diff options
| author | Stefan Kalscheuer <stefan@stklcode.de> | 2017-07-15 16:21:51 +0200 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2017-07-15 22:21:51 +0800 |
| commit | 0b177574c92b2f8c4a4d0d9de01ff1bf5eda06a2 (patch) | |
| tree | 9b0d900298ec2054b216271c556500c25ab7ddf5 | |
| parent | 32f289ae3b88f0a33723fe51b808d1633cd6716a (diff) | |
| download | gitea-0b177574c92b2f8c4a4d0d9de01ff1bf5eda06a2.tar.gz gitea-0b177574c92b2f8c4a4d0d9de01ff1bf5eda06a2.zip | |
Only show SSH clone URL if signed in (#2169) (#2170)
* Add configuration flag SSH_EXPOSE_ANONYMOUS
If this flag (default True) is set to false, the SSH clone URL will only be exposed if the current user is signed in.
* Default SSH exposure set to false
To match GitHub and for security reasons, SSH URL exposure is disabled by default.
In addition to that. minor code changes have been applied.
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
* Add integration tests
* Hide clone button neither HTTP and SSH is enabled
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
| -rw-r--r-- | conf/app.ini | 2 | ||||
| -rw-r--r-- | integrations/repo_test.go | 37 | ||||
| -rw-r--r-- | modules/context/repo.go | 1 | ||||
| -rw-r--r-- | modules/setting/setting.go | 2 | ||||
| -rw-r--r-- | templates/repo/bare.tmpl | 8 | ||||
| -rw-r--r-- | templates/repo/home.tmpl | 12 | ||||
| -rw-r--r-- | templates/repo/wiki/view.tmpl | 12 |
7 files changed, 61 insertions, 13 deletions
diff --git a/conf/app.ini b/conf/app.ini index 8f04435b5f..bb0654e2e2 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -126,6 +126,8 @@ SSH_KEY_TEST_PATH = SSH_KEYGEN_PATH = ssh-keygen ; Enable SSH Authorized Key Backup when rewriting all keys, default is true SSH_BACKUP_AUTHORIZED_KEYS = true +; Enable exposure of SSH clone URL to anonymous visitors, default is false +SSH_EXPOSE_ANONYMOUS = false ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode diff --git a/integrations/repo_test.go b/integrations/repo_test.go index 004156b446..f5ba4d8d82 100644 --- a/integrations/repo_test.go +++ b/integrations/repo_test.go @@ -5,8 +5,13 @@ package integrations import ( + "fmt" "net/http" "testing" + + "code.gitea.io/gitea/modules/setting" + + "github.com/stretchr/testify/assert" ) func TestViewRepo(t *testing.T) { @@ -37,3 +42,35 @@ func TestViewRepo3(t *testing.T) { session := loginUser(t, "user3") session.MakeRequest(t, req, http.StatusOK) } + +func TestViewRepo1CloneLinkAnonymous(t *testing.T) { + prepareTestEnv(t) + + req := NewRequest(t, "GET", "/user2/repo1") + resp := MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + link, exists := htmlDoc.doc.Find("#repo-clone-https").Attr("data-link") + assert.True(t, exists, "The template has changed") + assert.Equal(t, setting.AppURL+"user2/repo1.git", link) + _, exists = htmlDoc.doc.Find("#repo-clone-ssh").Attr("data-link") + assert.False(t, exists) +} + +func TestViewRepo1CloneLinkAuthorized(t *testing.T) { + prepareTestEnv(t) + + session := loginUser(t, "user2") + + req := NewRequest(t, "GET", "/user2/repo1") + resp := session.MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + link, exists := htmlDoc.doc.Find("#repo-clone-https").Attr("data-link") + assert.True(t, exists, "The template has changed") + assert.Equal(t, setting.AppURL+"user2/repo1.git", link) + link, exists = htmlDoc.doc.Find("#repo-clone-ssh").Attr("data-link") + assert.True(t, exists, "The template has changed") + sshURL := fmt.Sprintf("%s@%s:user2/repo1.git", setting.RunUser, setting.SSH.Domain) + assert.Equal(t, sshURL, link) +} diff --git a/modules/context/repo.go b/modules/context/repo.go index e46170b76d..d636496f50 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -285,6 +285,7 @@ func RepoAssignment() macaron.Handler { ctx.Data["IsRepositoryWriter"] = ctx.Repo.IsWriter() ctx.Data["DisableSSH"] = setting.SSH.Disabled + ctx.Data["ExposeAnonSSH"] = setting.SSH.ExposeAnonymous ctx.Data["DisableHTTP"] = setting.Repository.DisableHTTPGit ctx.Data["CloneLink"] = repo.CloneLink() ctx.Data["WikiCloneLink"] = repo.WikiCloneLink() diff --git a/modules/setting/setting.go b/modules/setting/setting.go index f24a87653b..82187e81be 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -99,6 +99,7 @@ var ( AuthorizedKeysBackup bool `ini:"SSH_AUTHORIZED_KEYS_BACKUP"` MinimumKeySizeCheck bool `ini:"-"` MinimumKeySizes map[string]int `ini:"-"` + ExposeAnonymous bool `ini:"SSH_EXPOSE_ANONYMOUS"` }{ Disabled: false, StartBuiltinServer: false, @@ -707,6 +708,7 @@ func NewContext() { } } SSH.AuthorizedKeysBackup = sec.Key("SSH_AUTHORIZED_KEYS_BACKUP").MustBool(true) + SSH.ExposeAnonymous = sec.Key("SSH_EXPOSE_ANONYMOUS").MustBool(false) if err = Cfg.Section("server").MapTo(&LFS); err != nil { log.Fatal(4, "Failed to map LFS settings: %v", err) diff --git a/templates/repo/bare.tmpl b/templates/repo/bare.tmpl index b72738fe34..bd37228ad1 100644 --- a/templates/repo/bare.tmpl +++ b/templates/repo/bare.tmpl @@ -28,9 +28,11 @@ {{else}} <input id="repo-clone-url" value="{{$.CloneLink.SSH}}" readonly> {{end}} - <button class="ui basic button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url"> - <i class="octicon octicon-clippy"></i> - </button> + {{if not (and $.DisableHTTP $.DisableSSH)}} + <button class="ui basic button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url"> + <i class="octicon octicon-clippy"></i> + </button> + {{end}} </div> </div> <div class="ui divider"></div> diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl index 664326c562..5af574ee04 100644 --- a/templates/repo/home.tmpl +++ b/templates/repo/home.tmpl @@ -56,19 +56,21 @@ {{if UseHTTPS}}HTTPS{{else}}HTTP{{end}} </button> {{end}} - {{if not $.DisableSSH}} + {{if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}} <button class="ui basic clone button" id="repo-clone-ssh" data-link="{{.CloneLink.SSH}}"> SSH </button> {{end}} {{if not $.DisableHTTP}} <input id="repo-clone-url" value="{{$.CloneLink.HTTPS}}" readonly> - {{else}} + {{else if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}} <input id="repo-clone-url" value="{{$.CloneLink.SSH}}" readonly> {{end}} - <button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url"> - <i class="octicon octicon-clippy"></i> - </button> + {{if or ((not $.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)))}} + <button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url"> + <i class="octicon octicon-clippy"></i> + </button> + {{end}} <div class="ui basic jump dropdown icon button poping up" data-content="{{.i18n.Tr "repo.download_archive"}}" data-variation="tiny inverted" data-position="top right"> <i class="download icon"></i> <div class="menu"> diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl index b9aa4e9560..8eab1ac07b 100644 --- a/templates/repo/wiki/view.tmpl +++ b/templates/repo/wiki/view.tmpl @@ -35,19 +35,21 @@ {{if UseHTTPS}}HTTPS{{else}}HTTP{{end}} </button> {{end}} - {{if not $.DisableSSH}} + {{if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}} <button class="ui basic clone button" id="repo-clone-ssh" data-link="{{.WikiCloneLink.SSH}}"> SSH </button> {{end}} {{if not $.DisableHTTP}} <input id="repo-clone-url" value="{{$.WikiCloneLink.HTTPS}}" readonly> - {{else}} + {{else if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}} <input id="repo-clone-url" value="{{$.WikiCloneLink.SSH}}" readonly> {{end}} - <button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url"> - <i class="octicon octicon-clippy"></i> - </button> + {{if or ((not $.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)))}} + <button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url"> + <i class="octicon octicon-clippy"></i> + </button> + {{end}} </div> </div> </div> |