mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 209 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9212 Commits
16 Branches
Tree: 1737fca220
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1737fca220'
${ noResults }
gitea/cmd/admin.go

admin.go 14KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600 
  1. // Copyright 2016 The Gogs Authors. All rights reserved.

  2. // Copyright 2016 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package cmd

  7. 

  8. import (

  9. 	"errors"

  10. 	"fmt"

  11. 	"os"

  12. 	"text/tabwriter"

  13. 

  14. 	"code.gitea.io/gitea/models"

  15. 	"code.gitea.io/gitea/modules/auth/oauth2"

  16. 	"code.gitea.io/gitea/modules/git"

  17. 	"code.gitea.io/gitea/modules/graceful"

  18. 	"code.gitea.io/gitea/modules/log"

  19. 	pwd "code.gitea.io/gitea/modules/password"

  20. 	repo_module "code.gitea.io/gitea/modules/repository"

  21. 	"code.gitea.io/gitea/modules/setting"

  22. 

  23. 	"github.com/urfave/cli"

  24. )

  25. 

  26. var (

  27. 	// CmdAdmin represents the available admin sub-command.

  28. 	CmdAdmin = cli.Command{

  29. 		Name:  "admin",

  30. 		Usage: "Command line interface to perform common administrative operations",

  31. 		Subcommands: []cli.Command{

  32. 			subcmdCreateUser,

  33. 			subcmdChangePassword,

  34. 			subcmdRepoSyncReleases,

  35. 			subcmdRegenerate,

  36. 			subcmdAuth,

  37. 		},

  38. 	}

  39. 

  40. 	subcmdCreateUser = cli.Command{

  41. 		Name:   "create-user",

  42. 		Usage:  "Create a new user in database",

  43. 		Action: runCreateUser,

  44. 		Flags: []cli.Flag{

  45. 			cli.StringFlag{

  46. 				Name:  "name",

  47. 				Usage: "Username. DEPRECATED: use username instead",

  48. 			},

  49. 			cli.StringFlag{

  50. 				Name:  "username",

  51. 				Usage: "Username",

  52. 			},

  53. 			cli.StringFlag{

  54. 				Name:  "password",

  55. 				Usage: "User password",

  56. 			},

  57. 			cli.StringFlag{

  58. 				Name:  "email",

  59. 				Usage: "User email address",

  60. 			},

  61. 			cli.BoolFlag{

  62. 				Name:  "admin",

  63. 				Usage: "User is an admin",

  64. 			},

  65. 			cli.BoolFlag{

  66. 				Name:  "random-password",

  67. 				Usage: "Generate a random password for the user",

  68. 			},

  69. 			cli.BoolFlag{

  70. 				Name:  "must-change-password",

  71. 				Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",

  72. 			},

  73. 			cli.IntFlag{

  74. 				Name:  "random-password-length",

  75. 				Usage: "Length of the random password to be generated",

  76. 				Value: 12,

  77. 			},

  78. 			cli.BoolFlag{

  79. 				Name:  "access-token",

  80. 				Usage: "Generate access token for the user",

  81. 			},

  82. 		},

  83. 	}

  84. 

  85. 	subcmdChangePassword = cli.Command{

  86. 		Name:   "change-password",

  87. 		Usage:  "Change a user's password",

  88. 		Action: runChangePassword,

  89. 		Flags: []cli.Flag{

  90. 			cli.StringFlag{

  91. 				Name:  "username,u",

  92. 				Value: "",

  93. 				Usage: "The user to change password for",

  94. 			},

  95. 			cli.StringFlag{

  96. 				Name:  "password,p",

  97. 				Value: "",

  98. 				Usage: "New password to set for user",

  99. 			},

  100. 		},

  101. 	}

  102. 

  103. 	subcmdRepoSyncReleases = cli.Command{

  104. 		Name:   "repo-sync-releases",

  105. 		Usage:  "Synchronize repository releases with tags",

  106. 		Action: runRepoSyncReleases,

  107. 	}

  108. 

  109. 	subcmdRegenerate = cli.Command{

  110. 		Name:  "regenerate",

  111. 		Usage: "Regenerate specific files",

  112. 		Subcommands: []cli.Command{

  113. 			microcmdRegenHooks,

  114. 			microcmdRegenKeys,

  115. 		},

  116. 	}

  117. 

  118. 	microcmdRegenHooks = cli.Command{

  119. 		Name:   "hooks",

  120. 		Usage:  "Regenerate git-hooks",

  121. 		Action: runRegenerateHooks,

  122. 	}

  123. 

  124. 	microcmdRegenKeys = cli.Command{

  125. 		Name:   "keys",

  126. 		Usage:  "Regenerate authorized_keys file",

  127. 		Action: runRegenerateKeys,

  128. 	}

  129. 

  130. 	subcmdAuth = cli.Command{

  131. 		Name:  "auth",

  132. 		Usage: "Modify external auth providers",

  133. 		Subcommands: []cli.Command{

  134. 			microcmdAuthAddOauth,

  135. 			microcmdAuthUpdateOauth,

  136. 			cmdAuthAddLdapBindDn,

  137. 			cmdAuthUpdateLdapBindDn,

  138. 			cmdAuthAddLdapSimpleAuth,

  139. 			cmdAuthUpdateLdapSimpleAuth,

  140. 			microcmdAuthList,

  141. 			microcmdAuthDelete,

  142. 		},

  143. 	}

  144. 

  145. 	microcmdAuthList = cli.Command{

  146. 		Name:   "list",

  147. 		Usage:  "List auth sources",

  148. 		Action: runListAuth,

  149. 		Flags: []cli.Flag{

  150. 			cli.IntFlag{

  151. 				Name:  "min-width",

  152. 				Usage: "Minimal cell width including any padding for the formatted table",

  153. 				Value: 0,

  154. 			},

  155. 			cli.IntFlag{

  156. 				Name:  "tab-width",

  157. 				Usage: "width of tab characters in formatted table (equivalent number of spaces)",

  158. 				Value: 8,

  159. 			},

  160. 			cli.IntFlag{

  161. 				Name:  "padding",

  162. 				Usage: "padding added to a cell before computing its width",

  163. 				Value: 1,

  164. 			},

  165. 			cli.StringFlag{

  166. 				Name:  "pad-char",

  167. 				Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,

  168. 				Value: "\t",

  169. 			},

  170. 			cli.BoolFlag{

  171. 				Name:  "vertical-bars",

  172. 				Usage: "Set to true to print vertical bars between columns",

  173. 			},

  174. 		},

  175. 	}

  176. 

  177. 	idFlag = cli.Int64Flag{

  178. 		Name:  "id",

  179. 		Usage: "ID of authentication source",

  180. 	}

  181. 

  182. 	microcmdAuthDelete = cli.Command{

  183. 		Name:   "delete",

  184. 		Usage:  "Delete specific auth source",

  185. 		Flags:  []cli.Flag{idFlag},

  186. 		Action: runDeleteAuth,

  187. 	}

  188. 

  189. 	oauthCLIFlags = []cli.Flag{

  190. 		cli.StringFlag{

  191. 			Name:  "name",

  192. 			Value: "",

  193. 			Usage: "Application Name",

  194. 		},

  195. 		cli.StringFlag{

  196. 			Name:  "provider",

  197. 			Value: "",

  198. 			Usage: "OAuth2 Provider",

  199. 		},

  200. 		cli.StringFlag{

  201. 			Name:  "key",

  202. 			Value: "",

  203. 			Usage: "Client ID (Key)",

  204. 		},

  205. 		cli.StringFlag{

  206. 			Name:  "secret",

  207. 			Value: "",

  208. 			Usage: "Client Secret",

  209. 		},

  210. 		cli.StringFlag{

  211. 			Name:  "auto-discover-url",

  212. 			Value: "",

  213. 			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",

  214. 		},

  215. 		cli.StringFlag{

  216. 			Name:  "use-custom-urls",

  217. 			Value: "false",

  218. 			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",

  219. 		},

  220. 		cli.StringFlag{

  221. 			Name:  "custom-auth-url",

  222. 			Value: "",

  223. 			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",

  224. 		},

  225. 		cli.StringFlag{

  226. 			Name:  "custom-token-url",

  227. 			Value: "",

  228. 			Usage: "Use a custom Token URL (option for GitLab/GitHub)",

  229. 		},

  230. 		cli.StringFlag{

  231. 			Name:  "custom-profile-url",

  232. 			Value: "",

  233. 			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",

  234. 		},

  235. 		cli.StringFlag{

  236. 			Name:  "custom-email-url",

  237. 			Value: "",

  238. 			Usage: "Use a custom Email URL (option for GitHub)",

  239. 		},

  240. 	}

  241. 

  242. 	microcmdAuthUpdateOauth = cli.Command{

  243. 		Name:   "update-oauth",

  244. 		Usage:  "Update existing Oauth authentication source",

  245. 		Action: runUpdateOauth,

  246. 		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),

  247. 	}

  248. 

  249. 	microcmdAuthAddOauth = cli.Command{

  250. 		Name:   "add-oauth",

  251. 		Usage:  "Add new Oauth authentication source",

  252. 		Action: runAddOauth,

  253. 		Flags:  oauthCLIFlags,

  254. 	}

  255. )

  256. 

  257. func runChangePassword(c *cli.Context) error {

  258. 	if err := argsSet(c, "username", "password"); err != nil {

  259. 		return err

  260. 	}

  261. 

  262. 	if err := initDB(); err != nil {

  263. 		return err

  264. 	}

  265. 	if !pwd.IsComplexEnough(c.String("password")) {

  266. 		return errors.New("Password does not meet complexity requirements")

  267. 	}

  268. 	uname := c.String("username")

  269. 	user, err := models.GetUserByName(uname)

  270. 	if err != nil {

  271. 		return err

  272. 	}

  273. 	if user.Salt, err = models.GetUserSalt(); err != nil {

  274. 		return err

  275. 	}

  276. 	user.HashPassword(c.String("password"))

  277. 

  278. 	if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {

  279. 		return err

  280. 	}

  281. 

  282. 	fmt.Printf("%s's password has been successfully updated!\n", user.Name)

  283. 	return nil

  284. }

  285. 

  286. func runCreateUser(c *cli.Context) error {

  287. 	if err := argsSet(c, "email"); err != nil {

  288. 		return err

  289. 	}

  290. 

  291. 	if c.IsSet("name") && c.IsSet("username") {

  292. 		return errors.New("Cannot set both --name and --username flags")

  293. 	}

  294. 	if !c.IsSet("name") && !c.IsSet("username") {

  295. 		return errors.New("One of --name or --username flags must be set")

  296. 	}

  297. 

  298. 	if c.IsSet("password") && c.IsSet("random-password") {

  299. 		return errors.New("cannot set both -random-password and -password flags")

  300. 	}

  301. 

  302. 	var username string

  303. 	if c.IsSet("username") {

  304. 		username = c.String("username")

  305. 	} else {

  306. 		username = c.String("name")

  307. 		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")

  308. 	}

  309. 

  310. 	if err := initDB(); err != nil {

  311. 		return err

  312. 	}

  313. 

  314. 	var password string

  315. 	if c.IsSet("password") {

  316. 		password = c.String("password")

  317. 	} else if c.IsSet("random-password") {

  318. 		var err error

  319. 		password, err = pwd.Generate(c.Int("random-password-length"))

  320. 		if err != nil {

  321. 			return err

  322. 		}

  323. 		fmt.Printf("generated random password is '%s'\n", password)

  324. 	} else {

  325. 		return errors.New("must set either password or random-password flag")

  326. 	}

  327. 

  328. 	// always default to true

  329. 	var changePassword = true

  330. 

  331. 	// If this is the first user being created.

  332. 	// Take it as the admin and don't force a password update.

  333. 	if n := models.CountUsers(); n == 0 {

  334. 		changePassword = false

  335. 	}

  336. 

  337. 	if c.IsSet("must-change-password") {

  338. 		changePassword = c.Bool("must-change-password")

  339. 	}

  340. 

  341. 	u := &models.User{

  342. 		Name:               username,

  343. 		Email:              c.String("email"),

  344. 		Passwd:             password,

  345. 		IsActive:           true,

  346. 		IsAdmin:            c.Bool("admin"),

  347. 		MustChangePassword: changePassword,

  348. 		Theme:              setting.UI.DefaultTheme,

  349. 	}

  350. 

  351. 	if err := models.CreateUser(u); err != nil {

  352. 		return fmt.Errorf("CreateUser: %v", err)

  353. 	}

  354. 

  355. 	if c.Bool("access-token") {

  356. 		t := &models.AccessToken{

  357. 			Name: "gitea-admin",

  358. 			UID:  u.ID,

  359. 		}

  360. 

  361. 		if err := models.NewAccessToken(t); err != nil {

  362. 			return err

  363. 		}

  364. 

  365. 		fmt.Printf("Access token was successfully created... %s\n", t.Token)

  366. 	}

  367. 

  368. 	fmt.Printf("New user '%s' has been successfully created!\n", username)

  369. 	return nil

  370. }

  371. 

  372. func runRepoSyncReleases(c *cli.Context) error {

  373. 	if err := initDB(); err != nil {

  374. 		return err

  375. 	}

  376. 

  377. 	log.Trace("Synchronizing repository releases (this may take a while)")

  378. 	for page := 1; ; page++ {

  379. 		repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{

  380. 			ListOptions: models.ListOptions{

  381. 				PageSize: models.RepositoryListDefaultPageSize,

  382. 				Page:     page,

  383. 			},

  384. 			Private: true,

  385. 		})

  386. 		if err != nil {

  387. 			return fmt.Errorf("SearchRepositoryByName: %v", err)

  388. 		}

  389. 		if len(repos) == 0 {

  390. 			break

  391. 		}

  392. 		log.Trace("Processing next %d repos of %d", len(repos), count)

  393. 		for _, repo := range repos {

  394. 			log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())

  395. 			gitRepo, err := git.OpenRepository(repo.RepoPath())

  396. 			if err != nil {

  397. 				log.Warn("OpenRepository: %v", err)

  398. 				continue

  399. 			}

  400. 

  401. 			oldnum, err := getReleaseCount(repo.ID)

  402. 			if err != nil {

  403. 				log.Warn(" GetReleaseCountByRepoID: %v", err)

  404. 			}

  405. 			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)

  406. 

  407. 			if err = repo_module.SyncReleasesWithTags(repo, gitRepo); err != nil {

  408. 				log.Warn(" SyncReleasesWithTags: %v", err)

  409. 				gitRepo.Close()

  410. 				continue

  411. 			}

  412. 

  413. 			count, err = getReleaseCount(repo.ID)

  414. 			if err != nil {

  415. 				log.Warn(" GetReleaseCountByRepoID: %v", err)

  416. 				gitRepo.Close()

  417. 				continue

  418. 			}

  419. 

  420. 			log.Trace(" repo %s releases synchronized to tags: from %d to %d",

  421. 				repo.FullName(), oldnum, count)

  422. 			gitRepo.Close()

  423. 		}

  424. 	}

  425. 

  426. 	return nil

  427. }

  428. 

  429. func getReleaseCount(id int64) (int64, error) {

  430. 	return models.GetReleaseCountByRepoID(

  431. 		id,

  432. 		models.FindReleasesOptions{

  433. 			IncludeTags: true,

  434. 		},

  435. 	)

  436. }

  437. 

  438. func runRegenerateHooks(c *cli.Context) error {

  439. 	if err := initDB(); err != nil {

  440. 		return err

  441. 	}

  442. 	return repo_module.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())

  443. }

  444. 

  445. func runRegenerateKeys(c *cli.Context) error {

  446. 	if err := initDB(); err != nil {

  447. 		return err

  448. 	}

  449. 	return models.RewriteAllPublicKeys()

  450. }

  451. 

  452. func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {

  453. 	var customURLMapping *oauth2.CustomURLMapping

  454. 	if c.IsSet("use-custom-urls") {

  455. 		customURLMapping = &oauth2.CustomURLMapping{

  456. 			TokenURL:   c.String("custom-token-url"),

  457. 			AuthURL:    c.String("custom-auth-url"),

  458. 			ProfileURL: c.String("custom-profile-url"),

  459. 			EmailURL:   c.String("custom-email-url"),

  460. 		}

  461. 	} else {

  462. 		customURLMapping = nil

  463. 	}

  464. 	return &models.OAuth2Config{

  465. 		Provider:                      c.String("provider"),

  466. 		ClientID:                      c.String("key"),

  467. 		ClientSecret:                  c.String("secret"),

  468. 		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),

  469. 		CustomURLMapping:              customURLMapping,

  470. 	}

  471. }

  472. 

  473. func runAddOauth(c *cli.Context) error {

  474. 	if err := initDB(); err != nil {

  475. 		return err

  476. 	}

  477. 

  478. 	return models.CreateLoginSource(&models.LoginSource{

  479. 		Type:      models.LoginOAuth2,

  480. 		Name:      c.String("name"),

  481. 		IsActived: true,

  482. 		Cfg:       parseOAuth2Config(c),

  483. 	})

  484. }

  485. 

  486. func runUpdateOauth(c *cli.Context) error {

  487. 	if !c.IsSet("id") {

  488. 		return fmt.Errorf("--id flag is missing")

  489. 	}

  490. 

  491. 	if err := initDB(); err != nil {

  492. 		return err

  493. 	}

  494. 

  495. 	source, err := models.GetLoginSourceByID(c.Int64("id"))

  496. 	if err != nil {

  497. 		return err

  498. 	}

  499. 

  500. 	oAuth2Config := source.OAuth2()

  501. 

  502. 	if c.IsSet("name") {

  503. 		source.Name = c.String("name")

  504. 	}

  505. 

  506. 	if c.IsSet("provider") {

  507. 		oAuth2Config.Provider = c.String("provider")

  508. 	}

  509. 

  510. 	if c.IsSet("key") {

  511. 		oAuth2Config.ClientID = c.String("key")

  512. 	}

  513. 

  514. 	if c.IsSet("secret") {

  515. 		oAuth2Config.ClientSecret = c.String("secret")

  516. 	}

  517. 

  518. 	if c.IsSet("auto-discover-url") {

  519. 		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")

  520. 	}

  521. 

  522. 	// update custom URL mapping

  523. 	var customURLMapping = &oauth2.CustomURLMapping{}

  524. 

  525. 	if oAuth2Config.CustomURLMapping != nil {

  526. 		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL

  527. 		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL

  528. 		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL

  529. 		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL

  530. 	}

  531. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {

  532. 		customURLMapping.TokenURL = c.String("custom-token-url")

  533. 	}

  534. 

  535. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {

  536. 		customURLMapping.AuthURL = c.String("custom-auth-url")

  537. 	}

  538. 

  539. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {

  540. 		customURLMapping.ProfileURL = c.String("custom-profile-url")

  541. 	}

  542. 

  543. 	if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {

  544. 		customURLMapping.EmailURL = c.String("custom-email-url")

  545. 	}

  546. 

  547. 	oAuth2Config.CustomURLMapping = customURLMapping

  548. 	source.Cfg = oAuth2Config

  549. 

  550. 	return models.UpdateSource(source)

  551. }

  552. 

  553. func runListAuth(c *cli.Context) error {

  554. 	if err := initDB(); err != nil {

  555. 		return err

  556. 	}

  557. 

  558. 	loginSources, err := models.LoginSources()

  559. 

  560. 	if err != nil {

  561. 		return err

  562. 	}

  563. 

  564. 	flags := tabwriter.AlignRight

  565. 	if c.Bool("vertical-bars") {

  566. 		flags |= tabwriter.Debug

  567. 	}

  568. 

  569. 	padChar := byte('\t')

  570. 	if len(c.String("pad-char")) > 0 {

  571. 		padChar = c.String("pad-char")[0]

  572. 	}

  573. 

  574. 	// loop through each source and print

  575. 	w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)

  576. 	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")

  577. 	for _, source := range loginSources {

  578. 		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)

  579. 	}

  580. 	w.Flush()

  581. 

  582. 	return nil

  583. }

  584. 

  585. func runDeleteAuth(c *cli.Context) error {

  586. 	if !c.IsSet("id") {

  587. 		return fmt.Errorf("--id flag is missing")

  588. 	}

  589. 

  590. 	if err := initDB(); err != nil {

  591. 		return err

  592. 	}

  593. 

  594. 	source, err := models.GetLoginSourceByID(c.Int64("id"))

  595. 	if err != nil {

  596. 		return err

  597. 	}

  598. 

  599. 	return models.DeleteSource(source)

  600. }