aboutsummaryrefslogtreecommitdiffstats
path: root/cmd/admin.go
Commit message (Collapse)AuthorAgeFilesLines
* Simplify how git repositories are opened (#28937)Lunny Xiao2024-01-271-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Purpose This is a refactor toward building an abstraction over managing git repositories. Afterwards, it does not matter anymore if they are stored on the local disk or somewhere remote. ## What this PR changes We used `git.OpenRepository` everywhere previously. Now, we should split them into two distinct functions: Firstly, there are temporary repositories which do not change: ```go git.OpenRepository(ctx, diskPath) ``` Gitea managed repositories having a record in the database in the `repository` table are moved into the new package `gitrepo`: ```go gitrepo.OpenRepository(ctx, repo_model.Repo) ``` Why is `repo_model.Repository` the second parameter instead of file path? Because then we can easily adapt our repository storage strategy. The repositories can be stored locally, however, they could just as well be stored on a remote server. ## Further changes in other PRs - A Git Command wrapper on package `gitrepo` could be created. i.e. `NewCommand(ctx, repo_model.Repository, commands...)`. `git.RunOpts{Dir: repo.RepoPath()}`, the directory should be empty before invoking this method and it can be filled in the function only. #28940 - Remove the `RepoPath()`/`WikiPath()` functions to reduce the possibility of mistakes. --------- Co-authored-by: delvh <dev.lh@web.de>
* Move more functions to db.Find (#28419)Lunny Xiao2024-01-151-2/+2
| | | | | | | | | Following #28220 This PR move more functions to use `db.Find`. --------- Co-authored-by: delvh <dev.lh@web.de>
* Improve CLI code and descriptions (#28482)wxiaoguang2023-12-151-1/+1
| | | | | | | | | | * Close #28444 * Actually, it doesn't need to use that trick because it looks like it is not necessary, no user really needs it * Remove the hidden (legacy) "doctor" subcommand and update documents * Fix "actions" usage ![image](https://github.com/go-gitea/gitea/assets/2114189/3c2b34a7-4f92-4a6c-96fd-9505e413d4ec)
* move the `gitea admin` subcommands into separate files (#27307)Nanguan Lin2023-09-271-610/+7
| | | | | As title. Probably it's better to put those sub cmd to different dirs. Will do that in the future.
* Another round of `db.DefaultContext` refactor (#27103)JakobDev2023-09-251-2/+2
| | | | | | | Part of #27065 --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Call git.InitSimple for runRepoSyncReleases (#26396)wxiaoguang2023-08-101-0/+4
| | | | | | Fix #26394 Otherwise, the git module is not initialized and it doesn't respect the "timeout" config in app.ini
* Add missing default value for some Bool cli flags (#26082)wxiaoguang2023-07-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In #25959 I forgot to add default values to some Bool flags (which were BoolT in cli/v1, BoolT means default to be true) This PR adds the default "Value" for them. ``` ./cmd/manager_logging.go: }, cli.BoolTFlag{ ./cmd/manager_logging.go- Name: "rotate, r", ./cmd/manager_logging.go- Usage: "Rotate logs", -- ./cmd/manager_logging.go: }, cli.BoolTFlag{ ./cmd/manager_logging.go- Name: "daily, d", ./cmd/manager_logging.go- Usage: "Rotate logs daily", -- ./cmd/manager_logging.go: }, cli.BoolTFlag{ ./cmd/manager_logging.go- Name: "compress, z", ./cmd/manager_logging.go- Usage: "Compress rotated logs", -- ./cmd/admin.go: cli.BoolTFlag{ ./cmd/admin.go- Name: "force-smtps", ./cmd/admin.go- Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.", -- ./cmd/admin.go: cli.BoolTFlag{ ./cmd/admin.go- Name: "skip-verify", ./cmd/admin.go- Usage: "Skip TLS verify.", -- ./cmd/admin.go: cli.BoolTFlag{ ./cmd/admin.go- Name: "disable-helo", ./cmd/admin.go- Usage: "Disable SMTP helo.", -- ./cmd/admin.go: cli.BoolTFlag{ ./cmd/admin.go- Name: "skip-local-2fa", ./cmd/admin.go- Usage: "Skip 2FA to log on.", -- ./cmd/admin.go: cli.BoolTFlag{ ./cmd/admin.go- Name: "active", ./cmd/admin.go- Usage: "This Authentication Source is Activated.", ```
* Remove `db.DefaultContext` in `routers/` and `cmd/` (#26076)delvh2023-07-231-4/+5
| | | | | | Now, the only remaining usages of `models.db.DefaultContext` are in - `modules` - `models` - `services`
* Refactor to use urfave/cli/v2 (#25959)wxiaoguang2023-07-211-66/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace #10912 And there are many new tests to cover the CLI behavior There were some concerns about the "option order in hook scripts" (https://github.com/go-gitea/gitea/pull/10912#issuecomment-1137543314), it's not a problem now. Because the hook script uses `/gitea hook --config=/app.ini pre-receive` format. The "config" is a global option, it can appear anywhere. ---- ## ⚠️ BREAKING ⚠️ This PR does it best to avoid breaking anything. The major changes are: * `gitea` itself won't accept web's options: `--install-port` / `--pid` / `--port` / `--quiet` / `--verbose` .... They are `web` sub-command's options. * Use `./gitea web --pid ....` instead * `./gitea` can still run the `web` sub-command as shorthand, with default options * The sub-command's options must follow the sub-command * Before: `./gitea --sub-opt subcmd` might equal to `./gitea subcmd --sub-opt` (well, might not ...) * After: only `./gitea subcmd --sub-opt` could be used * The global options like `--config` are not affected
* Handle OpenID discovery URL errors a little nicer when creating/editing ↵zeripath2023-03-101-1/+10
| | | | | | | | | | | sources (#23397) When there is an error creating a new openIDConnect authentication source try to handle the error a little better. Close #23283 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add command to bulk set must-change-password (#22823)zeripath2023-02-141-406/+0
| | | | | | | | | As part of administration sometimes it is appropriate to forcibly tell users to update their passwords. This PR creates a new command `gitea admin user must-change-password` which will set the `MustChangePassword` flag on the provided users. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Map OIDC groups to Orgs/Teams (#21441)KN4CK3R2023-02-081-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #19555 Test-Instructions: https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000 This PR implements the mapping of user groups provided by OIDC providers to orgs teams in Gitea. The main part is a refactoring of the existing LDAP code to make it usable from different providers. Refactorings: - Moved the router auth code from module to service because of import cycles - Changed some model methods to take a `Context` parameter - Moved the mapping code from LDAP to a common location I've tested it with Keycloak but other providers should work too. The JSON mapping format is the same as for LDAP. ![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png) --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add CLI option tenant ID for oauth2 source (#22769)Adi2023-02-051-0/+11
| | | Fixes #22713
* add default user visibility to cli command "admin user create" (#22750)yp053272023-02-041-0/+4
| | | | Fixes https://github.com/go-gitea/gitea/issues/22523
* Allow setting access token scope by CLI (#22648)Lukas2023-02-021-2/+13
| | | | | | | Followup for #20908 to allow setting the scopes when creating new access token via CLI. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Improve utils of slices (#22379)Jason Song2023-01-111-1/+1
| | | | | | | | | | | | | | | | | | | - Move the file `compare.go` and `slice.go` to `slice.go`. - Fix `ExistsInSlice`, it's buggy - It uses `sort.Search`, so it assumes that the input slice is sorted. - It passes `func(i int) bool { return slice[i] == target })` to `sort.Search`, that's incorrect, check the doc of `sort.Search`. - Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string, []string)` to `SliceContains[T]([]T, T)`. - Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string, []string)` to `SliceSortedEqual[T]([]T, T)`. - Add `SliceEqual[T]([]T, T)` as a distinction from `SliceSortedEqual[T]([]T, T)`. - Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to `SliceRemoveAll[T]([]T, T) []T`. - Add `SliceContainsFunc[T]([]T, func(T) bool)` and `SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use. - Add comments to explain why not `golang.org/x/exp/slices`. - Add unit tests.
* Rename almost all Ctx functions (#22071)Lunny Xiao2022-12-101-0/+1
|
* refactor some functions to support ctx as first parameter (#21878)Lunny Xiao2022-12-031-1/+1
| | | | Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Lauris BH <lauris@nix.lv>
* Implement FSFE REUSE for golang files (#21840)flynnnnnnnnnn2022-11-271-2/+1
| | | | | | | | | Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Add `context.Context` to more methods (#21546)KN4CK3R2022-11-191-1/+1
| | | | | | | This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Revert unrelated changes for SMTP auth (#21767)wxiaoguang2022-11-101-4/+4
| | | | | | | The purpose of #18982 is to improve the SMTP mailer, but there were some unrelated changes made to the SMTP auth in https://github.com/go-gitea/gitea/pull/18982/commits/d60c43869420f5fc43ad19b454c9ae50dad65964 This PR reverts these unrelated changes, fix #21744
* Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)delvh2022-10-241-2/+2
| | | | | | | | | Found using `find . -type f -name '*.go' -print -exec vim {} -c ':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;` Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move some files into models' sub packages (#20262)Lunny Xiao2022-08-251-18/+17
| | | | | | | | | | | | | | | | | | | | | | | | | * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
* Rework mailer settings (#18982)Clar Fon2022-08-021-4/+4
| | | | | | | | | | | * `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy * `SMTP_ADDR`: domain for SMTP, or path to unix socket * `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls` * `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname * `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY` * `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add two factor status to admin cmd display (#20401)Tyrone Yeh2022-07-191-2/+3
|
* Add option to purge users (#18064)zeripath2022-07-141-1/+5
| | | | | | | Add the ability to purge users when deleting them. Close #15588 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move some repository related code into sub package (#19711)Lunny Xiao2022-06-061-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move some repository related code into sub package * Move more repository functions out of models * Fix lint * Some performance optimization for webhooks and others * some refactors * Fix lint * Fix * Update modules/repository/delete.go Co-authored-by: delvh <dev.lh@web.de> * Fix test * Merge * Fix test * Fix test * Fix test * Fix test Co-authored-by: delvh <dev.lh@web.de>
* Move almost all functions' parameter db.Engine to context.Context (#19748)Lunny Xiao2022-05-201-3/+3
| | | | * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions
* Federation: return useful statistic information for nodeinfo (#19561)65432022-05-021-1/+1
| | | Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
* Respect DefaultUserIsRestricted system default when creating new user (#19310)Jimmy Praet2022-04-291-3/+17
| | | | | | | | | | | | | | | | | | | * Apply DefaultUserIsRestricted in CreateUser * Enforce system defaults in CreateUser Allow for overwrites with CreateUserOverwriteOptions * Fix compilation errors * Add "restricted" option to create user command * Add "restricted" option to create user admin api * Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed * Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed" This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033.
* Make git.OpenRepository accept Context (#19260)65432022-03-301-1/+1
| | | | | * OpenRepositoryCtx -> OpenRepository * OpenRepository -> openRepositoryWithDefaultContext, only for internal usage
* Use `ctx` instead of `db.DefaultContext` in some ↵wxiaoguang2022-03-221-1/+1
| | | | | | | | | | | | packages(routers/services/modules) (#19163) * Remove `db.DefaultContext` usage in routers, use `ctx` directly * Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services` * Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages * fix incorrect context usage
* Add a "admin user generate-access-token" subcommand (#17722)mscherer2022-03-041-0/+57
| | | | | | | | | | | | | | | | | | | | * Add a "admin user generate-access-token" subcommand Fixes #17721 * Update cmd/admin.go Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> * Update cmd/admin.go Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> * Fix code to match new interfaces Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* format with gofumpt (#18184)65432022-01-201-7/+3
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Propagate context and ensure git commands run in request context (#17868)zeripath2022-01-191-1/+1
| | | | | | | | | This PR continues the work in #17125 by progressively ensuring that git commands run within the request context. This now means that the if there is a git repo already open in the context it will be used instead of reopening it. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add/update SMTP auth providers via cli (#18197)Zoran Peričić2022-01-121-0/+181
| | | | | | | | Allow adding/updating SMTP authentication source via CLI using: - gitea admin auth add-smtp - gitea admin auth update-smtp Signed-off-by: Zoran Peričić <zpericic@netst.org>
* Refactor auth package (#17962)Lunny Xiao2022-01-021-9/+9
|
* Ensure complexity, minlength and ispwned are checked on password setting ↵zeripath2021-12-171-0/+4
| | | | | | | | | | | | (#18005) It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix #17977 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along ↵zeripath2021-12-141-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move keys to models/asymkey (#17917)Lunny Xiao2021-12-101-1/+2
| | | | | | | | | | | | | | | | | | | * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
* Move user related model into models/user (#17781)Lunny Xiao2021-11-241-10/+11
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Remove unnecessary attributes of User struct (#17745)Lunny Xiao2021-11-221-1/+1
| | | | | | | | | | | | | | | * Remove unnecessary functions of User struct * Move more database methods out of user struct * Move more database methods out of user struct * Fix template failure * Fix bug * Remove finished FIXME * remove unnecessary code
* Move user/org deletion to services (#17673)KN4CK3R2021-11-191-1/+2
|
* Move some functions into services/repository (#17677)Lunny Xiao2021-11-171-1/+2
|
* Fix bug on admin subcommand (#17533)Lunny Xiao2021-11-071-11/+44
| | | | | | | * Fix bug on admin subcommand * Add signals for all initDB Co-authored-by: Lauris BH <lauris@nix.lv>
* Move login related structs and functions to models/login (#17093)Lunny Xiao2021-09-241-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
* Add setting to OAuth handlers to skip local 2FA authentication (#16594)zeripath2021-09-101-0/+5
| | | | | | | | This PR adds a setting to OAuth and OpenID login sources to allow the source to skip local 2FA authentication. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor: Move login out of models (#16199)zeripath2021-07-241-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `models` does far too much. In particular it handles all `UserSignin`. It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in. Therefore we should move this code out of `models`. This code has to depend on `models` - therefore it belongs in `services`. There is a package in `services` called `auth` and clearly this functionality belongs in there. Plan: - [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication. - [x] Move `models.UserSignIn` into `auth` - [x] Move `models.ExternalUserLogin` - [x] Move most of the `LoginVia*` methods to `auth` or subpackages - [x] Move Resynchronize functionality to `auth` - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files. - [x] Move the rest of the LDAP functionality in to the ldap subpackage - [x] Re-factor the login sources to express an interfaces `auth.Source`? - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future - [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable - [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2 - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models. - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 - [x] More simplifications of login_source.go may need to be done - Allow wiring in of notify registration - *this can now easily be done - but I think we should do it in another PR* - see #16178 - More refactors...? - OpenID should probably become an auth Method but I think that can be left for another PR - Methods should also probably be cleaned up - again another PR I think. - SSPI still needs more refactors.* Rename auth.Auth auth.Method * Restructure ssh_key.go - move functions from models/user.go that relate to ssh_key to ssh_key - split ssh_key.go to try create clearer function domains for allow for future refactors here. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix missing storage init (#15589)Lunny Xiao2021-04-221-0/+5
|
* Code Formats, Nits & Unused Func/Var deletions (#15286)65432021-04-091-3/+3
| | | | | | | | | | | | | | | * _ to unused func options * rm useless brakets * rm trifial non used models functions * rm dead code * rm dead global vars * fix routers/api/v1/repo/issue.go * dont overload import module