* Refactor jwt.StandardClaims to RegisteredClaims
go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims
instead. This PR migrates to use this new format.
Signed-off-by: Andrew Thornton <[email protected]>
* Apply suggestions from code review
Co-authored-by: Gusted <[email protected]>
Co-authored-by: 6543 <[email protected]>
Co-authored-by: Gusted <[email protected]>
Make router logger more friendly, show the related function name/file/line.
[BREAKING]
This PR substantially changes the logging format of the router logger. If you use this logging for monitoring e.g. fail2ban you will need to update this to match the new format.
This PR continues the work in #17125 by progressively ensuring that git
commands run within the request context.
This now means that the if there is a git repo already open in the context it will be used instead of reopening it.
Signed-off-by: Andrew Thornton <[email protected]>
if return a error message to cli, it will print it
to stderr which is duplicate with our code (line 82
in same file). so user will see two line same
error message in git output. I think it's not mecessary,
so suggerst not return error message to cli. Thanks.
Signed-off-by: a1012112796 <[email protected]>
It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.
Fix#17977
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: wxiaoguang <[email protected]>
* Add setting to OAuth handlers to override local 2FA settings
This PR adds a setting to OAuth and OpenID login sources to allow the source to
override local 2FA requirements.
Fix#13939
Signed-off-by: Andrew Thornton <[email protected]>
* Fix regression from #16544
Signed-off-by: Andrew Thornton <[email protected]>
* Add scopes settings
Signed-off-by: Andrew Thornton <[email protected]>
* fix trace logging in auth_openid
Signed-off-by: Andrew Thornton <[email protected]>
* add required claim options
Signed-off-by: Andrew Thornton <[email protected]>
* Move UpdateExternalUser to externalaccount
Signed-off-by: Andrew Thornton <[email protected]>
* Allow OAuth2/OIDC to set Admin/Restricted status
Signed-off-by: Andrew Thornton <[email protected]>
* Allow use of the same group claim name for the prohibit login value
Signed-off-by: Andrew Thornton <[email protected]>
* fixup! Move UpdateExternalUser to externalaccount
* as per wxiaoguang
Signed-off-by: Andrew Thornton <[email protected]>
* add label back in
Signed-off-by: Andrew Thornton <[email protected]>
* adjust localisation
Signed-off-by: Andrew Thornton <[email protected]>
* placate lint
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: 6543 <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* Move keys to models/keys
* Rename models/keys -> models/asymkey
* change the missed package name
* Fix package alias
* Fix test
* Fix docs
* Fix test
* Fix test
* merge
* Some refactors related repository model
* Move more methods out of repository
* Move repository into models/repo
* Fix test
* Fix test
* some improvements
* Remove unnecessary function
* Improve install code to avoid low-level mistakes.
If a user tries to do a re-install in a Gitea database, they gets a warning and double check.
When Gitea runs, it never create empty app.ini automatically.
Also some small (related) refactoring:
* Refactor db.InitEngine related logic make it more clean (especially for the install code)
* Move some i18n strings out from setting.go to make the setting.go can be easily maintained.
* Show errors in CLI code if an incorrect app.ini is used.
* APP_DATA_PATH is created when installing, and checked when starting (no empty directory is created any more).
This PR registers requests with the process manager and manages hierarchy within the processes.
Git repos are then associated with a context, (usually the request's context) - with sub commands using this context as their base context.
Signed-off-by: Andrew Thornton <[email protected]>
* Remove unnecessary functions of User struct
* Move more database methods out of user struct
* Move more database methods out of user struct
* Fix template failure
* Fix bug
* Remove finished FIXME
* remove unnecessary code
* Simplify Gothic to use our session store instead of creating a different store
We have been using xormstore to provide a separate session store for our OAuth2 logins
however, this relies on using gorilla context and some doubling of our session storing.
We can however, simplify and simply use our own chi-based session store. Thus removing
a cookie and some of the weirdness with missing contexts.
Signed-off-by: Andrew Thornton <[email protected]>
* as per review
Signed-off-by: Andrew Thornton <[email protected]>
* as per review
Signed-off-by: Andrew Thornton <[email protected]>
* Handle MaxTokenLength
Signed-off-by: Andrew Thornton <[email protected]>
* oops
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
* Allow LDAP Sources to provide Avatars
Add setting to LDAP source to allow it to provide an Avatar.
Currently this is required to point to the image bytes.
Fix#4144
Signed-off-by: Andrew Thornton <[email protected]>
* Rename as Avatar Attribute (drop JPEG)
Signed-off-by: Andrew Thornton <[email protected]>
* Always synchronize avatar if there is change
Signed-off-by: Andrew Thornton <[email protected]>
* Actually get the avatar from the ldap
Signed-off-by: Andrew Thornton <[email protected]>
* clean-up
Signed-off-by: Andrew Thornton <[email protected]>
* use len()>0 rather than != ""
Signed-off-by: Andrew Thornton <[email protected]>
* slight shortcut in IsUploadAvatarChanged
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources.
Signed-off-by: Andrew Thornton <[email protected]>
Often when handling problems it is not clear which configuration file Gitea is
using. This PR simply ensures that the configuration file is emitted.
Signed-off-by: Andrew Thornton <[email protected]>
This PR adds a setting to OAuth and OpenID login sources to allow the source to
skip local 2FA authentication.
Fix#13939
Signed-off-by: Andrew Thornton <[email protected]>
Although panics within the rendering pipeline are caught and dealt with,
panics that occur before that starts are unprotected and will kill Gitea
without being sent to the logs.
This PR adds a basic recovery handler to catch panics that occur after
the logger is initialised and ensure that they're sent to the logger.
Signed-off-by: Andrew Thornton <[email protected]>
Cristian LeandGitHub
6543andGitHub
wxiaoguangandGitHub
a1012112796andGitHub
Zoran PeričićandGitHub
mschererandGitHub
KN4CK3RandGitHub
John OlheiserandGitHub