Commit Graph
26 Commits
Author SHA1 Message Date
9066d09c57 Add ssh certificate support (#12281)
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <[email protected]>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <[email protected]>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <[email protected]>

* Update models/ssh_key.go

Co-authored-by: silverwind <[email protected]>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <[email protected]>

* Update models/ssh_key.go

Co-authored-by: zeripath <[email protected]>

* Update models/ssh_key.go

Co-authored-by: zeripath <[email protected]>

* Update models/ssh_key.go

Co-authored-by: zeripath <[email protected]>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <[email protected]>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <[email protected]>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <[email protected]>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <[email protected]>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <[email protected]>

* Fix linting issue

Co-authored-by: silverwind <[email protected]>
Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
2020-10-10 20:38:09 -04:00
ea69ec6f0f Disable DSA ssh keys by default (#13056)
* Disable DSA ssh keys by default

OpenSSH has disabled DSA keys since version 7.0

As the docker runs openssh > v7.0 we should just disable
DSA keys by default.

Refers to #11417

Signed-off-by: Andrew Thornton <[email protected]>

* Just disable DSA keys by default

Signed-off-by: Andrew Thornton <[email protected]>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <[email protected]>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <[email protected]>

* Remove DSA type

* Fix Tests

Co-authored-by: techknowlogick <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
2020-10-09 09:52:57 +03:00
8fe8ab5cbf Mitigate Security vulnerability in the git hook feature (#13058)
* Extend git hook warning in the UI.

Git hooks are a dangerous feature, administrators should be warned before giving
the git hook privilege to users.

* Disable Git hooks by default and add warning.

Git hooks are a dangerous features (see warning text) that should only
be enabled if the administrator was informed about the risk involved.

Co-authored-by: Niklas Goerke <[email protected]>
2020-10-07 12:55:13 +03:00
cda44750cb Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <[email protected]>
2020-10-05 01:49:33 -04:00
72636fd664 hCaptcha Support (#12594)
* Initial work on hCaptcha

Signed-off-by: jolheiser <[email protected]>

* Use module

Signed-off-by: jolheiser <[email protected]>

* Format

Signed-off-by: jolheiser <[email protected]>

* At least return and debug log a captcha error

Signed-off-by: jolheiser <[email protected]>

* Pass context to hCaptcha

Signed-off-by: jolheiser <[email protected]>

* Add context to recaptcha

Signed-off-by: jolheiser <[email protected]>

* fix lint

Signed-off-by: Andrew Thornton <[email protected]>

* Finish hcaptcha

Signed-off-by: jolheiser <[email protected]>

* Update example config

Signed-off-by: jolheiser <[email protected]>

* Apply error fix for recaptcha

Signed-off-by: jolheiser <[email protected]>

* Change recaptcha ChallengeTS to string

Signed-off-by: jolheiser <[email protected]>

Co-authored-by: Andrew Thornton <[email protected]>
2020-10-02 23:37:53 -04:00
zeripathandGitHub c6da033656 Copy missing things from app.example.ini to Cheat Sheet (#12988)
Signed-off-by: Andrew Thornton <[email protected]>
2020-10-01 07:57:57 +01:00
3878e985b6 Add default storage configurations (#12813)
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: zeripath <[email protected]>
2020-09-29 12:05:13 +03:00
7f8e3192cd Allow common redis and leveldb connections (#12385)
* Allow common redis and leveldb connections

Prevents multiple reopening of redis and leveldb connections to the same
place by sharing connections.

Further allows for more configurable redis connection type using the
redisURI and a leveldbURI scheme.

Signed-off-by: Andrew Thornton <[email protected]>

* add unit-test

Signed-off-by: Andrew Thornton <[email protected]>

* as per @lunny

Signed-off-by: Andrew Thornton <[email protected]>

* add test

Signed-off-by: Andrew Thornton <[email protected]>

* Update modules/cache/cache_redis.go

* Update modules/queue/queue_disk.go

* Update modules/cache/cache_redis.go

* Update modules/cache/cache_redis.go

* Update modules/queue/unique_queue_disk.go

* Update modules/queue/queue_disk.go

* Update modules/queue/unique_queue_disk.go

* Update modules/session/redis.go

Co-authored-by: techknowlogick <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
2020-09-28 00:09:46 +03:00
c85c9d40c2 Add config option to make create-on-push repositories public by default (#12936)
* Add config option to make create-on-push repositories public by default

* Fix linting

* Add option to 'config cheat sheet' page

* Chinese translation

Signed-off-by: a1012112796 <[email protected]>

* Fix typo in docs

* fix typo

* Add option to example config

Co-authored-by: Tait Hoyem <[email protected]>
Co-authored-by: a1012112796 <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
2020-09-27 15:20:52 -04:00
赵智超andGitHub d71eaacbf2 [Docs] Add all chooseable cron config options to 'app.example.ini' (#12931)
As title.

ref:
https://github.com/go-gitea/gitea/blob/master/modules/cron/tasks_basic.go
https://github.com/go-gitea/gitea/blob/master/modules/cron/tasks_extended.go
https://github.com/go-gitea/gitea/blob/ba20dd7a7b59157d9232de7dfa99a23b0fb0d2aa/modules/setting/cron.go#L7-L11

Signed-off-by: a1012112796 <[email protected]>
2020-09-25 18:37:33 +01:00
7a7f56044a Adopt repositories (#12920)
* Don't automatically delete repository files if they are present

Prior to this PR Gitea would delete any repository files if they are
present during creation or migration. This can in certain circumstances
lead to data-loss and is slightly unpleasant.

This PR provides a mechanism for Gitea to adopt repositories on creation
and otherwise requires an explicit flag for deletion.

PushCreate is slightly different - the create will cause adoption if
that is allowed otherwise it will delete the data if that is allowed.

Signed-off-by: Andrew Thornton <[email protected]>

* Update swagger

Signed-off-by: Andrew Thornton <[email protected]>

* Fix tests and migrate overwrite

Signed-off-by: Andrew Thornton <[email protected]>

* as per @lunny

Only offer to adopt or overwrite if the user can do that.

Allow the site administrator to adopt or overwrite in all
circumstances

Signed-off-by: Andrew Thornton <[email protected]>

* Use setting.Repository.DefaultBranch for the default branch

Signed-off-by: Andrew Thornton <[email protected]>

* Always set setting.Repository.DefaultBranch

Signed-off-by: Andrew Thornton <[email protected]>

* update swagger

Signed-off-by: Andrew Thornton <[email protected]>

* update templates

Signed-off-by: Andrew Thornton <[email protected]>

* ensure repo closed

Signed-off-by: Andrew Thornton <[email protected]>

* Rewrite of adoption as per @6543 and @lunny

Signed-off-by: Andrew Thornton <[email protected]>

* Apply suggestions from code review

* update swagger

Signed-off-by: Andrew Thornton <[email protected]>

* missing not

Signed-off-by: Andrew Thornton <[email protected]>

* add modals and flash reporting

Signed-off-by: Andrew Thornton <[email protected]>

* Make the unadopted page searchable

Signed-off-by: Andrew Thornton <[email protected]>

* Add API

Signed-off-by: Andrew Thornton <[email protected]>

* Fix swagger

Signed-off-by: Andrew Thornton <[email protected]>

* fix swagger

Signed-off-by: Andrew Thornton <[email protected]>

* Handle empty and non-master branched repositories

Signed-off-by: Andrew Thornton <[email protected]>

* placate lint

Signed-off-by: Andrew Thornton <[email protected]>

* remove commented out code

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: techknowlogick <[email protected]>
2020-09-25 07:09:23 +03:00
4979f15c3f Add configurable Trust Models (#11712)
* Add configurable Trust Models

Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.

The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.

The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.

Signed-off-by: Andrew Thornton <[email protected]>

* Adjust locale strings

Signed-off-by: Andrew Thornton <[email protected]>

* as per @6543

Co-authored-by: 6543 <[email protected]>

* Update models/gpg_key.go

* Add migration for repository

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: 6543 <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
2020-09-20 00:44:55 +08:00
c6e4bc53aa Check passwords against HaveIBeenPwned (#12716)
* Implement pwn

Signed-off-by: jolheiser <[email protected]>

* Update module

Signed-off-by: jolheiser <[email protected]>

* Apply suggestions mrsdizzie

Co-authored-by: mrsdizzie <[email protected]>

* Add link to HIBP

Signed-off-by: jolheiser <[email protected]>

* Add more details to admin command

Signed-off-by: jolheiser <[email protected]>

* Add context to pwn

Signed-off-by: jolheiser <[email protected]>

* Consistency and making some noise ;)

Signed-off-by: jolheiser <[email protected]>

Co-authored-by: mrsdizzie <[email protected]>
Co-authored-by: zeripath <[email protected]>
2020-09-08 17:06:39 -05:00
5c0697ad1e Use argon as default password hash algorithm (#12688)
* Restrict TLS connections to 1.2 minimum

* Set Argon2 as the default KDF

* Fix user.yml

* Remove TLS minversion changes

Signed-off-by: Andrew Thornton <[email protected]>

* Add migration as per @techknowlogick

Signed-off-by: Andrew Thornton <[email protected]>

* set the password algo in the fixtures

Signed-off-by: Andrew Thornton <[email protected]>

* Remove the v148 migration - it needs recreate table to change the defaults

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: Nadim Kobeissi <[email protected]>
2020-09-03 14:58:31 -04:00
9bc69ff26e Support elastic search for code search (#10273)
* Support elastic search for code search

* Finished elastic search implementation and add some tests

* Enable test on drone and added docs

* Add new fields to elastic search

* Fix bug

* remove unused changes

* Use indexer alias to keep the gitea indexer version

* Improve codes

* Some code improvements

* The real indexer name changed to xxx.v1

Co-authored-by: zeripath <[email protected]>
2020-08-30 19:08:01 +03:00
zeripathandGitHub 9abc16a280 fix documentation for REFRESH_TOKEN_EXPIRATION_TIME (#12642)
REFRESH_TOKEN_EXPIRATION_TIME refers to the refresh token not the access token

Fix #12641

Signed-off-by: Andrew Thornton <[email protected]>
2020-08-29 23:02:38 +03:00
019e577d54 Update JWT docs in example config (#12591)
* Update JWT docs in example config

align with way we have `LFS_JWT_SECRET` in config

Fix #12590

* Update custom/conf/app.example.ini

Co-authored-by: John Olheiser <[email protected]>

Co-authored-by: John Olheiser <[email protected]>
2020-08-24 17:49:26 -04:00
mrsdizzieandGitHub fb70b5d207 Disable password complexity check default (#12557)
* Disable password complexity check default

These features enourange bad passwords/are annoying for people using better password methods, and at minimum we shouldn't force that as a default for obvious reasons. Disable any default check to avoid regular complaints.

* fix copy paste format
2020-08-21 18:42:23 -04:00
7c0862b6d9 fix typos (#12545)
* fix typo in app.ini

* fix typo in git hook module

Co-authored-by: techknowlogick <[email protected]>
2020-08-20 18:41:08 +01:00
62e6c9bc6c Add a storage layer for attachments (#11387)
* Add a storage layer for attachments

* Fix some bug

* fix test

* Fix copyright head and lint

* Fix bug

* Add setting for minio and flags for migrate-storage

* Add documents

* fix lint

* Add test for minio store type on attachments

* fix test

* fix test

* Apply suggestions from code review

Co-authored-by: guillep2k <[email protected]>

* Add warning when storage migrated successfully

* Fix drone

* fix test

* rebase

* Fix test

* display the error on console

* Move minio test to amd64 since minio docker don't support arm64

* refactor the codes

* add trace

* Fix test

* remove log on xorm

* Fi download bug

* Add a storage layer for attachments

* Add setting for minio and flags for migrate-storage

* fix lint

* Add test for minio store type on attachments

* Apply suggestions from code review

Co-authored-by: guillep2k <[email protected]>

* Fix drone

* fix test

* Fix test

* display the error on console

* Move minio test to amd64 since minio docker don't support arm64

* refactor the codes

* add trace

* Fix test

* Add URL function to serve attachments directly from S3/Minio

* Add ability to enable/disable redirection in attachment configuration

* Fix typo

* Add a storage layer for attachments

* Add setting for minio and flags for migrate-storage

* fix lint

* Add test for minio store type on attachments

* Apply suggestions from code review

Co-authored-by: guillep2k <[email protected]>

* Fix drone

* fix test

* Fix test

* display the error on console

* Move minio test to amd64 since minio docker don't support arm64

* don't change unrelated files

* Fix lint

* Fix build

* update go.mod and go.sum

* Use github.com/minio/minio-go/v6

* Remove unused function

* Upgrade minio to v7 and some other improvements

* fix lint

* Fix go mod

Co-authored-by: guillep2k <[email protected]>
Co-authored-by: Tyler <[email protected]>
2020-08-18 12:23:45 +08:00
+3 4027c5dd7c Kanban board (#8346)
Co-authored-by: 6543 <[email protected]>
Co-authored-by: jaqra <[email protected]>
Co-authored-by: Kerry <[email protected]>
Co-authored-by: Jaqra <[email protected]>
Co-authored-by: Kyle Evans <[email protected]>
Co-authored-by: Tsakiridis Ilias <[email protected]>
Co-authored-by: Ilias Tsakiridis <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: silverwind <[email protected]>
Co-authored-by: zeripath <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
2020-08-16 23:07:38 -04:00
22c952ac7a Make dashboard newsfeed list length a configurable item (#12469)
Co-authored-by: John Olheiser <[email protected]>
2020-08-11 10:48:13 -04:00
8e20daaede Clarify documentation of SKIP_VERIFY (#12203)
* Clarify documentation of SKIP_VERIFY

The documentation clearly documents the empty value as the default,
however at least one user reported this as being unclear. Mark values
explicitly so it is clear what values it can take. This clarifies that
an empty value in fact leaves certificate verification enabled, whereas
it has to be explicitly set to true to disable certificate verification.

Resolves: #12117

Signed-off-by: Alexander Scheel <[email protected]>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: mrsdizzie <[email protected]>

* Update custom/conf/app.example.ini

Co-authored-by: mrsdizzie <[email protected]>

* Update custom/conf/app.example.ini

Co-authored-by: mrsdizzie <[email protected]>

Co-authored-by: mrsdizzie <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
2020-07-21 19:50:25 -04:00
ae56411e9f Move EventSource to SharedWorker (#12095)
Move EventSource to use a SharedWorker. This prevents issues with HTTP/1.1
open browser connections from preventing gitea from opening multiple tabs.

Also allow setting EVENT_SOURCE_UPDATE_TIME to disable EventSource updating

Fix #11978

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: silverwind <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
2020-07-03 10:55:36 +01:00
silverwindandGitHub 98ddf87b03 Update docs to specify utf8mb4 default (#11962)
Install tool already sets it as the default so we can just update
example ini and docs to it.

Fixes: https://github.com/go-gitea/gitea/issues/11081
2020-06-18 15:36:59 -04:00
03ba974481 Rename custom/conf/app.ini.sample to custom/conf/app.example.ini for better syntax light on editor (#11926)
* Rename custom/conf/app.ini.sample to custom/conf/app.sample.ini for better syntax light on editor

* rename to app.example.ini

* per @6543 's comment, update all references on docs

Co-authored-by: techknowlogick <[email protected]>
2020-06-17 23:16:59 -04:00