1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-12 11:38:00 -05:00
Commit graph

62 commits

Author SHA1 Message Date
zeripath
01c10a951b
Fix ssh deploy and user key constraints (#1357) (#5939)
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-03 23:56:53 +00:00
Lunny Xiao
0b84b5ee49 fix public will not be reused as public key after deleting as deploy key (#5671) 2019-01-09 13:10:46 -05:00
zeripath
8bb0a6f425 Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
* Synchronize SSH keys on login with LDAP

* BUG: Fix hang on sqlite during LDAP key deletion
2018-12-27 12:28:48 -05:00
Lunny Xiao
fe55ab2a68 fix forgot removed records when deleting user (#5429)
* fix forgot removed records when deleting user

* fix migration

* fix rewritekey lock on sqlite

* remove unused codes
2018-12-18 11:26:26 -05:00
Lunny Xiao
eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
zeripath
7d9a191a3c Create AuthorizedKeysCommand (#5236) 2018-11-01 09:41:07 -04:00
zeripath
00533d3870 Keys API changes (#4960)
* Add private information to the deploy keys api

This commit adds more information to the deploy keys to allow for back
reference in to the main keys list. It also adds information about the
repository that the key is referring to.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add private information to the user keys API

This adjusts the keys API to give out private information to user keys if
the current user is the owner or an admin.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add ability to search keys by fingerprint

This commit adds the functionality to search ssh-keys by fingerprint of
the ssh-key. Deploy keys per repository can also be searched. There is
no current clear API point to allow search of all deploy keys by
fingerprint or keyID.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add integration test
2018-10-31 23:40:49 -04:00
Oleg Kovalov
5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
Lanre Adelowo
acb6f8a518 make sure to catch the right error so it is displayed as an error on the ui not a 500 (#4945) 2018-09-16 18:27:43 +03:00
Bo-Yi Wu
ea20adaa84
feat(repo): support search repository by topic name (#4505)
* feat(repo): support search repository by topic name
2018-09-13 10:33:48 +08:00
Magnus Lindvall
cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Antoine GIRARD
1ce3572409 Remove useless check (#3384)
In #3377, I put check inside all write key function. This one is useless no.
2018-01-19 21:45:53 +02:00
Antoine GIRARD
095fb9f2e3 Add integrations tests from git cli (#3377)
* test: integration add git cli tests

Extracted form for easing review process and debug #3152

* test: integration add git cli big file commit

* fix:  Don't rewrite key if internal server
2018-01-16 13:07:47 +02:00
Vlad Temian
e78786ef39 Writable deploy keys (closes #671) (#3225)
* Add is_writable checkbox to deploy keys interface

* Add writable key option to deploy key form

* Add support for writable ssh keys in the interface

* Rename IsWritable to ReadOnly

* Test: create read-only and read-write deploy keys via api

* Add DeployKey access mode migration

* Update gitea sdk via govendor

* Fix deploykey migration

* Add unittests for writable deploy keys

* Move template text to locale

* Remove implicit column update

* Remove duplicate locales

* Replace ReadOnly field with IsReadOnly method

* Fix deploy_keys related integration test

* Rename v54 migration with v55

* Fix migration hell
2018-01-07 00:55:53 +02:00
Lunny Xiao
f94c1b3943
Improvements for supporting UI Location (#3146)
* improvements for supporting UI Location

* improved the comment
2017-12-14 07:45:31 +08:00
Lunny Xiao
f2e20c81b6 Refactor struct's time to remove unnecessary memory usage (#3142)
* refactor struct's time to remove unnecessary memory usage

* use AsTimePtr simple code

* fix tests

* fix time compare

* fix template on gpg

* use AddDuration instead of Add
2017-12-11 06:37:04 +02:00
Vlad Temian
469ab99e9a Delete a user's public key via admin api (closes #3014) (#3059)
* Delete a user's public key via admin api

* Test admin ssh endpoint for creating a new ssh key

* Adapt public ssh key test to also test the delete operation

* Test that deleting a missing key will result in a 404

* Test that a normal user can't delete another user's ssh key

* Make DeletePublicKey return err

* Update swagger doc
2017-12-06 12:27:10 +02:00
Michael Kuhn
420fc8efc2 Disable add key button if SSH is disabled (#2873) 2017-11-21 11:49:33 +08:00
Gibheer
bc84110989 don't check minimum key size when disabled (#1754)
* cleanup old comments for ed25519

These comments were added when x/crypto/ed25519 could not yet handle
ed25519. It does now, so it should be removed.
Also the key type is now replaced with the proper constant.

* move the minimum key size config before the check

This moves the actual config lookup before any check is done. This
avoids problems with calling to ssh-keygen which doesn't support the
expected output format and returning an error, when the check is disabled.
2017-10-26 09:49:41 +08:00
Ethan Koenig
aa962deec0 Replace deprecated Id method with ID (#2655) 2017-10-05 07:43:04 +03:00
Lunny Xiao
a8717e5e3a Use AfterLoad instead of AfterSet on Structs (#2628)
* use AfterLoad instead of AfterSet on Structs

* fix the comments on AfterLoad

* fix the comments on action AfterLoad
2017-10-01 19:52:35 +03:00
Lunny Xiao
dd55534b82 Reduce usage of allcols on update (#2596)
* reduce usage of allcols on update

* fix bug and tests
2017-09-25 12:59:27 +08:00
Ethan Koenig
4cb9394a97 Fix lint errors (#2547) 2017-09-19 11:08:30 +03:00
Lunny Xiao
005900baea Use created & updated instead BeforeInsert & BeforeUpdate (#2482)
* use created & updated instead BeforeInsert & BeforeUpdate

* fix vendor checksum

* only show generated SQL when development mode

* remove extra update column updated_unix

* remove trace config
2017-09-13 08:18:22 +03:00
Lauris BH
dde0052ca2 Fix key usage time update if the key is used in parallel for multiple operations (#2185) 2017-07-20 11:15:10 +08:00
Dan Magnus Lindvall
79daf31058 Setting to disable authorized_keys backup (#1856)
* Add setting to disable authorized_keys backup when rewriting public keys

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Update default value to comply with documentation

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Use tmp-file instead of bak-file for saving manually added keys.

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Change casing

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Change casing and build bakpath with sprintf only

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Only close file once

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Do not modify calcFingerprint

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Fix casing

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Change style from disable to enable

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Change name, just SSH_BACKUP_AUTHORIZED_KEYS

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Do not check for directory existence if backup is disabled

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
2017-06-28 09:35:35 +08:00
Lauris BH
6db387a21e Refactor session close as xorm already does everything needed internally (#2020) 2017-06-21 08:57:05 +08:00
Dan Magnus Lindvall
ff7424179e Delete Public SSH Key tmp file after calculating fingerprint (#1855)
* Delete public key tmp file after calculating fingerprint

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Move line

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Remove defer statement

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Readd defer statement and move remove

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Delete space

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
2017-06-08 10:08:22 +08:00
Timo Myyrä
2525195749 use writeTmpKeyFile in calcFingerprint (#1828)
this makes calcFingerprint use SSH.KeyTestpath instead of os temp dir.
2017-05-29 19:51:16 +08:00
Lunny Xiao
2eeae84cbd Add internal routes for ssh hook comands (#1471)
* add internal routes for ssh hook comands

* fix lint

* add comment on why package named private not internal but the route name is internal

* add comment above package private why package named private not internal but the route name is internal

* remove exp time on internal access

* move routes from /internal to /api/internal

* add comment and defer on UpdatePublicKeyUpdated
2017-04-19 11:45:01 +08:00
Lunny Xiao
5c0bee9b20 refactor update ssh key use time (#1466) 2017-04-07 17:40:38 -07:00
Ethan Koenig
ec0ae5d50c Refactor and fix incorrect comment (#1247) 2017-03-15 08:51:46 +08:00
Lunny Xiao
ef13bbaf7d Don't rewrite non-gitea public keys (#906)
* don't rewrite non-gitea public keys

* add comment for public key
2017-03-03 00:36:47 +08:00
Lunny Xiao
7eb8daffa3 Use fingerprint to check instead content for public key (#911)
* use fingerprint to check instead content for public key

* add fingerprint field for ErrKeyAlreadyExist
2017-02-14 14:12:52 +08:00
Gabriel Jackson
bf6f61cc69 Cleanup log messaging
This change corrects a few logging issues:

 * Standardized formatting errors with '%v'.
 * Standardized failure warning word usage.
 * Corrected an instance of using the standard log library when
   the gitea log library should be used instead.
2017-02-02 15:24:18 +01:00
Bo-Yi Wu
25663b5816 refactor: Remove unnecessary type conversions (#772) 2017-01-27 23:03:32 +08:00
Matthias Loibl
d1006150fb Refactor process package and introduce ProcessManager{} with tests (#75)
* Add a process.Manager singleton with process.GetManager()

* Use process.GetManager everywhere

* Fix godoc comments for process module

* Increment process counter id after locking the mutex
2017-01-17 13:58:58 +08:00
Ethan Koenig
1207bda94b Fix typos in models/ (#576) 2017-01-05 08:50:34 +08:00
Bwko
331316894e Replace Gogs with Gitea (#520) 2016-12-28 16:33:21 +08:00
Bwko
4ff0db0246 Catch os... errors 2016-12-02 07:41:19 +01:00
Bwko
6cde041080 Lint models/ssh_key.go 2016-11-26 01:36:03 +01:00
stroucki
3a3782bb7f Handle ssh key import better (#224)
* Handle user ssh key input better

ssh_key: when user submitted keys had a newline at the end, strings.Split
would have created a slice with an empty last element, and the key type
check would be incorrect. Perhaps a better way is to look for 'ssh-rsa' or
'ssh-dsa' at the beginning of the string, but this is simple.

* ssh_key: correct indentation
2016-11-24 08:52:55 +08:00
Lunny Xiao
30a37311f8 use in instead string join (#155) 2016-11-12 09:29:18 +01:00
Thibault Meyer
b0ddced2b5
Merge remote-tracking branch 'upstream/master' into feature/rewrite-xorm-queries
# Conflicts:
#	models/git_diff.go
#	models/issue.go
#	models/org.go
#	models/pull.go
#	models/repo.go
2016-11-10 21:05:52 +01:00
Thibault Meyer
a4454f5d0f
Rewrite XORM queries 2016-11-10 20:59:51 +01:00
Sandro Santilli
4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
Sandro Santilli
aadd7dcdc3 And others 2016-11-07 17:53:22 +01:00
Sandro Santilli
f388661bda ACCESS_MODE_* -> AccessMode* 2016-11-07 17:20:37 +01:00
Rémy Boulanouar
2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
Unknwon
2d76de2574 #3281 fix x.Iterate returns nothing inside session scope with SQLite3 2016-07-26 17:26:48 +08:00