domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Make LDAP be able to skip local 2FA (#16954)

Browse source 
This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources.

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2021-09-17 12:43:47 +01:00 committed by GitHub
parent f96d0d3d5b
commit 27b351aba5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 84 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

6
services/auth/basic.go
View file

@ -107,7 +107,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
}
log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
u, err := UserSignIn(uname, passwd)
u, source, err := UserSignIn(uname, passwd)
if err != nil {
if !models.IsErrUserNotExist(err) {
log.Error("UserSignIn: %v", err)
@ -115,6 +115,10 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
return nil
}
if skipper, ok := source.Cfg.(LocalTwoFASkipper); ok && skipper.IsSkipLocalTwoFA() {
store.GetData()["SkipLocalTwoFA"] = true
}
log.Trace("Basic Authorization: Logged in user %-v", u)
return u