2019-11-23 02:33:31 +03:00
|
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
2022-11-27 21:20:29 +03:00
|
|
|
// SPDX-License-Identifier: MIT
|
2019-11-23 02:33:31 +03:00
|
|
|
|
2021-06-09 20:53:16 +03:00
|
|
|
package auth
|
2019-11-23 02:33:31 +03:00
|
|
|
|
|
|
|
import (
|
2021-01-05 16:05:40 +03:00
|
|
|
"net/http"
|
2019-11-23 02:33:31 +03:00
|
|
|
"strings"
|
|
|
|
|
2021-11-24 12:49:20 +03:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2019-11-23 02:33:31 +03:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2022-04-29 22:38:11 +03:00
|
|
|
"code.gitea.io/gitea/modules/util"
|
2021-05-15 21:33:13 +03:00
|
|
|
"code.gitea.io/gitea/modules/web/middleware"
|
2019-11-23 02:33:31 +03:00
|
|
|
|
2020-06-18 12:18:44 +03:00
|
|
|
gouuid "github.com/google/uuid"
|
2019-11-23 02:33:31 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
// Ensure the struct implements the interface.
|
|
|
|
var (
|
2021-07-24 13:16:34 +03:00
|
|
|
_ Method = &ReverseProxy{}
|
2019-11-23 02:33:31 +03:00
|
|
|
)
|
|
|
|
|
2021-11-20 18:33:18 +03:00
|
|
|
// ReverseProxyMethodName is the constant name of the ReverseProxy authentication method
|
|
|
|
const ReverseProxyMethodName = "reverse_proxy"
|
|
|
|
|
2021-06-09 20:53:16 +03:00
|
|
|
// ReverseProxy implements the Auth interface, but actually relies on
|
2019-11-23 02:33:31 +03:00
|
|
|
// a reverse proxy for authentication of users.
|
|
|
|
// On successful authentication the proxy is expected to populate the username in the
|
|
|
|
// "setting.ReverseProxyAuthUser" header. Optionally it can also populate the email of the
|
|
|
|
// user in the "setting.ReverseProxyAuthEmail" header.
|
2022-01-20 20:46:10 +03:00
|
|
|
type ReverseProxy struct{}
|
2019-11-23 02:33:31 +03:00
|
|
|
|
|
|
|
// getUserName extracts the username from the "setting.ReverseProxyAuthUser" header
|
2021-01-05 16:05:40 +03:00
|
|
|
func (r *ReverseProxy) getUserName(req *http.Request) string {
|
2022-09-28 03:00:15 +03:00
|
|
|
return strings.TrimSpace(req.Header.Get(setting.ReverseProxyAuthUser))
|
2019-11-23 02:33:31 +03:00
|
|
|
}
|
|
|
|
|
2021-06-09 20:53:16 +03:00
|
|
|
// Name represents the name of auth method
|
|
|
|
func (r *ReverseProxy) Name() string {
|
2021-11-20 18:33:18 +03:00
|
|
|
return ReverseProxyMethodName
|
2021-06-09 20:53:16 +03:00
|
|
|
}
|
|
|
|
|
2022-09-28 03:00:15 +03:00
|
|
|
// getUserFromAuthUser extracts the username from the "setting.ReverseProxyAuthUser" header
|
2019-11-23 02:33:31 +03:00
|
|
|
// of the request and returns the corresponding user object for that name.
|
|
|
|
// Verification of header data is not performed as it should have already been done by
|
2022-09-28 03:00:15 +03:00
|
|
|
// the reverse proxy.
|
2019-11-23 02:33:31 +03:00
|
|
|
// If a username is available in the "setting.ReverseProxyAuthUser" header an existing
|
|
|
|
// user object is returned (populated with username or email found in header).
|
|
|
|
// Returns nil if header is empty.
|
refactor auth interface to return error when verify failure (#22119)
This PR changed the Auth interface signature from
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-28 08:53:28 +03:00
|
|
|
func (r *ReverseProxy) getUserFromAuthUser(req *http.Request) (*user_model.User, error) {
|
2021-01-05 16:05:40 +03:00
|
|
|
username := r.getUserName(req)
|
2019-11-23 02:33:31 +03:00
|
|
|
if len(username) == 0 {
|
refactor auth interface to return error when verify failure (#22119)
This PR changed the Auth interface signature from
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-28 08:53:28 +03:00
|
|
|
return nil, nil
|
2019-11-23 02:33:31 +03:00
|
|
|
}
|
2021-05-09 19:04:53 +03:00
|
|
|
log.Trace("ReverseProxy Authorization: Found username: %s", username)
|
2019-11-23 02:33:31 +03:00
|
|
|
|
2022-05-20 17:08:52 +03:00
|
|
|
user, err := user_model.GetUserByName(req.Context(), username)
|
2019-11-23 02:33:31 +03:00
|
|
|
if err != nil {
|
2021-11-24 12:49:20 +03:00
|
|
|
if !user_model.IsErrUserNotExist(err) || !r.isAutoRegisterAllowed() {
|
2021-05-15 21:33:13 +03:00
|
|
|
log.Error("GetUserByName: %v", err)
|
refactor auth interface to return error when verify failure (#22119)
This PR changed the Auth interface signature from
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-28 08:53:28 +03:00
|
|
|
return nil, err
|
2019-11-23 02:33:31 +03:00
|
|
|
}
|
2021-05-15 21:33:13 +03:00
|
|
|
user = r.newUser(req)
|
2019-11-23 02:33:31 +03:00
|
|
|
}
|
refactor auth interface to return error when verify failure (#22119)
This PR changed the Auth interface signature from
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-28 08:53:28 +03:00
|
|
|
return user, nil
|
2022-09-28 03:00:15 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// getEmail extracts the email from the "setting.ReverseProxyAuthEmail" header
|
|
|
|
func (r *ReverseProxy) getEmail(req *http.Request) string {
|
|
|
|
return strings.TrimSpace(req.Header.Get(setting.ReverseProxyAuthEmail))
|
|
|
|
}
|
|
|
|
|
|
|
|
// getUserFromAuthEmail extracts the username from the "setting.ReverseProxyAuthEmail" header
|
|
|
|
// of the request and returns the corresponding user object for that email.
|
|
|
|
// Verification of header data is not performed as it should have already been done by
|
|
|
|
// the reverse proxy.
|
|
|
|
// If an email is available in the "setting.ReverseProxyAuthEmail" header an existing
|
|
|
|
// user object is returned (populated with the email found in header).
|
|
|
|
// Returns nil if header is empty or if "setting.EnableReverseProxyEmail" is disabled.
|
|
|
|
func (r *ReverseProxy) getUserFromAuthEmail(req *http.Request) *user_model.User {
|
|
|
|
if !setting.Service.EnableReverseProxyEmail {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
email := r.getEmail(req)
|
|
|
|
if len(email) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
log.Trace("ReverseProxy Authorization: Found email: %s", email)
|
|
|
|
|
Add context cache as a request level cache (#22294)
To avoid duplicated load of the same data in an HTTP request, we can set
a context cache to do that. i.e. Some pages may load a user from a
database with the same id in different areas on the same page. But the
code is hidden in two different deep logic. How should we share the
user? As a result of this PR, now if both entry functions accept
`context.Context` as the first parameter and we just need to refactor
`GetUserByID` to reuse the user from the context cache. Then it will not
be loaded twice on an HTTP request.
But of course, sometimes we would like to reload an object from the
database, that's why `RemoveContextData` is also exposed.
The core context cache is here. It defines a new context
```go
type cacheContext struct {
ctx context.Context
data map[any]map[any]any
lock sync.RWMutex
}
var cacheContextKey = struct{}{}
func WithCacheContext(ctx context.Context) context.Context {
return context.WithValue(ctx, cacheContextKey, &cacheContext{
ctx: ctx,
data: make(map[any]map[any]any),
})
}
```
Then you can use the below 4 methods to read/write/del the data within
the same context.
```go
func GetContextData(ctx context.Context, tp, key any) any
func SetContextData(ctx context.Context, tp, key, value any)
func RemoveContextData(ctx context.Context, tp, key any)
func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error)
```
Then let's take a look at how `system.GetString` implement it.
```go
func GetSetting(ctx context.Context, key string) (string, error) {
return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) {
return cache.GetString(genSettingCacheKey(key), func() (string, error) {
res, err := GetSettingNoCache(ctx, key)
if err != nil {
return "", err
}
return res.SettingValue, nil
})
})
}
```
First, it will check if context data include the setting object with the
key. If not, it will query from the global cache which may be memory or
a Redis cache. If not, it will get the object from the database. In the
end, if the object gets from the global cache or database, it will be
set into the context cache.
An object stored in the context cache will only be destroyed after the
context disappeared.
2023-02-15 16:37:34 +03:00
|
|
|
user, err := user_model.GetUserByEmail(req.Context(), email)
|
2022-09-28 03:00:15 +03:00
|
|
|
if err != nil {
|
|
|
|
// Do not allow auto-registration, we don't have a username here
|
|
|
|
if !user_model.IsErrUserNotExist(err) {
|
|
|
|
log.Error("GetUserByEmail: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return user
|
|
|
|
}
|
|
|
|
|
|
|
|
// Verify attempts to load a user object based on headers sent by the reverse proxy.
|
|
|
|
// First it will attempt to load it based on the username (see docs for getUserFromAuthUser),
|
|
|
|
// and failing that it will attempt to load it based on the email (see docs for getUserFromAuthEmail).
|
|
|
|
// Returns nil if the headers are empty or the user is not found.
|
refactor auth interface to return error when verify failure (#22119)
This PR changed the Auth interface signature from
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-28 08:53:28 +03:00
|
|
|
func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
|
|
|
user, err := r.getUserFromAuthUser(req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-09-28 03:00:15 +03:00
|
|
|
if user == nil {
|
|
|
|
user = r.getUserFromAuthEmail(req)
|
|
|
|
if user == nil {
|
refactor auth interface to return error when verify failure (#22119)
This PR changed the Auth interface signature from
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-28 08:53:28 +03:00
|
|
|
return nil, nil
|
2022-09-28 03:00:15 +03:00
|
|
|
}
|
|
|
|
}
|
2019-11-23 02:33:31 +03:00
|
|
|
|
2021-05-15 21:33:13 +03:00
|
|
|
// Make sure requests to API paths, attachment downloads, git and LFS do not create a new session
|
2021-09-02 18:48:48 +03:00
|
|
|
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
|
2021-05-31 09:54:16 +03:00
|
|
|
if sess != nil && (sess.Get("uid") == nil || sess.Get("uid").(int64) != user.ID) {
|
2021-05-15 21:33:13 +03:00
|
|
|
handleSignIn(w, req, sess, user)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
store.GetData()["IsReverseProxy"] = true
|
|
|
|
|
2021-05-09 19:04:53 +03:00
|
|
|
log.Trace("ReverseProxy Authorization: Logged in user %-v", user)
|
refactor auth interface to return error when verify failure (#22119)
This PR changed the Auth interface signature from
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-28 08:53:28 +03:00
|
|
|
return user, nil
|
2019-11-23 02:33:31 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// isAutoRegisterAllowed checks if EnableReverseProxyAutoRegister setting is true
|
|
|
|
func (r *ReverseProxy) isAutoRegisterAllowed() bool {
|
|
|
|
return setting.Service.EnableReverseProxyAutoRegister
|
|
|
|
}
|
|
|
|
|
|
|
|
// newUser creates a new user object for the purpose of automatic registration
|
|
|
|
// and populates its name and email with the information present in request headers.
|
2021-11-24 12:49:20 +03:00
|
|
|
func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
|
2021-01-05 16:05:40 +03:00
|
|
|
username := r.getUserName(req)
|
2019-11-23 02:33:31 +03:00
|
|
|
if len(username) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-06-18 12:18:44 +03:00
|
|
|
email := gouuid.New().String() + "@localhost"
|
2019-11-23 02:33:31 +03:00
|
|
|
if setting.Service.EnableReverseProxyEmail {
|
2021-01-05 16:05:40 +03:00
|
|
|
webAuthEmail := req.Header.Get(setting.ReverseProxyAuthEmail)
|
2019-11-23 02:33:31 +03:00
|
|
|
if len(webAuthEmail) > 0 {
|
|
|
|
email = webAuthEmail
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-16 09:30:27 +03:00
|
|
|
var fullname string
|
|
|
|
if setting.Service.EnableReverseProxyFullName {
|
|
|
|
fullname = req.Header.Get(setting.ReverseProxyAuthFullName)
|
|
|
|
}
|
|
|
|
|
2021-11-24 12:49:20 +03:00
|
|
|
user := &user_model.User{
|
2022-08-16 09:30:27 +03:00
|
|
|
Name: username,
|
|
|
|
Email: email,
|
|
|
|
FullName: fullname,
|
2019-11-23 02:33:31 +03:00
|
|
|
}
|
2022-04-29 22:38:11 +03:00
|
|
|
|
|
|
|
overwriteDefault := user_model.CreateUserOverwriteOptions{
|
|
|
|
IsActive: util.OptionalBoolTrue,
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := user_model.CreateUser(user, &overwriteDefault); err != nil {
|
2019-11-23 02:33:31 +03:00
|
|
|
// FIXME: should I create a system notice?
|
|
|
|
log.Error("CreateUser: %v", err)
|
|
|
|
return nil
|
|
|
|
}
|
2021-05-15 21:33:13 +03:00
|
|
|
|
2019-11-23 02:33:31 +03:00
|
|
|
return user
|
|
|
|
}
|