| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Disable SSH key addition and deletion when externally managed
When a user has a login source which has SSH key management
key addition and deletion using the UI should be disabled.
Fix #13983
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Make only externally managed keys disabled
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* remove github.com/unknwon/com from models
* dont use "com.ToStr()"
* replace "com.ToStr" with "fmt.Sprint" where its easy to do
* more refactor
* fix test
* just "proxy" Copy func for now
* as per @lunny
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#13186)
* Ensure errors from IsDir propagate
* Handle errors when checking IsFile
* Handle and propagate errors from IsExist
* Update modules/templates/static.go
* Update modules/templates/static.go
* Return after ctx.ServerError
* Apply suggestions from code review
* Fix tests
The previous merge managed to break repo_form.go
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add ssh certificate support
* Add ssh certificate support to builtin ssh
* Write trusted-user-ca-keys.pem based on configuration
* Update app.example.ini
* Update templates/user/settings/keys_principal.tmpl
Co-authored-by: silverwind <me@silverwind.io>
* Remove unused locale string
* Update options/locale/locale_en-US.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update options/locale/locale_en-US.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update models/ssh_key.go
Co-authored-by: silverwind <me@silverwind.io>
* Add missing creation of SSH.Rootpath
* Update cheatsheet, example and locale strings
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
* Optimizations based on feedback
* Validate CA keys for external sshd
* Add filename option and change default filename
Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem
Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.
Add some more documentation.
* Remove unneeded principalkey functions
* Add blank line
* Apply suggestions from code review
Co-authored-by: zeripath <art27@cantab.net>
* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option
This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.
To allow anything the admin need to set the option anything.
This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).
This commit also has some small other fixes from the last code review.
* Rewrite principal keys file on user deletion
* Use correct rewrite method
* Set correct AuthorizedPrincipalsBackup default setting
* Rewrite principalsfile when adding principals
* Add update authorized_principals option to admin dashboard
* Handle non-primary emails
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add the command actually to the dashboard template
* Update models/ssh_key.go
Co-authored-by: silverwind <me@silverwind.io>
* By default do not show principal options unless there are CA keys set or they are explicitly set
Signed-off-by: Andrew Thornton <art27@cantab.net>
* allow settings when enabled
* Fix typos in TrustedUserCAKeys path
* Allow every CASignatureAlgorithms algorithm
As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA
* Update models/ssh_key.go
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix linting issue
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Completely quote AppPath and CustomConf paths
Properly handle spaces in AppPath and CustomConf within hooks and
authorized_keys. Unfortunately here we don't seem to be able to get away
with using go-shellquote as it appears that Windows doesn't play too
well with singlequote quoting - therefore we will avoid singlequote
quoting unless we absolutely cannot get away without it, e.g. \n or !.
Fix #10813
Signed-off-by: Andrew Thornton <art27@cantab.net>
* missing change
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix Test_CmdKeys
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
process (#12447)
Replace all calls to os.Remove/os.RemoveAll by retrying util.Remove/util.RemoveAll and remove circular dependencies from util.
Fix #12339
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add `gitea doctor --list` flag to list the checks that will be run, including those by default
* Add `gitea doctor --run` to run specific checks
* Add `gitea doctor --all` to run all checks
* Add db version checker
* Add non-default recalculate merge bases check/fixer to doctor
* Add hook checker (Fix #9878) and ensure hooks are executable (Fix #6319)
* Fix authorized_keys checker - slight change of functionality here because parsing the command is fragile and we should just check if the authorized_keys file is essentially the same as what gitea would produce. (This is still not perfect as order matters - we should probably just md5sum the two files.)
* Add SCRIPT_TYPE check (Fix #10977)
* Add `gitea doctor --fix` to attempt to fix what is possible to easily fix
* Add `gitea doctor --log-file` to set the log-file, be it a file, stdout or to switch off completely. (Fixes previously undetected bug with certain xorm logging configurations - see @6543 comment.)
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
| |
* Use ErrKeyUnableToVerify if fail to calc fingerprint in ssh-keygen
Fix #3985
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Pass up the unable to verify
|
| |
|
| |
Co-authored-by: Lauris BH <lauris@nix.lv>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Upgrade xorm to v1.0.0
* small nit
* Fix tests
* Update xorm
* Update xorm
* fix go.sum
* fix test
* Fix bug when dump
* Fix bug
* update xorm to latest
* Fix migration test
* update xorm to latest
* Fix import order
* Use xorm tag
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* paginate results
* fixed deadlock
* prevented breaking change
* updated swagger
* go fmt
* fixed find topic
* go mod tidy
* go mod vendor with go1.13.5
* fixed repo find topics
* fixed unit test
* added Limit method to Engine struct; use engine variable when provided; fixed gitignore
* use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors
* set Page value on Home route
* improved memory allocations
* fixed response headers
* removed logfiles
* fixed import order
* import order
* improved swagger
* added function to get models.ListOptions from context
* removed pagesize diff on unit test
* fixed imports
* removed unnecessary struct field
* fixed go fmt
* scoped PR
* code improvements
* code improvements
* go mod tidy
* fixed import order
* fixed commit statuses session
* fixed files headers
* fixed headers; added pagination for notifications
* go mod tidy
* go fmt
* removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list
* Apply suggestions from code review
Co-Authored-By: 6543 <6543@obermui.de>
Co-Authored-By: zeripath <art27@cantab.net>
* fixed build error
* CI.restart()
* fixed merge conflicts resolve
* fixed conflicts resolve
* improved FindTrackedTimesOptions.ToOptions() method
* added backwards compatibility on ListReleases request; fixed issue tracked time ToSession
* fixed build error; fixed swagger template
* fixed swagger template
* fixed ListReleases backwards compatibility
* added page to user search route
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
| |
Avoid out of bounds error by using strings.HasPrefix to check for
starting SSH2 text rather than assuming user input has at least 31
characters.
Add tests for bad input as well.
Fixes #8800
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Ensure .ssh dir exists before rewriting public keys
* Ensure .ssh dir exists before appending to authorized_keys
* Log the error because it would be useful to know where it is trying to MkdirAll
* Only try to create RootPath if it's not empty
|
| |
|
|
|
|
| |
The gitea flags must appear in front of the gitea command. Otherwise
they are ignored.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
|
| |
|
| |
Signed-off-by: Tamal Saha <tamal@appscode.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* display ui time with customize time location
* fix lint
* rename UILocation to DefaultUILocation
* move time related functions to modules/timeutil
* fix tests
* fix tests
* fix build
* fix swagger
|
| | |
|
| |
|
|
|
|
|
|
| |
* Make PEM and SSH2 keys work
* add ssh2 testcases and PEM cases - and fix PEM
* Add final test to parse the proposed key
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Strip newlines from SSH keys before adding them
Fixes: https://github.com/go-gitea/gitea/issues/7500
* add test for CheckPublicKeyString
* add one more test
* simplify test
* further simplify
* make fmt
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* fix error log when loading issues caused by a xorm bug
* upgrade packages
* fix fmt
* fix Consistency
* fix tests
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Use go method to calculate key fingerprint
* add gitea copyright
* use native go method only for built-in server
* refactor and add tests
* add gitea copyright
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Panic don't fatal on create new logger
Fixes #5854
Signed-off-by: Andrew Thornton <art27@cantab.net>
* partial broken
* Update the logging infrastrcture
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset the skip levels for Fatal and Error
Signed-off-by: Andrew Thornton <art27@cantab.net>
* broken ncsa
* More log.Error fixes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove nal
* set log-levels to lowercase
* Make console_test test all levels
* switch to lowercased levels
* OK now working
* Fix vetting issues
* Fix lint
* Fix tests
* change default logging to match current gitea
* Improve log testing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* reset error skip levels to 0
* Update documentation and access logger configuration
* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE
* Fix broken level caching
* Refactor the router log
* Add Router logger
* Add colorizing options
* Adjust router colors
* Only create logger if they will be used
* update app.ini.sample
* rename Attribute ColorAttribute
* Change from white to green for function
* Set fatal/error levels
* Restore initial trace logger
* Fix Trace arguments in modules/auth/auth.go
* Properly handle XORMLogger
* Improve admin/config page
* fix fmt
* Add auto-compression of old logs
* Update error log levels
* Remove the unnecessary skip argument from Error, Fatal and Critical
* Add stacktrace support
* Fix tests
* Remove x/sync from vendors?
* Add stderr option to console logger
* Use filepath.ToSlash to protect against Windows in tests
* Remove prefixed underscores from names in colors.go
* Remove not implemented database logger
This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.
* Ensure that log paths are relative to ROOT_PATH
* use path.Join
* rename jsonConfig to logConfig
* Rename "config" to "jsonConfig" to make it clearer
* Requested changes
* Requested changes: XormLogger
* Try to color the windows terminal
If successful default to colorizing the console logs
* fixup
* Colorize initially too
* update vendor
* Colorize logs on default and remove if this is not a colorizing logger
* Fix documentation
* fix test
* Use go-isatty to detect if on windows we are on msys or cygwin
* Fix spelling mistake
* Add missing vendors
* More changes
* Rationalise the ANSI writer protection
* Adjust colors on advice from @0x5c
* Make Flags a comma separated list
* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING
* Ensure matching is done on the non-colored message - to simpify EXPRESSION
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix #1357
|
| | |
|
| |
|
|
|
|
|
|
| |
key deletion (#5557)
* Synchronize SSH keys on login with LDAP
* BUG: Fix hang on sqlite during LDAP key deletion
|
| |
|
|
|
|
|
|
|
|
| |
* fix forgot removed records when deleting user
* fix migration
* fix rewritekey lock on sqlite
* remove unused codes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix units permission problems
* fix some bugs and merge LoadUnits to repoAssignment
* refactor permission struct and add some copyright heads
* remove unused codes
* fix routes units check
* improve permission check
* add unit tests for permission
* fix typo
* fix tests
* fix some routes
* fix api permission check
* improve permission check
* fix some permission check
* fix tests
* fix tests
* improve some permission check
* fix some permission check
* refactor AccessLevel
* fix bug
* fix tests
* fix tests
* fix tests
* fix AccessLevel
* rename CanAccess
* fix tests
* fix comment
* fix bug
* add missing unit for test repos
* fix bug
* rename some functions
* fix routes check
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add private information to the deploy keys api
This commit adds more information to the deploy keys to allow for back
reference in to the main keys list. It also adds information about the
repository that the key is referring to.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add private information to the user keys API
This adjusts the keys API to give out private information to user keys if
the current user is the owner or an admin.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ability to search keys by fingerprint
This commit adds the functionality to search ssh-keys by fingerprint of
the ssh-key. Deploy keys per repository can also be searched. There is
no current clear API point to allow search of all deploy keys by
fingerprint or keyID.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add integration test
|
| | |
|
| |
|
|
| |
not a 500 (#4945)
|
| |
|
|
| |
* feat(repo): support search repository by topic name
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add LDAP Key Synchronization feature
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Add migration: add login source id column for public_key table
* Only update keys if needed
* Add function to only list pubkey synchronized from ldap
* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.
* Only get keys belonging to current login source id
* Set default login source id to 0
* Some minor cleanup. Add integration tests (updete dep testify)
|
| |
|
| |
In #3377, I put check inside all write key function. This one is useless no.
|
| |
|
|
|
|
|
|
|
|
|
| |
* test: integration add git cli tests
Extracted form for easing review process and debug #3152
* test: integration add git cli big file commit
* fix: Don't rewrite key if internal server
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add is_writable checkbox to deploy keys interface
* Add writable key option to deploy key form
* Add support for writable ssh keys in the interface
* Rename IsWritable to ReadOnly
* Test: create read-only and read-write deploy keys via api
* Add DeployKey access mode migration
* Update gitea sdk via govendor
* Fix deploykey migration
* Add unittests for writable deploy keys
* Move template text to locale
* Remove implicit column update
* Remove duplicate locales
* Replace ReadOnly field with IsReadOnly method
* Fix deploy_keys related integration test
* Rename v54 migration with v55
* Fix migration hell
|
| |
|
|
|
|
| |
* improvements for supporting UI Location
* improved the comment
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* refactor struct's time to remove unnecessary memory usage
* use AsTimePtr simple code
* fix tests
* fix time compare
* fix template on gpg
* use AddDuration instead of Add
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Delete a user's public key via admin api
* Test admin ssh endpoint for creating a new ssh key
* Adapt public ssh key test to also test the delete operation
* Test that deleting a missing key will result in a 404
* Test that a normal user can't delete another user's ssh key
* Make DeletePublicKey return err
* Update swagger doc
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cleanup old comments for ed25519
These comments were added when x/crypto/ed25519 could not yet handle
ed25519. It does now, so it should be removed.
Also the key type is now replaced with the proper constant.
* move the minimum key size config before the check
This moves the actual config lookup before any check is done. This
avoids problems with calling to ssh-keygen which doesn't support the
expected output format and returning an error, when the check is disabled.
|
| | |
|
| |
|
|
|
|
|
|
| |
* use AfterLoad instead of AfterSet on Structs
* fix the comments on AfterLoad
* fix the comments on action AfterLoad
|
| |
|
|
|
|
| |
* reduce usage of allcols on update
* fix bug and tests
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* use created & updated instead BeforeInsert & BeforeUpdate
* fix vendor checksum
* only show generated SQL when development mode
* remove extra update column updated_unix
* remove trace config
|
| |
|
|
| |
operations (#2185)
|
