1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix #1357
The gitea prerecieve and postrecieve hooks and the gitea PushUpdate function require that the PusherID and PusherName are real users. Previously, these environment variables were not being set when using a deploy key - the main result being that pushing to empty repositories meant that is_empty status was not changed.
I've also added an integration test to ensure that the is_empty status is updated on pushing with a deploy key.
There is a slight issue in that the deploy key is now considered a proxy for the owner - we don't have a way of separating out the deploy key from the owner at present. This can be fixed in another PR.
Fix #3795
Signed-off-by: Andrew Thornton art27@cantab.net
By default, if `setting.NewContext()` prints out any warning logs, these are printed to the stdout breaking `git receive-pack` etc. meaning that even if there is a warning because of a minor problem in your app.ini but gitea starts despite this - you **CANNOT** push or pull over SSH.
This PR disables the console logger whilst in `serv.go`
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add util method and tests
* make sure the title of an issue cannot be empty
* wiki title cannot be empty
* pull request title cannot be empty
* update to make use of the new util methof
* add migration and basic UI for changing a user's theme
* update user themem
* use right text on button
* load theme based on users' selection
* load theme based on users' selection in pwa too
* update sample config
* delete older theme loading
* implement AfterLoad to set users' theme properly
* set up default theme when creating a user. This uses the installation wide theme
* use flash messages for error
* set default theme when creating a user from the cli
* fix @lunny review
* Fix the Let's Encrypt handler by listening on a valid address
Also handle errors in the HTTP server go routine, return a fatal error
when something goes wrong.
Thanks to @gbl08ma for finding the actual bug
Here is an example of the error handling:
2018/12/11 14:23:07 [....io/gitea/cmd/web.go:87 func1()] [E] Failed to
start the Let's Encrypt handler on port 30: listen tcp 0.0.0.0:30: bind:
permission denied
Closes #5280
* Fix a typo
* don't force a password change for the admin user
* don't totally dicard -must-change-password flag if creating the first (admin) user via the cli. Use flag if present but make sure to default to not forcing a password update
* add support for an admin to force a user to change his/her password from thee cli
* use BoolFlag instead
* default to true
* simplify by removing unnneccessary if/else
* Add repo-sync-releases admin command
Will help recovering corrupted database, see #3247
* Load repos in chunks of 10, exit with error if unable to get a list, scan private repos, fix typo
* Fix debug output about num releases
* Introduce RepositoryListDefaultPageSize constant, set to 64
Use it from the new admin command
* Use RepositoryListDefaultPageSize in more places
* Document RepositoryListDefaultPageSize
* Add an option to allow redirect of http port 80 to https.
This is an "opt in" option (default is to not redirect). It will only redirect
if protocol is https and the new REDIRECT_PORT_80 option is set to true.
The Port to redirect in previous commit was hardcoded to 80, now it can be
specified in the app.ini, defaulting to 80. The boolean option to turn
redirection on has been changed to REDIRECT_OTHER_PORT to be logically
consistent with the new port option.
Signed-off-by: Mike Fellows <mike.fellows@shaw.ca>
* Set session and indexers' data files rel to AppDataPath
The setting AppDataPath is now relative to the working directory.
The session svc's PROVIDER_CONFIG now defaults to AppDataPath/data/sessions.
The issue indexer's IssuePath now defaults to AppDataPath/indexers/issues.bleves.
* fix bug
* add units to team
* fix lint
* finish team setting backend
* finished permission controll on routes
* fix import blank line
* add unit check on ssh/http pull and push and fix test failed
* fix fixtures data
* remove unused code
* move all database operations from hook command to web command and instead of internal routes
* bug fixed
* adjust the import path sequences
* remove unused return value on hookSetup
* add internal routes for ssh hook comands
* fix lint
* add comment on why package named private not internal but the route name is internal
* add comment above package private why package named private not internal but the route name is internal
* remove exp time on internal access
* move routes from /internal to /api/internal
* add comment and defer on UpdatePublicKeyUpdated
* Add correct git branch name validation
* Change git refname validation error constant name
* Implement URL validation based on GoLang url.Parse method
* Backward compatibility with older Go compiler
* Add git reference name validation unit tests
* Remove unused variable in unit test
* Implement URL validation based on GoLang url.Parse method
* Backward compatibility with older Go compiler
* Add url validation unit tests
* Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION
Omit the configuration variable (the default) to be dependent.
Fixes #1363
* Move OpenID settings under Service object
* Show OpenID SignUp and SignIn status in admin panel / configuration
Also renames `forgot_password` translation key to
`forgot_password_title` and `forget_password` to
`forgot_password`
Includes entry in CHANGELOG about the breaking change
(and some markdown fixes in there)
* move all push update to git hook post-receive and protected branch check to git hook pre-receive
* add SSH_ORIGINAL_COMMAND check back
* remove all unused codes
* fix the import
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)
* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)
* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
* Protected branches system
* Moved default branch to branches section (`:org/:reponame/settings/branches`).
* Initial support Protected Branch.
- Admin does not restrict
- Owner not to limit
- To write permission restrictions
* reformat tmpl
* finished the UI and add/delete protected branch response
* remove unused comment
* indent all the template files and remove ru translations since we use crowdin
* fix the push bug
* Markdown rendering overhaul
Cleaned up and squashed commits into single one.
Signed-off-by: Andrew Boyarshin <boyarshinand@gmail.com>
* Fix markdown API, add markdown module and API tests, improve code coverage
Signed-off-by: Andrew Boyarshin <boyarshinand@gmail.com>
This change corrects a few logging issues:
* Standardized formatting errors with '%v'.
* Standardized failure warning word usage.
* Corrected an instance of using the standard log library when
the gitea log library should be used instead.
* Moved attachaments POST url from /issues/attachments to /attachments
* Implemented attachment upload on release page
* Implemented downloading attachments on the release page
* Added zip and gzip files to default allowed attachments
* Implemented uploading attachments on edit release
* Renamed UploadIssueAttachment to UploadAttachment
* Use relative URLs
* Notifications - Mark as read/unread
* Feature of pinning a notification
* On view issue, do not mark as read a pinned notification