Commit Graph

38 Commits (9340269d8433277807e98059bfb91daa8bc544b4)

Author SHA1 Message Date
zeripath b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00
luzpaz e0296b6a6d
Fix various documentation, user-facing, and source comment typos (#16367)
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
2021-07-08 13:38:13 +02:00
Lunny Xiao b9d611e917
Always store primary email address into email_address table and also the state (#15956)
* Always store primary email address into email_address table and also the state

* Add lower_email to not convert email to lower as what's added

* Fix fixture

* Fix tests

* Use BeforeInsert to save lower email

* Fix v180 migration

* fix tests

* Fix test

* Remove wrong submited codes

* Fix test

* Fix test

* Fix test

* Add test for v181 migration

* remove change user's email to lower

* Revert change on user's email column

* Fix lower email

* Fix test

* Fix test
2021-06-08 11:52:51 +08:00
Bo-Yi Wu 167b0f46ef
chore(models): rewrite code format. (#14754)
* chore: rewrite format.

* chore: update format

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* chore: update format

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* chore: Adjacent parameters with the same type should be grouped together

* chore: update format.
2021-03-14 19:52:12 +01:00
Anton Khimich 80b1d02b2f
Fix gpg key deletion (#14561)
* Fix GPG key deletion when user is deleted

Per #14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.

* Format added code in models/user.go

* Create a new function for listing GPG keys and apply it

Create a new function `listGPGKeys` and replace a previous use
of `ListGPGKeys`. Thanks to @6543 for the patch.

Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
Co-authored-by: 6543 <6543@obermui.de>
2021-02-04 17:16:21 +08:00
zeripath 4979f15c3f
Add configurable Trust Models (#11712)
* Add configurable Trust Models

Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.

The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.

The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Adjust locale strings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @6543

Co-authored-by: 6543 <6543@obermui.de>

* Update models/gpg_key.go

* Add migration for repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-20 00:44:55 +08:00
zeripath 7c2cf236f8
Allow addition of gpg keyring with multiple keys (#12487)
Related #6778

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-21 13:45:50 +03:00
zeripath f50364a5b0
Keys should not verify revoked email addresses (#12486)
Fix #6778

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-16 09:44:34 +01:00
techknowlogick c9d1e40dfc
UI: Update commit signature view (#12473) 2020-08-13 10:54:54 -04:00
zeripath 8a0bb7cd04
Ensure Subkeys are verified (#12155)
When attempting to verify subkeys the email address verification step
requires checking the emails however, these emails are not stored on
subkeys but instead on the primary key.

This PR will obtain the primaryKey and check against these emails too.

Fix #12128

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-07-06 14:33:34 -04:00
zeripath a730dc1419
Fix verification of subkeys of default gpg key (#11713)
* Fix verification of subkeys of default gpg key

Fix #10309

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove debug log

* Update models/gpg_key.go

* As per @6543

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-06-03 11:36:41 -04:00
6543 560744fb33
Handle expected errors in AddGPGkey API (#11644)
* handle GPG Parse & Email Errors

* correct TEST

* update Swagger

* more Docu
2020-05-28 17:25:54 -04:00
zeripath 90919bb37e
Show Signer in commit lists and add basic trust (#10425)
* Show Signer in commit lists and add basic trust

Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.

Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* ensure orange text and background is available

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update gpg_key.go

* Update models/gpg_key.go

* Apply suggestions from code review

* Require team collaborators to have access to UnitTypeCode

* as per @6543

* fix position of sha as per @silverwind

* as per @guillep2k
2020-02-27 16:20:55 -03:00
SpaWn2KiLl 1f01f53c53 API add/generalize pagination (#9452)
* paginate results

* fixed deadlock

* prevented breaking change

* updated swagger

* go fmt

* fixed find topic

* go mod tidy

* go mod vendor with go1.13.5

* fixed repo find topics

* fixed unit test

* added Limit method to Engine struct; use engine variable when provided; fixed gitignore

* use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors

* set Page value on Home route

* improved memory allocations

* fixed response headers

* removed logfiles

* fixed import order

* import order

* improved swagger

* added function to get models.ListOptions from context

* removed pagesize diff on unit test

* fixed imports

* removed unnecessary struct field

* fixed go fmt

* scoped PR

* code improvements

* code improvements

* go mod tidy

* fixed import order

* fixed commit statuses session

* fixed files headers

* fixed headers; added pagination for notifications

* go mod tidy

* go fmt

* removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list

* Apply suggestions from code review

Co-Authored-By: 6543 <6543@obermui.de>
Co-Authored-By: zeripath <art27@cantab.net>

* fixed build error

* CI.restart()

* fixed merge conflicts resolve

* fixed conflicts resolve

* improved FindTrackedTimesOptions.ToOptions() method

* added backwards compatibility on ListReleases request; fixed issue tracked time ToSession

* fixed build error; fixed swagger template

* fixed swagger template

* fixed ListReleases backwards compatibility

* added page to user search route

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2020-01-24 14:00:29 -05:00
zeripath 28f60bb5cb
Ensure default gpg settings not nil and found commits have reference to repo (#8604)
* Ensure defaultGPGSettings not nil

* Ensure that coerced commits gain a reference to the repo

* Add warning if trying to get defaultgpgsetting on an unattached commit
2019-10-20 23:26:36 +01:00
Lunny Xiao d151503d34 Upgrade xorm to v0.8.0 (#8536) 2019-10-17 11:26:49 +02:00
zeripath fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
Lunny Xiao 85202d4784
Display ui time with customize time location (#7792)
* display ui time with customize time location

* fix lint

* rename UILocation to DefaultUILocation

* move time related functions to modules/timeutil

* fix tests

* fix tests

* fix build

* fix swagger
2019-08-15 22:46:21 +08:00
Antoine GIRARD e98565ddc7 Fix wrong GPG expire date (#6643)
* fix expire of gpg relative to key creation https://tools.ietf.org/html/rfc4880#section-5.2.3.6

* add test
2019-04-15 20:32:15 -04:00
Antoine GIRARD d699de32f2 add .gpg url (match github behaviour) (#6610)
* add .gpg url (match github behaviour)

* wildcard

* test to export maximum data

* working POC

* add comment for old imported keys

* cleaning

* Update routers/user/profile.go

Co-Authored-By: sapk <sapk@users.noreply.github.com>

* add migration script

* add integration tests
2019-04-14 12:43:56 -04:00
zeripath 704da08fdc
Better logging (#6038) (#6095)
* Panic don't fatal on create new logger

Fixes #5854

Signed-off-by: Andrew Thornton <art27@cantab.net>

* partial broken

* Update the logging infrastrcture

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reset the skip levels for Fatal and Error

Signed-off-by: Andrew Thornton <art27@cantab.net>

* broken ncsa

* More log.Error fixes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove nal

* set log-levels to lowercase

* Make console_test test all levels

* switch to lowercased levels

* OK now working

* Fix vetting issues

* Fix lint

* Fix tests

* change default logging to match current gitea

* Improve log testing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* reset error skip levels to 0

* Update documentation and access logger configuration

* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE

* Fix broken level caching

* Refactor the router log

* Add Router logger

* Add colorizing options

* Adjust router colors

* Only create logger if they will be used

* update app.ini.sample

* rename Attribute ColorAttribute

* Change from white to green for function

* Set fatal/error levels

* Restore initial trace logger

* Fix Trace arguments in modules/auth/auth.go

* Properly handle XORMLogger

* Improve admin/config page

* fix fmt

* Add auto-compression of old logs

* Update error log levels

* Remove the unnecessary skip argument from Error, Fatal and Critical

* Add stacktrace support

* Fix tests

* Remove x/sync from vendors?

* Add stderr option to console logger

* Use filepath.ToSlash to protect against Windows in tests

* Remove prefixed underscores from names in colors.go

* Remove not implemented database logger

This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.

* Ensure that log paths are relative to ROOT_PATH

* use path.Join

* rename jsonConfig to logConfig

* Rename "config" to "jsonConfig" to make it clearer

* Requested changes

* Requested changes: XormLogger

* Try to color the windows terminal

If successful default to colorizing the console logs

* fixup

* Colorize initially too

* update vendor

* Colorize logs on default and remove if this is not a colorizing logger

* Fix documentation

* fix test

* Use go-isatty to detect if on windows we are on msys or cygwin

* Fix spelling mistake

* Add missing vendors

* More changes

* Rationalise the ANSI writer protection

* Adjust colors on advice from @0x5c

* Make Flags a comma separated list

* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING

* Ensure matching is done on the non-colored message - to simpify EXPRESSION
2019-04-02 08:48:31 +01:00
Lunny Xiao d578b71d61
move code.gitea.io/git to code.gitea.io/gitea/modules/git (#6364)
* move code.gitea.io/git to code.gitea.io/gitea/modules/git

* fix imports

* fix fmt

* fix misspell

* remove wrong tests data

* fix unit tests

* fix tests

* fix tests

* fix tests

* fix tests

* fix tests

* enable Debug to trace the failure tests

* fix tests

* fix tests

* fix tests

* fix tests

* fix tests

* comment commit count tests since git clone depth is 50

* fix tests

* update from code.gitea.io/git

* revert change to makefile
2019-03-27 17:33:00 +08:00
SagePtr 043ab2cd59 Fix null pointer dereference in ParseCommitWithSignature (#4962) 2018-09-20 13:49:07 +08:00
Morgan Bazalgette b730498f02 Don't write to log NoCommitterAccount (#3621)
* Don't write to log NoCommitterAccount

It's way too verbose, and the information is also printed to the user
already. Fixes #3602.

* ignore err only if it's a ErrUserNotExist

* Replace with IsErrUserNotExist
2018-03-04 10:45:01 +08:00
Lunny Xiao f2e20c81b6 Refactor struct's time to remove unnecessary memory usage (#3142)
* refactor struct's time to remove unnecessary memory usage

* use AsTimePtr simple code

* fix tests

* fix time compare

* fix template on gpg

* use AddDuration instead of Add
2017-12-11 06:37:04 +02:00
Julian Scholle 92123fe82a GPG key email verification no longer case sensitive (#2661) (#2663)
* GPG key email verification no longer case sensitive (#2661)

* case insensitive GPG key email verification now cached (#2661)

Signed-off-by: Julian Scholle <julian.scholle@googlemail.com>
2017-10-06 23:28:21 +03:00
Ethan Koenig aa962deec0 Replace deprecated Id method with ID (#2655) 2017-10-05 07:43:04 +03:00
Lunny Xiao a8717e5e3a Use AfterLoad instead of AfterSet on Structs (#2628)
* use AfterLoad instead of AfterSet on Structs

* fix the comments on AfterLoad

* fix the comments on action AfterLoad
2017-10-01 19:52:35 +03:00
Ethan Koenig 4cb9394a97 Fix lint errors (#2547) 2017-09-19 11:08:30 +03:00
Antoine GIRARD 7c417bbb0d Only check at least one email gpg key (#2266)
* Only require one email (possibly not yet validated)

* Update message error and check validation of commit

* Add integrations tests

* Complete integration for import

* Add pre-check/optimization

* Add some test (not finished)

* Finish

* Fix fixtures

* Fix typo

* Don't guess key ID
2017-09-05 21:45:18 +08:00
Lunny Xiao 33f3165296 remove unnecessary blank lines and wrong error log 2017-06-28 19:00:08 +02:00
Lauris BH 6db387a21e Refactor session close as xorm already does everything needed internally (#2020) 2017-06-21 08:57:05 +08:00
Lauris BH 1a906f800d Fix GPG email checking to be case insensitive (#1988) 2017-06-17 18:56:40 +08:00
Antoine GIRARD 274149dd14 Switch to keybase go-crypto (for some elliptic curve key) + test (#1925)
* Switch to keybase go-crypto (for some elliptic curve key) + test

* Use assert.NoError 

and add a little more context to failing test description

* Use assert.(No)Error everywhere 🌈

and assert.Error in place of .Nil/.NotNil
2017-06-14 08:43:43 +08:00
Antoine GIRARD 8371f94d06 Rework SSH key management UI to add GPG (#1293)
* Rework SSH key management UI to add GPG

* Add more detail to gpg key display

* Update CHANGELOG.md

* Implement deletion UI

* Implement adding gpg UI

* Various fixes

- Fix duplicate entry in locale
- Re-generate hash before verification since they are consumed

* Add missing translation

* Split template

* Catch not found/verified email error
2017-04-26 21:10:43 +08:00
Antoine GIRARD 14fe9010ae GPG commit validation (#1150)
* GPG commit validation

* Add translation

+ some little fix

* Move hash calc after retrieving of potential key + missing translation

* Add some little test
2017-03-22 18:43:54 +08:00
Lunny Xiao 608cd54a68 fix gpg wrong column types 2017-03-20 02:55:07 +01:00
Antoine GIRARD ca1c3f1926 Implement GPG api (#710)
* Implement GPG API

* Better handle error

* Apply review recommendation + simplify database operations

* Remove useless comments
2017-03-16 09:27:35 +08:00