1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 16:47:30 +00:00
Commit graph

96 commits

Author SHA1 Message Date
wxiaoguang 047c69bd85
Improve CLI code and descriptions ()
* Close  
* Actually, it doesn't need to use that trick because it looks like it
is not necessary, no user really needs it
* Remove the hidden (legacy) "doctor" subcommand and update documents
* Fix "actions" usage


![image](https://github.com/go-gitea/gitea/assets/2114189/3c2b34a7-4f92-4a6c-96fd-9505e413d4ec)
2023-12-15 15:49:01 +00:00
Nanguan Lin 70f8d10fc5
move the gitea admin subcommands into separate files ()
As title.
Probably it's better to put those sub cmd to different dirs. Will do
that in the future.
2023-09-27 12:25:38 +00:00
JakobDev 7047df36d4
Another round of db.DefaultContext refactor ()
Part of 

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-09-25 13:17:37 +00:00
wxiaoguang f42cd4561b
Call git.InitSimple for runRepoSyncReleases ()
Fix 

Otherwise, the git module is not initialized and it doesn't respect the
"timeout" config in app.ini
2023-08-10 22:42:48 +00:00
wxiaoguang 478f36a538
Add missing default value for some Bool cli flags ()
In  I forgot to add default values to some Bool flags (which were
BoolT in cli/v1, BoolT means default to be true)

This PR adds the default "Value" for them.

```
./cmd/manager_logging.go:							}, cli.BoolTFlag{
./cmd/manager_logging.go-								Name:  "rotate, r",
./cmd/manager_logging.go-								Usage: "Rotate logs",
--
./cmd/manager_logging.go:							}, cli.BoolTFlag{
./cmd/manager_logging.go-								Name:  "daily, d",
./cmd/manager_logging.go-								Usage: "Rotate logs daily",
--
./cmd/manager_logging.go:							}, cli.BoolTFlag{
./cmd/manager_logging.go-								Name:  "compress, z",
./cmd/manager_logging.go-								Usage: "Compress rotated logs",
--
./cmd/admin.go:		cli.BoolTFlag{
./cmd/admin.go-			Name:  "force-smtps",
./cmd/admin.go-			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
--
./cmd/admin.go:		cli.BoolTFlag{
./cmd/admin.go-			Name:  "skip-verify",
./cmd/admin.go-			Usage: "Skip TLS verify.",
--
./cmd/admin.go:		cli.BoolTFlag{
./cmd/admin.go-			Name:  "disable-helo",
./cmd/admin.go-			Usage: "Disable SMTP helo.",
--
./cmd/admin.go:		cli.BoolTFlag{
./cmd/admin.go-			Name:  "skip-local-2fa",
./cmd/admin.go-			Usage: "Skip 2FA to log on.",
--
./cmd/admin.go:		cli.BoolTFlag{
./cmd/admin.go-			Name:  "active",
./cmd/admin.go-			Usage: "This Authentication Source is Activated.",
```
2023-07-24 06:49:18 +00:00
delvh f3d41c61eb
Remove db.DefaultContext in routers/ and cmd/ ()
Now, the only remaining usages of `models.db.DefaultContext` are in
  - `modules`
  - `models`
  - `services`
2023-07-23 23:47:27 -04:00
wxiaoguang d0dbe52e76
Refactor to use urfave/cli/v2 ()
Replace 

And there are many new tests to cover the CLI behavior

There were some concerns about the "option order in hook scripts"
(https://github.com/go-gitea/gitea/pull/10912#issuecomment-1137543314),
it's not a problem now. Because the hook script uses `/gitea hook
--config=/app.ini pre-receive` format. The "config" is a global option,
it can appear anywhere.

----

## ⚠️ BREAKING ⚠️

This PR does it best to avoid breaking anything. The major changes are:

* `gitea` itself won't accept web's options: `--install-port` / `--pid`
/ `--port` / `--quiet` / `--verbose` .... They are `web` sub-command's
options.
    * Use `./gitea web --pid ....` instead
* `./gitea` can still run the `web` sub-command as shorthand, with
default options
* The sub-command's options must follow the sub-command
* Before: `./gitea --sub-opt subcmd` might equal to `./gitea subcmd
--sub-opt` (well, might not ...)
    * After: only `./gitea subcmd --sub-opt` could be used
    * The global options like `--config` are not affected
2023-07-21 17:28:19 +08:00
zeripath dad057b639
Handle OpenID discovery URL errors a little nicer when creating/editing sources ()
When there is an error creating a new openIDConnect authentication
source try to handle the error a little better.

Close 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-03-10 01:14:43 -05:00
zeripath aa1d95300a
Add command to bulk set must-change-password ()
As part of administration sometimes it is appropriate to forcibly tell
users to update their passwords.

This PR creates a new command `gitea admin user must-change-password`
which will set the `MustChangePassword` flag on the provided users.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-14 16:12:19 -06:00
KN4CK3R e8186f1c0f
Map OIDC groups to Orgs/Teams ()
Fixes 

Test-Instructions:
https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000

This PR implements the mapping of user groups provided by OIDC providers
to orgs teams in Gitea. The main part is a refactoring of the existing
LDAP code to make it usable from different providers.

Refactorings:
- Moved the router auth code from module to service because of import
cycles
- Changed some model methods to take a `Context` parameter
- Moved the mapping code from LDAP to a common location

I've tested it with Keycloak but other providers should work too. The
JSON mapping format is the same as for LDAP.


![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png)

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-08 14:44:42 +08:00
Adi c13eb8e6b3
Add CLI option tenant ID for oauth2 source ()
Fixes 
2023-02-05 22:12:13 -06:00
yp05327 e35f8e15a6
add default user visibility to cli command "admin user create" ()
Fixes https://github.com/go-gitea/gitea/issues/22523
2023-02-04 17:35:04 +00:00
Lukas 3f2e721372
Allow setting access token scope by CLI ()
Followup for  to allow setting the scopes when creating new access
token via CLI.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-02-02 11:10:37 +08:00
Jason Song 477a1cc40e
Improve utils of slices ()
- Move the file `compare.go` and `slice.go` to `slice.go`.
- Fix `ExistsInSlice`, it's buggy
  - It uses `sort.Search`, so it assumes that the input slice is sorted.
- It passes `func(i int) bool { return slice[i] == target })` to
`sort.Search`, that's incorrect, check the doc of `sort.Search`.
- Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string,
[]string)` to `SliceContains[T]([]T, T)`.
- Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string,
[]string)` to `SliceSortedEqual[T]([]T, T)`.
- Add `SliceEqual[T]([]T, T)` as a distinction from
`SliceSortedEqual[T]([]T, T)`.
- Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to
`SliceRemoveAll[T]([]T, T) []T`.
- Add `SliceContainsFunc[T]([]T, func(T) bool)` and
`SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use.
- Add comments to explain why not `golang.org/x/exp/slices`.
- Add unit tests.
2023-01-11 13:31:16 +08:00
Lunny Xiao 68704532c2
Rename almost all Ctx functions () 2022-12-10 10:46:31 +08:00
Lunny Xiao 0a7d3ff786
refactor some functions to support ctx as first parameter ()
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-12-03 10:48:26 +08:00
flynnnnnnnnnn e81ccc406b
Implement FSFE REUSE for golang files ()
Change all license headers to comply with REUSE specification.

Fix 

Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 18:20:29 +00:00
KN4CK3R 044c754ea5
Add context.Context to more methods ()
This PR adds a context parameter to a bunch of methods. Some helper
`xxxCtx()` methods got replaced with the normal name now.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 16:12:33 +08:00
wxiaoguang fb704f6c72
Revert unrelated changes for SMTP auth ()
The purpose of  is to improve the SMTP mailer, but there were some
unrelated changes made to the SMTP auth in
d60c438694

This PR reverts these unrelated changes, fix 
2022-11-10 16:12:23 -05:00
delvh 0ebb45cfe7
Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) ()
Found using
`find . -type f -name '*.go' -print -exec vim {} -c
':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;`

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-24 20:29:17 +01:00
Lunny Xiao 1d8543e7db
Move some files into models' sub packages ()
* Move some files into models' sub packages

* Move functions

* merge main branch

* Fix check

* fix check

* Fix some tests

* Fix lint

* Fix lint

* Revert lint changes

* Fix error comments

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
Clar Fon 036dd8a788
Rework mailer settings ()
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 13:24:18 +08:00
Tyrone Yeh 4c7e51ee3a
Add two factor status to admin cmd display () 2022-07-19 09:43:49 +01:00
zeripath bffa303020
Add option to purge users ()
Add the ability to purge users when deleting them.

Close 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-07-14 08:22:09 +01:00
Lunny Xiao 26095115f4
Move some repository related code into sub package ()
* Move some repository related code into sub package

* Move more repository functions out of models

* Fix lint

* Some performance optimization for webhooks and others

* some refactors

* Fix lint

* Fix

* Update modules/repository/delete.go

Co-authored-by: delvh <dev.lh@web.de>

* Fix test

* Merge

* Fix test

* Fix test

* Fix test

* Fix test

Co-authored-by: delvh <dev.lh@web.de>
2022-06-06 16:01:49 +08:00
Lunny Xiao fd7d83ace6
Move almost all functions' parameter db.Engine to context.Context ()
* Move almost all functions' parameter db.Engine to context.Context
* remove some unnecessary wrap functions
2022-05-20 22:08:52 +08:00
6543 e2a3f3d259
Federation: return useful statistic information for nodeinfo ()
Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
2022-05-02 21:35:45 +08:00
Jimmy Praet 5aebc4f000
Respect DefaultUserIsRestricted system default when creating new user ()
* Apply DefaultUserIsRestricted in CreateUser

* Enforce system defaults in CreateUser

Allow for overwrites with CreateUserOverwriteOptions

* Fix compilation errors

* Add "restricted" option to create user command

* Add "restricted" option to create user admin api

* Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed

* Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed"

This reverts commit ee95d3e8dc.
2022-04-29 15:38:11 -04:00
6543 3e88af898a
Make git.OpenRepository accept Context ()
* OpenRepositoryCtx -> OpenRepository
* OpenRepository -> openRepositoryWithDefaultContext, only for internal usage
2022-03-30 03:13:41 +08:00
wxiaoguang 7a550b3af2
Use ctx instead of db.DefaultContext in some packages(routers/services/modules) ()
* Remove `db.DefaultContext` usage in routers, use `ctx` directly

* Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services`

* Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages

* fix incorrect context usage
2022-03-22 16:22:54 +01:00
mscherer 95c8d53d28
Add a "admin user generate-access-token" subcommand ()
* Add a "admin user generate-access-token" subcommand

Fixes 

* Update cmd/admin.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

* Update cmd/admin.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

* Fix code to match new interfaces

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-03-04 19:53:35 +00:00
6543 54e9ee37a7
format with gofumpt ()
* gofumpt -w -l .

* gofumpt -w -l -extra .

* Add linter

* manual fix

* change make fmt
2022-01-20 18:46:10 +01:00
zeripath 5cb0c9aa0d
Propagate context and ensure git commands run in request context ()
This PR continues the work in  by progressively ensuring that git
commands run within the request context.

This now means that the if there is a git repo already open in the context it will be used instead of reopening it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 23:26:57 +00:00
Zoran Peričić 17b2079f3e
Add/update SMTP auth providers via cli ()
Allow adding/updating SMTP authentication source via CLI using:
- gitea admin  auth add-smtp 
- gitea admin  auth update-smtp

Signed-off-by: Zoran Peričić <zpericic@netst.org>
2022-01-12 22:54:53 +00:00
Lunny Xiao de8e3948a5
Refactor auth package () 2022-01-02 21:12:35 +08:00
zeripath d29b689f81
Ensure complexity, minlength and ispwned are checked on password setting ()
It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-17 10:03:39 +08:00
zeripath 0981ec30c3
Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes ()
* Add setting to OAuth handlers to override local 2FA settings

This PR adds a setting to OAuth and OpenID login sources to allow the source to
override local 2FA requirements.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix regression from 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add scopes settings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix trace logging in auth_openid

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add required claim options

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move UpdateExternalUser to externalaccount

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Allow OAuth2/OIDC to set Admin/Restricted status

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Allow use of the same group claim name for the prohibit login value

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup! Move UpdateExternalUser to externalaccount

* as per wxiaoguang

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add label back in

Signed-off-by: Andrew Thornton <art27@cantab.net>

* adjust localisation

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-14 16:37:11 +08:00
Lunny Xiao 3ca5dc7e32
Move keys to models/asymkey ()
* Move keys to models/keys

* Rename models/keys -> models/asymkey

* change the missed package name

* Fix package alias

* Fix test

* Fix docs

* Fix test

* Fix test

* merge
2021-12-10 16:14:24 +08:00
Lunny Xiao a666829a37
Move user related model into models/user ()
* Move user related model into models/user

* Fix lint for windows

* Fix windows lint

* Fix windows lint

* Move some tests in models

* Merge
2021-11-24 17:49:20 +08:00
Lunny Xiao baed01f247
Remove unnecessary attributes of User struct ()
* Remove unnecessary functions of User struct

* Move more database methods out of user struct

* Move more database methods out of user struct

* Fix template failure

* Fix bug

* Remove finished FIXME

* remove unnecessary code
2021-11-22 23:21:55 +08:00
KN4CK3R f34151bdb2
Move user/org deletion to services () 2021-11-19 01:42:27 +08:00
Lunny Xiao 5233051e64
Move some functions into services/repository () 2021-11-17 23:17:31 +08:00
Lunny Xiao 69b61d4373
Fix bug on admin subcommand ()
* Fix bug on admin subcommand

* Add signals for all initDB

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-11-07 11:11:27 +08:00
Lunny Xiao 5842a55b31
Move login related structs and functions to models/login ()
* Move login related structs and functions to models/login

* Fix test

* Fix lint

* Fix lint

* Fix lint of windows

* Fix lint

* Fix test

* Fix test

* Only load necessary fixtures when preparing unit tests envs

* Fix lint

* Fix test

* Fix test

* Fix error log

* Fix error log

* Fix error log

* remove unnecessary change

* fix error log

* merge main branch
2021-09-24 19:32:56 +08:00
zeripath 9ca0e7905c
Add setting to OAuth handlers to skip local 2FA authentication ()
This PR adds a setting to OAuth and OpenID login sources to allow the source to
skip local 2FA authentication.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-10 18:37:57 +02:00
zeripath 5d2e11eedb
Refactor: Move login out of models ()
`models` does far too much. In particular it handles all `UserSignin`.

It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in.

Therefore we should move this code out of `models`.

This code has to depend on `models` - therefore it belongs in `services`.

There is a package in `services` called `auth` and clearly this functionality belongs in there.

Plan:

- [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication.
- [x] Move `models.UserSignIn` into `auth`
- [x] Move `models.ExternalUserLogin`
- [x] Move most of the `LoginVia*` methods to `auth` or subpackages
- [x] Move Resynchronize functionality to `auth`
  - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files.
- [x] Move the rest of the LDAP functionality in to the ldap subpackage
- [x] Re-factor the login sources to express an interfaces `auth.Source`?
  - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future
- [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable
- [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2
  - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models.
  - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 
- [x] More simplifications of login_source.go may need to be done
- Allow wiring in of notify registration -  *this can now easily be done - but I think we should do it in another PR*  - see  
- More refactors...?
  - OpenID should probably become an auth Method but I think that can be left for another PR
  - Methods should also probably be cleaned up  - again another PR I think.
  - SSPI still needs more refactors.* Rename auth.Auth auth.Method
* Restructure ssh_key.go

- move functions from models/user.go that relate to ssh_key to ssh_key
- split ssh_key.go to try create clearer function domains for allow for
future refactors here.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-24 11:16:34 +01:00
Lunny Xiao e7fc078891
Fix missing storage init () 2021-04-22 18:48:47 +02:00
6543 9c4601bdf8
Code Formats, Nits & Unused Func/Var deletions ()
* _ to unused func options

* rm useless brakets

* rm trifial non used models functions

* rm dead code

* rm dead global vars

* fix routers/api/v1/repo/issue.go

* dont overload import module
2021-04-09 09:40:34 +02:00
6543 74a0481586
[Refactor] Passwort Hash/Set ()
* move SaltGeneration into HashPasswort and rename it to what it does

* Migration: Where Password is Valid with Empty String delete it

* prohibit empty password hash

* let SetPassword("") unset pwd stuff
2021-01-10 20:05:18 +02:00
Daniil Pankratov 3175d08626
CLI support for OAuth sources custom icons ()
Co-authored-by: Daniil Pankratov <daniil.pankratov@t-systems.com>
2020-12-28 09:39:12 +01:00