aboutsummaryrefslogtreecommitdiffstats
path: root/cmd/admin.go
Commit message (Collapse)AuthorAgeFilesLines
* Handle OpenID discovery URL errors a little nicer when creating/editing ↵zeripath2023-03-101-1/+10
| | | | | | | | | | | sources (#23397) When there is an error creating a new openIDConnect authentication source try to handle the error a little better. Close #23283 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add command to bulk set must-change-password (#22823)zeripath2023-02-141-406/+0
| | | | | | | | | As part of administration sometimes it is appropriate to forcibly tell users to update their passwords. This PR creates a new command `gitea admin user must-change-password` which will set the `MustChangePassword` flag on the provided users. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Map OIDC groups to Orgs/Teams (#21441)KN4CK3R2023-02-081-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #19555 Test-Instructions: https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000 This PR implements the mapping of user groups provided by OIDC providers to orgs teams in Gitea. The main part is a refactoring of the existing LDAP code to make it usable from different providers. Refactorings: - Moved the router auth code from module to service because of import cycles - Changed some model methods to take a `Context` parameter - Moved the mapping code from LDAP to a common location I've tested it with Keycloak but other providers should work too. The JSON mapping format is the same as for LDAP. ![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png) --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add CLI option tenant ID for oauth2 source (#22769)Adi2023-02-051-0/+11
| | | Fixes #22713
* add default user visibility to cli command "admin user create" (#22750)yp053272023-02-041-0/+4
| | | | Fixes https://github.com/go-gitea/gitea/issues/22523
* Allow setting access token scope by CLI (#22648)Lukas2023-02-021-2/+13
| | | | | | | Followup for #20908 to allow setting the scopes when creating new access token via CLI. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Improve utils of slices (#22379)Jason Song2023-01-111-1/+1
| | | | | | | | | | | | | | | | | | | - Move the file `compare.go` and `slice.go` to `slice.go`. - Fix `ExistsInSlice`, it's buggy - It uses `sort.Search`, so it assumes that the input slice is sorted. - It passes `func(i int) bool { return slice[i] == target })` to `sort.Search`, that's incorrect, check the doc of `sort.Search`. - Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string, []string)` to `SliceContains[T]([]T, T)`. - Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string, []string)` to `SliceSortedEqual[T]([]T, T)`. - Add `SliceEqual[T]([]T, T)` as a distinction from `SliceSortedEqual[T]([]T, T)`. - Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to `SliceRemoveAll[T]([]T, T) []T`. - Add `SliceContainsFunc[T]([]T, func(T) bool)` and `SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use. - Add comments to explain why not `golang.org/x/exp/slices`. - Add unit tests.
* Rename almost all Ctx functions (#22071)Lunny Xiao2022-12-101-0/+1
|
* refactor some functions to support ctx as first parameter (#21878)Lunny Xiao2022-12-031-1/+1
| | | | Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Lauris BH <lauris@nix.lv>
* Implement FSFE REUSE for golang files (#21840)flynnnnnnnnnn2022-11-271-2/+1
| | | | | | | | | Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Add `context.Context` to more methods (#21546)KN4CK3R2022-11-191-1/+1
| | | | | | | This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Revert unrelated changes for SMTP auth (#21767)wxiaoguang2022-11-101-4/+4
| | | | | | | The purpose of #18982 is to improve the SMTP mailer, but there were some unrelated changes made to the SMTP auth in https://github.com/go-gitea/gitea/pull/18982/commits/d60c43869420f5fc43ad19b454c9ae50dad65964 This PR reverts these unrelated changes, fix #21744
* Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)delvh2022-10-241-2/+2
| | | | | | | | | Found using `find . -type f -name '*.go' -print -exec vim {} -c ':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;` Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move some files into models' sub packages (#20262)Lunny Xiao2022-08-251-18/+17
| | | | | | | | | | | | | | | | | | | | | | | | | * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
* Rework mailer settings (#18982)Clar Fon2022-08-021-4/+4
| | | | | | | | | | | * `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy * `SMTP_ADDR`: domain for SMTP, or path to unix socket * `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls` * `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname * `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY` * `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add two factor status to admin cmd display (#20401)Tyrone Yeh2022-07-191-2/+3
|
* Add option to purge users (#18064)zeripath2022-07-141-1/+5
| | | | | | | Add the ability to purge users when deleting them. Close #15588 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move some repository related code into sub package (#19711)Lunny Xiao2022-06-061-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move some repository related code into sub package * Move more repository functions out of models * Fix lint * Some performance optimization for webhooks and others * some refactors * Fix lint * Fix * Update modules/repository/delete.go Co-authored-by: delvh <dev.lh@web.de> * Fix test * Merge * Fix test * Fix test * Fix test * Fix test Co-authored-by: delvh <dev.lh@web.de>
* Move almost all functions' parameter db.Engine to context.Context (#19748)Lunny Xiao2022-05-201-3/+3
| | | | * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions
* Federation: return useful statistic information for nodeinfo (#19561)65432022-05-021-1/+1
| | | Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
* Respect DefaultUserIsRestricted system default when creating new user (#19310)Jimmy Praet2022-04-291-3/+17
| | | | | | | | | | | | | | | | | | | * Apply DefaultUserIsRestricted in CreateUser * Enforce system defaults in CreateUser Allow for overwrites with CreateUserOverwriteOptions * Fix compilation errors * Add "restricted" option to create user command * Add "restricted" option to create user admin api * Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed * Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed" This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033.
* Make git.OpenRepository accept Context (#19260)65432022-03-301-1/+1
| | | | | * OpenRepositoryCtx -> OpenRepository * OpenRepository -> openRepositoryWithDefaultContext, only for internal usage
* Use `ctx` instead of `db.DefaultContext` in some ↵wxiaoguang2022-03-221-1/+1
| | | | | | | | | | | | packages(routers/services/modules) (#19163) * Remove `db.DefaultContext` usage in routers, use `ctx` directly * Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services` * Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages * fix incorrect context usage
* Add a "admin user generate-access-token" subcommand (#17722)mscherer2022-03-041-0/+57
| | | | | | | | | | | | | | | | | | | | * Add a "admin user generate-access-token" subcommand Fixes #17721 * Update cmd/admin.go Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> * Update cmd/admin.go Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> * Fix code to match new interfaces Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* format with gofumpt (#18184)65432022-01-201-7/+3
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Propagate context and ensure git commands run in request context (#17868)zeripath2022-01-191-1/+1
| | | | | | | | | This PR continues the work in #17125 by progressively ensuring that git commands run within the request context. This now means that the if there is a git repo already open in the context it will be used instead of reopening it. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add/update SMTP auth providers via cli (#18197)Zoran Peričić2022-01-121-0/+181
| | | | | | | | Allow adding/updating SMTP authentication source via CLI using: - gitea admin auth add-smtp - gitea admin auth update-smtp Signed-off-by: Zoran Peričić <zpericic@netst.org>
* Refactor auth package (#17962)Lunny Xiao2022-01-021-9/+9
|
* Ensure complexity, minlength and ispwned are checked on password setting ↵zeripath2021-12-171-0/+4
| | | | | | | | | | | | (#18005) It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix #17977 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along ↵zeripath2021-12-141-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move keys to models/asymkey (#17917)Lunny Xiao2021-12-101-1/+2
| | | | | | | | | | | | | | | | | | | * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
* Move user related model into models/user (#17781)Lunny Xiao2021-11-241-10/+11
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Remove unnecessary attributes of User struct (#17745)Lunny Xiao2021-11-221-1/+1
| | | | | | | | | | | | | | | * Remove unnecessary functions of User struct * Move more database methods out of user struct * Move more database methods out of user struct * Fix template failure * Fix bug * Remove finished FIXME * remove unnecessary code
* Move user/org deletion to services (#17673)KN4CK3R2021-11-191-1/+2
|
* Move some functions into services/repository (#17677)Lunny Xiao2021-11-171-1/+2
|
* Fix bug on admin subcommand (#17533)Lunny Xiao2021-11-071-11/+44
| | | | | | | * Fix bug on admin subcommand * Add signals for all initDB Co-authored-by: Lauris BH <lauris@nix.lv>
* Move login related structs and functions to models/login (#17093)Lunny Xiao2021-09-241-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
* Add setting to OAuth handlers to skip local 2FA authentication (#16594)zeripath2021-09-101-0/+5
| | | | | | | | This PR adds a setting to OAuth and OpenID login sources to allow the source to skip local 2FA authentication. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor: Move login out of models (#16199)zeripath2021-07-241-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `models` does far too much. In particular it handles all `UserSignin`. It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in. Therefore we should move this code out of `models`. This code has to depend on `models` - therefore it belongs in `services`. There is a package in `services` called `auth` and clearly this functionality belongs in there. Plan: - [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication. - [x] Move `models.UserSignIn` into `auth` - [x] Move `models.ExternalUserLogin` - [x] Move most of the `LoginVia*` methods to `auth` or subpackages - [x] Move Resynchronize functionality to `auth` - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files. - [x] Move the rest of the LDAP functionality in to the ldap subpackage - [x] Re-factor the login sources to express an interfaces `auth.Source`? - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future - [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable - [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2 - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models. - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 - [x] More simplifications of login_source.go may need to be done - Allow wiring in of notify registration - *this can now easily be done - but I think we should do it in another PR* - see #16178 - More refactors...? - OpenID should probably become an auth Method but I think that can be left for another PR - Methods should also probably be cleaned up - again another PR I think. - SSPI still needs more refactors.* Rename auth.Auth auth.Method * Restructure ssh_key.go - move functions from models/user.go that relate to ssh_key to ssh_key - split ssh_key.go to try create clearer function domains for allow for future refactors here. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix missing storage init (#15589)Lunny Xiao2021-04-221-0/+5
|
* Code Formats, Nits & Unused Func/Var deletions (#15286)65432021-04-091-3/+3
| | | | | | | | | | | | | | | * _ to unused func options * rm useless brakets * rm trifial non used models functions * rm dead code * rm dead global vars * fix routers/api/v1/repo/issue.go * dont overload import module
* [Refactor] Passwort Hash/Set (#14282)65432021-01-101-3/+2
| | | | | | | | | * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff
* CLI support for OAuth sources custom icons (#14166)Daniil Pankratov2020-12-281-0/+10
| | | Co-authored-by: Daniil Pankratov <daniil.pankratov@t-systems.com>
* fix label of --id in admin delete user (#14005)zeripath2020-12-171-6/+35
| | | | | | | | | | | | | | | | | | | | | * fix label of --id in admin delete user This pr fixes the label descriptor of `gitea admin delete user` but also adds a `--username` option. Fix #13995 Signed-off-by: Andrew Thornton <art27@cantab.net> * fix-spacing Signed-off-by: Andrew Thornton <art27@cantab.net> * Add delete email support Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Whenever the password is updated ensure that the hash algorithm is too (#13966)zeripath2020-12-121-1/+1
| | | | | | | | | | | `user.HashPassword` may potentially - and in fact now likely does - change the `passwd_hash_algo` therefore whenever the `passwd` is updated, this also needs to be updated. Fix #13832 Thanks @fblaese for the hint Signed-off-by: Andrew Thornton <art27@cantab.net>
* Sendmail command (#13079)Maxim Zhiburt2020-10-241-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add SendSync method Usefull to have when you need to be confident that message was sent. * Add sendmail command * add checks that if either title or content is empty then error out * Add a confirmation step * Add --force option to bypass confirm step * Move implementation of runSendMail to a different file * Add copyrighting comment * Make content optional Print waring if it's empty or haven't been set up. The warning will be skiped if there's a `--force` flag. * Fix import style Co-authored-by: 6543 <6543@obermui.de> * Use batch when getting all users IterateUsers uses batching by default. Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com> * Send emails one by one instead of as one chunck Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com> * Send messages concurantly Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com> * Use SendAsync+Flush instead of SendSync Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com> * Add timeout parameter to sendemail command Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com> * Fix spelling mistake Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com> * Update cmd/admin.go Co-authored-by: 6543 <6543@obermui.de> * Connect to a running Gitea instance * Fix mispelling * Add copyright comment Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Improve users management through the CLI (#6001) (#10492)ydelafollye2020-10-151-5/+84
| | | | | | | | | | * Fix images in wiki edit preview (#11546) Make sure wiki editor sets wiki to true so gitea renders it as a wiki page. Also change the context data attr for edit form. This looks wrong but everywhere else in our code assumes the urlPrefix to be just the repo url when rendering and manually adds /wiki to the rendered url regardless. Fixes #11540
* Check passwords against HaveIBeenPwned (#12716)John Olheiser2020-09-081-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply suggestions mrsdizzie Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Add link to HIBP Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add more details to admin command Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Consistency and making some noise ;) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: zeripath <art27@cantab.net>
* make `gitea admin auth list` formatting configurable (#10844)zeripath2020-03-271-1/+37
| | | | | | | | | * make admin auth list formatting configurable Signed-off-by: Andrew Thornton <art27@cantab.net> * As per @guillep2k Signed-off-by: Andrew Thornton <art27@cantab.net>
* API add/generalize pagination (#9452)SpaWn2KiLl2020-01-241-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>