Платформа ЦРНП "Мирокод" для разработки проектов
https://git.mirocod.ru
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.5 KiB
92 lines
2.5 KiB
// Copyright 2021 The Gitea Authors. All rights reserved. |
|
// Use of this source code is governed by a MIT-style |
|
// license that can be found in the LICENSE file. |
|
|
|
package smtp |
|
|
|
import ( |
|
"errors" |
|
"net/smtp" |
|
"net/textproto" |
|
"strings" |
|
|
|
"code.gitea.io/gitea/models" |
|
"code.gitea.io/gitea/models/login" |
|
"code.gitea.io/gitea/modules/util" |
|
"code.gitea.io/gitea/services/mailer" |
|
) |
|
|
|
// Authenticate queries if the provided login/password is authenticates against the SMTP server |
|
// Users will be autoregistered as required |
|
func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) { |
|
// Verify allowed domains. |
|
if len(source.AllowedDomains) > 0 { |
|
idx := strings.Index(userName, "@") |
|
if idx == -1 { |
|
return nil, models.ErrUserNotExist{Name: userName} |
|
} else if !util.IsStringInSlice(userName[idx+1:], strings.Split(source.AllowedDomains, ","), true) { |
|
return nil, models.ErrUserNotExist{Name: userName} |
|
} |
|
} |
|
|
|
var auth smtp.Auth |
|
switch source.Auth { |
|
case PlainAuthentication: |
|
auth = smtp.PlainAuth("", userName, password, source.Host) |
|
case LoginAuthentication: |
|
auth = &loginAuthenticator{userName, password} |
|
case CRAMMD5Authentication: |
|
auth = smtp.CRAMMD5Auth(userName, password) |
|
default: |
|
return nil, errors.New("unsupported SMTP auth type") |
|
} |
|
|
|
if err := Authenticate(auth, source); err != nil { |
|
// Check standard error format first, |
|
// then fallback to worse case. |
|
tperr, ok := err.(*textproto.Error) |
|
if (ok && tperr.Code == 535) || |
|
strings.Contains(err.Error(), "Username and Password not accepted") { |
|
return nil, models.ErrUserNotExist{Name: userName} |
|
} |
|
if (ok && tperr.Code == 534) || |
|
strings.Contains(err.Error(), "Application-specific password required") { |
|
return nil, models.ErrUserNotExist{Name: userName} |
|
} |
|
return nil, err |
|
} |
|
|
|
if user != nil { |
|
return user, nil |
|
} |
|
|
|
username := userName |
|
idx := strings.Index(userName, "@") |
|
if idx > -1 { |
|
username = userName[:idx] |
|
} |
|
|
|
user = &models.User{ |
|
LowerName: strings.ToLower(username), |
|
Name: strings.ToLower(username), |
|
Email: userName, |
|
Passwd: password, |
|
LoginType: login.SMTP, |
|
LoginSource: source.loginSource.ID, |
|
LoginName: userName, |
|
IsActive: true, |
|
} |
|
|
|
if err := models.CreateUser(user); err != nil { |
|
return user, err |
|
} |
|
|
|
mailer.SendRegisterNotifyMail(user) |
|
|
|
return user, nil |
|
} |
|
|
|
// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication |
|
func (source *Source) IsSkipLocalTwoFA() bool { |
|
return source.SkipLocalTwoFA |
|
}
|
|
|