mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-11-04 08:05:42 +00:00
feat: add insecure option for self-signed certificates
This commit is contained in:
Stavros
18
cmd/root.go
18
cmd/root.go
@@ -59,10 +59,6 @@ var rootCmd = &cobra.Command{
|
||||
users, err := utils.GetUsers(config.Users, config.UsersFile)
|
||||
HandleError(err, "Failed to parse users")
|
||||
|
||||
if len(users) == 0 && !utils.OAuthConfigured(config) {
|
||||
HandleError(errors.New("no users or OAuth configured"), "No users or OAuth configured")
|
||||
}
|
||||
|
||||
// Get domain
|
||||
log.Debug().Msg("Getting domain")
|
||||
domain, err := utils.GetUpperDomain(config.AppURL)
|
||||
@@ -152,9 +148,10 @@ var rootCmd = &cobra.Command{
|
||||
|
||||
ldapConfig := types.LdapConfig{
|
||||
Address: config.LdapAddress,
|
||||
BindUser: config.LdapBindUser,
|
||||
BindDN: config.LdapBindDN,
|
||||
BindPassword: config.LdapBindPassword,
|
||||
BaseDN: config.LdapBaseDN,
|
||||
Insecure: config.LdapInsecure,
|
||||
}
|
||||
|
||||
// Create LDAP service
|
||||
@@ -164,6 +161,11 @@ var rootCmd = &cobra.Command{
|
||||
log.Info().Msg("LDAP not configured, using local users or OAuth")
|
||||
}
|
||||
|
||||
// Check if we have any users configured
|
||||
if len(users) == 0 && !utils.OAuthConfigured(config) && ldapService == nil {
|
||||
HandleError(errors.New("err no users"), "Unable to find a source of users")
|
||||
}
|
||||
|
||||
// Create auth service
|
||||
auth := auth.NewAuth(authConfig, docker, ldapService)
|
||||
|
||||
@@ -243,9 +245,10 @@ func init() {
|
||||
rootCmd.Flags().String("forgot-password-message", "You can reset your password by changing the `USERS` environment variable.", "Message to show on the forgot password page.")
|
||||
rootCmd.Flags().String("background-image", "/background.jpg", "Background image URL for the login page.")
|
||||
rootCmd.Flags().String("ldap-address", "", "LDAP server address (e.g. ldap://localhost:389).")
|
||||
rootCmd.Flags().String("ldap-bind-user", "", "LDAP bind user.")
|
||||
rootCmd.Flags().String("ldap-bind-dn", "", "LDAP bind DN (e.g. uid=user,dc=example,dc=com).")
|
||||
rootCmd.Flags().String("ldap-bind-password", "", "LDAP bind password.")
|
||||
rootCmd.Flags().String("ldap-base-dn", "", "LDAP base DN (e.g. dc=example,dc=com).")
|
||||
rootCmd.Flags().Bool("ldap-insecure", false, "Skip certificate verification for the LDAP server.")
|
||||
|
||||
// Bind flags to environment
|
||||
viper.BindEnv("port", "PORT")
|
||||
@@ -282,9 +285,10 @@ func init() {
|
||||
viper.BindEnv("forgot-password-message", "FORGOT_PASSWORD_MESSAGE")
|
||||
viper.BindEnv("background-image", "BACKGROUND_IMAGE")
|
||||
viper.BindEnv("ldap-address", "LDAP_ADDRESS")
|
||||
viper.BindEnv("ldap-bind-user", "LDAP_BIND_USER")
|
||||
viper.BindEnv("ldap-bind-dn", "LDAP_BIND_DN")
|
||||
viper.BindEnv("ldap-bind-password", "LDAP_BIND_PASSWORD")
|
||||
viper.BindEnv("ldap-base-dn", "LDAP_BASE_DN")
|
||||
viper.BindEnv("ldap-insecure", "LDAP_INSECURE")
|
||||
|
||||
// Bind flags to viper
|
||||
viper.BindPFlags(rootCmd.Flags())
|
||||
|
||||
@@ -71,18 +71,19 @@ func (auth *Auth) GetSession(c *gin.Context) (*sessions.Session, error) {
|
||||
return session, nil
|
||||
}
|
||||
|
||||
func (auth *Auth) GetUser(username string) types.UserSearch {
|
||||
func (auth *Auth) SearchUser(username string) types.UserSearch {
|
||||
// Loop through users and return the user if the username matches
|
||||
log.Debug().Str("username", username).Msg("Searching for user")
|
||||
|
||||
for _, user := range auth.Config.Users {
|
||||
if user.Username == username {
|
||||
if auth.GetLocalUser(username).Username != "" {
|
||||
log.Debug().Str("username", username).Msg("Found local user")
|
||||
|
||||
// If user found, return a user with the username and type "local"
|
||||
return types.UserSearch{
|
||||
Username: user.Username,
|
||||
Username: username,
|
||||
Type: "local",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If no user found, check LDAP
|
||||
if auth.LDAP != nil {
|
||||
@@ -126,7 +127,7 @@ func (auth *Auth) VerifyUser(search types.UserSearch, password string) bool {
|
||||
}
|
||||
|
||||
// If bind is successful, rebind with the LDAP bind user
|
||||
auth.LDAP.Bind(auth.LDAP.Config.BindUser, auth.LDAP.Config.BindPassword)
|
||||
auth.LDAP.Bind(auth.LDAP.Config.BindDN, auth.LDAP.Config.BindPassword)
|
||||
log.Debug().Str("username", search.Username).Msg("LDAP authentication successful")
|
||||
|
||||
// Return true if the bind was successful
|
||||
|
||||
@@ -362,8 +362,8 @@ func (h *Handlers) LoginHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
// Get user based on username
|
||||
userSearch := h.Auth.GetUser(login.Username)
|
||||
// Search for a user based on username
|
||||
userSearch := h.Auth.SearchUser(login.Username)
|
||||
|
||||
log.Debug().Interface("userSearch", userSearch).Msg("Searching for user")
|
||||
|
||||
|
||||
@@ -35,8 +35,8 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
|
||||
if basic != nil {
|
||||
log.Debug().Msg("Got basic auth")
|
||||
|
||||
// Get user
|
||||
userSearch := hooks.Auth.GetUser(basic.Username)
|
||||
// Search for a user based on username
|
||||
userSearch := hooks.Auth.SearchUser(basic.Username)
|
||||
|
||||
if userSearch.Type == "" {
|
||||
log.Error().Str("username", basic.Username).Msg("User does not exist")
|
||||
@@ -104,8 +104,8 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
|
||||
if cookie.Provider == "username" {
|
||||
log.Debug().Msg("Provider is username")
|
||||
|
||||
// Get user
|
||||
userSearch := hooks.Auth.GetUser(cookie.Username)
|
||||
// Search for the user with the username
|
||||
userSearch := hooks.Auth.SearchUser(cookie.Username)
|
||||
|
||||
if userSearch.Type == "" {
|
||||
log.Error().Str("username", cookie.Username).Msg("User does not exist")
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"tinyauth/internal/types"
|
||||
|
||||
@@ -15,18 +16,15 @@ type LDAP struct {
|
||||
|
||||
func NewLDAP(config types.LdapConfig) (*LDAP, error) {
|
||||
// Connect to the LDAP server
|
||||
conn, err := ldapgo.DialURL(config.Address)
|
||||
conn, err := ldapgo.DialURL(config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
|
||||
InsecureSkipVerify: config.Insecure,
|
||||
}))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Try to connect using TLS
|
||||
// conn.StartTLS(&tls.Config{
|
||||
// InsecureSkipVerify: true,
|
||||
// })
|
||||
|
||||
// Bind to the LDAP server with the provided credentials
|
||||
err = conn.Bind(config.BindUser, config.BindPassword)
|
||||
err = conn.Bind(config.BindDN, config.BindPassword)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -37,9 +37,10 @@ type Config struct {
|
||||
FogotPasswordMessage string `mapstructure:"forgot-password-message" validate:"required"`
|
||||
BackgroundImage string `mapstructure:"background-image" validate:"required"`
|
||||
LdapAddress string `mapstructure:"ldap-address"`
|
||||
LdapBindUser string `mapstructure:"ldap-bind-user"`
|
||||
LdapBindDN string `mapstructure:"ldap-bind-dn"`
|
||||
LdapBindPassword string `mapstructure:"ldap-bind-password"`
|
||||
LdapBaseDN string `mapstructure:"ldap-base-dn"`
|
||||
LdapInsecure bool `mapstructure:"ldap-insecure"`
|
||||
}
|
||||
|
||||
// Server configuration
|
||||
@@ -130,7 +131,8 @@ type Labels struct {
|
||||
// Ldap config is a struct that contains the configuration for the LDAP service
|
||||
type LdapConfig struct {
|
||||
Address string
|
||||
BindUser string
|
||||
BindDN string
|
||||
BindPassword string
|
||||
BaseDN string
|
||||
Insecure bool
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user