* Restricted users (#4334): initial implementation
* Add User.IsRestricted & UI to edit it
* Pass user object instead of user id to places where IsRestricted flag matters
* Restricted users: maintain access rows for all referenced repos (incl public)
* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses
* Add basic repo access tests for restricted users
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Mention restricted users in the faq
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Remove unnecessary `org.IsOrganization()` call
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert to an `int64` keyed `accessMap`
* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* or even better: `map[int64]*userAccess`
* updateUserAccess(): use tighter syntax as suggested by lafriks
* even tighter
* Avoid extra loop
* Don't disclose limited orgs to unauthenticated users
* Don't assume block only applies to orgs
* Use an array of `VisibleType` for filtering
* fix yet another thinko
* Ok - no need for u
* Revert "Ok - no need for u"
This reverts commit 5c3e886aab.
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* introduce `GET /orgs`
* add TEST
* show also other VisibleType's
* update description
* refactor a lot
* SearchUserOptions by default return only public
* Change graceful to use a singleton obtained through GetManager instead of a global.
* Graceful: Make TestPullRequests shutdownable
* Graceful: Make the cron tasks graceful
* Graceful: AddTestPullRequest run in graceful ctx
* Graceful: SyncMirrors shutdown
* Graceful: SetDefaultContext for Xorm to be HammerContext
* Avoid starting graceful for migrate commands and checkout
* Graceful: DeliverHooks now can be shutdown
* Fix multiple syncing errors in modules/sync/UniqueQueue & Make UniqueQueue closable
* Begin the process of making the repo indexer shutdown gracefully
* Graceful: Create callbacks to with contexts
* Graceful: Say when Gitea is completely finished
* Graceful: Git and Process within HammerTime
Force all git commands to terminate at HammerTime
Force all process commands to terminate at HammerTime
Move almost all git processes to run as git Commands
* Graceful: Always Hammer after Shutdown
* ProcessManager: Add cancel functionality
* Fix tests
* Make sure that process.Manager.Kill() cancels
* Make threadsafe access to Processes and remove own unused Kill
* Remove cmd from the process manager as it is no longer used
* the default context is the correct context
* get rid of double till
* Properly fix #7127
Although #7300 properly shadows the password from the virtual session
provider, the template displaying the provider config still presumed
that the config was JSON.
This PR updates the template and properly hides the Virtual Session
provider.
Fixes #7127
* update per @silverwind's suggestion
* Add single sign-on support via SSPI on Windows
* Ensure plugins implement interface
* Ensure plugins implement interface
* Move functions used only by the SSPI auth method to sspi_windows.go
* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected
* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.
* Update documentation for the new 'SPNEGO with SSPI' login source
* Mention in documentation that ROOT_URL should contain the FQDN of the server
* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)
* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)
* Add option in SSPIConfig for removing of domains from logon names
* Update helper text for StripDomainNames option
* Make sure handleSignIn() is called after a new user object is created by SSPI auth method
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates
* Remove code duplication
* Log errors in ActiveLoginSources
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert suffix of randomly generated E-mails for Reverse proxy authentication
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert unneeded white-space change in template
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add copyright comments at the top of new files
* Use loopback name for randomly generated emails
* Add locale tag for the SSPISeparatorReplacement field with proper casing
* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields
* Update docs/content/doc/features/authentication.en-us.md
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Remove Priority() method and define the order in which SSO auth methods should be executed in one place
* Log authenticated username only if it's not empty
* Rephrase helper text for automatic creation of users
* Return error if more than one active SSPI auth source is found
* Change newUser() function to return error, letting caller log/handle the error
* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed
* Refactor initialization of the list containing SSO auth methods
* Validate SSPI settings on POST
* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page
* Make 'Default language' in SSPI config empty, unless changed by admin
* Show error if admin tries to add a second authentication source of type SSPI
* Simplify declaration of global variable
* Rebuild gitgraph.js on Linux
* Make sure config values containing only whitespace are not accepted
* Add password requirement info on error
* Move BuildComplexityError to the password pkg
* Unexport complexity type
* Fix extra line
* Update modules/password/password.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
Fix #8718
This PR shadows passwords in session config correctly by detecting
the VirtualProvider, unmarshalling the original config and then
shadowing config within that.
* Move some repositories' operations to a standalone service package
* improve code
* remove unused codes
* add rollback when fork failed
* add repo when return
Add password complexity checks. The default settings require a lowercase, uppercase, number and a special character within passwords.
Co-Authored-By: T-M-A <maxim.tkachenko@gmail.com>
Co-Authored-By: Lanre Adelowo <adelowomailbox@gmail.com>
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-Authored-By: Lauris BH <lauris@nix.lv>
* move all mail related codes from models to modules/mailer
* fix lint
* use DBContext instead Engine
* use WithContext not WithEngine
* Use DBContext instead of Engine
* don't use defer when sess.Close()
* move DBContext to context.go and add some methods
* move mailer from modules/ to services
* fix lint
* fix tests
* fix fmt
* add gitea copyright
* fix tests
* don't expose db functions
* make code clear
* add DefaultDBContext
* fix build
* fix bug
* display ui time with customize time location
* fix lint
* rename UILocation to DefaultUILocation
* move time related functions to modules/timeutil
* fix tests
* fix tests
* fix build
* fix swagger
* Only show repository avatar in list when one was selected
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Adds fallback configuration option for repository avatar
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Implements repository avatar fallback
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Adds admin task for deleting generated repository avatars
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Solve linting issues
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Save avatar before updating database
* Linting
* Update models/repo.go
Co-Authored-By: zeripath <art27@cantab.net>
* Panic don't fatal on create new logger
Fixes #5854
Signed-off-by: Andrew Thornton <art27@cantab.net>
* partial broken
* Update the logging infrastrcture
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset the skip levels for Fatal and Error
Signed-off-by: Andrew Thornton <art27@cantab.net>
* broken ncsa
* More log.Error fixes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove nal
* set log-levels to lowercase
* Make console_test test all levels
* switch to lowercased levels
* OK now working
* Fix vetting issues
* Fix lint
* Fix tests
* change default logging to match current gitea
* Improve log testing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* reset error skip levels to 0
* Update documentation and access logger configuration
* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE
* Fix broken level caching
* Refactor the router log
* Add Router logger
* Add colorizing options
* Adjust router colors
* Only create logger if they will be used
* update app.ini.sample
* rename Attribute ColorAttribute
* Change from white to green for function
* Set fatal/error levels
* Restore initial trace logger
* Fix Trace arguments in modules/auth/auth.go
* Properly handle XORMLogger
* Improve admin/config page
* fix fmt
* Add auto-compression of old logs
* Update error log levels
* Remove the unnecessary skip argument from Error, Fatal and Critical
* Add stacktrace support
* Fix tests
* Remove x/sync from vendors?
* Add stderr option to console logger
* Use filepath.ToSlash to protect against Windows in tests
* Remove prefixed underscores from names in colors.go
* Remove not implemented database logger
This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.
* Ensure that log paths are relative to ROOT_PATH
* use path.Join
* rename jsonConfig to logConfig
* Rename "config" to "jsonConfig" to make it clearer
* Requested changes
* Requested changes: XormLogger
* Try to color the windows terminal
If successful default to colorizing the console logs
* fixup
* Colorize initially too
* update vendor
* Colorize logs on default and remove if this is not a colorizing logger
* Fix documentation
* fix test
* Use go-isatty to detect if on windows we are on msys or cygwin
* Fix spelling mistake
* Add missing vendors
* More changes
* Rationalise the ANSI writer protection
* Adjust colors on advice from @0x5c
* Make Flags a comma separated list
* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING
* Ensure matching is done on the non-colored message - to simpify EXPRESSION
Include the current CustomPath location in the admin section and also
display GITEA_WORK_DIR and/or GITEA_CUSTOM env var if they are set.
Right now there is no easy way to see this information, and if you try
and help most users they won't be able to tell you anything about these
values -- just that their custom template isn't working, files aren't in
the right place, etc... Now you can see all paths and if they were set
by ENV or not.
Partially implement #770.
Add "Default Webhooks" page in site admin UI.
Persist to the existing webhooks table, but store with RepoID=0 and OrgID=0.
Upon repo creation, copy the set of default webhooks into the new repo.
* redirect to login page after successfully activating account
* force users to change password if account was created by an admin
* force users to change password if account was created by an admin
* fixed build
* fixed build
* fix pending issues with translation and wrong routes
* make sure path check is safe
* remove unneccessary newline
* make sure users that don't have to view the form get redirected
* move route to use /settings prefix so as to make sure unauthenticated users can't view the page
* update as per @lafriks review
* add necessary comment
* remove unrelated changes
* support redirecting to location the user actually want to go to before being forced to change his/her password
* run make fmt
* added tests
* improve assertions
* add assertion
* fix copyright year
Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
* Add LDAP Key Synchronization feature
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Add migration: add login source id column for public_key table
* Only update keys if needed
* Add function to only list pubkey synchronized from ldap
* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.
* Only get keys belonging to current login source id
* Set default login source id to 0
* Some minor cleanup. Add integration tests (updete dep testify)
* Add commit count caching
* Small refactoring
* Add different key prefix for refs and commits
* Add configuratuion option to allow to change caching time or disable it
* hide unactive on explore users and some refactors
* fix test for removed Organizations
* fix test for removed Organizations
* fix imports
* fix logic bug
* refactor the toConds
* Rename TestOrganizations to TestSearchUsers and add tests for users
* fix other tests
* fix other tests
* fix watchers tests
* fix comments and remove unused code