Commit Graph

74 Commits (0e8b27afe8aaa9055be24f71e8543f2701f18291)

Author SHA1 Message Date
QuaSoft 7b4d2f7a2a Add single sign-on support via SSPI on Windows (#8463)
* Add single sign-on support via SSPI on Windows

* Ensure plugins implement interface

* Ensure plugins implement interface

* Move functions used only by the SSPI auth method to sspi_windows.go

* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected

* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.

* Update documentation for the new 'SPNEGO with SSPI' login source

* Mention in documentation that ROOT_URL should contain the FQDN of the server

* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)

* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)

* Add option in SSPIConfig for removing of domains from logon names

* Update helper text for StripDomainNames option

* Make sure handleSignIn() is called after a new user object is created by SSPI auth method

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates

* Remove code duplication

* Log errors in ActiveLoginSources

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert suffix of randomly generated E-mails for Reverse proxy authentication

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert unneeded white-space change in template

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Add copyright comments at the top of new files

* Use loopback name for randomly generated emails

* Add locale tag for the SSPISeparatorReplacement field with proper casing

* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields

* Update docs/content/doc/features/authentication.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Remove Priority() method and define the order in which SSO auth methods should be executed in one place

* Log authenticated username only if it's not empty

* Rephrase helper text for automatic creation of users

* Return error if more than one active SSPI auth source is found

* Change newUser() function to return error, letting caller log/handle the error

* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed

* Refactor initialization of the list containing SSO auth methods

* Validate SSPI settings on POST

* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page

* Make 'Default language' in SSPI config empty, unless changed by admin

* Show error if admin tries to add a second authentication source of type SSPI

* Simplify declaration of global variable

* Rebuild gitgraph.js on Linux

* Make sure config values containing only whitespace are not accepted
2019-11-23 01:33:31 +02:00
zeripath 5a62ae5cbf
Add setting to disable BASIC authentication (#8586)
Closes #8561.
2019-10-19 15:27:15 +01:00
WGH 6ddd3b0b47 Implement webhook branch filter (#7791)
* Fix validate() function to handle errors in embedded anon structs

* Implement webhook branch filter

See #2025, #3998.
2019-09-09 08:48:21 +03:00
David Svantesson ce45a8c257 Allow token as authorization for accessing attachments (#7909)
* Allow token as authorization for accessing attachments

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Only allow token authentication for attachments if it is a download (GET)
2019-08-24 02:33:32 +02:00
Tamal Saha 171b359877 Use gitea forked macaron (#7933)
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-08-23 12:40:29 -04:00
Lunny Xiao 85202d4784
Display ui time with customize time location (#7792)
* display ui time with customize time location

* fix lint

* rename UILocation to DefaultUILocation

* move time related functions to modules/timeutil

* fix tests

* fix tests

* fix build

* fix swagger
2019-08-15 22:46:21 +08:00
kolaente f9ec2f89f2 Add golangci (#6418) 2019-06-12 15:41:28 -04:00
techknowlogick ec2d489d15
OAuth2 token can be used in basic auth (#6747) 2019-04-25 18:42:50 -04:00
techknowlogick 19ec2606e9 API OTP Context (#6674)
* API OTP Context

* Update api.go

* token

* token

* fix per discord

* copyright header

* remove check for token in OTP

* Update auth.go

* simplify

* Update api.go
2019-04-19 11:59:26 +03:00
zeripath 704da08fdc
Better logging (#6038) (#6095)
* Panic don't fatal on create new logger

Fixes #5854

Signed-off-by: Andrew Thornton <art27@cantab.net>

* partial broken

* Update the logging infrastrcture

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reset the skip levels for Fatal and Error

Signed-off-by: Andrew Thornton <art27@cantab.net>

* broken ncsa

* More log.Error fixes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove nal

* set log-levels to lowercase

* Make console_test test all levels

* switch to lowercased levels

* OK now working

* Fix vetting issues

* Fix lint

* Fix tests

* change default logging to match current gitea

* Improve log testing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* reset error skip levels to 0

* Update documentation and access logger configuration

* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE

* Fix broken level caching

* Refactor the router log

* Add Router logger

* Add colorizing options

* Adjust router colors

* Only create logger if they will be used

* update app.ini.sample

* rename Attribute ColorAttribute

* Change from white to green for function

* Set fatal/error levels

* Restore initial trace logger

* Fix Trace arguments in modules/auth/auth.go

* Properly handle XORMLogger

* Improve admin/config page

* fix fmt

* Add auto-compression of old logs

* Update error log levels

* Remove the unnecessary skip argument from Error, Fatal and Critical

* Add stacktrace support

* Fix tests

* Remove x/sync from vendors?

* Add stderr option to console logger

* Use filepath.ToSlash to protect against Windows in tests

* Remove prefixed underscores from names in colors.go

* Remove not implemented database logger

This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.

* Ensure that log paths are relative to ROOT_PATH

* use path.Join

* rename jsonConfig to logConfig

* Rename "config" to "jsonConfig" to make it clearer

* Requested changes

* Requested changes: XormLogger

* Try to color the windows terminal

If successful default to colorizing the console logs

* fixup

* Colorize initially too

* update vendor

* Colorize logs on default and remove if this is not a colorizing logger

* Fix documentation

* fix test

* Use go-isatty to detect if on windows we are on msys or cygwin

* Fix spelling mistake

* Add missing vendors

* More changes

* Rationalise the ANSI writer protection

* Adjust colors on advice from @0x5c

* Make Flags a comma separated list

* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING

* Ensure matching is done on the non-colored message - to simpify EXPRESSION
2019-04-02 08:48:31 +01:00
Jonas Franz e777c6bdc6 Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
manuelluis fc038caa69 In basic auth check for tokens before call UserSignIn (#5725)
* Check first if user/password is a token

* In basic auth check if user/password is a token

* Remove unnecessary else statement

* Changes of fmt
2019-02-12 11:20:08 +02:00
zeripath 2a660a1de1 Support reverse proxy providing email (#5554)
This PR implements #2347
2018-12-18 12:05:48 -05:00
Oleg Kovalov 5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
B-OnTheGo e47df0b301 Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
Lunny Xiao f2e20c81b6 Refactor struct's time to remove unnecessary memory usage (#3142)
* refactor struct's time to remove unnecessary memory usage

* use AsTimePtr simple code

* fix tests

* fix time compare

* fix template on gpg

* use AddDuration instead of Add
2017-12-11 06:37:04 +02:00
Lauris BH f42ec6120e Better URL validation (#1507)
* Add correct git branch name validation

* Change git refname validation error constant name

* Implement URL validation based on GoLang url.Parse method

* Backward compatibility with older Go compiler

* Add git reference name validation unit tests

* Remove unused variable in unit test

* Implement URL validation based on GoLang url.Parse method

* Backward compatibility with older Go compiler

* Add url validation unit tests
2017-04-19 11:02:20 +08:00
Bo-Yi Wu 28a5bc313a fix: gofmt errors. (#1106) 2017-03-03 16:21:31 +08:00
Willem van Dreumel 01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Ethan Koenig e86d935175 Avoid duplicate queries in auth (#827)
Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
2017-02-05 21:10:46 +08:00
Kim "BKC" Carlbäcker e6cfccdd40 GitHub API Compliance (& linting) 2016-12-02 09:18:15 +01:00
Lunny Xiao ec87a75c00 golint fixed for modules/auth 2016-11-27 21:39:06 +08:00
Sandro Santilli 4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
Rémy Boulanouar 2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
Franz Schmidt 8b35c194ec Fixes #3110 (#3136) 2016-06-27 17:02:39 +08:00
Unknwon ac78bae7b5 Replace uuid module with original package 2016-02-20 18:13:12 -05:00
zhuharev 0d5dc8a064 typo fix 2016-01-06 22:41:42 +03:00
Unknwon 7d72c8333e work on #470 and fix miror JS issue when choose targets on compare and pull 2015-10-29 21:09:48 -04:00
Unknwon 932dbccb67 fix import path, fix #1782 2015-10-15 21:28:12 -04:00
Unknwon 65e73c4ac6 support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00
Unknwon 2ac8e11f46 #842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00
Unknwon bb3b90fcd6 #1487 Readme Template 2015-08-28 18:33:09 +08:00
Unknwon 03b85b73af token recent activity 2015-08-19 06:22:33 +08:00
Unknwon 407385db7e work on #1493 2015-08-17 17:05:37 +08:00
Unknwon dea3a8c6a4 WIP: create PR - choose branch 2015-08-08 22:43:14 +08:00
Unknwon e50982f5ec allow anonymous SSH clone 2015-08-05 11:14:17 +08:00
Unknwon ac95f6d50f UI: basic label list
- create new label
2015-07-24 21:02:49 +08:00
Unknwon ff051e2106 #1128: API calls are not hidden behind sign in 2015-07-15 19:17:57 +08:00
Unknwon 5cf3732339 UI: install - new version 2015-07-08 19:47:56 +08:00
Gogs fab038b175 Attempt #3 of ldap fixes 2015-02-27 13:18:29 +00:00
Unknwon b293b6eaa6 cmd: CMD option for port number of `gogs web` to prevent first time run conflict
- routers: use new binding convention to simplify code
- templates: able to set HTTP port number in install page
2015-02-01 12:41:03 -05:00
Unknwon 9803c421f5 fix binding api broken 2014-12-15 01:49:59 -05:00
Joseph Crail 39c068400e Fix spelling errors in comments. 2014-12-06 20:22:48 -05:00
Unknwon 0b785ad967 work on #672 2014-12-05 18:08:09 -05:00
Unknwon 069486d169 fix #165 2014-12-05 17:54:57 -05:00
Unknwon 37d8d3afe9 more APIs on #12 2014-11-18 11:07:16 -05:00
Unknwon 8eb5120fbd #12, API: list user repos, list repo hooks 2014-11-13 02:32:18 -05:00
Unknwon 8c9338a537 add personal access token panel #12 2014-11-12 06:48:50 -05:00
Unknwon e0de6cb5ad work on #616 and update locales 2014-11-10 05:30:07 -05:00
Unknwon fa241efa6d Use binding middleware 2014-10-15 11:19:20 -04:00