You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

608 lines
15 KiB

API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
  1. // Copyright 2016 The Gogs Authors. All rights reserved.
  2. // Copyright 2016 The Gitea Authors. All rights reserved.
  3. // Use of this source code is governed by a MIT-style
  4. // license that can be found in the LICENSE file.
  5. package cmd
  6. import (
  7. "context"
  8. "errors"
  9. "fmt"
  10. "os"
  11. "text/tabwriter"
  12. "code.gitea.io/gitea/models"
  13. "code.gitea.io/gitea/modules/auth/oauth2"
  14. "code.gitea.io/gitea/modules/git"
  15. "code.gitea.io/gitea/modules/graceful"
  16. "code.gitea.io/gitea/modules/log"
  17. pwd "code.gitea.io/gitea/modules/password"
  18. repo_module "code.gitea.io/gitea/modules/repository"
  19. "code.gitea.io/gitea/modules/setting"
  20. "github.com/urfave/cli"
  21. )
  22. var (
  23. // CmdAdmin represents the available admin sub-command.
  24. CmdAdmin = cli.Command{
  25. Name: "admin",
  26. Usage: "Command line interface to perform common administrative operations",
  27. Subcommands: []cli.Command{
  28. subcmdCreateUser,
  29. subcmdChangePassword,
  30. subcmdRepoSyncReleases,
  31. subcmdRegenerate,
  32. subcmdAuth,
  33. },
  34. }
  35. subcmdCreateUser = cli.Command{
  36. Name: "create-user",
  37. Usage: "Create a new user in database",
  38. Action: runCreateUser,
  39. Flags: []cli.Flag{
  40. cli.StringFlag{
  41. Name: "name",
  42. Usage: "Username. DEPRECATED: use username instead",
  43. },
  44. cli.StringFlag{
  45. Name: "username",
  46. Usage: "Username",
  47. },
  48. cli.StringFlag{
  49. Name: "password",
  50. Usage: "User password",
  51. },
  52. cli.StringFlag{
  53. Name: "email",
  54. Usage: "User email address",
  55. },
  56. cli.BoolFlag{
  57. Name: "admin",
  58. Usage: "User is an admin",
  59. },
  60. cli.BoolFlag{
  61. Name: "random-password",
  62. Usage: "Generate a random password for the user",
  63. },
  64. cli.BoolFlag{
  65. Name: "must-change-password",
  66. Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
  67. },
  68. cli.IntFlag{
  69. Name: "random-password-length",
  70. Usage: "Length of the random password to be generated",
  71. Value: 12,
  72. },
  73. cli.BoolFlag{
  74. Name: "access-token",
  75. Usage: "Generate access token for the user",
  76. },
  77. },
  78. }
  79. subcmdChangePassword = cli.Command{
  80. Name: "change-password",
  81. Usage: "Change a user's password",
  82. Action: runChangePassword,
  83. Flags: []cli.Flag{
  84. cli.StringFlag{
  85. Name: "username,u",
  86. Value: "",
  87. Usage: "The user to change password for",
  88. },
  89. cli.StringFlag{
  90. Name: "password,p",
  91. Value: "",
  92. Usage: "New password to set for user",
  93. },
  94. },
  95. }
  96. subcmdRepoSyncReleases = cli.Command{
  97. Name: "repo-sync-releases",
  98. Usage: "Synchronize repository releases with tags",
  99. Action: runRepoSyncReleases,
  100. }
  101. subcmdRegenerate = cli.Command{
  102. Name: "regenerate",
  103. Usage: "Regenerate specific files",
  104. Subcommands: []cli.Command{
  105. microcmdRegenHooks,
  106. microcmdRegenKeys,
  107. },
  108. }
  109. microcmdRegenHooks = cli.Command{
  110. Name: "hooks",
  111. Usage: "Regenerate git-hooks",
  112. Action: runRegenerateHooks,
  113. }
  114. microcmdRegenKeys = cli.Command{
  115. Name: "keys",
  116. Usage: "Regenerate authorized_keys file",
  117. Action: runRegenerateKeys,
  118. }
  119. subcmdAuth = cli.Command{
  120. Name: "auth",
  121. Usage: "Modify external auth providers",
  122. Subcommands: []cli.Command{
  123. microcmdAuthAddOauth,
  124. microcmdAuthUpdateOauth,
  125. cmdAuthAddLdapBindDn,
  126. cmdAuthUpdateLdapBindDn,
  127. cmdAuthAddLdapSimpleAuth,
  128. cmdAuthUpdateLdapSimpleAuth,
  129. microcmdAuthList,
  130. microcmdAuthDelete,
  131. },
  132. }
  133. microcmdAuthList = cli.Command{
  134. Name: "list",
  135. Usage: "List auth sources",
  136. Action: runListAuth,
  137. Flags: []cli.Flag{
  138. cli.IntFlag{
  139. Name: "min-width",
  140. Usage: "Minimal cell width including any padding for the formatted table",
  141. Value: 0,
  142. },
  143. cli.IntFlag{
  144. Name: "tab-width",
  145. Usage: "width of tab characters in formatted table (equivalent number of spaces)",
  146. Value: 8,
  147. },
  148. cli.IntFlag{
  149. Name: "padding",
  150. Usage: "padding added to a cell before computing its width",
  151. Value: 1,
  152. },
  153. cli.StringFlag{
  154. Name: "pad-char",
  155. Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,
  156. Value: "\t",
  157. },
  158. cli.BoolFlag{
  159. Name: "vertical-bars",
  160. Usage: "Set to true to print vertical bars between columns",
  161. },
  162. },
  163. }
  164. idFlag = cli.Int64Flag{
  165. Name: "id",
  166. Usage: "ID of authentication source",
  167. }
  168. microcmdAuthDelete = cli.Command{
  169. Name: "delete",
  170. Usage: "Delete specific auth source",
  171. Flags: []cli.Flag{idFlag},
  172. Action: runDeleteAuth,
  173. }
  174. oauthCLIFlags = []cli.Flag{
  175. cli.StringFlag{
  176. Name: "name",
  177. Value: "",
  178. Usage: "Application Name",
  179. },
  180. cli.StringFlag{
  181. Name: "provider",
  182. Value: "",
  183. Usage: "OAuth2 Provider",
  184. },
  185. cli.StringFlag{
  186. Name: "key",
  187. Value: "",
  188. Usage: "Client ID (Key)",
  189. },
  190. cli.StringFlag{
  191. Name: "secret",
  192. Value: "",
  193. Usage: "Client Secret",
  194. },
  195. cli.StringFlag{
  196. Name: "auto-discover-url",
  197. Value: "",
  198. Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
  199. },
  200. cli.StringFlag{
  201. Name: "use-custom-urls",
  202. Value: "false",
  203. Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
  204. },
  205. cli.StringFlag{
  206. Name: "custom-auth-url",
  207. Value: "",
  208. Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
  209. },
  210. cli.StringFlag{
  211. Name: "custom-token-url",
  212. Value: "",
  213. Usage: "Use a custom Token URL (option for GitLab/GitHub)",
  214. },
  215. cli.StringFlag{
  216. Name: "custom-profile-url",
  217. Value: "",
  218. Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
  219. },
  220. cli.StringFlag{
  221. Name: "custom-email-url",
  222. Value: "",
  223. Usage: "Use a custom Email URL (option for GitHub)",
  224. },
  225. }
  226. microcmdAuthUpdateOauth = cli.Command{
  227. Name: "update-oauth",
  228. Usage: "Update existing Oauth authentication source",
  229. Action: runUpdateOauth,
  230. Flags: append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
  231. }
  232. microcmdAuthAddOauth = cli.Command{
  233. Name: "add-oauth",
  234. Usage: "Add new Oauth authentication source",
  235. Action: runAddOauth,
  236. Flags: oauthCLIFlags,
  237. }
  238. )
  239. func runChangePassword(c *cli.Context) error {
  240. if err := argsSet(c, "username", "password"); err != nil {
  241. return err
  242. }
  243. if err := initDB(); err != nil {
  244. return err
  245. }
  246. if !pwd.IsComplexEnough(c.String("password")) {
  247. return errors.New("Password does not meet complexity requirements")
  248. }
  249. pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
  250. if err != nil {
  251. return err
  252. }
  253. if pwned {
  254. return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
  255. }
  256. uname := c.String("username")
  257. user, err := models.GetUserByName(uname)
  258. if err != nil {
  259. return err
  260. }
  261. if user.Salt, err = models.GetUserSalt(); err != nil {
  262. return err
  263. }
  264. user.HashPassword(c.String("password"))
  265. if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {
  266. return err
  267. }
  268. fmt.Printf("%s's password has been successfully updated!\n", user.Name)
  269. return nil
  270. }
  271. func runCreateUser(c *cli.Context) error {
  272. if err := argsSet(c, "email"); err != nil {
  273. return err
  274. }
  275. if c.IsSet("name") && c.IsSet("username") {
  276. return errors.New("Cannot set both --name and --username flags")
  277. }
  278. if !c.IsSet("name") && !c.IsSet("username") {
  279. return errors.New("One of --name or --username flags must be set")
  280. }
  281. if c.IsSet("password") && c.IsSet("random-password") {
  282. return errors.New("cannot set both -random-password and -password flags")
  283. }
  284. var username string
  285. if c.IsSet("username") {
  286. username = c.String("username")
  287. } else {
  288. username = c.String("name")
  289. fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
  290. }
  291. if err := initDB(); err != nil {
  292. return err
  293. }
  294. var password string
  295. if c.IsSet("password") {
  296. password = c.String("password")
  297. } else if c.IsSet("random-password") {
  298. var err error
  299. password, err = pwd.Generate(c.Int("random-password-length"))
  300. if err != nil {
  301. return err
  302. }
  303. fmt.Printf("generated random password is '%s'\n", password)
  304. } else {
  305. return errors.New("must set either password or random-password flag")
  306. }
  307. // always default to true
  308. var changePassword = true
  309. // If this is the first user being created.
  310. // Take it as the admin and don't force a password update.
  311. if n := models.CountUsers(); n == 0 {
  312. changePassword = false
  313. }
  314. if c.IsSet("must-change-password") {
  315. changePassword = c.Bool("must-change-password")
  316. }
  317. u := &models.User{
  318. Name: username,
  319. Email: c.String("email"),
  320. Passwd: password,
  321. IsActive: true,
  322. IsAdmin: c.Bool("admin"),
  323. MustChangePassword: changePassword,
  324. Theme: setting.UI.DefaultTheme,
  325. }
  326. if err := models.CreateUser(u); err != nil {
  327. return fmt.Errorf("CreateUser: %v", err)
  328. }
  329. if c.Bool("access-token") {
  330. t := &models.AccessToken{
  331. Name: "gitea-admin",
  332. UID: u.ID,
  333. }
  334. if err := models.NewAccessToken(t); err != nil {
  335. return err
  336. }
  337. fmt.Printf("Access token was successfully created... %s\n", t.Token)
  338. }
  339. fmt.Printf("New user '%s' has been successfully created!\n", username)
  340. return nil
  341. }
  342. func runRepoSyncReleases(c *cli.Context) error {
  343. if err := initDB(); err != nil {
  344. return err
  345. }
  346. log.Trace("Synchronizing repository releases (this may take a while)")
  347. for page := 1; ; page++ {
  348. repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
  349. ListOptions: models.ListOptions{
  350. PageSize: models.RepositoryListDefaultPageSize,
  351. Page: page,
  352. },
  353. Private: true,
  354. })
  355. if err != nil {
  356. return fmt.Errorf("SearchRepositoryByName: %v", err)
  357. }
  358. if len(repos) == 0 {
  359. break
  360. }
  361. log.Trace("Processing next %d repos of %d", len(repos), count)
  362. for _, repo := range repos {
  363. log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())
  364. gitRepo, err := git.OpenRepository(repo.RepoPath())
  365. if err != nil {
  366. log.Warn("OpenRepository: %v", err)
  367. continue
  368. }
  369. oldnum, err := getReleaseCount(repo.ID)
  370. if err != nil {
  371. log.Warn(" GetReleaseCountByRepoID: %v", err)
  372. }
  373. log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)
  374. if err = repo_module.SyncReleasesWithTags(repo, gitRepo); err != nil {
  375. log.Warn(" SyncReleasesWithTags: %v", err)
  376. gitRepo.Close()
  377. continue
  378. }
  379. count, err = getReleaseCount(repo.ID)
  380. if err != nil {
  381. log.Warn(" GetReleaseCountByRepoID: %v", err)
  382. gitRepo.Close()
  383. continue
  384. }
  385. log.Trace(" repo %s releases synchronized to tags: from %d to %d",
  386. repo.FullName(), oldnum, count)
  387. gitRepo.Close()
  388. }
  389. }
  390. return nil
  391. }
  392. func getReleaseCount(id int64) (int64, error) {
  393. return models.GetReleaseCountByRepoID(
  394. id,
  395. models.FindReleasesOptions{
  396. IncludeTags: true,
  397. },
  398. )
  399. }
  400. func runRegenerateHooks(c *cli.Context) error {
  401. if err := initDB(); err != nil {
  402. return err
  403. }
  404. return repo_module.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
  405. }
  406. func runRegenerateKeys(c *cli.Context) error {
  407. if err := initDB(); err != nil {
  408. return err
  409. }
  410. return models.RewriteAllPublicKeys()
  411. }
  412. func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
  413. var customURLMapping *oauth2.CustomURLMapping
  414. if c.IsSet("use-custom-urls") {
  415. customURLMapping = &oauth2.CustomURLMapping{
  416. TokenURL: c.String("custom-token-url"),
  417. AuthURL: c.String("custom-auth-url"),
  418. ProfileURL: c.String("custom-profile-url"),
  419. EmailURL: c.String("custom-email-url"),
  420. }
  421. } else {
  422. customURLMapping = nil
  423. }
  424. return &models.OAuth2Config{
  425. Provider: c.String("provider"),
  426. ClientID: c.String("key"),
  427. ClientSecret: c.String("secret"),
  428. OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
  429. CustomURLMapping: customURLMapping,
  430. }
  431. }
  432. func runAddOauth(c *cli.Context) error {
  433. if err := initDB(); err != nil {
  434. return err
  435. }
  436. return models.CreateLoginSource(&models.LoginSource{
  437. Type: models.LoginOAuth2,
  438. Name: c.String("name"),
  439. IsActived: true,
  440. Cfg: parseOAuth2Config(c),
  441. })
  442. }
  443. func runUpdateOauth(c *cli.Context) error {
  444. if !c.IsSet("id") {
  445. return fmt.Errorf("--id flag is missing")
  446. }
  447. if err := initDB(); err != nil {
  448. return err
  449. }
  450. source, err := models.GetLoginSourceByID(c.Int64("id"))
  451. if err != nil {
  452. return err
  453. }
  454. oAuth2Config := source.OAuth2()
  455. if c.IsSet("name") {
  456. source.Name = c.String("name")
  457. }
  458. if c.IsSet("provider") {
  459. oAuth2Config.Provider = c.String("provider")
  460. }
  461. if c.IsSet("key") {
  462. oAuth2Config.ClientID = c.String("key")
  463. }
  464. if c.IsSet("secret") {
  465. oAuth2Config.ClientSecret = c.String("secret")
  466. }
  467. if c.IsSet("auto-discover-url") {
  468. oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
  469. }
  470. // update custom URL mapping
  471. var customURLMapping = &oauth2.CustomURLMapping{}
  472. if oAuth2Config.CustomURLMapping != nil {
  473. customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
  474. customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
  475. customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
  476. customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
  477. }
  478. if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
  479. customURLMapping.TokenURL = c.String("custom-token-url")
  480. }
  481. if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {
  482. customURLMapping.AuthURL = c.String("custom-auth-url")
  483. }
  484. if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {
  485. customURLMapping.ProfileURL = c.String("custom-profile-url")
  486. }
  487. if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {
  488. customURLMapping.EmailURL = c.String("custom-email-url")
  489. }
  490. oAuth2Config.CustomURLMapping = customURLMapping
  491. source.Cfg = oAuth2Config
  492. return models.UpdateSource(source)
  493. }
  494. func runListAuth(c *cli.Context) error {
  495. if err := initDB(); err != nil {
  496. return err
  497. }
  498. loginSources, err := models.LoginSources()
  499. if err != nil {
  500. return err
  501. }
  502. flags := tabwriter.AlignRight
  503. if c.Bool("vertical-bars") {
  504. flags |= tabwriter.Debug
  505. }
  506. padChar := byte('\t')
  507. if len(c.String("pad-char")) > 0 {
  508. padChar = c.String("pad-char")[0]
  509. }
  510. // loop through each source and print
  511. w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)
  512. fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
  513. for _, source := range loginSources {
  514. fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
  515. }
  516. w.Flush()
  517. return nil
  518. }
  519. func runDeleteAuth(c *cli.Context) error {
  520. if !c.IsSet("id") {
  521. return fmt.Errorf("--id flag is missing")
  522. }
  523. if err := initDB(); err != nil {
  524. return err
  525. }
  526. source, err := models.GetLoginSourceByID(c.Int64("id"))
  527. if err != nil {
  528. return err
  529. }
  530. return models.DeleteSource(source)
  531. }