mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-09 01:13:41 +08:00
Compare commits
13 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0918757e85 | |||
| ce0d45a70b | |||
| c4096788b2 | |||
| 523186f895 | |||
| ef373ca736 | |||
| 721a681ff1 | |||
| 8b1c4b0c75 | |||
| 540f22f8bd | |||
| 79f81f1356 | |||
| 4e145f71b5 | |||
| 104f975a2f | |||
| 71bb400559 | |||
| 93c3c78d42 |
@ -80,6 +80,7 @@ p, *, *, *, /.well-known/jwks, *, *
|
||||
p, *, *, GET, /api/get-saml-login, *, *
|
||||
p, *, *, POST, /api/acs, *, *
|
||||
p, *, *, GET, /api/saml/metadata, *, *
|
||||
p, *, *, *, /api/saml/redirect, *, *
|
||||
p, *, *, *, /cas, *, *
|
||||
p, *, *, *, /scim, *, *
|
||||
p, *, *, *, /api/webauthn, *, *
|
||||
|
||||
@ -139,6 +139,10 @@ func (c *ApiController) GetUserApplication() {
|
||||
c.ResponseError(err.Error())
|
||||
return
|
||||
}
|
||||
if application == nil {
|
||||
c.ResponseError(fmt.Sprintf(c.T("general:The organization: %s should have one application at least"), user.Owner))
|
||||
return
|
||||
}
|
||||
|
||||
c.ResponseOk(object.GetMaskedApplication(application, userId))
|
||||
}
|
||||
|
||||
@ -912,7 +912,7 @@ func (c *ApiController) HandleSamlLogin() {
|
||||
samlResponse = url.QueryEscape(samlResponse)
|
||||
targetUrl := fmt.Sprintf("%s?relayState=%s&samlResponse=%s",
|
||||
slice[4], relayState, samlResponse)
|
||||
c.Redirect(targetUrl, 303)
|
||||
c.Redirect(targetUrl, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
// HandleOfficialAccountEvent ...
|
||||
|
||||
@ -16,6 +16,7 @@ package controllers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/casdoor/casdoor/object"
|
||||
)
|
||||
@ -34,7 +35,13 @@ func (c *ApiController) GetSamlMeta() {
|
||||
return
|
||||
}
|
||||
|
||||
metadata, err := object.GetSamlMeta(application, host)
|
||||
enablePostBinding, err := c.GetBool("enablePostBinding", false)
|
||||
if err != nil {
|
||||
c.ResponseError(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
metadata, err := object.GetSamlMeta(application, host, enablePostBinding)
|
||||
if err != nil {
|
||||
c.ResponseError(err.Error())
|
||||
return
|
||||
@ -43,3 +50,17 @@ func (c *ApiController) GetSamlMeta() {
|
||||
c.Data["xml"] = metadata
|
||||
c.ServeXML()
|
||||
}
|
||||
|
||||
func (c *ApiController) HandleSamlRedirect() {
|
||||
host := c.Ctx.Request.Host
|
||||
|
||||
owner := c.Ctx.Input.Param(":owner")
|
||||
application := c.Ctx.Input.Param(":application")
|
||||
|
||||
relayState := c.Input().Get("RelayState")
|
||||
samlRequest := c.Input().Get("SAMLRequest")
|
||||
|
||||
targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)
|
||||
|
||||
c.Redirect(targetURL, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
@ -271,6 +271,14 @@ func (c *ApiController) RefreshToken() {
|
||||
c.ServeJSON()
|
||||
}
|
||||
|
||||
func (c *ApiController) ResponseTokenError(errorMsg string) {
|
||||
c.Data["json"] = &object.TokenError{
|
||||
Error: errorMsg,
|
||||
}
|
||||
c.SetTokenErrorHttpStatus()
|
||||
c.ServeJSON()
|
||||
}
|
||||
|
||||
// IntrospectToken
|
||||
// @Title IntrospectToken
|
||||
// @Tag Login API
|
||||
@ -293,40 +301,33 @@ func (c *ApiController) IntrospectToken() {
|
||||
clientId = c.Input().Get("client_id")
|
||||
clientSecret = c.Input().Get("client_secret")
|
||||
if clientId == "" || clientSecret == "" {
|
||||
c.ResponseError(c.T("token:Empty clientId or clientSecret"))
|
||||
c.Data["json"] = &object.TokenError{
|
||||
Error: object.InvalidRequest,
|
||||
}
|
||||
c.SetTokenErrorHttpStatus()
|
||||
c.ServeJSON()
|
||||
c.ResponseTokenError(object.InvalidRequest)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
application, err := object.GetApplicationByClientId(clientId)
|
||||
if err != nil {
|
||||
c.ResponseError(err.Error())
|
||||
c.ResponseTokenError(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if application == nil || application.ClientSecret != clientSecret {
|
||||
c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
|
||||
c.Data["json"] = &object.TokenError{
|
||||
Error: object.InvalidClient,
|
||||
}
|
||||
c.SetTokenErrorHttpStatus()
|
||||
return
|
||||
}
|
||||
token, err := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
|
||||
if err != nil {
|
||||
c.ResponseError(err.Error())
|
||||
c.ResponseTokenError(c.T("token:Invalid application or wrong clientSecret"))
|
||||
return
|
||||
}
|
||||
|
||||
token, err := object.GetTokenByTokenValue(tokenValue)
|
||||
if err != nil {
|
||||
c.ResponseTokenError(err.Error())
|
||||
return
|
||||
}
|
||||
if token == nil {
|
||||
c.Data["json"] = &object.IntrospectionResponse{Active: false}
|
||||
c.ServeJSON()
|
||||
return
|
||||
}
|
||||
|
||||
jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
|
||||
if err != nil || jwtToken.Valid() != nil {
|
||||
// and token revoked case. but we not implement
|
||||
|
||||
@ -24,6 +24,8 @@ func GetCredManager(passwordType string) CredManager {
|
||||
return NewPlainCredManager()
|
||||
} else if passwordType == "salt" {
|
||||
return NewSha256SaltCredManager()
|
||||
} else if passwordType == "sha512-salt" {
|
||||
return NewSha512SaltCredManager()
|
||||
} else if passwordType == "md5-salt" {
|
||||
return NewMd5UserSaltCredManager()
|
||||
} else if passwordType == "bcrypt" {
|
||||
|
||||
50
cred/sha512-salt.go
Normal file
50
cred/sha512-salt.go
Normal file
@ -0,0 +1,50 @@
|
||||
// Copyright 2024 The Casdoor Authors. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package cred
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"encoding/hex"
|
||||
)
|
||||
|
||||
type Sha512SaltCredManager struct{}
|
||||
|
||||
func getSha512(data []byte) []byte {
|
||||
hash := sha512.Sum512(data)
|
||||
return hash[:]
|
||||
}
|
||||
|
||||
func getSha512HexDigest(s string) string {
|
||||
b := getSha512([]byte(s))
|
||||
res := hex.EncodeToString(b)
|
||||
return res
|
||||
}
|
||||
|
||||
func NewSha512SaltCredManager() *Sha512SaltCredManager {
|
||||
cm := &Sha512SaltCredManager{}
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
res := getSha512HexDigest(password)
|
||||
if organizationSalt != "" {
|
||||
res = getSha512HexDigest(res + organizationSalt)
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
||||
func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
}
|
||||
@ -37,7 +37,7 @@ type Adapter struct {
|
||||
Host string `xorm:"varchar(100)" json:"host"`
|
||||
Port int `json:"port"`
|
||||
User string `xorm:"varchar(100)" json:"user"`
|
||||
Password string `xorm:"varchar(100)" json:"password"`
|
||||
Password string `xorm:"varchar(150)" json:"password"`
|
||||
Database string `xorm:"varchar(100)" json:"database"`
|
||||
|
||||
*xormadapter.Adapter `xorm:"-" json:"-"`
|
||||
|
||||
@ -52,31 +52,32 @@ type Application struct {
|
||||
Name string `xorm:"varchar(100) notnull pk" json:"name"`
|
||||
CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
|
||||
|
||||
DisplayName string `xorm:"varchar(100)" json:"displayName"`
|
||||
Logo string `xorm:"varchar(200)" json:"logo"`
|
||||
HomepageUrl string `xorm:"varchar(100)" json:"homepageUrl"`
|
||||
Description string `xorm:"varchar(100)" json:"description"`
|
||||
Organization string `xorm:"varchar(100)" json:"organization"`
|
||||
Cert string `xorm:"varchar(100)" json:"cert"`
|
||||
EnablePassword bool `json:"enablePassword"`
|
||||
EnableSignUp bool `json:"enableSignUp"`
|
||||
EnableSigninSession bool `json:"enableSigninSession"`
|
||||
EnableAutoSignin bool `json:"enableAutoSignin"`
|
||||
EnableCodeSignin bool `json:"enableCodeSignin"`
|
||||
EnableSamlCompress bool `json:"enableSamlCompress"`
|
||||
EnableSamlC14n10 bool `json:"enableSamlC14n10"`
|
||||
EnableWebAuthn bool `json:"enableWebAuthn"`
|
||||
EnableLinkWithEmail bool `json:"enableLinkWithEmail"`
|
||||
OrgChoiceMode string `json:"orgChoiceMode"`
|
||||
SamlReplyUrl string `xorm:"varchar(100)" json:"samlReplyUrl"`
|
||||
Providers []*ProviderItem `xorm:"mediumtext" json:"providers"`
|
||||
SigninMethods []*SigninMethod `xorm:"varchar(2000)" json:"signinMethods"`
|
||||
SignupItems []*SignupItem `xorm:"varchar(2000)" json:"signupItems"`
|
||||
GrantTypes []string `xorm:"varchar(1000)" json:"grantTypes"`
|
||||
OrganizationObj *Organization `xorm:"-" json:"organizationObj"`
|
||||
CertPublicKey string `xorm:"-" json:"certPublicKey"`
|
||||
Tags []string `xorm:"mediumtext" json:"tags"`
|
||||
SamlAttributes []*SamlItem `xorm:"varchar(1000)" json:"samlAttributes"`
|
||||
DisplayName string `xorm:"varchar(100)" json:"displayName"`
|
||||
Logo string `xorm:"varchar(200)" json:"logo"`
|
||||
HomepageUrl string `xorm:"varchar(100)" json:"homepageUrl"`
|
||||
Description string `xorm:"varchar(100)" json:"description"`
|
||||
Organization string `xorm:"varchar(100)" json:"organization"`
|
||||
Cert string `xorm:"varchar(100)" json:"cert"`
|
||||
EnablePassword bool `json:"enablePassword"`
|
||||
EnableSignUp bool `json:"enableSignUp"`
|
||||
EnableSigninSession bool `json:"enableSigninSession"`
|
||||
EnableAutoSignin bool `json:"enableAutoSignin"`
|
||||
EnableCodeSignin bool `json:"enableCodeSignin"`
|
||||
EnableSamlCompress bool `json:"enableSamlCompress"`
|
||||
EnableSamlC14n10 bool `json:"enableSamlC14n10"`
|
||||
EnableSamlPostBinding bool `json:"enableSamlPostBinding"`
|
||||
EnableWebAuthn bool `json:"enableWebAuthn"`
|
||||
EnableLinkWithEmail bool `json:"enableLinkWithEmail"`
|
||||
OrgChoiceMode string `json:"orgChoiceMode"`
|
||||
SamlReplyUrl string `xorm:"varchar(100)" json:"samlReplyUrl"`
|
||||
Providers []*ProviderItem `xorm:"mediumtext" json:"providers"`
|
||||
SigninMethods []*SigninMethod `xorm:"varchar(2000)" json:"signinMethods"`
|
||||
SignupItems []*SignupItem `xorm:"varchar(2000)" json:"signupItems"`
|
||||
GrantTypes []string `xorm:"varchar(1000)" json:"grantTypes"`
|
||||
OrganizationObj *Organization `xorm:"-" json:"organizationObj"`
|
||||
CertPublicKey string `xorm:"-" json:"certPublicKey"`
|
||||
Tags []string `xorm:"mediumtext" json:"tags"`
|
||||
SamlAttributes []*SamlItem `xorm:"varchar(1000)" json:"samlAttributes"`
|
||||
|
||||
ClientId string `xorm:"varchar(100)" json:"clientId"`
|
||||
ClientSecret string `xorm:"varchar(100)" json:"clientSecret"`
|
||||
|
||||
BIN
object/cert.go~
BIN
object/cert.go~
Binary file not shown.
@ -198,7 +198,7 @@ type Attribute struct {
|
||||
Values []string `xml:"AttributeValue"`
|
||||
}
|
||||
|
||||
func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, error) {
|
||||
func GetSamlMeta(application *Application, host string, enablePostBinding bool) (*IdpEntityDescriptor, error) {
|
||||
cert, err := getCertByApplication(application)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -217,6 +217,13 @@ func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, e
|
||||
|
||||
originFrontend, originBackend := getOriginFromHost(host)
|
||||
|
||||
idpLocation := ""
|
||||
if enablePostBinding {
|
||||
idpLocation = fmt.Sprintf("%s/api/saml/redirect/%s/%s", originBackend, application.Owner, application.Name)
|
||||
} else {
|
||||
idpLocation = fmt.Sprintf("%s/login/saml/authorize/%s/%s", originFrontend, application.Owner, application.Name)
|
||||
}
|
||||
|
||||
d := IdpEntityDescriptor{
|
||||
XMLName: xml.Name{
|
||||
Local: "md:EntityDescriptor",
|
||||
@ -248,7 +255,7 @@ func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, e
|
||||
},
|
||||
SingleSignOnService: SingleSignOnService{
|
||||
Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
|
||||
Location: fmt.Sprintf("%s/login/saml/authorize/%s/%s", originFrontend, application.Owner, application.Name),
|
||||
Location: idpLocation,
|
||||
},
|
||||
ProtocolSupportEnumeration: "urn:oasis:names:tc:SAML:2.0:protocol",
|
||||
},
|
||||
@ -442,3 +449,8 @@ func NewSamlResponse11(user *User, requestID string, host string) *etree.Element
|
||||
|
||||
return samlResponse
|
||||
}
|
||||
|
||||
func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string) string {
|
||||
originF, _ := getOriginFromHost(host)
|
||||
return fmt.Sprintf("%s/login/saml/authorize/%s/%s?relayState=%s&samlRequest=%s", originF, owner, application, relayState, samlRequest)
|
||||
}
|
||||
|
||||
@ -27,7 +27,7 @@ func getSmsClient(provider *Provider) (sender.SmsClient, error) {
|
||||
if provider.Type == sender.HuaweiCloud || provider.Type == sender.AzureACS {
|
||||
client, err = sender.NewSmsClient(provider.Type, provider.ClientId, provider.ClientSecret, provider.SignName, provider.TemplateCode, provider.ProviderUrl, provider.AppId)
|
||||
} else if provider.Type == "Custom HTTP SMS" {
|
||||
client, err = newHttpSmsClient(provider.Endpoint, provider.Method, provider.Title)
|
||||
client, err = newHttpSmsClient(provider.Endpoint, provider.Method, provider.Title, provider.TemplateCode)
|
||||
} else {
|
||||
client, err = sender.NewSmsClient(provider.Type, provider.ClientId, provider.ClientSecret, provider.SignName, provider.TemplateCode, provider.AppId)
|
||||
}
|
||||
|
||||
@ -27,20 +27,26 @@ type HttpSmsClient struct {
|
||||
endpoint string
|
||||
method string
|
||||
paramName string
|
||||
template string
|
||||
}
|
||||
|
||||
func newHttpSmsClient(endpoint string, method string, paramName string) (*HttpSmsClient, error) {
|
||||
func newHttpSmsClient(endpoint, method, paramName, template string) (*HttpSmsClient, error) {
|
||||
if template == "" {
|
||||
template = "%s"
|
||||
}
|
||||
client := &HttpSmsClient{
|
||||
endpoint: endpoint,
|
||||
method: method,
|
||||
paramName: paramName,
|
||||
template: template,
|
||||
}
|
||||
return client, nil
|
||||
}
|
||||
|
||||
func (c *HttpSmsClient) SendMessage(param map[string]string, targetPhoneNumber ...string) error {
|
||||
phoneNumber := targetPhoneNumber[0]
|
||||
content := param["code"]
|
||||
code := param["code"]
|
||||
content := fmt.Sprintf(c.template, code)
|
||||
|
||||
var req *http.Request
|
||||
var err error
|
||||
|
||||
@ -43,7 +43,7 @@ type Syncer struct {
|
||||
Host string `xorm:"varchar(100)" json:"host"`
|
||||
Port int `json:"port"`
|
||||
User string `xorm:"varchar(100)" json:"user"`
|
||||
Password string `xorm:"varchar(100)" json:"password"`
|
||||
Password string `xorm:"varchar(150)" json:"password"`
|
||||
Database string `xorm:"varchar(100)" json:"database"`
|
||||
Table string `xorm:"varchar(100)" json:"table"`
|
||||
TableColumns []*TableColumn `xorm:"mediumtext" json:"tableColumns"`
|
||||
|
||||
@ -93,6 +93,8 @@ func (syncer *Syncer) setUserByKeyValue(user *User, key string, value string) {
|
||||
user.CreatedTime = value
|
||||
case "UpdatedTime":
|
||||
user.UpdatedTime = value
|
||||
case "DeletedTime":
|
||||
user.DeletedTime = value
|
||||
case "Id":
|
||||
user.Id = value
|
||||
case "Type":
|
||||
@ -266,6 +268,7 @@ func (syncer *Syncer) getMapFromOriginalUser(user *OriginalUser) map[string]stri
|
||||
m["Name"] = user.Name
|
||||
m["CreatedTime"] = user.CreatedTime
|
||||
m["UpdatedTime"] = user.UpdatedTime
|
||||
m["DeletedTime"] = user.DeletedTime
|
||||
m["Id"] = user.Id
|
||||
m["Type"] = user.Type
|
||||
m["Password"] = user.Password
|
||||
|
||||
@ -186,6 +186,26 @@ func GetTokenByRefreshToken(refreshToken string) (*Token, error) {
|
||||
return &token, nil
|
||||
}
|
||||
|
||||
func GetTokenByTokenValue(tokenValue string) (*Token, error) {
|
||||
token, err := GetTokenByAccessToken(tokenValue)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if token != nil {
|
||||
return token, nil
|
||||
}
|
||||
|
||||
token, err = GetTokenByRefreshToken(tokenValue)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if token != nil {
|
||||
return token, nil
|
||||
}
|
||||
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func updateUsedByCode(token *Token) bool {
|
||||
affected, err := ormer.Engine.Where("code=?", token.Code).Cols("code_is_used").Update(token)
|
||||
if err != nil {
|
||||
@ -283,20 +303,6 @@ func ExpireTokenByAccessToken(accessToken string) (bool, *Application, *Token, e
|
||||
return affected != 0, application, token, nil
|
||||
}
|
||||
|
||||
func GetTokenByTokenAndApplication(token string, application string) (*Token, error) {
|
||||
tokenResult := Token{}
|
||||
existed, err := ormer.Engine.Where("(refresh_token = ? or access_token = ? ) and application = ?", token, token, application).Get(&tokenResult)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !existed {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
return &tokenResult, nil
|
||||
}
|
||||
|
||||
func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string, lang string) (string, *Application, error) {
|
||||
if responseType != "code" && responseType != "token" && responseType != "id_token" {
|
||||
return fmt.Sprintf(i18n.Translate(lang, "token:Grant_type: %s is not supported in this application"), responseType), nil, nil
|
||||
|
||||
@ -40,7 +40,7 @@ type UserShort struct {
|
||||
DisplayName string `xorm:"varchar(100)" json:"displayName"`
|
||||
Avatar string `xorm:"varchar(500)" json:"avatar"`
|
||||
Email string `xorm:"varchar(100) index" json:"email"`
|
||||
Phone string `xorm:"varchar(20) index" json:"phone"`
|
||||
Phone string `xorm:"varchar(100) index" json:"phone"`
|
||||
}
|
||||
|
||||
type UserWithoutThirdIdp struct {
|
||||
@ -48,10 +48,11 @@ type UserWithoutThirdIdp struct {
|
||||
Name string `xorm:"varchar(100) notnull pk" json:"name"`
|
||||
CreatedTime string `xorm:"varchar(100) index" json:"createdTime"`
|
||||
UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
|
||||
DeletedTime string `xorm:"varchar(100)" json:"deletedTime"`
|
||||
|
||||
Id string `xorm:"varchar(100) index" json:"id"`
|
||||
Type string `xorm:"varchar(100)" json:"type"`
|
||||
Password string `xorm:"varchar(100)" json:"password"`
|
||||
Password string `xorm:"varchar(150)" json:"password"`
|
||||
PasswordSalt string `xorm:"varchar(100)" json:"passwordSalt"`
|
||||
PasswordType string `xorm:"varchar(100)" json:"passwordType"`
|
||||
DisplayName string `xorm:"varchar(100)" json:"displayName"`
|
||||
@ -62,7 +63,7 @@ type UserWithoutThirdIdp struct {
|
||||
PermanentAvatar string `xorm:"varchar(500)" json:"permanentAvatar"`
|
||||
Email string `xorm:"varchar(100) index" json:"email"`
|
||||
EmailVerified bool `json:"emailVerified"`
|
||||
Phone string `xorm:"varchar(20) index" json:"phone"`
|
||||
Phone string `xorm:"varchar(100) index" json:"phone"`
|
||||
CountryCode string `xorm:"varchar(6)" json:"countryCode"`
|
||||
Region string `xorm:"varchar(100)" json:"region"`
|
||||
Location string `xorm:"varchar(100)" json:"location"`
|
||||
@ -167,6 +168,7 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {
|
||||
Name: user.Name,
|
||||
CreatedTime: user.CreatedTime,
|
||||
UpdatedTime: user.UpdatedTime,
|
||||
DeletedTime: user.DeletedTime,
|
||||
|
||||
Id: user.Id,
|
||||
Type: user.Type,
|
||||
|
||||
@ -49,11 +49,12 @@ type User struct {
|
||||
Name string `xorm:"varchar(100) notnull pk" json:"name"`
|
||||
CreatedTime string `xorm:"varchar(100) index" json:"createdTime"`
|
||||
UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
|
||||
DeletedTime string `xorm:"varchar(100)" json:"deletedTime"`
|
||||
|
||||
Id string `xorm:"varchar(100) index" json:"id"`
|
||||
ExternalId string `xorm:"varchar(100) index" json:"externalId"`
|
||||
Type string `xorm:"varchar(100)" json:"type"`
|
||||
Password string `xorm:"varchar(100)" json:"password"`
|
||||
Password string `xorm:"varchar(150)" json:"password"`
|
||||
PasswordSalt string `xorm:"varchar(100)" json:"passwordSalt"`
|
||||
PasswordType string `xorm:"varchar(100)" json:"passwordType"`
|
||||
DisplayName string `xorm:"varchar(100)" json:"displayName"`
|
||||
@ -64,7 +65,7 @@ type User struct {
|
||||
PermanentAvatar string `xorm:"varchar(500)" json:"permanentAvatar"`
|
||||
Email string `xorm:"varchar(100) index" json:"email"`
|
||||
EmailVerified bool `json:"emailVerified"`
|
||||
Phone string `xorm:"varchar(20) index" json:"phone"`
|
||||
Phone string `xorm:"varchar(100) index" json:"phone"`
|
||||
CountryCode string `xorm:"varchar(6)" json:"countryCode"`
|
||||
Region string `xorm:"varchar(100)" json:"region"`
|
||||
Location string `xorm:"varchar(100)" json:"location"`
|
||||
@ -639,7 +640,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
|
||||
if len(columns) == 0 {
|
||||
columns = []string{
|
||||
"owner", "display_name", "avatar", "first_name", "last_name",
|
||||
"location", "address", "country_code", "region", "language", "affiliation", "title", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
|
||||
"location", "address", "country_code", "region", "language", "affiliation", "title", "id_card_type", "id_card", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
|
||||
"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
|
||||
"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret",
|
||||
"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
|
||||
@ -658,6 +659,10 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
|
||||
columns = append(columns, "updated_time")
|
||||
user.UpdatedTime = util.GetCurrentTime()
|
||||
|
||||
if len(user.DeletedTime) > 0 {
|
||||
columns = append(columns, "deleted_time")
|
||||
}
|
||||
|
||||
if util.ContainsString(columns, "groups") {
|
||||
_, err := userEnforcer.UpdateGroupsForUser(user.GetId(), user.Groups)
|
||||
if err != nil {
|
||||
|
||||
@ -134,6 +134,7 @@ func UploadUsers(owner string, path string) (bool, error) {
|
||||
LastSigninIp: parseLineItem(&line, 38),
|
||||
Ldap: "",
|
||||
Properties: map[string]string{},
|
||||
DeletedTime: parseLineItem(&line, 39),
|
||||
}
|
||||
|
||||
if _, ok := oldUserMap[user.GetId()]; !ok {
|
||||
|
||||
@ -164,6 +164,10 @@ func getUrlPath(urlPath string) string {
|
||||
return "/api/webauthn"
|
||||
}
|
||||
|
||||
if strings.HasPrefix(urlPath, "/api/saml/redirect") {
|
||||
return "/api/saml/redirect"
|
||||
}
|
||||
|
||||
return urlPath
|
||||
}
|
||||
|
||||
|
||||
@ -60,6 +60,7 @@ func initAPI() {
|
||||
beego.Router("/api/get-saml-login", &controllers.ApiController{}, "GET:GetSamlLogin")
|
||||
beego.Router("/api/acs", &controllers.ApiController{}, "POST:HandleSamlLogin")
|
||||
beego.Router("/api/saml/metadata", &controllers.ApiController{}, "GET:GetSamlMeta")
|
||||
beego.Router("/api/saml/redirect/:owner/:application", &controllers.ApiController{}, "*:HandleSamlRedirect")
|
||||
beego.Router("/api/webhook", &controllers.ApiController{}, "POST:HandleOfficialAccountEvent")
|
||||
beego.Router("/api/get-webhook-event", &controllers.ApiController{}, "GET:GetWebhookEventType")
|
||||
beego.Router("/api/get-captcha-status", &controllers.ApiController{}, "GET:GetCaptchaStatus")
|
||||
|
||||
@ -5592,6 +5592,9 @@
|
||||
"enableSamlCompress": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"enableSamlPostBinding": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"enableSignUp": {
|
||||
"type": "boolean"
|
||||
},
|
||||
@ -7446,6 +7449,9 @@
|
||||
"displayName": {
|
||||
"type": "string"
|
||||
},
|
||||
"deletedTime": {
|
||||
"type": "string"
|
||||
},
|
||||
"douyin": {
|
||||
"type": "string"
|
||||
},
|
||||
|
||||
@ -4900,6 +4900,8 @@ definitions:
|
||||
type: string
|
||||
deezer:
|
||||
type: string
|
||||
deletedTime:
|
||||
type: string
|
||||
digitalocean:
|
||||
type: string
|
||||
dingtalk:
|
||||
|
||||
32
util/json.go
32
util/json.go
@ -14,7 +14,10 @@
|
||||
|
||||
package util
|
||||
|
||||
import "encoding/json"
|
||||
import (
|
||||
"encoding/json"
|
||||
"reflect"
|
||||
)
|
||||
|
||||
func StructToJson(v interface{}) string {
|
||||
data, err := json.Marshal(v)
|
||||
@ -37,3 +40,30 @@ func StructToJsonFormatted(v interface{}) string {
|
||||
func JsonToStruct(data string, v interface{}) error {
|
||||
return json.Unmarshal([]byte(data), v)
|
||||
}
|
||||
|
||||
func TryJsonToAnonymousStruct(j string) (interface{}, error) {
|
||||
var data map[string]interface{}
|
||||
if err := json.Unmarshal([]byte(j), &data); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Create a slice of StructFields
|
||||
fields := make([]reflect.StructField, 0, len(data))
|
||||
for k, v := range data {
|
||||
fields = append(fields, reflect.StructField{
|
||||
Name: k,
|
||||
Type: reflect.TypeOf(v),
|
||||
})
|
||||
}
|
||||
|
||||
// Create the struct type
|
||||
t := reflect.StructOf(fields)
|
||||
|
||||
// Unmarshal again, this time to the new struct type
|
||||
val := reflect.New(t)
|
||||
i := val.Interface()
|
||||
if err := json.Unmarshal([]byte(j), &i); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return i, nil
|
||||
}
|
||||
|
||||
@ -324,9 +324,16 @@ func GetUsernameFromEmail(email string) string {
|
||||
}
|
||||
|
||||
func StringToInterfaceArray(array []string) []interface{} {
|
||||
var interfaceArray []interface{}
|
||||
for _, v := range array {
|
||||
interfaceArray = append(interfaceArray, v)
|
||||
var (
|
||||
interfaceArray []interface{}
|
||||
elem interface{}
|
||||
)
|
||||
for _, elem = range array {
|
||||
jStruct, err := TryJsonToAnonymousStruct(elem.(string))
|
||||
if err == nil {
|
||||
elem = jStruct
|
||||
}
|
||||
interfaceArray = append(interfaceArray, elem)
|
||||
}
|
||||
return interfaceArray
|
||||
}
|
||||
|
||||
@ -116,7 +116,6 @@ class ApplicationEditPage extends React.Component {
|
||||
this.getApplication();
|
||||
this.getOrganizations();
|
||||
this.getProviders();
|
||||
this.getSamlMetadata();
|
||||
}
|
||||
|
||||
getApplication() {
|
||||
@ -146,6 +145,8 @@ class ApplicationEditPage extends React.Component {
|
||||
});
|
||||
|
||||
this.getCerts(application.organization);
|
||||
|
||||
this.getSamlMetadata(application.enableSamlPostBinding);
|
||||
});
|
||||
}
|
||||
|
||||
@ -186,8 +187,8 @@ class ApplicationEditPage extends React.Component {
|
||||
});
|
||||
}
|
||||
|
||||
getSamlMetadata() {
|
||||
ApplicationBackend.getSamlMetadata("admin", this.state.applicationName)
|
||||
getSamlMetadata(checked) {
|
||||
ApplicationBackend.getSamlMetadata("admin", this.state.applicationName, checked)
|
||||
.then((data) => {
|
||||
this.setState({
|
||||
samlMetadata: data,
|
||||
@ -663,6 +664,17 @@ class ApplicationEditPage extends React.Component {
|
||||
}} />
|
||||
</Col>
|
||||
</Row>
|
||||
<Row style={{marginTop: "20px"}} >
|
||||
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
|
||||
{Setting.getLabel(i18next.t("application:Enable SAML POST binding"), i18next.t("application:Enable SAML POST binding - Tooltip"))} :
|
||||
</Col>
|
||||
<Col span={1} >
|
||||
<Switch checked={this.state.application.enableSamlPostBinding} onChange={checked => {
|
||||
this.updateApplicationField("enableSamlPostBinding", checked);
|
||||
this.getSamlMetadata(checked);
|
||||
}} />
|
||||
</Col>
|
||||
</Row>
|
||||
<Row style={{marginTop: "20px"}} >
|
||||
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
|
||||
{Setting.getLabel(i18next.t("general:SAML attributes"), i18next.t("general:SAML attributes - Tooltip"))} :
|
||||
@ -688,7 +700,7 @@ class ApplicationEditPage extends React.Component {
|
||||
/>
|
||||
<br />
|
||||
<Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
|
||||
copy(`${window.location.origin}/api/saml/metadata?application=admin/${encodeURIComponent(this.state.applicationName)}`);
|
||||
copy(`${window.location.origin}/api/saml/metadata?application=admin/${encodeURIComponent(this.state.applicationName)}&post=${this.state.application.enableSamlPostBinding}`);
|
||||
Setting.showMessage("success", i18next.t("general:Copied to clipboard successfully"));
|
||||
}}
|
||||
>
|
||||
|
||||
@ -184,7 +184,7 @@ class OrganizationEditPage extends React.Component {
|
||||
</Col>
|
||||
<Col span={22} >
|
||||
<Select virtual={false} style={{width: "100%"}} value={this.state.organization.passwordType} onChange={(value => {this.updateOrganizationField("passwordType", value);})}
|
||||
options={["plain", "salt", "md5-salt", "bcrypt", "pbkdf2-salt", "argon2id"].map(item => Setting.getOption(item, item))}
|
||||
options={["plain", "salt", "sha512-salt", "md5-salt", "bcrypt", "pbkdf2-salt", "argon2id"].map(item => Setting.getOption(item, item))}
|
||||
/>
|
||||
</Col>
|
||||
</Row>
|
||||
|
||||
@ -1041,7 +1041,7 @@ class ProviderEditPage extends React.Component {
|
||||
</Row>
|
||||
)
|
||||
}
|
||||
{["Custom HTTP SMS", "Infobip SMS"].includes(this.state.provider.type) ?
|
||||
{["Infobip SMS"].includes(this.state.provider.type) ?
|
||||
null :
|
||||
(<Row style={{marginTop: "20px"}} >
|
||||
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
|
||||
|
||||
@ -1448,7 +1448,7 @@ export function getFriendlyUserName(account) {
|
||||
}
|
||||
|
||||
export function getUserCommonFields() {
|
||||
return ["Owner", "Name", "CreatedTime", "UpdatedTime", "Id", "Type", "Password", "PasswordSalt", "DisplayName", "FirstName", "LastName", "Avatar", "PermanentAvatar",
|
||||
return ["Owner", "Name", "CreatedTime", "UpdatedTime", "DeletedTime", "Id", "Type", "Password", "PasswordSalt", "DisplayName", "FirstName", "LastName", "Avatar", "PermanentAvatar",
|
||||
"Email", "EmailVerified", "Phone", "Location", "Address", "Affiliation", "Title", "IdCardType", "IdCard", "Homepage", "Bio", "Tag", "Region",
|
||||
"Language", "Gender", "Birthday", "Education", "Score", "Ranking", "IsDefaultAvatar", "IsOnline", "IsAdmin", "IsForbidden", "IsDeleted", "CreatedIp",
|
||||
"PreferredMfaType", "TotpSecret", "SignupApplication"];
|
||||
|
||||
@ -27,6 +27,7 @@ import * as ApplicationBackend from "./backend/ApplicationBackend";
|
||||
import PasswordModal from "./common/modal/PasswordModal";
|
||||
import ResetModal from "./common/modal/ResetModal";
|
||||
import AffiliationSelect from "./common/select/AffiliationSelect";
|
||||
import moment from "moment";
|
||||
import OAuthWidget from "./common/OAuthWidget";
|
||||
import SamlWidget from "./common/SamlWidget";
|
||||
import RegionSelect from "./common/select/RegionSelect";
|
||||
@ -122,6 +123,17 @@ class UserEditPage extends React.Component {
|
||||
this.setState({
|
||||
applications: res.data || [],
|
||||
});
|
||||
|
||||
const applications = res.data;
|
||||
if (this.state.user) {
|
||||
if (this.state.user.signupApplication === "" || applications.filter(application => application.name === this.state.user.signupApplication).length === 0) {
|
||||
if (applications.length > 0) {
|
||||
this.updateUserField("signupApplication", applications[0].name);
|
||||
} else {
|
||||
this.updateUserField("signupApplication", "");
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@ -858,6 +870,7 @@ class UserEditPage extends React.Component {
|
||||
<Col span={(Setting.isMobile()) ? 22 : 2} >
|
||||
<Switch checked={this.state.user.isDeleted} onChange={checked => {
|
||||
this.updateUserField("isDeleted", checked);
|
||||
this.updateUserField("deletedTime", checked ? moment().format() : "");
|
||||
}} />
|
||||
</Col>
|
||||
</Row>
|
||||
@ -890,11 +903,9 @@ class UserEditPage extends React.Component {
|
||||
</Space>
|
||||
{item.enabled ? (
|
||||
<Space>
|
||||
{item.enabled ?
|
||||
<Tag icon={<CheckCircleOutlined />} color="success">
|
||||
{i18next.t("general:Enabled")}
|
||||
</Tag> : null
|
||||
}
|
||||
<Tag icon={<CheckCircleOutlined />} color="success">
|
||||
{i18next.t("general:Enabled")}
|
||||
</Tag>
|
||||
{item.isPreferred ?
|
||||
<Tag icon={<CheckCircleOutlined />} color="blue" style={{marginRight: 20}} >
|
||||
{i18next.t("mfa:preferred")}
|
||||
@ -916,18 +927,23 @@ class UserEditPage extends React.Component {
|
||||
{i18next.t("mfa:Set preferred")}
|
||||
</Button>
|
||||
}
|
||||
{this.isSelf() ? <Button type={"default"} onClick={() => {
|
||||
this.props.history.push(`/mfa/setup?mfaType=${item.mfaType}`);
|
||||
}}>
|
||||
{i18next.t("general:Edit")}
|
||||
</Button> : null}
|
||||
</Space>
|
||||
) :
|
||||
<Space>
|
||||
{item.mfaType !== TotpMfaType && Setting.isAdminUser(this.props.account) && window.location.href.indexOf("/users") !== -1 ?
|
||||
{item.mfaType !== TotpMfaType && Setting.isLocalAdminUser(this.props.account) && !this.isSelf() ?
|
||||
<EnableMfaModal user={this.state.user} mfaType={item.mfaType} onSuccess={() => {
|
||||
this.getUser();
|
||||
}} /> : null}
|
||||
<Button type={"default"} onClick={() => {
|
||||
{this.isSelf() ? <Button type={"default"} onClick={() => {
|
||||
this.props.history.push(`/mfa/setup?mfaType=${item.mfaType}`);
|
||||
}}>
|
||||
{i18next.t("mfa:Setup")}
|
||||
</Button>
|
||||
</Button> : null}
|
||||
</Space>}
|
||||
</List.Item>
|
||||
)}
|
||||
|
||||
@ -70,7 +70,7 @@ class UserListPage extends BaseListPage {
|
||||
password: "123",
|
||||
passwordSalt: "",
|
||||
displayName: `New User - ${randomName}`,
|
||||
avatar: `${Setting.StaticBaseUrl}/img/casbin.svg`,
|
||||
avatar: this.state.organization.defaultAvatar ?? `${Setting.StaticBaseUrl}/img/casbin.svg`,
|
||||
email: `${randomName}@example.com`,
|
||||
phone: Setting.getRandomNumber(),
|
||||
countryCode: this.state.organization.countryCodes?.length > 0 ? this.state.organization.countryCodes[0] : "",
|
||||
|
||||
@ -62,6 +62,7 @@ const userTemplate = {
|
||||
"name": "admin",
|
||||
"createdTime": "2020-07-16T21:46:52+08:00",
|
||||
"updatedTime": "",
|
||||
"deletedTime": "",
|
||||
"id": "9eb20f79-3bb5-4e74-99ac-39e3b9a171e8",
|
||||
"type": "normal-user",
|
||||
"password": "***",
|
||||
|
||||
@ -98,7 +98,7 @@ class MfaSetupPage extends React.Component {
|
||||
|
||||
renderMfaTypeSwitch() {
|
||||
const renderSmsLink = () => {
|
||||
if (this.state.mfaType === SmsMfaType || this.props.account.mfaPhoneEnabled) {
|
||||
if (this.state.mfaType === SmsMfaType) {
|
||||
return null;
|
||||
}
|
||||
return (<Button type={"link"} onClick={() => {
|
||||
@ -112,7 +112,7 @@ class MfaSetupPage extends React.Component {
|
||||
};
|
||||
|
||||
const renderEmailLink = () => {
|
||||
if (this.state.mfaType === EmailMfaType || this.props.account.mfaEmailEnabled) {
|
||||
if (this.state.mfaType === EmailMfaType) {
|
||||
return null;
|
||||
}
|
||||
return (<Button type={"link"} onClick={() => {
|
||||
@ -126,7 +126,7 @@ class MfaSetupPage extends React.Component {
|
||||
};
|
||||
|
||||
const renderTotpLink = () => {
|
||||
if (this.state.mfaType === TotpMfaType || this.props.account.totpSecret !== "") {
|
||||
if (this.state.mfaType === TotpMfaType) {
|
||||
return null;
|
||||
}
|
||||
return (<Button type={"link"} onClick={() => {
|
||||
@ -191,7 +191,9 @@ class MfaSetupPage extends React.Component {
|
||||
onSuccess={() => {
|
||||
Setting.showMessage("success", i18next.t("general:Enabled successfully"));
|
||||
this.props.onfinish();
|
||||
if (localStorage.getItem("mfaRedirectUrl") !== null) {
|
||||
|
||||
const mfaRedirectUrl = localStorage.getItem("mfaRedirectUrl");
|
||||
if (mfaRedirectUrl !== undefined && mfaRedirectUrl !== null) {
|
||||
Setting.goToLink(localStorage.getItem("mfaRedirectUrl"));
|
||||
localStorage.removeItem("mfaRedirectUrl");
|
||||
} else {
|
||||
|
||||
@ -89,8 +89,8 @@ export function deleteApplication(application) {
|
||||
}).then(res => res.json());
|
||||
}
|
||||
|
||||
export function getSamlMetadata(owner, name) {
|
||||
return fetch(`${Setting.ServerUrl}/api/saml/metadata?application=${owner}/${encodeURIComponent(name)}`, {
|
||||
export function getSamlMetadata(owner, name, enablePostBinding) {
|
||||
return fetch(`${Setting.ServerUrl}/api/saml/metadata?application=${owner}/${encodeURIComponent(name)}&enablePostBinding=${enablePostBinding}`, {
|
||||
method: "GET",
|
||||
credentials: "include",
|
||||
headers: {
|
||||
|
||||
@ -36,6 +36,8 @@
|
||||
"Enable SAML C14N10 - Tooltip": "Use C14N10 instead of C14N11 in SAML",
|
||||
"Enable SAML compression": "Enable SAML compression",
|
||||
"Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
|
||||
"Enable SAML POST binding": "Enable SAML POST binding",
|
||||
"Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
|
||||
"Enable side panel": "Enable side panel",
|
||||
"Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
|
||||
"Enable signup": "Enable signup",
|
||||
|
||||
@ -36,6 +36,8 @@
|
||||
"Enable SAML C14N10 - Tooltip": "在SAML协议里使用C14N10,而不是C14N11",
|
||||
"Enable SAML compression": "压缩SAML响应",
|
||||
"Enable SAML compression - Tooltip": "Casdoor作为SAML IdP时,是否压缩SAML响应信息",
|
||||
"Enable SAML POST binding": "启用SAML POST Binding",
|
||||
"Enable SAML POST binding - Tooltip": "HTTP POST绑定使用HTML表单中的输入字段发送SAML消息,当SP使用它时启用",
|
||||
"Enable side panel": "启用侧面板",
|
||||
"Enable signin session - Tooltip": "从应用登录Casdoor后,Casdoor是否保持会话",
|
||||
"Enable signup": "启用注册",
|
||||
|
||||
Reference in New Issue
Block a user