@@ -436,6 +436,10 @@ ALLOW_ONLY_EXTERNAL_REGISTRATION = false | |||
REQUIRE_SIGNIN_VIEW = false | |||
; Mail notification | |||
ENABLE_NOTIFY_MAIL = false | |||
; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password | |||
; If you set this to false you will not be able to access the tokens endpoints on the API with your password | |||
; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token | |||
ENABLE_BASIC_AUTHENTICATION = true | |||
; More detail: https://github.com/gogits/gogs/issues/165 | |||
ENABLE_REVERSE_PROXY_AUTHENTICATION = false | |||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false | |||
@@ -866,6 +870,6 @@ TOKEN = | |||
QUEUE_TYPE = channel | |||
; Task queue length, available only when `QUEUE_TYPE` is `channel`. | |||
QUEUE_LENGTH = 1000 | |||
; Task queue connction string, available only when `QUEUE_TYPE` is `redis`. | |||
; Task queue connction string, available only when `QUEUE_TYPE` is `redis`. | |||
; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`. | |||
QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0" |
@@ -265,6 +265,10 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||
- `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page. | |||
- `ENABLE_NOTIFY_MAIL`: **false**: Enable this to send e-mail to watchers of a repository when | |||
something happens, like creating issues. Requires `Mailer` to be enabled. | |||
- `ENABLE_BASIC_AUTHENTICATION`: **true**: Disable this to disallow authenticaton using HTTP | |||
BASIC and the user's password. Please note if you disable this you will not be able to access the | |||
tokens API endpoints using a password. Further, this only disables BASIC authentication using the | |||
password - not tokens or OAuth Basic. | |||
- `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication. | |||
- `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration | |||
for reverse authentication. |
@@ -224,6 +224,9 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) | |||
} | |||
if u == nil { | |||
if !setting.Service.EnableBasicAuth { | |||
return nil, false | |||
} | |||
u, err = models.UserSignIn(uname, passwd) | |||
if err != nil { | |||
if !models.IsErrUserNotExist(err) { |
@@ -23,6 +23,7 @@ var Service struct { | |||
ShowRegistrationButton bool | |||
RequireSignInView bool | |||
EnableNotifyMail bool | |||
EnableBasicAuth bool | |||
EnableReverseProxyAuth bool | |||
EnableReverseProxyAutoRegister bool | |||
EnableReverseProxyEmail bool | |||
@@ -60,6 +61,7 @@ func newService() { | |||
Service.EmailDomainWhitelist = sec.Key("EMAIL_DOMAIN_WHITELIST").Strings(",") | |||
Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!(Service.DisableRegistration || Service.AllowOnlyExternalRegistration)) | |||
Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool() | |||
Service.EnableBasicAuth = sec.Key("ENABLE_BASIC_AUTHENTICATION").MustBool(true) | |||
Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() | |||
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() | |||
Service.EnableReverseProxyEmail = sec.Key("ENABLE_REVERSE_PROXY_EMAIL").MustBool() |