
<div class="field">
|
|
<label for="sspi_default_language">{{.locale.Tr "admin.auths.sspi_default_language"}}</label>
|
|
<div class="ui language selection dropdown" id="sspi_default_language">
|
|
<input name="sspi_default_language" type="hidden" value="{{$cfg.DefaultLanguage}}">
|
|
{{svg "octicon-triangle-down" 14 "dropdown icon"}}
|
|
<div class="text">{{range .AllLangs}}{{if eq $cfg.DefaultLanguage .Lang}}{{.Name}}{{end}}{{end}}</div>
|
|
<div class="menu">
|
|
<div class="item{{if not $.SSPIDefaultLanguage}} active selected{{end}}" data-value="">-</div>
|
|
{{range .AllLangs}}
|
|
<div class="item{{if eq $cfg.DefaultLanguage .Lang}} active selected{{end}}" data-value="{{.Lang}}">{{.Name}}</div>
|
|
{{end}}
|
|
</div>
|
|
</div>
|
|
<p class="help">{{.locale.Tr "admin.auths.sspi_default_language_helper"}}</p>
|
|
</div>
|
|
{{end}}
|
|
{{if .Source.IsLDAP}}
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.locale.Tr "admin.auths.syncenabled"}}</strong></label>
|
|
<input name="is_sync_enabled" type="checkbox" {{if .Source.IsSyncEnabled}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
{{end}}
|
|
<div class="inline field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.locale.Tr "admin.auths.activated"}}</strong></label>
|
|
<input name="is_active" type="checkbox" {{if .Source.IsActive}}checked{{end}}>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="field">
|
|
<button class="ui green button">{{.locale.Tr "admin.auths.update"}}</button>
|
|
<div class="ui red button delete-button" data-url="{{$.Link}}/delete" data-id="{{.Source.ID}}">{{.locale.Tr "admin.auths.delete"}}</div>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="ui small basic delete modal">
|
|
<div class="ui icon header">
|
|
{{svg "octicon-trash"}}
|
|
{{.locale.Tr "admin.auths.delete_auth_title"}}
|
|
</div>
|
|
<div class="content">
|
|
<p>{{.locale.Tr "admin.auths.delete_auth_desc"}}</p>
|
|
</div>
|
|
{{template "base/delete_modal_actions" .}}
|
|
</div>
|
|
{{template "base/footer" .}}
|