closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7605 Commits
2 Branches
178 MiB
Tree: f9ec2f89f2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f9ec2f89f2'
${ noResults }
gitea/modules/auth/user_form.go

359 lines
11 KiB
Raw Normal View History

New UI merge in progress
9 years ago
Block registration based on email domain (#5157) * implement email domain whitelist
5 years ago
New UI merge in progress
9 years ago
custom avatar upload
9 years ago
Block registration based on email domain (#5157) * implement email domain whitelist
5 years ago
custom avatar upload
9 years ago
fix import path, fix #1782
8 years ago
Allow for user specific themes (#5668) * add migration and basic UI for changing a user's theme * update user themem * use right text on button * load theme based on users' selection * load theme based on users' selection in pwa too * update sample config * delete older theme loading * implement AfterLoad to set users' theme properly * set up default theme when creating a user. This uses the installation wide theme * use flash messages for error * set default theme when creating a user from the cli * fix @lunny review
5 years ago
New UI merge in progress
9 years ago
golint fixed for modules/auth
7 years ago
New UI merge in progress
9 years ago
UI: install - done
9 years ago
fix install form def
9 years ago
Add support of utf8mb4 for mysql (#6992)
5 years ago
UI: install - done
9 years ago
Git LFS support v2 (#122) * Import github.com/git-lfs/lfs-test-server as lfs module base Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198 Removed: Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go .dockerignore .gitignore README.md * Remove config, add JWT support from github.com/mgit-at/lfs-test-server Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83 * Add LFS settings * Add LFS meta object model * Add LFS routes and initialization * Import github.com/dgrijalva/jwt-go into vendor/ * Adapt LFS module: handlers, routing, meta store * Move LFS routes to /user/repo/info/lfs/* * Add request header checks to LFS BatchHandler / PostHandler * Implement LFS basic authentication * Rework JWT secret generation / load * Implement LFS SSH token authentication with JWT Specification: https://github.com/github/git-lfs/tree/master/docs/api * Integrate LFS settings into install process * Remove LFS objects when repository is deleted Only removes objects from content store when deleted repo is the only referencing repository * Make LFS module stateless Fixes bug where LFS would not work after installation without restarting Gitea * Change 500 'Internal Server Error' to 400 'Bad Request' * Change sql query to xorm call * Remove unneeded type from LFS module * Change internal imports to code.gitea.io/gitea/ * Add Gitea authors copyright * Change basic auth realm to "gitea-lfs" * Add unique indexes to LFS model * Use xorm count function in LFS check on repository delete * Return io.ReadCloser from content store and close after usage * Add LFS info to runWeb() * Export LFS content store base path * LFS file download from UI * Work around git-lfs client issue with unauthenticated requests Returning a dummy Authorization header for unauthenticated requests lets git-lfs client skip asking for auth credentials See: https://github.com/github/git-lfs/issues/1088 * Fix unauthenticated UI downloads from public repositories * Authentication check order, Finish LFS file view logic * Ignore LFS hooks if installed for current OS user Fixes Gitea UI actions for repositories tracking LFS files. Checks for minimum needed git version by parsing the semantic version string. * Hide LFS metafile diff from commit view, marking as binary * Show LFS notice if file in commit view is tracked * Add notbefore/nbf JWT claim * Correct lint suggestions - comments for structs and functions - Add comments to LFS model - Function comment for GetRandomBytesAsBase64 - LFS server function comments and lint variable suggestion * Move secret generation code out of conditional Ensures no LFS code may run with an empty secret * Do not hand out JWT tokens if LFS server support is disabled
7 years ago
UI: install - done
9 years ago
Able to set SSH port when install, update Docker docs
8 years ago
fix install form def
9 years ago
golint fixed for modules/auth
7 years ago
Make log path required
8 years ago
UI: install - done
9 years ago
fix install form def
9 years ago
Fixes 1019, install page SMTP user is required to (#1020) to be an email address. Signed-off-by: P.B. <puffybsd@yahoo.com>
7 years ago
fix install form def
9 years ago
UI: install - done
9 years ago
gofmt (#1710)
7 years ago
Add OpenID configuration in install page (#2276)
6 years ago
gofmt (#1710)
7 years ago
issue-2768: added new option allow_only_external_registration (#3910)
6 years ago
gofmt (#1710)
7 years ago
Add configuration option for default permission to create Organizations (#1686)
7 years ago
Feature: Timetracking (#2211) * Added comment's hashtag to url for mail notifications. * Added explanation to return statement + documentation. * Replacing in-line link generation with HTMLURL. (+gofmt) * Replaced action-based model with nil-based model. (+gofmt) * Replaced mailIssueActionToParticipants with mailIssueCommentToParticipants. * Updating comment for mailIssueCommentToParticipants * Added link to comment in "Dashboard" * Deleting feed entry if a comment is going to be deleted * Added migration * Added improved migration to add a CommentID column to action. * Added improved links to comments in feed entries. * Fixes #1956 by filtering for deleted comments that are referenced in actions. * Introducing "IsDeleted" column to action. * Adding design draft (not functional) * Adding database models for stopwatches and trackedtimes * See go-gitea/gitea#967 * Adding design draft (not functional) * Adding translations and improving design * Implementing stopwatch (for timetracking) * Make UI functional * Add hints in timeline for time tracking events * Implementing timetracking feature * Adding "Add time manual" option * Improved stopwatch * Created report of total spent time by user * Only showing total time spent if theire is something to show. * Adding license headers. * Improved error handling for "Add Time Manual" * Adding @sapks 's changes, refactoring * Adding API for feature tracking * Adding unit test * Adding DISABLE/ENABLE option to Repository settings page * Improving translations * Applying @sapk 's changes * Removing repo_unit and using IssuesSetting for disabling/enabling timetracker * Adding DEFAULT_ENABLE_TIMETRACKER to config, installation and admin menu * Improving documentation * Fixing vendor/ folder * Changing timtracking routes by adding subgroups /times and /times/stopwatch (Proposed by @lafriks ) * Restricting write access to timetracking based on the repo settings (Proposed by @lafriks ) * Fixed minor permissions bug. * Adding CanUseTimetracker and IsTimetrackerEnabled in ctx.Repo * Allow assignees and authors to track there time too. * Fixed some build-time-errors + logical errors. * Removing unused Get...ByID functions * Moving IsTimetrackerEnabled from context.Repository to models.Repository * Adding a seperate file for issue related repo functions * Adding license headers * Fixed GetUserByParams return 404 * Moving /users/:username/times to /repos/:username/:reponame/times/:username for security reasons * Adding /repos/:username/times to get all tracked times of the repo * Updating sdk-dependency * Updating swagger.v1.json * Adding warning if user has already a running stopwatch (auto-timetracker) * Replacing GetTrackedTimesBy... with GetTrackedTimes(options FindTrackedTimesOptions) * Changing code.gitea.io/sdk back to code.gitea.io/sdk * Correcting spelling mistake * Updating vendor.json * Changing GET stopwatch/toggle to POST stopwatch/toggle * Changing GET stopwatch/cancel to POST stopwatch/cancel * Added migration for stopwatches/timetracking * Fixed some access bugs for read-only users * Added default allow only contributors to track time value to config * Fixed migration by chaging x.Iterate to x.Find * Resorted imports * Moved Add Time Manually form to repo_form.go * Removed "Seconds" field from Add Time Manually * Resorted imports * Improved permission checking * Fixed some bugs * Added integration test * gofmt * Adding integration test by @lafriks * Added created_unix to comment fixtures * Using last event instead of a fixed event * Adding another integration test by @lafriks * Fixing bug Timetracker enabled causing error 500 at sidebar.tpl * Fixed a refactoring bug that resulted in hiding "HasUserStopwatch" warning. * Returning TrackedTime instead of AddTimeOption at AddTime. * Updating SDK from go-gitea/go-sdk#69 * Resetting Go-SDK back to default repository * Fixing test-vendor by changing ini back to original repository * Adding "tags" to swagger spec * govendor sync * Removed duplicate * Formatting templates * Adding IsTimetrackingEnabled checks to API * Improving translations / english texts * Improving documentation * Updating swagger spec * Fixing integration test caused be translation-changes * Removed encoding issues in local_en-US.ini. * "Added" copyright line * Moved unit.IssuesConfig().EnableTimetracker into a != nil check * Removed some other encoding issues in local_en-US.ini * Improved javascript by checking if data-context exists * Replaced manual comment creation with CreateComment * Removed unnecessary code * Improved error checking * Small cosmetic changes * Replaced int>string>duration parsing with int>duration parsing * Fixed encoding issues * Removed unused imports Signed-off-by: Jonas Franz <info@jonasfranz.software>
6 years ago
gofmt (#1710)
7 years ago
UI: install - done
9 years ago
UI: install - new version
9 years ago
change minimum password length to 1
8 years ago
UI: install - new version
9 years ago
#470 fix max length of email
8 years ago
New UI merge in progress
9 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Use binding middleware
9 years ago
New UI merge in progress
9 years ago
golint fixed for modules/auth
7 years ago
New UI merge in progress
9 years ago
Increase Username and Orgname MaxSize 35 -> 40 (#6178) * Increase Username and Orgname MaxSize 35 -> 40 Signed-off-by: Segev Finer <segev@codeocean.com> * Dep update code.gitea.io/sdk Signed-off-by: Segev Finer <segev@codeocean.com> * Run generate-swagger Signed-off-by: Segev Finer <segev@codeocean.com>
5 years ago
Add Recaptcha functionality to Gitea (#4044)
5 years ago
New UI merge in progress
9 years ago
golint fixed for modules/auth
7 years ago
Use binding middleware
9 years ago
New UI merge in progress
9 years ago
Block registration based on email domain (#5157) * implement email domain whitelist
5 years ago
Force user to change password (#4489) * redirect to login page after successfully activating account * force users to change password if account was created by an admin * force users to change password if account was created by an admin * fixed build * fixed build * fix pending issues with translation and wrong routes * make sure path check is safe * remove unneccessary newline * make sure users that don't have to view the form get redirected * move route to use /settings prefix so as to make sure unauthenticated users can't view the page * update as per @lafriks review * add necessary comment * remove unrelated changes * support redirecting to location the user actually want to go to before being forced to change his/her password * run make fmt * added tests * improve assertions * add assertion * fix copyright year Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
5 years ago
Login via OpenID-2.0 (#618)
7 years ago
New UI merge in progress
9 years ago
new sign in page
8 years ago
New UI merge in progress
9 years ago
golint fixed for modules/auth
7 years ago
Use binding middleware
9 years ago
New UI merge in progress
9 years ago
Integrate OAuth2 Provider (#5378)
5 years ago
Add json tags for oauth2 form (#6627)
5 years ago
Integrate OAuth2 Provider (#5378)
5 years ago
Add json tags for oauth2 form (#6627)
5 years ago
Integrate OAuth2 Provider (#5378)
5 years ago
New UI merge in progress
9 years ago
golint fixed for modules/auth
7 years ago
New UI merge in progress
9 years ago
Increase Username and Orgname MaxSize 35 -> 40 (#6178) * Increase Username and Orgname MaxSize 35 -> 40 Signed-off-by: Segev Finer <segev@codeocean.com> * Dep update code.gitea.io/sdk Signed-off-by: Segev Finer <segev@codeocean.com> * Run generate-swagger Signed-off-by: Segev Finer <segev@codeocean.com>
5 years ago
Add Keep email private (see issue #571). (#571) - Add site-wide option DEFAULT_KEEP_EMAIL_PRIVATE. - Add the new option to the install and admin/config pages. - Add the new option to app.ini in the service section. - Add the new option to the settings struct. - Add English text strings to i18n. - Add field KeepEmailPrivate to user struct. - Add field KeepEmailPrivate to user form. - Add option to UI. - Add using noreply email address if user has "Keep Email Private". An email address <LowerName>@<NO_REPLY_ADDRESS> is now used in commit messages (and hopefully all other git log relevant places). The change relies on the fact that git commands should use user.NetGitSig(). - Add hiding of email address in UI, if user has set "Keep Email Private". - Add condition to show email address only on explore/users and user pages, if user has not set "Keep Email Private". - Add noreply email in API if set "Keep Email Private". - Add a new service setting NO_REPLY_ADDRESS. The value of this setting is used as the domain part for the user's email address in git log, iff he decides to keep his email address private. If the user decides to keep his email address private and this option is not set 'noreply.example.org' is used, which no MTA should send email to. Add NO_REPLY_ADDRESS to conf/app.ini.
7 years ago
Better URL validation (#1507) * Add correct git branch name validation * Change git refname validation error constant name * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add git reference name validation unit tests * Remove unused variable in unit test * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add url validation unit tests
7 years ago
Add Keep email private (see issue #571). (#571) - Add site-wide option DEFAULT_KEEP_EMAIL_PRIVATE. - Add the new option to the install and admin/config pages. - Add the new option to app.ini in the service section. - Add the new option to the settings struct. - Add English text strings to i18n. - Add field KeepEmailPrivate to user struct. - Add field KeepEmailPrivate to user form. - Add option to UI. - Add using noreply email address if user has "Keep Email Private". An email address <LowerName>@<NO_REPLY_ADDRESS> is now used in commit messages (and hopefully all other git log relevant places). The change relies on the fact that git commands should use user.NetGitSig(). - Add hiding of email address in UI, if user has set "Keep Email Private". - Add condition to show email address only on explore/users and user pages, if user has not set "Keep Email Private". - Add noreply email in API if set "Keep Email Private". - Add a new service setting NO_REPLY_ADDRESS. The value of this setting is used as the domain part for the user's email address in git log, iff he decides to keep his email address private. If the user decides to keep his email address private and this option is not set 'noreply.example.org' is used, which no MTA should send email to. Add NO_REPLY_ADDRESS to conf/app.ini.
7 years ago
Added user language setting (#3875) * Added user language setting * Added translation string for setting * Fixed import order + typo * improved checking if the user has a language saved in the db * The current saved language is now set a default inside the dropdown * fmt * When a user signs in and doesn't have a language saved, the current browser language is saved * updated gitea-sdk * Merge branch 'master' of https://github.com/go-gitea/gitea into save-user-language # Conflicts: # models/migrations/migrations.go # models/migrations/v62.go * Made tests work again * trigger CI * trigger CI * fmt * re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO * re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO * When loggin in, only the language col gets updated instead of everything
6 years ago
Add bio field for user (#6113) Fix #4339
5 years ago
New UI merge in progress
9 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Use binding middleware
9 years ago
New UI merge in progress
9 years ago
golint fixed for modules/auth
7 years ago
Add support for federated avatars (#3320) * Add support for federated avatars Fixes #3105 Removes avatar fetching duplication code Adds an "Enable Federated Avatar" checkbox in user settings (defaults to unchecked) Moves avatar settings all in the same form, making local and remote avatars mutually exclusive Renames UploadAvatarForm to AvatarForm as it's not anymore only for uploading * Run gofmt on all modified files * Move Avatar form in its own page * Add go-libravatar dependency to vendor/ dir Hopefully helps with accepting the contribution. See also #3214 * Revert "Add go-libravatar dependency to vendor/ dir" This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82. * Make federated avatar setting a global configuration Removes the per-user setting * Move avatar handling back to base tool, disable federated avatar in offline mode * Format, handle error * Properly set fallback host * Use unsupported github.com mirror for importing go-libravatar * Remove comment showing life exists outside of github.com ... pity, but contribution would not be accepted otherwise * Use Combo for Get and Post methods over /avatar * FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR * Fix persistance of federated avatar lookup checkbox at install time * Federated Avatars -> Enable Federated Avatars * Use len(string) == 0 instead of string == "" * Move import line where it belong See https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md Pity the import url is still the unofficial one, but oh well... * Save a line (and waste much more expensive time) * Remove redundant parens * Remove an empty line * Remove empty lines * Reorder lines to make diff smaller * Remove another newline Unknwon review got me start a fight against newlines * Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE On re-reading the diff I figured what Unknwon meant here: https://github.com/gogits/gogs/pull/3320/files#r73741106 * Remove newlines that weren't there before my intervention
7 years ago
more
7 years ago
Add support for federated avatars (#3320) * Add support for federated avatars Fixes #3105 Removes avatar fetching duplication code Adds an "Enable Federated Avatar" checkbox in user settings (defaults to unchecked) Moves avatar settings all in the same form, making local and remote avatars mutually exclusive Renames UploadAvatarForm to AvatarForm as it's not anymore only for uploading * Run gofmt on all modified files * Move Avatar form in its own page * Add go-libravatar dependency to vendor/ dir Hopefully helps with accepting the contribution. See also #3214 * Revert "Add go-libravatar dependency to vendor/ dir" This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82. * Make federated avatar setting a global configuration Removes the per-user setting * Move avatar handling back to base tool, disable federated avatar in offline mode * Format, handle error * Properly set fallback host * Use unsupported github.com mirror for importing go-libravatar * Remove comment showing life exists outside of github.com ... pity, but contribution would not be accepted otherwise * Use Combo for Get and Post methods over /avatar * FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR * Fix persistance of federated avatar lookup checkbox at install time * Federated Avatars -> Enable Federated Avatars * Use len(string) == 0 instead of string == "" * Move import line where it belong See https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md Pity the import url is still the unofficial one, but oh well... * Save a line (and waste much more expensive time) * Remove redundant parens * Remove an empty line * Remove empty lines * Reorder lines to make diff smaller * Remove another newline Unknwon review got me start a fight against newlines * Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE On re-reading the diff I figured what Unknwon meant here: https://github.com/gogits/gogs/pull/3320/files#r73741106 * Remove newlines that weren't there before my intervention
7 years ago
golint fixed for modules/auth
7 years ago
Add support for federated avatars (#3320) * Add support for federated avatars Fixes #3105 Removes avatar fetching duplication code Adds an "Enable Federated Avatar" checkbox in user settings (defaults to unchecked) Moves avatar settings all in the same form, making local and remote avatars mutually exclusive Renames UploadAvatarForm to AvatarForm as it's not anymore only for uploading * Run gofmt on all modified files * Move Avatar form in its own page * Add go-libravatar dependency to vendor/ dir Hopefully helps with accepting the contribution. See also #3214 * Revert "Add go-libravatar dependency to vendor/ dir" This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82. * Make federated avatar setting a global configuration Removes the per-user setting * Move avatar handling back to base tool, disable federated avatar in offline mode * Format, handle error * Properly set fallback host * Use unsupported github.com mirror for importing go-libravatar * Remove comment showing life exists outside of github.com ... pity, but contribution would not be accepted otherwise * Use Combo for Get and Post methods over /avatar * FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR * Fix persistance of federated avatar lookup checkbox at install time * Federated Avatars -> Enable Federated Avatars * Use len(string) == 0 instead of string == "" * Move import line where it belong See https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md Pity the import url is still the unofficial one, but oh well... * Save a line (and waste much more expensive time) * Remove redundant parens * Remove an empty line * Remove empty lines * Reorder lines to make diff smaller * Remove another newline Unknwon review got me start a fight against newlines * Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE On re-reading the diff I figured what Unknwon meant here: https://github.com/gogits/gogs/pull/3320/files#r73741106 * Remove newlines that weren't there before my intervention
7 years ago
custom avatar upload
9 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Add support for federated avatars (#3320) * Add support for federated avatars Fixes #3105 Removes avatar fetching duplication code Adds an "Enable Federated Avatar" checkbox in user settings (defaults to unchecked) Moves avatar settings all in the same form, making local and remote avatars mutually exclusive Renames UploadAvatarForm to AvatarForm as it's not anymore only for uploading * Run gofmt on all modified files * Move Avatar form in its own page * Add go-libravatar dependency to vendor/ dir Hopefully helps with accepting the contribution. See also #3214 * Revert "Add go-libravatar dependency to vendor/ dir" This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82. * Make federated avatar setting a global configuration Removes the per-user setting * Move avatar handling back to base tool, disable federated avatar in offline mode * Format, handle error * Properly set fallback host * Use unsupported github.com mirror for importing go-libravatar * Remove comment showing life exists outside of github.com ... pity, but contribution would not be accepted otherwise * Use Combo for Get and Post methods over /avatar * FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR * Fix persistance of federated avatar lookup checkbox at install time * Federated Avatars -> Enable Federated Avatars * Use len(string) == 0 instead of string == "" * Move import line where it belong See https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md Pity the import url is still the unofficial one, but oh well... * Save a line (and waste much more expensive time) * Remove redundant parens * Remove an empty line * Remove empty lines * Reorder lines to make diff smaller * Remove another newline Unknwon review got me start a fight against newlines * Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE On re-reading the diff I figured what Unknwon meant here: https://github.com/gogits/gogs/pull/3320/files#r73741106 * Remove newlines that weren't there before my intervention
7 years ago
custom avatar upload
9 years ago
golint fixed for modules/auth
7 years ago
Finish method for having multiple emails/user. All basics are implemented. Missing are the right (localized) strings and the page markup could have a look at by a frontend guy.
9 years ago
finish all new user settings UI
8 years ago
Finish method for having multiple emails/user. All basics are implemented. Missing are the right (localized) strings and the page markup could have a look at by a frontend guy.
9 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Finish method for having multiple emails/user. All basics are implemented. Missing are the right (localized) strings and the page markup could have a look at by a frontend guy.
9 years ago
Allow for user specific themes (#5668) * add migration and basic UI for changing a user's theme * update user themem * use right text on button * load theme based on users' selection * load theme based on users' selection in pwa too * update sample config * delete older theme loading * implement AfterLoad to set users' theme properly * set up default theme when creating a user. This uses the installation wide theme * use flash messages for error * set default theme when creating a user from the cli * fix @lunny review
5 years ago
Add golangci (#6418)
5 years ago
Allow for user specific themes (#5668) * add migration and basic UI for changing a user's theme * update user themem * use right text on button * load theme based on users' selection * load theme based on users' selection in pwa too * update sample config * delete older theme loading * implement AfterLoad to set users' theme properly * set up default theme when creating a user. This uses the installation wide theme * use flash messages for error * set default theme when creating a user from the cli * fix @lunny review
5 years ago
golint fixed for modules/auth
7 years ago
New UI merge in progress
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
change minimum password length to 1
8 years ago
New UI merge in progress
9 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Use binding middleware
9 years ago
New UI merge in progress
9 years ago
add personal access token panel #12
9 years ago
Login via OpenID-2.0 (#618)
7 years ago
Run "make fmt" with go-1.6 (#1333)
7 years ago
Login via OpenID-2.0 (#618)
7 years ago
Rework SSH key management UI to add GPG (#1293) * Rework SSH key management UI to add GPG * Add more detail to gpg key display * Update CHANGELOG.md * Implement deletion UI * Implement adding gpg UI * Various fixes - Fix duplicate entry in locale - Re-generate hash before verification since they are consumed * Add missing translation * Split template * Catch not found/verified email error
7 years ago
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
add personal access token panel #12
9 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Rework SSH key management UI to add GPG (#1293) * Rework SSH key management UI to add GPG * Add more detail to gpg key display * Update CHANGELOG.md * Implement deletion UI * Implement adding gpg UI * Various fixes - Fix duplicate entry in locale - Re-generate hash before verification since they are consumed * Add missing translation * Split template * Catch not found/verified email error
7 years ago
add personal access token panel #12
9 years ago
golint fixed for modules/auth
7 years ago
add personal access token panel #12
9 years ago
add missing token validation and fix missing alert on application settings page (#3976)
6 years ago
add personal access token panel #12
9 years ago
golint fixed for modules/auth
7 years ago
add personal access token panel #12
9 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Integrate OAuth2 Provider (#5378)
5 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Fix typos in models/ and modules/ (#1248)
7 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Add support for FIDO U2F (#3971) * Add support for U2F Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add vendor library Add missing translations Signed-off-by: Jonas Franz <info@jonasfranz.software> * Minor improvements Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library Add U2F error handling Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F login page to OAuth Signed-off-by: Jonas Franz <info@jonasfranz.software> * Move U2F user settings to a separate file Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add unit tests for u2f model Renamed u2f table name Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix problems caused by refactoring Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Remove not needed console.log-s Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add default values to app.ini.sample Add FIDO U2F to comparison Signed-off-by: Jonas Franz <info@jonasfranz.software>
6 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2018 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package auth
  7. 

  8. import (
  9. 	"mime/multipart"
  10. 	"strings"
  11. 

  12. 	"code.gitea.io/gitea/modules/setting"
  13. 

  14. 	"github.com/go-macaron/binding"
  15. 	macaron "gopkg.in/macaron.v1"
  16. )
  17. 

  18. // InstallForm form for installation page

  19. type InstallForm struct {
  20. 	DbType   string `binding:"Required"`
  21. 	DbHost   string
  22. 	DbUser   string
  23. 	DbPasswd string
  24. 	DbName   string
  25. 	SSLMode  string
  26. 	Charset  string `binding:"Required;In(utf8,utf8mb4)"`
  27. 	DbPath   string
  28. 

  29. 	AppName      string `binding:"Required" locale:"install.app_name"`
  30. 	RepoRootPath string `binding:"Required"`
  31. 	LFSRootPath  string
  32. 	RunUser      string `binding:"Required"`
  33. 	Domain       string `binding:"Required"`
  34. 	SSHPort      int
  35. 	HTTPPort     string `binding:"Required"`
  36. 	AppURL       string `binding:"Required"`
  37. 	LogRootPath  string `binding:"Required"`
  38. 

  39. 	SMTPHost        string
  40. 	SMTPFrom        string
  41. 	SMTPUser        string `binding:"OmitEmpty;MaxSize(254)" locale:"install.mailer_user"`
  42. 	SMTPPasswd      string
  43. 	RegisterConfirm bool
  44. 	MailNotify      bool
  45. 

  46. 	OfflineMode                    bool
  47. 	DisableGravatar                bool
  48. 	EnableFederatedAvatar          bool
  49. 	EnableOpenIDSignIn             bool
  50. 	EnableOpenIDSignUp             bool
  51. 	DisableRegistration            bool
  52. 	AllowOnlyExternalRegistration  bool
  53. 	EnableCaptcha                  bool
  54. 	RequireSignInView              bool
  55. 	DefaultKeepEmailPrivate        bool
  56. 	DefaultAllowCreateOrganization bool
  57. 	DefaultEnableTimetracking      bool
  58. 	NoReplyAddress                 string
  59. 

  60. 	AdminName          string `binding:"OmitEmpty;AlphaDashDot;MaxSize(30)" locale:"install.admin_name"`
  61. 	AdminPasswd        string `binding:"OmitEmpty;MaxSize(255)" locale:"install.admin_password"`
  62. 	AdminConfirmPasswd string
  63. 	AdminEmail         string `binding:"OmitEmpty;MinSize(3);MaxSize(254);Include(@)" locale:"install.admin_email"`
  64. }
  65. 

  66. // Validate validates the fields

  67. func (f *InstallForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  68. 	return validate(errs, ctx.Data, f, ctx.Locale)
  69. }
  70. 

  71. //    _____   ____ _________________ ___

  72. //   /  _  \ |    |   \__    ___/   |   \

  73. //  /  /_\  \|    |   / |    | /    ~    \

  74. // /    |    \    |  /  |    | \    Y    /

  75. // \____|__  /______/   |____|  \___|_  /

  76. //         \/                         \/

  77. 

  78. // RegisterForm form for registering

  79. type RegisterForm struct {
  80. 	UserName           string `binding:"Required;AlphaDashDot;MaxSize(40)"`
  81. 	Email              string `binding:"Required;Email;MaxSize(254)"`
  82. 	Password           string `binding:"Required;MaxSize(255)"`
  83. 	Retype             string
  84. 	GRecaptchaResponse string `form:"g-recaptcha-response"`
  85. }
  86. 

  87. // Validate valideates the fields

  88. func (f *RegisterForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  89. 	return validate(errs, ctx.Data, f, ctx.Locale)
  90. }
  91. 

  92. // IsEmailDomainWhitelisted validates that the email address

  93. // provided by the user matches what has been configured .

  94. // If the domain whitelist from the config is empty, it marks the

  95. // email as whitelisted

  96. func (f RegisterForm) IsEmailDomainWhitelisted() bool {
  97. 	if len(setting.Service.EmailDomainWhitelist) == 0 {
  98. 		return true
  99. 	}
  100. 

  101. 	n := strings.LastIndex(f.Email, "@")
  102. 	if n <= 0 {
  103. 		return false
  104. 	}
  105. 

  106. 	domain := strings.ToLower(f.Email[n+1:])
  107. 

  108. 	for _, v := range setting.Service.EmailDomainWhitelist {
  109. 		if strings.ToLower(v) == domain {
  110. 			return true
  111. 		}
  112. 	}
  113. 

  114. 	return false
  115. }
  116. 

  117. // MustChangePasswordForm form for updating your password after account creation

  118. // by an admin

  119. type MustChangePasswordForm struct {
  120. 	Password string `binding:"Required;MaxSize(255)"`
  121. 	Retype   string
  122. }
  123. 

  124. // Validate valideates the fields

  125. func (f *MustChangePasswordForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  126. 	return validate(errs, ctx.Data, f, ctx.Locale)
  127. }
  128. 

  129. // SignInForm form for signing in with user/password

  130. type SignInForm struct {
  131. 	UserName string `binding:"Required;MaxSize(254)"`
  132. 	Password string `binding:"Required;MaxSize(255)"`
  133. 	Remember bool
  134. }
  135. 

  136. // Validate valideates the fields

  137. func (f *SignInForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  138. 	return validate(errs, ctx.Data, f, ctx.Locale)
  139. }
  140. 

  141. // AuthorizationForm form for authorizing oauth2 clients

  142. type AuthorizationForm struct {
  143. 	ResponseType string `binding:"Required;In(code)"`
  144. 	ClientID     string `binding:"Required"`
  145. 	RedirectURI  string
  146. 	State        string
  147. 

  148. 	// PKCE support

  149. 	CodeChallengeMethod string // S256, plain

  150. 	CodeChallenge       string
  151. }
  152. 

  153. // Validate valideates the fields

  154. func (f *AuthorizationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  155. 	return validate(errs, ctx.Data, f, ctx.Locale)
  156. }
  157. 

  158. // GrantApplicationForm form for authorizing oauth2 clients

  159. type GrantApplicationForm struct {
  160. 	ClientID    string `binding:"Required"`
  161. 	RedirectURI string
  162. 	State       string
  163. }
  164. 

  165. // Validate valideates the fields

  166. func (f *GrantApplicationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  167. 	return validate(errs, ctx.Data, f, ctx.Locale)
  168. }
  169. 

  170. // AccessTokenForm for issuing access tokens from authorization codes or refresh tokens

  171. type AccessTokenForm struct {
  172. 	GrantType    string `json:"grant_type"`
  173. 	ClientID     string `json:"client_id"`
  174. 	ClientSecret string `json:"client_secret"`
  175. 	RedirectURI  string `json:"redirect_uri"`
  176. 	Code         string `json:"code"`
  177. 	RefreshToken string `json:"refresh_token"`
  178. 

  179. 	// PKCE support

  180. 	CodeVerifier string `json:"code_verifier"`
  181. }
  182. 

  183. // Validate valideates the fields

  184. func (f *AccessTokenForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  185. 	return validate(errs, ctx.Data, f, ctx.Locale)
  186. }
  187. 

  188. //   __________________________________________.___ _______    ________  _________

  189. //  /   _____/\_   _____/\__    ___/\__    ___/|   |\      \  /  _____/ /   _____/

  190. //  \_____  \  |    __)_   |    |     |    |   |   |/   |   \/   \  ___ \_____  \

  191. //  /        \ |        \  |    |     |    |   |   /    |    \    \_\  \/        \

  192. // /_______  //_______  /  |____|     |____|   |___\____|__  /\______  /_______  /

  193. //         \/         \/                                   \/        \/        \/

  194. 

  195. // UpdateProfileForm form for updating profile

  196. type UpdateProfileForm struct {
  197. 	Name             string `binding:"AlphaDashDot;MaxSize(40)"`
  198. 	FullName         string `binding:"MaxSize(100)"`
  199. 	Email            string `binding:"Required;Email;MaxSize(254)"`
  200. 	KeepEmailPrivate bool
  201. 	Website          string `binding:"ValidUrl;MaxSize(255)"`
  202. 	Location         string `binding:"MaxSize(50)"`
  203. 	Language         string `binding:"Size(5)"`
  204. 	Description      string `binding:"MaxSize(255)"`
  205. }
  206. 

  207. // Validate validates the fields

  208. func (f *UpdateProfileForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  209. 	return validate(errs, ctx.Data, f, ctx.Locale)
  210. }
  211. 

  212. // Avatar types

  213. const (
  214. 	AvatarLocal  string = "local"
  215. 	AvatarByMail string = "bymail"
  216. )
  217. 

  218. // AvatarForm form for changing avatar

  219. type AvatarForm struct {
  220. 	Source      string
  221. 	Avatar      *multipart.FileHeader
  222. 	Gravatar    string `binding:"OmitEmpty;Email;MaxSize(254)"`
  223. 	Federavatar bool
  224. }
  225. 

  226. // Validate validates the fields

  227. func (f *AvatarForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  228. 	return validate(errs, ctx.Data, f, ctx.Locale)
  229. }
  230. 

  231. // AddEmailForm form for adding new email

  232. type AddEmailForm struct {
  233. 	Email string `binding:"Required;Email;MaxSize(254)"`
  234. }
  235. 

  236. // Validate validates the fields

  237. func (f *AddEmailForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  238. 	return validate(errs, ctx.Data, f, ctx.Locale)
  239. }
  240. 

  241. // UpdateThemeForm form for updating a users' theme

  242. type UpdateThemeForm struct {
  243. 	Theme string `binding:"Required;MaxSize(30)"`
  244. }
  245. 

  246. // Validate validates the field

  247. func (f *UpdateThemeForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  248. 	return validate(errs, ctx.Data, f, ctx.Locale)
  249. }
  250. 

  251. // IsThemeExists checks if the theme is a theme available in the config.

  252. func (f UpdateThemeForm) IsThemeExists() bool {
  253. 	var exists bool
  254. 

  255. 	for _, v := range setting.UI.Themes {
  256. 		if strings.EqualFold(v, f.Theme) {
  257. 			exists = true
  258. 			break
  259. 		}
  260. 	}
  261. 

  262. 	return exists
  263. }
  264. 

  265. // ChangePasswordForm form for changing password

  266. type ChangePasswordForm struct {
  267. 	OldPassword string `form:"old_password" binding:"MaxSize(255)"`
  268. 	Password    string `form:"password" binding:"Required;MaxSize(255)"`
  269. 	Retype      string `form:"retype"`
  270. }
  271. 

  272. // Validate validates the fields

  273. func (f *ChangePasswordForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  274. 	return validate(errs, ctx.Data, f, ctx.Locale)
  275. }
  276. 

  277. // AddOpenIDForm is for changing openid uri

  278. type AddOpenIDForm struct {
  279. 	Openid string `binding:"Required;MaxSize(256)"`
  280. }
  281. 

  282. // Validate validates the fields

  283. func (f *AddOpenIDForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  284. 	return validate(errs, ctx.Data, f, ctx.Locale)
  285. }
  286. 

  287. // AddKeyForm form for adding SSH/GPG key

  288. type AddKeyForm struct {
  289. 	Type       string `binding:"OmitEmpty"`
  290. 	Title      string `binding:"Required;MaxSize(50)"`
  291. 	Content    string `binding:"Required"`
  292. 	IsWritable bool
  293. }
  294. 

  295. // Validate validates the fields

  296. func (f *AddKeyForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  297. 	return validate(errs, ctx.Data, f, ctx.Locale)
  298. }
  299. 

  300. // NewAccessTokenForm form for creating access token

  301. type NewAccessTokenForm struct {
  302. 	Name string `binding:"Required;MaxSize(255)"`
  303. }
  304. 

  305. // Validate valideates the fields

  306. func (f *NewAccessTokenForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  307. 	return validate(errs, ctx.Data, f, ctx.Locale)
  308. }
  309. 

  310. // EditOAuth2ApplicationForm form for editing oauth2 applications

  311. type EditOAuth2ApplicationForm struct {
  312. 	Name        string `binding:"Required;MaxSize(255)" form:"application_name"`
  313. 	RedirectURI string `binding:"Required" form:"redirect_uri"`
  314. }
  315. 

  316. // Validate valideates the fields

  317. func (f *EditOAuth2ApplicationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  318. 	return validate(errs, ctx.Data, f, ctx.Locale)
  319. }
  320. 

  321. // TwoFactorAuthForm for logging in with 2FA token.

  322. type TwoFactorAuthForm struct {
  323. 	Passcode string `binding:"Required"`
  324. }
  325. 

  326. // Validate validates the fields

  327. func (f *TwoFactorAuthForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  328. 	return validate(errs, ctx.Data, f, ctx.Locale)
  329. }
  330. 

  331. // TwoFactorScratchAuthForm for logging in with 2FA scratch token.

  332. type TwoFactorScratchAuthForm struct {
  333. 	Token string `binding:"Required"`
  334. }
  335. 

  336. // Validate valideates the fields

  337. func (f *TwoFactorScratchAuthForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  338. 	return validate(errs, ctx.Data, f, ctx.Locale)
  339. }
  340. 

  341. // U2FRegistrationForm for reserving an U2F name

  342. type U2FRegistrationForm struct {
  343. 	Name string `binding:"Required"`
  344. }
  345. 

  346. // Validate valideates the fields

  347. func (f *U2FRegistrationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  348. 	return validate(errs, ctx.Data, f, ctx.Locale)
  349. }
  350. 

  351. // U2FDeleteForm for deleting U2F keys

  352. type U2FDeleteForm struct {
  353. 	ID int64 `binding:"Required"`
  354. }
  355. 

  356. // Validate valideates the fields

  357. func (f *U2FDeleteForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
  358. 	return validate(errs, ctx.Data, f, ctx.Locale)
  359. }