This PR implements #2347tags/v1.7.0-dev
@@ -261,6 +261,7 @@ COOKIE_USERNAME = gitea_awesome | |||
COOKIE_REMEMBER_NAME = gitea_incredible | |||
; Reverse proxy authentication header name of user name | |||
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER | |||
REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL | |||
; The minimum password length for new Users | |||
MIN_PASSWORD_LENGTH = 6 | |||
; Set to true to allow users to import local server paths | |||
@@ -323,6 +324,7 @@ ENABLE_NOTIFY_MAIL = false | |||
; More detail: https://github.com/gogits/gogs/issues/165 | |||
ENABLE_REVERSE_PROXY_AUTHENTICATION = false | |||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false | |||
ENABLE_REVERSE_PROXY_EMAIL = false | |||
; Enable captcha validation for registration | |||
ENABLE_CAPTCHA = false | |||
; Type of captcha you want to use. Options: image, recaptcha |
@@ -160,6 +160,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||
information. | |||
- `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy | |||
authentication. | |||
- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy | |||
authentication provided email. | |||
- `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom | |||
git hooks. | |||
- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. | |||
@@ -188,6 +190,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||
- `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication. | |||
- `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration | |||
for reverse authentication. | |||
- `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a | |||
provided email rather than a generated email. | |||
- `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration. | |||
- `CAPTCHA_TYPE`: **image**: \[image, recaptcha\] | |||
- `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha. |
@@ -105,9 +105,16 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) | |||
// Check if enabled auto-registration. | |||
if setting.Service.EnableReverseProxyAutoRegister { | |||
email := gouuid.NewV4().String() + "@localhost" | |||
if setting.Service.EnableReverseProxyEmail { | |||
webAuthEmail := ctx.Req.Header.Get(setting.ReverseProxyAuthEmail) | |||
if len(webAuthEmail) > 0 { | |||
email = webAuthEmail | |||
} | |||
} | |||
u := &models.User{ | |||
Name: webAuthUser, | |||
Email: gouuid.NewV4().String() + "@localhost", | |||
Email: email, | |||
Passwd: webAuthUser, | |||
IsActive: true, | |||
} |
@@ -157,15 +157,16 @@ var ( | |||
} | |||
// Security settings | |||
InstallLock bool | |||
SecretKey string | |||
LogInRememberDays int | |||
CookieUserName string | |||
CookieRememberName string | |||
ReverseProxyAuthUser string | |||
MinPasswordLength int | |||
ImportLocalPaths bool | |||
DisableGitHooks bool | |||
InstallLock bool | |||
SecretKey string | |||
LogInRememberDays int | |||
CookieUserName string | |||
CookieRememberName string | |||
ReverseProxyAuthUser string | |||
ReverseProxyAuthEmail string | |||
MinPasswordLength int | |||
ImportLocalPaths bool | |||
DisableGitHooks bool | |||
// Database settings | |||
UseSQLite3 bool | |||
@@ -950,6 +951,7 @@ func NewContext() { | |||
CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome") | |||
CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible") | |||
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") | |||
ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL") | |||
MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) | |||
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) | |||
DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false) | |||
@@ -1216,6 +1218,7 @@ var Service struct { | |||
EnableNotifyMail bool | |||
EnableReverseProxyAuth bool | |||
EnableReverseProxyAutoRegister bool | |||
EnableReverseProxyEmail bool | |||
EnableCaptcha bool | |||
CaptchaType string | |||
RecaptchaSecret string | |||
@@ -1247,6 +1250,7 @@ func newService() { | |||
Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool() | |||
Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() | |||
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() | |||
Service.EnableReverseProxyEmail = sec.Key("ENABLE_REVERSE_PROXY_EMAIL").MustBool() | |||
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool(false) | |||
Service.CaptchaType = sec.Key("CAPTCHA_TYPE").MustString(ImageCaptcha) | |||
Service.RecaptchaSecret = sec.Key("RECAPTCHA_SECRET").MustString("") |
@@ -215,6 +215,7 @@ func Config(ctx *context.Context) { | |||
ctx.Data["LogRootPath"] = setting.LogRootPath | |||
ctx.Data["ScriptType"] = setting.ScriptType | |||
ctx.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser | |||
ctx.Data["ReverseProxyAuthEmail"] = setting.ReverseProxyAuthEmail | |||
ctx.Data["SSH"] = setting.SSH | |||