From ad47535f9d8e7a0953fa553c377cf3223b94c46e Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Tue, 13 Oct 2020 14:19:28 +0200 Subject: [PATCH 1/5] Disabling application elements fixed Gitea does not remove all elements (UI, cron tasks) of some disabled features which makes UI unnecessarily complicated. This mod removes these unnecessary elements from UI/cron: * token edition in user settings is not available when ENABLE_SWAGGER=false, * application tab is not available in user settings if swagger and oauth2 are both disabled, * SSH keys editor is not displayed if SSH is disabled and tab name changed to more general "Keys", * resync_all_sshkeys cron task is disabled if SSH is disabled, * deploy keys tab is not displayed if SSH is disabled, * git hook access option hidden in user settings when git hooks are disabled, * git hook sync cron task removed when git hooks are disabled. Author-Change-Id: IB#1105071 --- modules/cron/tasks_extended.go | 8 ++++++-- modules/templates/helper.go | 9 ++++++++ options/locale/locale_bg-BG.ini | 1 - options/locale/locale_cs-CZ.ini | 1 - options/locale/locale_de-DE.ini | 1 - options/locale/locale_en-US.ini | 2 +- options/locale/locale_es-ES.ini | 1 - options/locale/locale_fa-IR.ini | 1 - options/locale/locale_fi-FI.ini | 1 - options/locale/locale_fr-FR.ini | 1 - options/locale/locale_hu-HU.ini | 1 - options/locale/locale_id-ID.ini | 1 - options/locale/locale_it-IT.ini | 1 - options/locale/locale_ja-JP.ini | 1 - options/locale/locale_ko-KR.ini | 1 - options/locale/locale_lv-LV.ini | 1 - options/locale/locale_ml-IN.ini | 1 - options/locale/locale_nl-NL.ini | 1 - options/locale/locale_pl-PL.ini | 2 +- options/locale/locale_pt-BR.ini | 1 - options/locale/locale_pt-PT.ini | 1 - options/locale/locale_ru-RU.ini | 1 - options/locale/locale_sv-SE.ini | 1 - options/locale/locale_tr-TR.ini | 1 - options/locale/locale_uk-UA.ini | 1 - options/locale/locale_zh-CN.ini | 1 - options/locale/locale_zh-HK.ini | 1 - options/locale/locale_zh-TW.ini | 1 - routers/user/setting/applications.go | 25 ++++++++++++++++++----- templates/admin/dashboard.tmpl | 4 ++++ templates/admin/user/edit.tmpl | 2 +- templates/repo/settings/deploy_keys.tmpl | 4 ---- templates/repo/settings/nav.tmpl | 2 ++ templates/repo/settings/navbar.tmpl | 2 ++ templates/user/settings/applications.tmpl | 2 ++ templates/user/settings/keys_ssh.tmpl | 6 ++---- templates/user/settings/navbar.tmpl | 10 +++++---- 37 files changed, 56 insertions(+), 46 deletions(-) diff --git a/modules/cron/tasks_extended.go b/modules/cron/tasks_extended.go index fa2d6e0c385f0..2ac18bc2f02e9 100644 --- a/modules/cron/tasks_extended.go +++ b/modules/cron/tasks_extended.go @@ -111,8 +111,12 @@ func initExtendedTasks() { registerDeleteInactiveUsers() registerDeleteRepositoryArchives() registerGarbageCollectRepositories() - registerRewriteAllPublicKeys() - registerRepositoryUpdateHook() + if !setting.SSH.Disabled { + registerRewriteAllPublicKeys() + } + if !setting.DisableGitHooks { + registerRepositoryUpdateHook() + } registerReinitMissingRepositories() registerDeleteMissingRepositories() registerRemoveRandomAvatars() diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 63be27d98735a..deb64568808ca 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -228,6 +228,15 @@ func NewFuncMap() []template.FuncMap { "DisableImportLocal": func() bool { return !setting.ImportLocalPaths }, + "DisableSSH": func() bool { + return setting.SSH.Disabled + }, + "DisableSwagger": func() bool { + return !setting.API.EnableSwagger + }, + "DisableOAuth2": func() bool { + return !setting.OAuth2.Enable + }, "TrN": TrN, "Dict": func(values ...interface{}) (map[string]interface{}, error) { if len(values)%2 != 0 { diff --git a/options/locale/locale_bg-BG.ini b/options/locale/locale_bg-BG.ini index eccd02c5daa7d..f4cf912dd14f9 100644 --- a/options/locale/locale_bg-BG.ini +++ b/options/locale/locale_bg-BG.ini @@ -358,7 +358,6 @@ account=Профил password=Парола security=Сигурност avatar=Аватар -ssh_gpg_keys=SSH / GPG ключове social=Социални профили applications=Приложения orgs=Управление на организации diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini index 4f0789bc5ec4a..97288c75d0e2b 100644 --- a/options/locale/locale_cs-CZ.ini +++ b/options/locale/locale_cs-CZ.ini @@ -410,7 +410,6 @@ account=Účet password=Heslo security=Zabezpečení avatar=Avatar -ssh_gpg_keys=SSH / GPG klíče social=Účty sociálních sítí applications=Aplikace orgs=Spravovat organizace diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini index c8ff189aa770e..b15752724eb5b 100644 --- a/options/locale/locale_de-DE.ini +++ b/options/locale/locale_de-DE.ini @@ -412,7 +412,6 @@ account=Account password=Passwort security=Sicherheit avatar=Profilbild -ssh_gpg_keys=SSH- / GPG-Schlüssel social=Soziale Konten applications=Anwendungen orgs=Organisationen verwalten diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 37d8d7272a77d..895fc3af30eeb 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -417,7 +417,7 @@ account = Account password = Password security = Security avatar = Avatar -ssh_gpg_keys = SSH / GPG Keys +keys = Keys social = Social Accounts applications = Applications orgs = Manage Organizations diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini index f7fbe001f31a3..6ea4d946d08d9 100644 --- a/options/locale/locale_es-ES.ini +++ b/options/locale/locale_es-ES.ini @@ -412,7 +412,6 @@ account=Cuenta password=Contraseña security=Seguridad avatar=Avatar -ssh_gpg_keys=SSH / claves GPG social=Redes Sociales applications=Aplicaciones orgs=Administrar organizaciones diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini index 21db5d9c428e3..1947685ec59e5 100644 --- a/options/locale/locale_fa-IR.ini +++ b/options/locale/locale_fa-IR.ini @@ -407,7 +407,6 @@ account=حساب کاربری password=گذرواژه security=امنیت avatar=آواتار -ssh_gpg_keys=کلید‌های SSH / GPG social=حساب های اجتماعی applications=برنامه‌ها orgs=مدیریت سازمان‌ها diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini index d5d69e6cf8c42..1d0560c5842ee 100644 --- a/options/locale/locale_fi-FI.ini +++ b/options/locale/locale_fi-FI.ini @@ -348,7 +348,6 @@ account=Tili password=Salasana security=Turvallisuus avatar=Profiilikuva -ssh_gpg_keys=SSH / GPG-avaimet social=Sosiaaliset tilit applications=Sovellukset orgs=Hallitse organisaatioita diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini index c94da8c7242da..46c67b9bb4a1c 100644 --- a/options/locale/locale_fr-FR.ini +++ b/options/locale/locale_fr-FR.ini @@ -394,7 +394,6 @@ account=Compte password=Mot de passe security=Sécurité avatar=Avatar -ssh_gpg_keys=Clés SSH / GPG social=Réseaux Sociaux applications=Applications orgs=Gérer les organisations diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini index 373ee84ad2c89..e3861a3421f91 100644 --- a/options/locale/locale_hu-HU.ini +++ b/options/locale/locale_hu-HU.ini @@ -380,7 +380,6 @@ account=Fiók password=Jelszó security=Biztonság avatar=Profilkép -ssh_gpg_keys=SSH / GPG kulcsok social=Közösségi fiókok applications=Alkalmazások orgs=Szervezetek kezelése diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini index 671d7ef94c405..cf9b5a1407e93 100644 --- a/options/locale/locale_id-ID.ini +++ b/options/locale/locale_id-ID.ini @@ -384,7 +384,6 @@ account=Akun password=Kata Sandi security=Keamanan avatar=Avatar -ssh_gpg_keys=Kunci SSH / GPG social=Akun Sosial applications=Aplikasi orgs=Kelola organisasi diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini index 5402598c7204d..3eda081a82b4e 100644 --- a/options/locale/locale_it-IT.ini +++ b/options/locale/locale_it-IT.ini @@ -388,7 +388,6 @@ account=Account password=Password security=Sicurezza avatar=Avatar -ssh_gpg_keys=Chiavi SSH / GPG social=Account Sociali applications=Applicazioni orgs=Gestisci le organizzazioni diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini index b9aa2a120b4d5..9144674db69ea 100644 --- a/options/locale/locale_ja-JP.ini +++ b/options/locale/locale_ja-JP.ini @@ -412,7 +412,6 @@ account=アカウント password=パスワード security=セキュリティ avatar=アバター -ssh_gpg_keys=SSH / GPGキー social=ソーシャルアカウント applications=アプリケーション orgs=組織の管理 diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini index 692c8e9df9a74..829d488b4b4a4 100644 --- a/options/locale/locale_ko-KR.ini +++ b/options/locale/locale_ko-KR.ini @@ -365,7 +365,6 @@ account=계정 password=비밀번호 security=보안 avatar=아바타 -ssh_gpg_keys=SSH / GPG 키 social=소셜 계정 applications=어플리케이션 orgs=조직 관리 diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini index 46ebaf0df9bcb..d5ab81dfa39ef 100644 --- a/options/locale/locale_lv-LV.ini +++ b/options/locale/locale_lv-LV.ini @@ -412,7 +412,6 @@ account=Konts password=Parole security=Drošība avatar=Profila attēls -ssh_gpg_keys=SSH / GPG atslēgas social=Sociālie konti applications=Lietotnes orgs=Pārvaldīt organizācijas diff --git a/options/locale/locale_ml-IN.ini b/options/locale/locale_ml-IN.ini index 43c47fb6ed838..936e3a50577f7 100644 --- a/options/locale/locale_ml-IN.ini +++ b/options/locale/locale_ml-IN.ini @@ -356,7 +356,6 @@ account=അക്കൗണ്ട് password=രഹസ്യവാക്കു് security=സുരക്ഷ avatar=അവതാര്‍ -ssh_gpg_keys=SSH / GPG കീകള്‍ social=സോഷ്യൽ അക്കൗണ്ടുകൾ applications=അപ്ലിക്കേഷനുകൾ orgs=സംഘടനകളെ നിയന്ത്രിക്കുക diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini index fadda83a3caae..1bae22ceed854 100644 --- a/options/locale/locale_nl-NL.ini +++ b/options/locale/locale_nl-NL.ini @@ -400,7 +400,6 @@ account=Account password=Wachtwoord security=Beveiliging avatar=Profielfoto -ssh_gpg_keys=SSH / GPG sleutels social=Sociale netwerk-accounts applications=Applicaties orgs=Beheer organisaties diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini index 308b2dc816554..f260666e86c88 100644 --- a/options/locale/locale_pl-PL.ini +++ b/options/locale/locale_pl-PL.ini @@ -407,7 +407,7 @@ account=Konto password=Hasło security=Bezpieczeństwo avatar=Awatar -ssh_gpg_keys=Klucze SSH / GPG +keys=Klucze social=Konta społecznościowe applications=Aplikacje orgs=Zarządzaj organizacjami diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini index 83812f761a892..0e6852432a236 100644 --- a/options/locale/locale_pt-BR.ini +++ b/options/locale/locale_pt-BR.ini @@ -396,7 +396,6 @@ account=Conta password=Senha security=Segurança avatar=Avatar -ssh_gpg_keys=Chaves SSH / GPG social=Contas sociais applications=Aplicativos orgs=Gerenciar organizações diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini index b84d3d601bcac..65dde79ced688 100644 --- a/options/locale/locale_pt-PT.ini +++ b/options/locale/locale_pt-PT.ini @@ -412,7 +412,6 @@ account=Conta password=Senha security=Segurança avatar=Avatar -ssh_gpg_keys=Chaves SSH / GPG social=Contas sociais applications=Aplicações orgs=Gerir organizações diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini index 68934143be5f7..d4964ea5cc76f 100644 --- a/options/locale/locale_ru-RU.ini +++ b/options/locale/locale_ru-RU.ini @@ -412,7 +412,6 @@ account=Аккаунт password=Пароль security=Безопасность avatar=Аватар -ssh_gpg_keys=SSH / GPG ключи social=Учетные записи в соцсетях applications=Приложения orgs=Управление организациями diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini index 2f739156b1cf4..c52821843ee9b 100644 --- a/options/locale/locale_sv-SE.ini +++ b/options/locale/locale_sv-SE.ini @@ -391,7 +391,6 @@ account=Konto password=Lösenord security=Säkerhet avatar=Visningsbild -ssh_gpg_keys=SSH / GPG-nycklar social=Sociala konton applications=Applikationer orgs=Hantera Organisationer diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini index 9940eb16bdf68..9e78b87014cb8 100644 --- a/options/locale/locale_tr-TR.ini +++ b/options/locale/locale_tr-TR.ini @@ -416,7 +416,6 @@ account=Hesap password=Parola security=Güvenlik avatar=Avatar -ssh_gpg_keys=SSH / GPG Anahtarları social=Sosyal Medya Hesapları applications=Uygulamalar orgs=Organizasyonları Yönet diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini index 496911a18985e..c1982bad1bced 100644 --- a/options/locale/locale_uk-UA.ini +++ b/options/locale/locale_uk-UA.ini @@ -407,7 +407,6 @@ account=Обліковий запис password=Пароль security=Безпека avatar=Аватар -ssh_gpg_keys=SSH / GPG ключі social=Соціальні облікові записи applications=Додатки orgs=Керування організаціями diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini index 0837deaa3e61a..a86dc674aaf8d 100644 --- a/options/locale/locale_zh-CN.ini +++ b/options/locale/locale_zh-CN.ini @@ -412,7 +412,6 @@ account=账号 password=修改密码 security=安全 avatar=头像设置 -ssh_gpg_keys=SSH / GPG 密钥 social=社交帐号绑定 applications=应用 orgs=管理组织 diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini index fcfb062960456..b2eca09603e2b 100644 --- a/options/locale/locale_zh-HK.ini +++ b/options/locale/locale_zh-HK.ini @@ -167,7 +167,6 @@ form.name_reserved=這個使用者名稱已被系統保留,請改用其他名 profile=個人訊息 password=修改密碼 avatar=頭像 -ssh_gpg_keys=SSH / GPG 金鑰 social=社交帳號綁定 delete=刪除帳戶 twofa=兩步驟驗證 diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini index aa50bde47df1d..c8e4c1700e623 100644 --- a/options/locale/locale_zh-TW.ini +++ b/options/locale/locale_zh-TW.ini @@ -405,7 +405,6 @@ account=帳戶 password=修改密碼 security=安全性 avatar=大頭貼 -ssh_gpg_keys=SSH / GPG 金鑰 social=社群帳戶 applications=應用程式 orgs=管理組織 diff --git a/routers/user/setting/applications.go b/routers/user/setting/applications.go index 04f9d9f7f9b92..f914604a5f8ff 100644 --- a/routers/user/setting/applications.go +++ b/routers/user/setting/applications.go @@ -6,6 +6,8 @@ package setting import ( + "fmt" + "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/auth" "code.gitea.io/gitea/modules/base" @@ -39,6 +41,11 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) { return } + if !setting.API.EnableSwagger { + ctx.ServerError("AccessToken", fmt.Errorf("cannot modify access tokens; swagger disabled")) + return + } + t := &models.AccessToken{ UID: ctx.User.ID, Name: form.Name, @@ -68,6 +75,11 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) { // DeleteApplication response for delete user access token func DeleteApplication(ctx *context.Context) { + if !setting.API.EnableSwagger { + ctx.ServerError("DeleteAccessToken", fmt.Errorf("cannot delete access token; swagger disabled")) + return + } + if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id"), ctx.User.ID); err != nil { ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error()) } else { @@ -80,14 +92,17 @@ func DeleteApplication(ctx *context.Context) { } func loadApplicationsData(ctx *context.Context) { - tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID}) - if err != nil { - ctx.ServerError("ListAccessTokens", err) - return + if setting.API.EnableSwagger { + tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID}) + if err != nil { + ctx.ServerError("ListAccessTokens", err) + return + } + ctx.Data["Tokens"] = tokens } - ctx.Data["Tokens"] = tokens ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable if setting.OAuth2.Enable { + var err error ctx.Data["Applications"], err = models.GetOAuth2ApplicationsByUserID(ctx.User.ID) if err != nil { ctx.ServerError("GetOAuth2ApplicationsByUserID", err) diff --git a/templates/admin/dashboard.tmpl b/templates/admin/dashboard.tmpl index 99c215493db23..65d51a9aeff8f 100644 --- a/templates/admin/dashboard.tmpl +++ b/templates/admin/dashboard.tmpl @@ -35,15 +35,19 @@ {{.i18n.Tr "admin.dashboard.git_gc_repos"}} + {{if not DisableSSH}} {{.i18n.Tr "admin.dashboard.resync_all_sshkeys"}}
{{.i18n.Tr "admin.dashboard.resync_all_sshkeys.desc"}} + {{end}} + {{if not DisableGitHooks}} {{.i18n.Tr "admin.dashboard.resync_all_hooks"}} + {{end}} {{.i18n.Tr "admin.dashboard.reinit_missing_repos"}} diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl index 042c09954a2c3..add84e4aa21db 100644 --- a/templates/admin/user/edit.tmpl +++ b/templates/admin/user/edit.tmpl @@ -89,7 +89,7 @@ -
+
diff --git a/templates/repo/settings/deploy_keys.tmpl b/templates/repo/settings/deploy_keys.tmpl index 15d861d74ec75..d79346a444fa6 100644 --- a/templates/repo/settings/deploy_keys.tmpl +++ b/templates/repo/settings/deploy_keys.tmpl @@ -7,11 +7,7 @@

{{.i18n.Tr "repo.settings.deploy_keys"}}
- {{if not .DisableSSH}}
{{.i18n.Tr "repo.settings.add_deploy_key"}}
- {{else}} -
{{.i18n.Tr "settings.ssh_disabled"}}
- {{end}}

diff --git a/templates/repo/settings/nav.tmpl b/templates/repo/settings/nav.tmpl index 5cc77e1dc91ca..a84c921b9c687 100644 --- a/templates/repo/settings/nav.tmpl +++ b/templates/repo/settings/nav.tmpl @@ -9,7 +9,9 @@ {{if or .SignedUser.AllowGitHook .SignedUser.IsAdmin}}
  • {{.i18n.Tr "repo.settings.githooks"}}
    • {{end}} + {{if not DisableSSH}}
  • {{.i18n.Tr "repo.settings.deploy_keys"}}
    • + {{end}}
    diff --git a/templates/repo/settings/navbar.tmpl b/templates/repo/settings/navbar.tmpl index abd6e285dc3e3..32625bc4fd222 100644 --- a/templates/repo/settings/navbar.tmpl +++ b/templates/repo/settings/navbar.tmpl @@ -18,9 +18,11 @@ {{.i18n.Tr "repo.settings.githooks"}} {{end}} + {{if not DisableSSH}} {{.i18n.Tr "repo.settings.deploy_keys"}} + {{end}} {{if .LFSStartServer}} {{.i18n.Tr "repo.settings.lfs"}} diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl index b2751ae13b7f9..52954f0c1ce00 100644 --- a/templates/user/settings/applications.tmpl +++ b/templates/user/settings/applications.tmpl @@ -3,6 +3,7 @@ {{template "user/settings/navbar" .}}
    {{template "base/alert" .}} + {{if not DisableSwagger}}

    {{.i18n.Tr "settings.manage_access_token"}}

    @@ -45,6 +46,7 @@
    + {{end}} {{if .EnableOAuth2}} {{template "user/settings/grants_oauth2" .}} diff --git a/templates/user/settings/keys_ssh.tmpl b/templates/user/settings/keys_ssh.tmpl index e5b42f417430a..9f942d5912099 100644 --- a/templates/user/settings/keys_ssh.tmpl +++ b/templates/user/settings/keys_ssh.tmpl @@ -1,11 +1,8 @@ +{{if not DisableSSH}}

    {{.i18n.Tr "settings.manage_ssh_keys"}}
    - {{if not .DisableSSH}}
    {{.i18n.Tr "settings.add_key"}}
    - {{else}} -
    {{.i18n.Tr "settings.ssh_disabled"}}
    - {{end}}

    @@ -71,3 +68,4 @@
    {{template "base/delete_modal_actions" .}}
    +{{end}} diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl index 18bd9a4f8d6e8..a9dd7abca0a58 100644 --- a/templates/user/settings/navbar.tmpl +++ b/templates/user/settings/navbar.tmpl @@ -8,11 +8,13 @@ {{.i18n.Tr "settings.security"}} - - {{.i18n.Tr "settings.applications"}} - + {{if or (not DisableSwagger) (not DisableOAuth2)}} + + {{.i18n.Tr "settings.applications"}} + + {{end}} - {{.i18n.Tr "settings.ssh_gpg_keys"}} + {{.i18n.Tr "settings.keys"}} {{.i18n.Tr "settings.organization"}} From e3d4d701a7727b5906c3880cf2bc154d1688770d Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Thu, 15 Oct 2020 17:24:08 +0200 Subject: [PATCH 2/5] Redundant function removed and cron tasks disabling fixed Removed redundant DisableSwagger; existing EnableSwagger is used instead. Fixed disabling registerRewriteAllPublicKeys and registerRewriteAllPrincipalKeys cron tasks. Author-Change-Id: IB#1105071 --- modules/cron/tasks_extended.go | 6 ++++-- modules/templates/helper.go | 3 --- templates/admin/dashboard.tmpl | 4 +++- templates/user/settings/applications.tmpl | 2 +- templates/user/settings/keys_principal.tmpl | 6 +----- templates/user/settings/navbar.tmpl | 2 +- 6 files changed, 10 insertions(+), 13 deletions(-) diff --git a/modules/cron/tasks_extended.go b/modules/cron/tasks_extended.go index 8fe22190396e4..cf0c9f3d357f1 100644 --- a/modules/cron/tasks_extended.go +++ b/modules/cron/tasks_extended.go @@ -121,10 +121,12 @@ func initExtendedTasks() { registerDeleteInactiveUsers() registerDeleteRepositoryArchives() registerGarbageCollectRepositories() - if !setting.SSH.Disabled { + if !setting.SSH.Disabled && !setting.SSH.StartBuiltinServer && setting.SSH.CreateAuthorizedKeysFile { registerRewriteAllPublicKeys() } - registerRewriteAllPrincipalKeys() + if !setting.SSH.Disabled && !setting.SSH.StartBuiltinServer && setting.SSH.CreateAuthorizedPrincipalsFile { + registerRewriteAllPrincipalKeys() + } if !setting.DisableGitHooks { registerRepositoryUpdateHook() } diff --git a/modules/templates/helper.go b/modules/templates/helper.go index deb64568808ca..8601d99d5441b 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -231,9 +231,6 @@ func NewFuncMap() []template.FuncMap { "DisableSSH": func() bool { return setting.SSH.Disabled }, - "DisableSwagger": func() bool { - return !setting.API.EnableSwagger - }, "DisableOAuth2": func() bool { return !setting.OAuth2.Enable }, diff --git a/templates/admin/dashboard.tmpl b/templates/admin/dashboard.tmpl index 503b8e248e286..249f5f31b3b11 100644 --- a/templates/admin/dashboard.tmpl +++ b/templates/admin/dashboard.tmpl @@ -35,18 +35,20 @@ {{.i18n.Tr "admin.dashboard.git_gc_repos"}} - {{if and (not .SSH.Disabled) (not .SSH.StartBuiltinServer)}} + {{if and (not .SSH.Disabled) (not .SSH.StartBuiltinServer) (.SSH.CreateAuthorizedKeysFile) }} {{.i18n.Tr "admin.dashboard.resync_all_sshkeys"}}
    {{.i18n.Tr "admin.dashboard.resync_all_sshkeys.desc"}} {{end}} + {{if and (not .SSH.Disabled) (not .SSH.StartBuiltinServer) (.SSH.CreateAuthorizedPrincipalsFile) }} {{.i18n.Tr "admin.dashboard.resync_all_sshprincipals"}}
    {{.i18n.Tr "admin.dashboard.resync_all_sshprincipals.desc"}} + {{end}} {{if not DisableGitHooks}} {{.i18n.Tr "admin.dashboard.resync_all_hooks"}} diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl index 52954f0c1ce00..75cef98a505ae 100644 --- a/templates/user/settings/applications.tmpl +++ b/templates/user/settings/applications.tmpl @@ -3,7 +3,7 @@ {{template "user/settings/navbar" .}}
    {{template "base/alert" .}} - {{if not DisableSwagger}} + {{if .EnableSwagger}}

    {{.i18n.Tr "settings.manage_access_token"}}

    diff --git a/templates/user/settings/keys_principal.tmpl b/templates/user/settings/keys_principal.tmpl index c163263ea9bf5..7a6e91bfce3db 100644 --- a/templates/user/settings/keys_principal.tmpl +++ b/templates/user/settings/keys_principal.tmpl @@ -1,12 +1,8 @@ -{{if .AllowPrincipals}} +{{if and .AllowPrincipals (not DisableSSH)}}

    {{.i18n.Tr "settings.manage_ssh_principals"}}
    - {{if not .DisableSSH}}
    {{.i18n.Tr "settings.add_new_principal"}}
    - {{else}} -
    {{.i18n.Tr "settings.ssh_disabled"}}
    - {{end}}

    diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl index a9dd7abca0a58..dc32dda5032d1 100644 --- a/templates/user/settings/navbar.tmpl +++ b/templates/user/settings/navbar.tmpl @@ -8,7 +8,7 @@ {{.i18n.Tr "settings.security"}} - {{if or (not DisableSwagger) (not DisableOAuth2)}} + {{if or .EnableSwagger (not DisableOAuth2)}} {{.i18n.Tr "settings.applications"}} From 03c07c2a88896d4bea1f488884de63cf311a5ef7 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Mon, 19 Oct 2020 11:08:12 +0200 Subject: [PATCH 3/5] External account management disabled External account management disabled when openid signin/signup is disabled. Author-Change-Id: IB#1105071 --- routers/routes/routes.go | 20 ++++++++++++++++---- templates/user/settings/security.tmpl | 2 +- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/routers/routes/routes.go b/routers/routes/routes.go index a09e53efc1f89..82a16c51dbc0f 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -370,9 +370,18 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/:provider", user.SignInOAuth) m.Get("/:provider/callback", user.SignInOAuthCallback) }) - m.Get("/link_account", user.LinkAccount) - m.Post("/link_account_signin", bindIgnErr(auth.SignInForm{}), user.LinkAccountPostSignIn) - m.Post("/link_account_signup", bindIgnErr(auth.RegisterForm{}), user.LinkAccountPostRegister) + m.Group("/link_account", func() { + m.Get("", user.LinkAccount) + }, openIDSignInEnabled) + + m.Group("/link_account_signin", func() { + m.Post("", bindIgnErr(auth.SignInForm{}), user.LinkAccountPostSignIn) + }, openIDSignInEnabled) + + m.Group("/link_account_signup", func() { + m.Post("", bindIgnErr(auth.RegisterForm{}), user.LinkAccountPostRegister) + }, openIDSignUpEnabled) + m.Group("/two_factor", func() { m.Get("", user.TwoFactor) m.Post("", bindIgnErr(auth.TwoFactorAuthForm{}), user.TwoFactorPost) @@ -429,7 +438,10 @@ func RegisterRoutes(m *macaron.Macaron) { m.Post("/delete", userSetting.DeleteOpenID) m.Post("/toggle_visibility", userSetting.ToggleOpenIDVisibility) }, openIDSignInEnabled) - m.Post("/account_link", userSetting.DeleteAccountLink) + + m.Group("/account_link", func() { + m.Post("", userSetting.DeleteAccountLink) + }, openIDSignInEnabled) }) m.Group("/applications/oauth2", func() { m.Get("/:id", userSetting.OAuth2ApplicationShow) diff --git a/templates/user/settings/security.tmpl b/templates/user/settings/security.tmpl index c2c99c79794d5..ef0919a852b74 100644 --- a/templates/user/settings/security.tmpl +++ b/templates/user/settings/security.tmpl @@ -5,8 +5,8 @@ {{template "base/alert" .}} {{template "user/settings/security_twofa" .}} {{template "user/settings/security_u2f" .}} - {{template "user/settings/security_accountlinks" .}} {{if .EnableOpenIDSignIn}} + {{template "user/settings/security_accountlinks" .}} {{template "user/settings/security_openid" .}} {{end}}
    From 4b867e92670bbb3c20d484393479da01ac6bb8a2 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Mon, 19 Oct 2020 12:55:43 +0200 Subject: [PATCH 4/5] Added option to disable 2FA This mod introduces DISABLE_2FA parameter in [security] section of app.ini (by default set to false). If set to true it disables access to 2FA feature in user preferences (not required in some environments i.e. when reverse proxy auth is used). Authentication code using 2FA and any existing 2FA configuration are left untouched. This mod hides also security tab in user preferences when openid is also disabled; for this reason this mod is not separate PR but exiting PR enhancement. Author-Change-Id: IB#1105071 --- custom/conf/app.example.ini | 2 ++ docs/content/doc/advanced/config-cheat-sheet.en-us.md | 1 + modules/setting/setting.go | 2 ++ modules/templates/helper.go | 3 +++ templates/user/settings/navbar.tmpl | 2 ++ templates/user/settings/security.tmpl | 2 ++ 6 files changed, 12 insertions(+) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index dc273ced80054..09a4e7b5080d1 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -541,6 +541,8 @@ IMPORT_LOCAL_PATHS = false ; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user. ; WARNING: This maybe harmful to you website or your operating system. DISABLE_GIT_HOOKS = true +; Set to false to disable 2FA feature. +DISABLE_2FA = false ; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true ;Comma separated list of character classes required to pass minimum complexity. diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 9e61a25f33603..cfaf4e8241bca 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -400,6 +400,7 @@ relation to port exhaustion. It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user. This maybe harmful to you website or your operating system. +- `DISABLE_2FA`: **false**: Set to `true` to disable 2FA feature. - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately. - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. - `INTERNAL_TOKEN`: **\**: Secret used to validate communication within Gitea binary. diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 7ae8bb352de10..2663a2ab33da1 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -152,6 +152,7 @@ var ( MinPasswordLength int ImportLocalPaths bool DisableGitHooks bool + Disable2FA bool OnlyAllowPushIfGiteaEnvironmentSet bool PasswordComplexity []string PasswordHashAlgo string @@ -770,6 +771,7 @@ func NewContext() { MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true) + Disable2FA = sec.Key("DISABLE_2FA").MustBool(false) OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true) PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("argon2") CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true) diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 8601d99d5441b..7040f718ee174 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -234,6 +234,9 @@ func NewFuncMap() []template.FuncMap { "DisableOAuth2": func() bool { return !setting.OAuth2.Enable }, + "Disable2FA": func() bool { + return setting.Disable2FA + }, "TrN": TrN, "Dict": func(values ...interface{}) (map[string]interface{}, error) { if len(values)%2 != 0 { diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl index dc32dda5032d1..acb02a9ddbb6b 100644 --- a/templates/user/settings/navbar.tmpl +++ b/templates/user/settings/navbar.tmpl @@ -5,9 +5,11 @@ {{.i18n.Tr "settings.account"}} + {{if or (not Disable2FA) .EnableOpenIDSignIn}} {{.i18n.Tr "settings.security"}} + {{end}} {{if or .EnableSwagger (not DisableOAuth2)}} {{.i18n.Tr "settings.applications"}} diff --git a/templates/user/settings/security.tmpl b/templates/user/settings/security.tmpl index ef0919a852b74..c74f016ec2be2 100644 --- a/templates/user/settings/security.tmpl +++ b/templates/user/settings/security.tmpl @@ -3,8 +3,10 @@ {{template "user/settings/navbar" .}}
    {{template "base/alert" .}} + {{if not Disable2FA}} {{template "user/settings/security_twofa" .}} {{template "user/settings/security_u2f" .}} + {{end}} {{if .EnableOpenIDSignIn}} {{template "user/settings/security_accountlinks" .}} {{template "user/settings/security_openid" .}} From 0ce5592afb0c47248364683864bfed31be385b25 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Tue, 20 Oct 2020 10:22:36 +0200 Subject: [PATCH 5/5] Disabling 2FA fixed 2FA columns removed in user lists if 2FA is disabled. Fixes: 4b867e92670bbb3c20d484393479da01ac6bb8a2 Author-Change-Id: IB#1105071 --- templates/admin/user/list.tmpl | 4 ++++ templates/org/member/members.tmpl | 2 ++ 2 files changed, 6 insertions(+) diff --git a/templates/admin/user/list.tmpl b/templates/admin/user/list.tmpl index d6dd7d5c03969..d6fa89e3fa32b 100644 --- a/templates/admin/user/list.tmpl +++ b/templates/admin/user/list.tmpl @@ -25,7 +25,9 @@ {{.i18n.Tr "admin.users.activated"}} {{.i18n.Tr "admin.users.admin"}} {{.i18n.Tr "admin.users.restricted"}} + {{if not Disable2FA}} {{.i18n.Tr "admin.users.2fa"}} + {{end}} {{.i18n.Tr "admin.users.repos"}} {{.i18n.Tr "admin.users.created"}} @@ -44,7 +46,9 @@ + {{if not Disable2FA}} + {{end}} {{.NumRepos}} {{.CreatedUnix.FormatShort}} {{if .LastLoginUnix}} diff --git a/templates/org/member/members.tmpl b/templates/org/member/members.tmpl index f33f9be927aa3..944ba2163a584 100644 --- a/templates/org/member/members.tmpl +++ b/templates/org/member/members.tmpl @@ -37,6 +37,7 @@ {{if index $.MembersIsUserOrgOwner .ID}}{{svg "octicon-shield-lock"}} {{$.i18n.Tr "org.members.owner"}}{{else}}{{$.i18n.Tr "org.members.member"}}{{end}}
    + {{if not Disable2FA}}
    {{$.i18n.Tr "admin.users.2fa"}} @@ -51,6 +52,7 @@
    + {{end}}
    {{if eq $.SignedUser.ID .ID}}