| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix #1357
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
variables (#5935)
The gitea prerecieve and postrecieve hooks and the gitea PushUpdate function require that the PusherID and PusherName are real users. Previously, these environment variables were not being set when using a deploy key - the main result being that pushing to empty repositories meant that is_empty status was not changed.
I've also added an integration test to ensure that the is_empty status is updated on pushing with a deploy key.
There is a slight issue in that the deploy key is now considered a proxy for the owner - we don't have a way of separating out the deploy key from the owner at present. This can be fixed in another PR.
Fix #3795
Signed-off-by: Andrew Thornton art27@cantab.net
|
| |
|
|
|
|
|
| |
By default, if `setting.NewContext()` prints out any warning logs, these are printed to the stdout breaking `git receive-pack` etc. meaning that even if there is a warning because of a minor problem in your app.ini but gitea starts despite this - you **CANNOT** push or pull over SSH.
This PR disables the console logger whilst in `serv.go`
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix units permission problems
* fix some bugs and merge LoadUnits to repoAssignment
* refactor permission struct and add some copyright heads
* remove unused codes
* fix routes units check
* improve permission check
* add unit tests for permission
* fix typo
* fix tests
* fix some routes
* fix api permission check
* improve permission check
* fix some permission check
* fix tests
* fix tests
* improve some permission check
* fix some permission check
* refactor AccessLevel
* fix bug
* fix tests
* fix tests
* fix tests
* fix AccessLevel
* rename CanAccess
* fix tests
* fix comment
* fix bug
* add missing unit for test repos
* fix bug
* rename some functions
* fix routes check
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Start to move to internal/private
* Add GetPublicKeyByID
* Add HasDeployKey
* Add private.UpdateDeployKeyUpdated
* Add private.GetUserByKeyID
* Add private.AccessLevel
* Add private.CheckUnitUser
* Fix mistakes I made
* Some cleaning + moving code to separate files
* Fix error handling
* Remove useless error handling for setup
* lint: fix comment on exported func
* fix copyright header
* Fix order of args
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* LFS: make HTTP auth period configurable
* Formatting: Removed semicolon
Due to automated fmt-check failure (drone.gitea.io)
* applying code reviews
* Applied code review comment: Change HTTPAuthExpiry to time.Duration
* Updated config cheat sheet
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Fix SSH auth LFS locks
* Activate SSH/lock test
* Remove debug
* Follow @lunny recommendation for AfterLoad method
|
| |
|
|
|
|
| |
* improvements for supporting UI Location
* improved the comment
|
| |
|
|
|
|
|
|
|
|
| |
* remove GetRepositoryByRef and add GetRepositoryByOwnerAndName
* fix tests
* fix tests bug
* some improvements
|
| |
|
|
|
|
|
|
|
|
| |
* Set session and indexers' data files rel to AppDataPath
The setting AppDataPath is now relative to the working directory.
The session svc's PROVIDER_CONFIG now defaults to AppDataPath/data/sessions.
The issue indexer's IssuePath now defaults to AppDataPath/indexers/issues.bleves.
* fix bug
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add units to team
* fix lint
* finish team setting backend
* finished permission controll on routes
* fix import blank line
* add unit check on ssh/http pull and push and fix test failed
* fix fixtures data
* remove unused code
|
| |
|
|
|
|
| |
* remove env user salt since no need to use
* remove unused variable from update.go
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add internal routes for ssh hook comands
* fix lint
* add comment on why package named private not internal but the route name is internal
* add comment above package private why package named private not internal but the route name is internal
* remove exp time on internal access
* move routes from /internal to /api/internal
* add comment and defer on UpdatePublicKeyUpdated
|
| | |
|
| | |
|
| |
|
| |
Fixes #1296
|
| |
|
|
|
|
| |
* allow push to init a wiki repo
* compact error check
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(#1030)
* move all push update to git hook post-receive and protected branch check to git hook pre-receive
* add SSH_ORIGINAL_COMMAND check back
* remove all unused codes
* fix the import
|
|
|
* git: delegate all server-side Git hooks (#1623)
* create hooks directories
* take control hooks back
* fix lint
* bug fixed and minor changes
* fix imports style
* fix migration scripts
|
