Enforce Gitea environment for pushes (#8982)

* Enforce Gitea environment for pushes

* Update custom/conf/app.ini.sample

Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>

diff --git a/cmd/hook.go b/cmd/hook.go
index f07568dd8b20d3347f3697bdd0ce671ef10b5eb7..9f547362da9b24d427e703ca57ed9588091e0c28 100644 (file)
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -16,6 +16,7 @@ import (
        "code.gitea.io/gitea/models"
        "code.gitea.io/gitea/modules/git"
        "code.gitea.io/gitea/modules/private"
+       "code.gitea.io/gitea/modules/setting"
 
        "github.com/urfave/cli"
 )
@@ -55,7 +56,13 @@ var (
 
 func runHookPreReceive(c *cli.Context) error {
        if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-               return nil
+               if setting.OnlyAllowPushIfGiteaEnvironmentSet {
+                       fail(`Rejecting changes as Gitea environment not set.
+If you are pushing over SSH you must push with a key managed by
+Gitea or set your environment appropriately.`, "")
+               } else {
+                       return nil
+               }
        }
 
        setup("hooks/pre-receive.log")
@@ -115,7 +122,13 @@ func runHookPreReceive(c *cli.Context) error {
 
 func runHookUpdate(c *cli.Context) error {
        if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-               return nil
+               if setting.OnlyAllowPushIfGiteaEnvironmentSet {
+                       fail(`Rejecting changes as Gitea environment not set.
+If you are pushing over SSH you must push with a key managed by
+Gitea or set your environment appropriately.`, "")
+               } else {
+                       return nil
+               }
        }
 
        setup("hooks/update.log")
@@ -125,7 +138,13 @@ func runHookUpdate(c *cli.Context) error {
 
 func runHookPostReceive(c *cli.Context) error {
        if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-               return nil
+               if setting.OnlyAllowPushIfGiteaEnvironmentSet {
+                       fail(`Rejecting changes as Gitea environment not set.
+If you are pushing over SSH you must push with a key managed by
+Gitea or set your environment appropriately.`, "")
+               } else {
+                       return nil
+               }
        }
 
        setup("hooks/post-receive.log")

diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
index 5e26171d9e1d524eac21e6e257829694b36e2677..34c3ee9db5466a7c543addc241919af4a3a3a38d 100644 (file)
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -190,7 +190,7 @@ PROTOCOL = http
 DOMAIN = localhost
 ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 ; when STATIC_URL_PREFIX is empty it will follow APP_URL
-STATIC_URL_PREFIX = 
+STATIC_URL_PREFIX =
 ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
 HTTP_ADDR = 0.0.0.0
 HTTP_PORT = 3000
@@ -383,6 +383,8 @@ MIN_PASSWORD_LENGTH = 6
 IMPORT_LOCAL_PATHS = false
 ; Set to true to prevent all users (including admin) from creating custom git hooks
 DISABLE_GIT_HOOKS = false
+; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
+ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
 ;Comma separated list of character classes required to pass minimum complexity.
 ;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used.
 ;Use "off" to disable checking.
@@ -515,9 +517,9 @@ SKIP_TLS_VERIFY = false
 ; Number of history information in each page
 PAGING_NUM = 10
 ; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
-PROXY_URL = 
+PROXY_URL =
 ; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
-PROXY_HOSTS = 
+PROXY_HOSTS =
 
 [mailer]
 ENABLED = false

diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index 68c33f7109a62acccaba085f5ed87bf9c8afbb40..ab353f9d5aa6f2a1a7d017b2ae5c00cc3d89e2d3 100644 (file)
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -244,6 +244,7 @@ relation to port exhaustion.
    authentication provided email.
 - `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
    git hooks.
+- `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
 - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
 - `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index f3dd45d7bf9667f33581c2dfdecdfc55fa1dc96d..c0b9b99e3cbbeeea80e15910ed10a666ede6e496 100644 (file)
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -140,18 +140,19 @@ var (
        }
 
        // Security settings
-       InstallLock           bool
-       SecretKey             string
-       LogInRememberDays     int
-       CookieUserName        string
-       CookieRememberName    string
-       ReverseProxyAuthUser  string
-       ReverseProxyAuthEmail string
-       MinPasswordLength     int
-       ImportLocalPaths      bool
-       DisableGitHooks       bool
-       PasswordComplexity    []string
-       PasswordHashAlgo      string
+       InstallLock                        bool
+       SecretKey                          string
+       LogInRememberDays                  int
+       CookieUserName                     string
+       CookieRememberName                 string
+       ReverseProxyAuthUser               string
+       ReverseProxyAuthEmail              string
+       MinPasswordLength                  int
+       ImportLocalPaths                   bool
+       DisableGitHooks                    bool
+       OnlyAllowPushIfGiteaEnvironmentSet bool
+       PasswordComplexity                 []string
+       PasswordHashAlgo                   string
 
        // UI settings
        UI = struct {
@@ -778,6 +779,7 @@ func NewContext() {
        MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
        ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
        DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false)
+       OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true)
        PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2")
        CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)