0981ec30c3
* Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
102 lines
6 KiB
Handlebars
102 lines
6 KiB
Handlebars
<div class="oauth2 field {{if not (eq .type 6)}}hide{{end}}">
|
|
<div class="inline required field">
|
|
<label>{{.i18n.Tr "admin.auths.oauth2_provider"}}</label>
|
|
<div class="ui selection type dropdown">
|
|
<input type="hidden" id="oauth2_provider" name="oauth2_provider" value="{{.oauth2_provider.Name}}">
|
|
<div class="text">{{.oauth2_provider.Name}}</div>
|
|
{{svg "octicon-triangle-down" 14 "dropdown icon"}}
|
|
<div class="menu">
|
|
{{range .OAuth2Providers}}
|
|
<div class="item" data-value="{{.Name}}">{{.DisplayName}}</div>
|
|
{{end}}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="required field">
|
|
<label for="oauth2_key">{{.i18n.Tr "admin.auths.oauth2_clientID"}}</label>
|
|
<input id="oauth2_key" name="oauth2_key" value="{{.oauth2_key}}">
|
|
</div>
|
|
<div class="required field">
|
|
<label for="oauth2_secret">{{.i18n.Tr "admin.auths.oauth2_clientSecret"}}</label>
|
|
<input id="oauth2_secret" name="oauth2_secret" value="{{.oauth2_secret}}">
|
|
</div>
|
|
<div class="optional field">
|
|
<label for="oauth2_icon_url">{{.i18n.Tr "admin.auths.oauth2_icon_url"}}</label>
|
|
<input id="oauth2_icon_url" name="oauth2_icon_url" value="{{.oauth2_icon_url}}">
|
|
</div>
|
|
<div class="open_id_connect_auto_discovery_url required field">
|
|
<label for="open_id_connect_auto_discovery_url">{{.i18n.Tr "admin.auths.openIdConnectAutoDiscoveryURL"}}</label>
|
|
<input id="open_id_connect_auto_discovery_url" name="open_id_connect_auto_discovery_url" value="{{.open_id_connect_auto_discovery_url}}">
|
|
</div>
|
|
<div class="optional field">
|
|
<div class="ui checkbox">
|
|
<label for="skip_local_two_fa"><strong>{{.i18n.Tr "admin.auths.skip_local_two_fa"}}</strong></label>
|
|
<input id="skip_local_two_fa" name="skip_local_two_fa" type="checkbox" {{if .skip_local_two_fa}}checked{{end}}>
|
|
<p class="help">{{.i18n.Tr "admin.auths.skip_local_two_fa_helper"}}</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="oauth2_use_custom_url inline field">
|
|
<div class="ui checkbox">
|
|
<label><strong>{{.i18n.Tr "admin.auths.oauth2_use_custom_url"}}</strong></label>
|
|
<input id="oauth2_use_custom_url" name="oauth2_use_custom_url" type="checkbox">
|
|
</div>
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_auth_url required field">
|
|
<label for="oauth2_auth_url">{{.i18n.Tr "admin.auths.oauth2_authURL"}}</label>
|
|
<input id="oauth2_auth_url" name="oauth2_auth_url" value="{{.oauth2_auth_url}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_token_url required field">
|
|
<label for="oauth2_token_url">{{.i18n.Tr "admin.auths.oauth2_tokenURL"}}</label>
|
|
<input id="oauth2_token_url" name="oauth2_token_url" value="{{.oauth2_token_url}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_profile_url required field">
|
|
<label for="oauth2_profile_url">{{.i18n.Tr "admin.auths.oauth2_profileURL"}}</label>
|
|
<input id="oauth2_profile_url" name="oauth2_profile_url" value="{{.oauth2_profile_url}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_email_url required field">
|
|
<label for="oauth2_email_url">{{.i18n.Tr "admin.auths.oauth2_emailURL"}}</label>
|
|
<input id="oauth2_email_url" name="oauth2_email_url" value="{{.oauth2_email_url}}">
|
|
</div>
|
|
<div class="oauth2_use_custom_url_field oauth2_tenant required field">
|
|
<label for="oauth2_tenant">{{.i18n.Tr "admin.auths.oauth2_tenant"}}</label>
|
|
<input id="oauth2_tenant" name="oauth2_tenant" value="{{.oauth2_tenant}}">
|
|
</div>
|
|
|
|
{{range .OAuth2Providers}}{{if .CustomURLSettings}}
|
|
<input id="{{.Name}}_customURLSettings" type="hidden" data-required="{{.CustomURLSettings.Required}}" data-available="true">
|
|
<input id="{{.Name}}_token_url" value="{{.CustomURLSettings.TokenURL.Value}}" data-available="{{.CustomURLSettings.TokenURL.Available}}" data-required="{{.CustomURLSettings.TokenURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_auth_url" value="{{.CustomURLSettings.AuthURL.Value}}" data-available="{{.CustomURLSettings.AuthURL.Available}}" data-required="{{.CustomURLSettings.AuthURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_profile_url" value="{{.CustomURLSettings.ProfileURL.Value}}" data-available="{{.CustomURLSettings.ProfileURL.Available}}" data-required="{{.CustomURLSettings.ProfileURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden" />
|
|
<input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden" />
|
|
{{end}}{{end}}
|
|
|
|
<div class="field">
|
|
<label for="oauth2_scopes">{{.i18n.Tr "admin.auths.oauth2_scopes"}}</label>
|
|
<input id="oauth2_scopes" name="oauth2_scopes" values="{{.oauth2_scopes}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_required_claim_name">{{.i18n.Tr "admin.auths.oauth2_required_claim_name"}}</label>
|
|
<input id="oauth2_required_claim_name" name="oauth2_required_claim_name" values="{{.oauth2_required_claim_name}}">
|
|
<p class="help">{{.i18n.Tr "admin.auths.oauth2_required_claim_name_helper"}}</p>
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_required_claim_value">{{.i18n.Tr "admin.auths.oauth2_required_claim_value"}}</label>
|
|
<input id="oauth2_required_claim_value" name="oauth2_required_claim_value" values="{{.oauth2_required_claim_value}}">
|
|
<p class="help">{{.i18n.Tr "admin.auths.oauth2_required_claim_value_helper"}}</p>
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_group_claim_name">{{.i18n.Tr "admin.auths.oauth2_group_claim_name"}}</label>
|
|
<input id="oauth2_group_claim_name" name="oauth2_group_claim_name" value="{{.oauth2_group_claim_name}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_admin_group">{{.i18n.Tr "admin.auths.oauth2_admin_group"}}</label>
|
|
<input id="oauth2_admin_group" name="oauth2_admin_group" value="{{.oauth2_group_claim_name}}">
|
|
</div>
|
|
<div class="field">
|
|
<label for="oauth2_restricted_group">{{.i18n.Tr "admin.auths.oauth2_restricted_group"}}</label>
|
|
<input id="oauth2_restricted_group" name="oauth2_restricted_group" value="{{.oauth2_group_claim_name}}">
|
|
</div>
|
|
</div>
|