Adds LDAP auth support

2025-07-04 00:46:50 +00:00 · 2024-11-02 21:36:07 +10:00
parent 8434a2d1fa
commit a277a5d167
54 changed files with 765 additions and 306 deletions
--- a/backend/embed/migrations/mysql/20201013035318_initial_schema.sql
+++ b/backend/embed/migrations/mysql/20201013035318_initial_schema.sql
@ -17,7 +17,6 @@ CREATE TABLE IF NOT EXISTS `user`
 	`updated_at` BIGINT NOT NULL DEFAULT 0,
 	`is_deleted` INT NOT NULL DEFAULT 0, -- int on purpose, gormism
 	`name` VARCHAR(50) NOT NULL,
-	`nickname` VARCHAR(50) NOT NULL,
 	`email` VARCHAR(255) NOT NULL,
 	`is_system` BOOLEAN NOT NULL DEFAULT FALSE,
 	`is_disabled` BOOLEAN NOT NULL DEFAULT FALSE
@ -45,6 +44,7 @@ CREATE TABLE IF NOT EXISTS `auth`
 	`is_deleted` INT NOT NULL DEFAULT 0, -- int on purpose, gormism
 	`user_id` INT NOT NULL,
 	`type` VARCHAR(50) NOT NULL,
+	`identity` VARCHAR(255) NOT NULL,
 	`secret` VARCHAR(255) NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON DELETE CASCADE,
 	UNIQUE (`user_id`, `type`)
--- a/backend/embed/migrations/mysql/20201013035839_initial_data.sql
+++ b/backend/embed/migrations/mysql/20201013035839_initial_data.sql
@ -37,6 +37,27 @@ INSERT INTO `setting` (
 	"default-site",
 	"What to show users who hit your Nginx server by default",
 	'"welcome"' -- remember this is json
+),
+(
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"auth-methods",
+	"Which methods are enabled for authentication",
+	'["local"]' -- remember this is json
+),
+(
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"oidc-auth",
+	"Configuration for OIDC authentication",
+	'{}' -- remember this is json
+),
+(
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"ldap-auth",
+	"Configuration for LDAP authentication",
+	'{"host": "", "dn": "", "sync_by": "uid"}' -- remember this is json
 );

 -- Default Certificate Authorities
--- a/backend/embed/migrations/postgres/20201013035318_initial_schema.sql
+++ b/backend/embed/migrations/postgres/20201013035318_initial_schema.sql
@ -15,7 +15,6 @@ CREATE TABLE "user" (
 	"updated_at" BIGINT NOT NULL DEFAULT 0,
 	"is_deleted" INTEGER NOT NULL DEFAULT 0, -- int on purpose, gormism
 	"name" VARCHAR(50) NOT NULL,
-	"nickname" VARCHAR(50) NOT NULL,
 	"email" VARCHAR(255) NOT NULL,
 	"is_system" BOOLEAN NOT NULL DEFAULT FALSE,
 	"is_disabled" BOOLEAN NOT NULL DEFAULT FALSE
@ -39,6 +38,7 @@ CREATE TABLE "auth" (
 	"is_deleted" INTEGER NOT NULL DEFAULT 0, -- int on purpose, gormism
 	"user_id" INTEGER NOT NULL REFERENCES "user"("id") ON DELETE CASCADE,
 	"type" VARCHAR(50) NOT NULL,
+	"identity" VARCHAR(255) NOT NULL,
 	"secret" VARCHAR(255) NOT NULL,
 	UNIQUE ("user_id", "type")
 );
--- a/backend/embed/migrations/postgres/20201013035839_initial_data.sql
+++ b/backend/embed/migrations/postgres/20201013035839_initial_data.sql
@ -37,6 +37,27 @@ INSERT INTO "setting" (
 	'default-site',
 	'What to show users who hit your Nginx server by default',
 	'"welcome"' -- remember this is json
+),
+(
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'auth-methods',
+	'Which methods are enabled for authentication',
+	'["local"]' -- remember this is json
+),
+(
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'oidc-auth',
+	'Configuration for OIDC authentication',
+	'{}' -- remember this is json
+),
+(
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'ldap-auth',
+	'Configuration for LDAP authentication',
+	'{"host": "", "dn": "", "sync_by": "uid"}' -- remember this is json
 );

 -- Default Certificate Authorities
--- a/backend/embed/migrations/sqlite/20201013035318_initial_schema.sql
+++ b/backend/embed/migrations/sqlite/20201013035318_initial_schema.sql
@ -17,7 +17,6 @@ CREATE TABLE IF NOT EXISTS `user`
 	`updated_at` INTEGER NOT NULL DEFAULT 0,
 	`is_deleted` INTEGER NOT NULL DEFAULT 0,
 	`name` TEXT NOT NULL,
-	`nickname` TEXT NOT NULL,
 	`email` TEXT NOT NULL,
 	`is_system` INTEGER NOT NULL DEFAULT 0,
 	`is_disabled` INTEGER NOT NULL DEFAULT 0
@ -45,6 +44,7 @@ CREATE TABLE IF NOT EXISTS `auth`
 	`is_deleted` INTEGER NOT NULL DEFAULT 0,
 	`user_id` INTEGER NOT NULL,
 	`type` TEXT NOT NULL,
+	`identity` TEXT NOT NULL,
 	`secret` TEXT NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `user` (`id`) ON DELETE CASCADE,
 	UNIQUE (`user_id`, `type`)
--- a/backend/embed/migrations/sqlite/20201013035839_initial_data.sql
+++ b/backend/embed/migrations/sqlite/20201013035839_initial_data.sql
@ -36,6 +36,27 @@ INSERT INTO `setting` (
 	"default-site",
 	"What to show users who hit your Nginx server by default",
 	'"welcome"' -- remember this is json
+),
+(
+	unixepoch() * 1000,
+	unixepoch() * 1000,
+	"auth-methods",
+	"Which methods are enabled for authentication",
+	'["local"]' -- remember this is json
+),
+(
+	unixepoch() * 1000,
+	unixepoch() * 1000,
+	"oidc-auth",
+	"Configuration for OIDC authentication",
+	'{}' -- remember this is json
+),
+(
+	unixepoch() * 1000,
+	unixepoch() * 1000,
+	"ldap-auth",
+	"Configuration for LDAP authentication",
+	'{"host": "", "dn": "", "sync_by": "uid"}' -- remember this is json
 );

 -- Default Certificate Authorities