Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>tags/v1.5.0-dev
@@ -0,0 +1,83 @@ | |||
// Copyright 2016 The Gogs Authors. All rights reserved. | |||
// Copyright 2016 The Gitea Authors. All rights reserved. | |||
// Use of this source code is governed by a MIT-style | |||
// license that can be found in the LICENSE file. | |||
package cmd | |||
import ( | |||
"fmt" | |||
"code.gitea.io/gitea/modules/generate" | |||
"github.com/urfave/cli" | |||
) | |||
var ( | |||
// CmdGenerate represents the available generate sub-command. | |||
CmdGenerate = cli.Command{ | |||
Name: "generate", | |||
Usage: "Command line interface for running generators", | |||
Subcommands: []cli.Command{ | |||
subcmdSecret, | |||
}, | |||
} | |||
subcmdSecret = cli.Command{ | |||
Name: "secret", | |||
Usage: "Generate a secret token", | |||
Subcommands: []cli.Command{ | |||
microcmdGenerateInternalToken, | |||
microcmdGenerateLfsJwtSecret, | |||
microcmdGenerateSecretKey, | |||
}, | |||
} | |||
microcmdGenerateInternalToken = cli.Command{ | |||
Name: "INTERNAL_TOKEN", | |||
Usage: "Generate a new INTERNAL_TOKEN", | |||
Action: runGenerateInternalToken, | |||
} | |||
microcmdGenerateLfsJwtSecret = cli.Command{ | |||
Name: "LFS_JWT_SECRET", | |||
Usage: "Generate a new LFS_JWT_SECRET", | |||
Action: runGenerateLfsJwtSecret, | |||
} | |||
microcmdGenerateSecretKey = cli.Command{ | |||
Name: "SECRET_KEY", | |||
Usage: "Generate a new SECRET_KEY", | |||
Action: runGenerateSecretKey, | |||
} | |||
) | |||
func runGenerateInternalToken(c *cli.Context) error { | |||
internalToken, err := generate.NewInternalToken() | |||
if err != nil { | |||
return err | |||
} | |||
fmt.Printf("%s\n", internalToken) | |||
return nil | |||
} | |||
func runGenerateLfsJwtSecret(c *cli.Context) error { | |||
JWTSecretBase64, err := generate.NewLfsJwtSecret() | |||
if err != nil { | |||
return err | |||
} | |||
fmt.Printf("%s\n", JWTSecretBase64) | |||
return nil | |||
} | |||
func runGenerateSecretKey(c *cli.Context) error { | |||
secretKey, err := generate.NewSecretKey() | |||
if err != nil { | |||
return err | |||
} | |||
fmt.Printf("%s\n", secretKey) | |||
return nil | |||
} |
@@ -45,6 +45,7 @@ arguments - which can alternatively be run by running the subcommand web.` | |||
cmd.CmdDump, | |||
cmd.CmdCert, | |||
cmd.CmdAdmin, | |||
cmd.CmdGenerate, | |||
} | |||
app.Flags = append(app.Flags, []cli.Flag{}...) | |||
app.Action = cmd.CmdWeb.Action |
@@ -20,7 +20,7 @@ import ( | |||
gouuid "github.com/satori/go.uuid" | |||
"gopkg.in/ini.v1" | |||
"code.gitea.io/gitea/modules/base" | |||
"code.gitea.io/gitea/modules/generate" | |||
"code.gitea.io/gitea/modules/log" | |||
"code.gitea.io/gitea/modules/setting" | |||
) | |||
@@ -539,10 +539,10 @@ func generateOrgRandsAndSalt(x *xorm.Engine) (err error) { | |||
} | |||
for _, org := range orgs { | |||
if org.Rands, err = base.GetRandomString(10); err != nil { | |||
if org.Rands, err = generate.GetRandomString(10); err != nil { | |||
return err | |||
} | |||
if org.Salt, err = base.GetRandomString(10); err != nil { | |||
if org.Salt, err = generate.GetRandomString(10); err != nil { | |||
return err | |||
} | |||
if _, err = sess.Id(org.ID).Update(org); err != nil { |
@@ -16,7 +16,7 @@ import ( | |||
"github.com/pquerna/otp/totp" | |||
"code.gitea.io/gitea/modules/base" | |||
"code.gitea.io/gitea/modules/generate" | |||
"code.gitea.io/gitea/modules/setting" | |||
"code.gitea.io/gitea/modules/util" | |||
) | |||
@@ -33,7 +33,7 @@ type TwoFactor struct { | |||
// GenerateScratchToken recreates the scratch token the user is using. | |||
func (t *TwoFactor) GenerateScratchToken() error { | |||
token, err := base.GetRandomString(8) | |||
token, err := generate.GetRandomString(8) | |||
if err != nil { | |||
return err | |||
} |
@@ -34,6 +34,7 @@ import ( | |||
"code.gitea.io/gitea/modules/avatar" | |||
"code.gitea.io/gitea/modules/base" | |||
"code.gitea.io/gitea/modules/generate" | |||
"code.gitea.io/gitea/modules/log" | |||
"code.gitea.io/gitea/modules/setting" | |||
"code.gitea.io/gitea/modules/util" | |||
@@ -638,7 +639,7 @@ func IsUserExist(uid int64, name string) (bool, error) { | |||
// GetUserSalt returns a random user salt token. | |||
func GetUserSalt() (string, error) { | |||
return base.GetRandomString(10) | |||
return generate.GetRandomString(10) | |||
} | |||
// NewGhostUser creates and returns a fake user for someone has deleted his/her account. |
@@ -14,7 +14,6 @@ import ( | |||
"html/template" | |||
"io" | |||
"math" | |||
"math/big" | |||
"net/http" | |||
"net/url" | |||
"path" | |||
@@ -88,25 +87,6 @@ func BasicAuthEncode(username, password string) string { | |||
return base64.StdEncoding.EncodeToString([]byte(username + ":" + password)) | |||
} | |||
// GetRandomString generate random string by specify chars. | |||
func GetRandomString(n int) (string, error) { | |||
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" | |||
buffer := make([]byte, n) | |||
max := big.NewInt(int64(len(alphanum))) | |||
for i := 0; i < n; i++ { | |||
index, err := randomInt(max) | |||
if err != nil { | |||
return "", err | |||
} | |||
buffer[i] = alphanum[index] | |||
} | |||
return string(buffer), nil | |||
} | |||
// GetRandomBytesAsBase64 generates a random base64 string from n bytes | |||
func GetRandomBytesAsBase64(n int) string { | |||
bytes := make([]byte, 32) | |||
@@ -119,15 +99,6 @@ func GetRandomBytesAsBase64(n int) string { | |||
return base64.RawURLEncoding.EncodeToString(bytes) | |||
} | |||
func randomInt(max *big.Int) (int, error) { | |||
rand, err := rand.Int(rand.Reader, max) | |||
if err != nil { | |||
return 0, err | |||
} | |||
return int(rand.Int64()), nil | |||
} | |||
// VerifyTimeLimitCode verify time limit code | |||
func VerifyTimeLimitCode(data string, minutes int, code string) bool { | |||
if len(code) <= 18 { |
@@ -107,12 +107,6 @@ func TestBasicAuthEncode(t *testing.T) { | |||
assert.Equal(t, "Zm9vOmJhcg==", BasicAuthEncode("foo", "bar")) | |||
} | |||
func TestGetRandomString(t *testing.T) { | |||
randomString, err := GetRandomString(4) | |||
assert.NoError(t, err) | |||
assert.Len(t, randomString, 4) | |||
} | |||
// TODO: Test PBKDF2() | |||
// TODO: Test VerifyTimeLimitCode() | |||
// TODO: Test CreateTimeLimitCode() |
@@ -0,0 +1,89 @@ | |||
// Copyright 2016 The Gogs Authors. All rights reserved. | |||
// Copyright 2016 The Gitea Authors. All rights reserved. | |||
// Use of this source code is governed by a MIT-style | |||
// license that can be found in the LICENSE file. | |||
package generate | |||
import ( | |||
"crypto/rand" | |||
"encoding/base64" | |||
"io" | |||
"math/big" | |||
"time" | |||
"github.com/dgrijalva/jwt-go" | |||
) | |||
// GetRandomString generate random string by specify chars. | |||
func GetRandomString(n int) (string, error) { | |||
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" | |||
buffer := make([]byte, n) | |||
max := big.NewInt(int64(len(alphanum))) | |||
for i := 0; i < n; i++ { | |||
index, err := randomInt(max) | |||
if err != nil { | |||
return "", err | |||
} | |||
buffer[i] = alphanum[index] | |||
} | |||
return string(buffer), nil | |||
} | |||
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN. | |||
func NewInternalToken() (string, error) { | |||
secretBytes := make([]byte, 32) | |||
_, err := io.ReadFull(rand.Reader, secretBytes) | |||
if err != nil { | |||
return "", err | |||
} | |||
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes) | |||
now := time.Now() | |||
var internalToken string | |||
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ | |||
"nbf": now.Unix(), | |||
}).SignedString([]byte(secretKey)) | |||
if err != nil { | |||
return "", err | |||
} | |||
return internalToken, nil | |||
} | |||
// NewLfsJwtSecret generate a new value intended to be used by LFS_JWT_SECRET. | |||
func NewLfsJwtSecret() (string, error) { | |||
JWTSecretBytes := make([]byte, 32) | |||
_, err := io.ReadFull(rand.Reader, JWTSecretBytes) | |||
if err != nil { | |||
return "", err | |||
} | |||
JWTSecretBase64 := base64.RawURLEncoding.EncodeToString(JWTSecretBytes) | |||
return JWTSecretBase64, nil | |||
} | |||
// NewSecretKey generate a new value intended to be used by SECRET_KEY. | |||
func NewSecretKey() (string, error) { | |||
secretKey, err := GetRandomString(64) | |||
if err != nil { | |||
return "", err | |||
} | |||
return secretKey, nil | |||
} | |||
func randomInt(max *big.Int) (int, error) { | |||
rand, err := rand.Int(rand.Reader, max) | |||
if err != nil { | |||
return 0, err | |||
} | |||
return int(rand.Int64()), nil | |||
} |
@@ -0,0 +1,20 @@ | |||
package generate | |||
import ( | |||
"os" | |||
"testing" | |||
"github.com/stretchr/testify/assert" | |||
) | |||
func TestMain(m *testing.M) { | |||
retVal := m.Run() | |||
os.Exit(retVal) | |||
} | |||
func TestGetRandomString(t *testing.T) { | |||
randomString, err := GetRandomString(4) | |||
assert.NoError(t, err) | |||
assert.Len(t, randomString, 4) | |||
} |
@@ -6,10 +6,8 @@ | |||
package setting | |||
import ( | |||
"crypto/rand" | |||
"encoding/base64" | |||
"fmt" | |||
"io" | |||
"net" | |||
"net/mail" | |||
"net/url" | |||
@@ -24,12 +22,12 @@ import ( | |||
"time" | |||
"code.gitea.io/git" | |||
"code.gitea.io/gitea/modules/generate" | |||
"code.gitea.io/gitea/modules/log" | |||
_ "code.gitea.io/gitea/modules/minwinsvc" // import minwinsvc for windows services | |||
"code.gitea.io/gitea/modules/user" | |||
"github.com/Unknwon/com" | |||
"github.com/dgrijalva/jwt-go" | |||
_ "github.com/go-macaron/cache/memcache" // memcache plugin for cache | |||
_ "github.com/go-macaron/cache/redis" | |||
"github.com/go-macaron/session" | |||
@@ -834,16 +832,12 @@ func NewContext() { | |||
n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64)) | |||
if err != nil || n != 32 { | |||
//Generate new secret and save to config | |||
_, err := io.ReadFull(rand.Reader, LFS.JWTSecretBytes) | |||
LFS.JWTSecretBase64, err = generate.NewLfsJwtSecret() | |||
if err != nil { | |||
log.Fatal(4, "Error reading random bytes: %v", err) | |||
log.Fatal(4, "Error generating JWT Secret for custom config: %v", err) | |||
return | |||
} | |||
LFS.JWTSecretBase64 = base64.RawURLEncoding.EncodeToString(LFS.JWTSecretBytes) | |||
// Save secret | |||
cfg := ini.Empty() | |||
if com.IsFile(CustomConf) { | |||
@@ -913,19 +907,7 @@ func NewContext() { | |||
DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false) | |||
InternalToken = sec.Key("INTERNAL_TOKEN").String() | |||
if len(InternalToken) == 0 { | |||
secretBytes := make([]byte, 32) | |||
_, err := io.ReadFull(rand.Reader, secretBytes) | |||
if err != nil { | |||
log.Fatal(4, "Error reading random bytes: %v", err) | |||
} | |||
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes) | |||
now := time.Now() | |||
InternalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ | |||
"nbf": now.Unix(), | |||
}).SignedString([]byte(secretKey)) | |||
InternalToken, err = generate.NewInternalToken() | |||
if err != nil { | |||
log.Fatal(4, "Error generate internal token: %v", err) | |||
} |
@@ -20,6 +20,7 @@ import ( | |||
"code.gitea.io/gitea/modules/auth" | |||
"code.gitea.io/gitea/modules/base" | |||
"code.gitea.io/gitea/modules/context" | |||
"code.gitea.io/gitea/modules/generate" | |||
"code.gitea.io/gitea/modules/log" | |||
"code.gitea.io/gitea/modules/setting" | |||
"code.gitea.io/gitea/modules/user" | |||
@@ -275,7 +276,12 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) { | |||
if form.LFSRootPath != "" { | |||
cfg.Section("server").Key("LFS_START_SERVER").SetValue("true") | |||
cfg.Section("server").Key("LFS_CONTENT_PATH").SetValue(form.LFSRootPath) | |||
cfg.Section("server").Key("LFS_JWT_SECRET").SetValue(base.GetRandomBytesAsBase64(32)) | |||
var secretKey string | |||
if secretKey, err = generate.NewLfsJwtSecret(); err != nil { | |||
ctx.RenderWithErr(ctx.Tr("install.lfs_jwt_secret_failed", err), tplInstall, &form) | |||
return | |||
} | |||
cfg.Section("server").Key("LFS_JWT_SECRET").SetValue(secretKey) | |||
} else { | |||
cfg.Section("server").Key("LFS_START_SERVER").SetValue("false") | |||
} | |||
@@ -315,7 +321,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) { | |||
cfg.Section("security").Key("INSTALL_LOCK").SetValue("true") | |||
var secretKey string | |||
if secretKey, err = base.GetRandomString(10); err != nil { | |||
if secretKey, err = generate.NewSecretKey(); err != nil { | |||
ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form) | |||
return | |||
} |
@@ -13,6 +13,7 @@ import ( | |||
"code.gitea.io/gitea/modules/auth/openid" | |||
"code.gitea.io/gitea/modules/base" | |||
"code.gitea.io/gitea/modules/context" | |||
"code.gitea.io/gitea/modules/generate" | |||
"code.gitea.io/gitea/modules/log" | |||
"code.gitea.io/gitea/modules/setting" | |||
@@ -348,7 +349,7 @@ func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.Si | |||
if len < 256 { | |||
len = 256 | |||
} | |||
password, err := base.GetRandomString(len) | |||
password, err := generate.GetRandomString(len) | |||
if err != nil { | |||
ctx.RenderWithErr(err.Error(), tplSignUpOID, form) | |||
return |