From 9020faa3ce6c3ba08e138695a5d876bb915279dc Mon Sep 17 00:00:00 2001 From: Jimmy Praet Date: Fri, 1 Apr 2022 19:26:49 +0200 Subject: [PATCH 1/7] Apply DefaultUserIsRestricted in CreateUser --- models/user/user.go | 1 + routers/web/auth/auth.go | 9 ++++----- routers/web/auth/oauth.go | 15 +++++++-------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index c848895239180..28bae97cbad23 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -637,6 +637,7 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification u.MaxRepoCreation = -1 u.Theme = setting.UI.DefaultTheme + u.IsRestricted = u.IsRestricted || setting.Service.DefaultUserIsRestricted // overwrite defaults if set if len(overwriteDefault) != 0 && overwriteDefault[0] != nil { diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index ab538f0e5f603..42cc24aee0782 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -507,11 +507,10 @@ func SignUpPost(ctx *context.Context) { } u := &user_model.User{ - Name: form.UserName, - Email: form.Email, - Passwd: form.Password, - IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm), - IsRestricted: setting.Service.DefaultUserIsRestricted, + Name: form.UserName, + Email: form.Email, + Passwd: form.Password, + IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm), } if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) { diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 4369c333ac0d5..7e2de79312f16 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -867,14 +867,13 @@ func SignInOAuthCallback(ctx *context.Context) { return } u = &user_model.User{ - Name: getUserName(&gothUser), - FullName: gothUser.Name, - Email: gothUser.Email, - IsActive: !setting.OAuth2Client.RegisterEmailConfirm, - LoginType: auth.OAuth2, - LoginSource: authSource.ID, - LoginName: gothUser.UserID, - IsRestricted: setting.Service.DefaultUserIsRestricted, + Name: getUserName(&gothUser), + FullName: gothUser.Name, + Email: gothUser.Email, + IsActive: !setting.OAuth2Client.RegisterEmailConfirm, + LoginType: auth.OAuth2, + LoginSource: authSource.ID, + LoginName: gothUser.UserID, } setUserGroupClaims(authSource, u, &gothUser) From 1f8710eea127586075b8e789c50e3d4994e0a649 Mon Sep 17 00:00:00 2001 From: Jimmy Praet Date: Sat, 2 Apr 2022 11:57:41 +0200 Subject: [PATCH 2/7] Enforce system defaults in CreateUser Allow for overwrites with CreateUserOverwriteOptions --- cmd/admin.go | 9 +++-- models/user/user.go | 38 +++++++++++++++++-- routers/api/v1/admin/user.go | 11 +++--- routers/install/install.go | 15 +++++--- routers/web/admin/users.go | 8 +++- routers/web/auth/auth.go | 15 ++++---- routers/web/auth/linkaccount.go | 1 - routers/web/auth/oauth.go | 8 +++- routers/web/auth/openid.go | 9 ++--- services/auth/reverseproxy.go | 13 +++++-- .../auth/source/ldap/source_authenticate.go | 25 ++++++------ services/auth/source/ldap/source_sync.go | 25 ++++++------ .../auth/source/pam/source_authenticate.go | 7 +++- .../auth/source/smtp/source_authenticate.go | 6 ++- services/auth/sspi_windows.go | 26 +++++++------ 15 files changed, 140 insertions(+), 76 deletions(-) diff --git a/cmd/admin.go b/cmd/admin.go index e4a254c613909..722ecdd8a9f93 100644 --- a/cmd/admin.go +++ b/cmd/admin.go @@ -25,6 +25,7 @@ import ( repo_module "code.gitea.io/gitea/modules/repository" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/storage" + "code.gitea.io/gitea/modules/util" auth_service "code.gitea.io/gitea/services/auth" "code.gitea.io/gitea/services/auth/source/oauth2" "code.gitea.io/gitea/services/auth/source/smtp" @@ -563,13 +564,15 @@ func runCreateUser(c *cli.Context) error { Name: username, Email: c.String("email"), Passwd: password, - IsActive: true, IsAdmin: c.Bool("admin"), MustChangePassword: changePassword, - Theme: setting.UI.DefaultTheme, } - if err := user_model.CreateUser(u); err != nil { + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, + } + + if err := user_model.CreateUser(u, overwriteDefault); err != nil { return fmt.Errorf("CreateUser: %v", err) } diff --git a/models/user/user.go b/models/user/user.go index 28bae97cbad23..5b556c9884147 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -621,7 +621,14 @@ func IsUsableUsername(name string) error { // CreateUserOverwriteOptions are an optional options who overwrite system defaults on user creation type CreateUserOverwriteOptions struct { - Visibility structs.VisibleType + KeepEmailPrivate util.OptionalBool + Visibility *structs.VisibleType + AllowCreateOrganization util.OptionalBool + EmailNotificationsPreference *string + MaxRepoCreation *int + Theme *string + IsRestricted util.OptionalBool + IsActive util.OptionalBool } // CreateUser creates record of a new user. @@ -637,11 +644,36 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification u.MaxRepoCreation = -1 u.Theme = setting.UI.DefaultTheme - u.IsRestricted = u.IsRestricted || setting.Service.DefaultUserIsRestricted + u.IsRestricted = setting.Service.DefaultUserIsRestricted + u.IsActive = !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm) // overwrite defaults if set if len(overwriteDefault) != 0 && overwriteDefault[0] != nil { - u.Visibility = overwriteDefault[0].Visibility + overwrite := overwriteDefault[0] + if !overwrite.KeepEmailPrivate.IsNone() { + u.KeepEmailPrivate = overwrite.KeepEmailPrivate.IsTrue() + } + if overwrite.Visibility != nil { + u.Visibility = *overwrite.Visibility + } + if !overwrite.AllowCreateOrganization.IsNone() { + u.AllowCreateOrganization = overwrite.AllowCreateOrganization.IsTrue() + } + if overwrite.EmailNotificationsPreference != nil { + u.EmailNotificationsPreference = *overwrite.EmailNotificationsPreference + } + if overwrite.MaxRepoCreation != nil { + u.MaxRepoCreation = *overwrite.MaxRepoCreation + } + if overwrite.Theme != nil { + u.Theme = *overwrite.Theme + } + if !overwrite.IsRestricted.IsNone() { + u.IsRestricted = overwrite.IsRestricted.IsTrue() + } + if !overwrite.IsActive.IsNone() { + u.IsActive = overwrite.IsActive.IsTrue() + } } // validate data diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index bf176f95710be..1be1a574ddc0f 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -22,6 +22,7 @@ import ( "code.gitea.io/gitea/modules/password" "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/routers/api/v1/user" "code.gitea.io/gitea/routers/api/v1/utils" @@ -82,7 +83,6 @@ func CreateUser(ctx *context.APIContext) { Email: form.Email, Passwd: form.Password, MustChangePassword: true, - IsActive: true, LoginType: auth.Plain, } if form.MustChangePassword != nil { @@ -108,11 +108,12 @@ func CreateUser(ctx *context.APIContext) { return } - var overwriteDefault *user_model.CreateUserOverwriteOptions + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, + } if form.Visibility != "" { - overwriteDefault = &user_model.CreateUserOverwriteOptions{ - Visibility: api.VisibilityModes[form.Visibility], - } + visibility := api.VisibilityModes[form.Visibility] + overwriteDefault.Visibility = &visibility } if err := user_model.CreateUser(u, overwriteDefault); err != nil { diff --git a/routers/install/install.go b/routers/install/install.go index ec1719439f53a..b680f7dd75157 100644 --- a/routers/install/install.go +++ b/routers/install/install.go @@ -499,13 +499,16 @@ func SubmitInstall(ctx *context.Context) { // Create admin account if len(form.AdminName) > 0 { u := &user_model.User{ - Name: form.AdminName, - Email: form.AdminEmail, - Passwd: form.AdminPasswd, - IsAdmin: true, - IsActive: true, + Name: form.AdminName, + Email: form.AdminEmail, + Passwd: form.AdminPasswd, + IsAdmin: true, } - if err = user_model.CreateUser(u); err != nil { + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: new(bool), + } + + if err = user_model.CreateUser(u, overwriteDefault); err != nil { if !user_model.IsErrUserAlreadyExist(err) { setting.InstallLock = false ctx.Data["Err_AdminName"] = true diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go index fcfea53801289..57da319d794b6 100644 --- a/routers/web/admin/users.go +++ b/routers/web/admin/users.go @@ -125,10 +125,14 @@ func NewUserPost(ctx *context.Context) { Name: form.UserName, Email: form.Email, Passwd: form.Password, - IsActive: true, LoginType: auth.Plain, } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, + Visibility: &form.Visibility, + } + if len(form.LoginType) > 0 { fields := strings.Split(form.LoginType, "-") if len(fields) == 2 { @@ -163,7 +167,7 @@ func NewUserPost(ctx *context.Context) { u.MustChangePassword = form.MustChangePassword } - if err := user_model.CreateUser(u, &user_model.CreateUserOverwriteOptions{Visibility: form.Visibility}); err != nil { + if err := user_model.CreateUser(u, overwriteDefault); err != nil { switch { case user_model.IsErrUserAlreadyExist(err): ctx.Data["Err_UserName"] = true diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index 42cc24aee0782..7c5a3f7474ea6 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -507,10 +507,9 @@ func SignUpPost(ctx *context.Context) { } u := &user_model.User{ - Name: form.UserName, - Email: form.Email, - Passwd: form.Password, - IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm), + Name: form.UserName, + Email: form.Email, + Passwd: form.Password, } if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) { @@ -524,8 +523,8 @@ func SignUpPost(ctx *context.Context) { // createAndHandleCreatedUser calls createUserInContext and // then handleUserCreated. -func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, gothUser *goth.User, allowLink bool) bool { - if !createUserInContext(ctx, tpl, form, u, gothUser, allowLink) { +func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, gothUser *goth.User, allowLink bool) bool { + if !createUserInContext(ctx, tpl, form, u, overwrites, gothUser, allowLink) { return false } return handleUserCreated(ctx, u, gothUser) @@ -533,8 +532,8 @@ func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form int // createUserInContext creates a user and handles errors within a given context. // Optionally a template can be specified. -func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, gothUser *goth.User, allowLink bool) (ok bool) { - if err := user_model.CreateUser(u); err != nil { +func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, gothUser *goth.User, allowLink bool) (ok bool) { + if err := user_model.CreateUser(u, overwrites); err != nil { if allowLink && (user_model.IsErrUserAlreadyExist(err) || user_model.IsErrEmailAlreadyUsed(err)) { if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingAuto { var user *user_model.User diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go index bf5fb83265ba4..f5e06d1f9d8de 100644 --- a/routers/web/auth/linkaccount.go +++ b/routers/web/auth/linkaccount.go @@ -283,7 +283,6 @@ func LinkAccountPostRegister(ctx *context.Context) { Name: form.UserName, Email: form.Email, Passwd: form.Password, - IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm), LoginType: auth.OAuth2, LoginSource: authSource.ID, LoginName: gothUser.UserID, diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 7e2de79312f16..a0cbaa0385908 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -24,6 +24,7 @@ import ( "code.gitea.io/gitea/modules/session" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/timeutil" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/modules/web/middleware" auth_service "code.gitea.io/gitea/services/auth" @@ -870,15 +871,18 @@ func SignInOAuthCallback(ctx *context.Context) { Name: getUserName(&gothUser), FullName: gothUser.Name, Email: gothUser.Email, - IsActive: !setting.OAuth2Client.RegisterEmailConfirm, LoginType: auth.OAuth2, LoginSource: authSource.ID, LoginName: gothUser.UserID, } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolOf(!setting.OAuth2Client.RegisterEmailConfirm), + } + setUserGroupClaims(authSource, u, &gothUser) - if !createAndHandleCreatedUser(ctx, base.TplName(""), nil, u, &gothUser, setting.OAuth2Client.AccountLinking != setting.OAuth2AccountLinkingDisabled) { + if !createAndHandleCreatedUser(ctx, base.TplName(""), nil, u, overwriteDefault, &gothUser, setting.OAuth2Client.AccountLinking != setting.OAuth2AccountLinkingDisabled) { // error already handled return } diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go index f3189887a5308..3012d8c5a55ee 100644 --- a/routers/web/auth/openid.go +++ b/routers/web/auth/openid.go @@ -423,12 +423,11 @@ func RegisterOpenIDPost(ctx *context.Context) { } u := &user_model.User{ - Name: form.UserName, - Email: form.Email, - Passwd: password, - IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm), + Name: form.UserName, + Email: form.Email, + Passwd: password, } - if !createUserInContext(ctx, tplSignUpOID, form, u, nil, false) { + if !createUserInContext(ctx, tplSignUpOID, form, u, nil, nil, false) { // error already handled return } diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go index 1b151f6504e33..299d7abd34aec 100644 --- a/services/auth/reverseproxy.go +++ b/services/auth/reverseproxy.go @@ -12,6 +12,7 @@ import ( user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/services/mailer" @@ -105,11 +106,15 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User { } user := &user_model.User{ - Name: username, - Email: email, - IsActive: true, + Name: username, + Email: email, } - if err := user_model.CreateUser(user); err != nil { + + overwriteDefault := user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, + } + + if err := user_model.CreateUser(user, &overwriteDefault); err != nil { // FIXME: should I create a system notice? log.Error("CreateUser: %v", err) return nil diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go index ddd70627ed3f1..d8d11f18e1ef9 100644 --- a/services/auth/source/ldap/source_authenticate.go +++ b/services/auth/source/ldap/source_authenticate.go @@ -13,6 +13,7 @@ import ( "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/organization" user_model "code.gitea.io/gitea/models/user" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/services/mailer" user_service "code.gitea.io/gitea/services/user" ) @@ -85,19 +86,21 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str } user = &user_model.User{ - LowerName: strings.ToLower(sr.Username), - Name: sr.Username, - FullName: composeFullName(sr.Name, sr.Surname, sr.Username), - Email: sr.Mail, - LoginType: source.authSource.Type, - LoginSource: source.authSource.ID, - LoginName: userName, - IsActive: true, - IsAdmin: sr.IsAdmin, - IsRestricted: sr.IsRestricted, + LowerName: strings.ToLower(sr.Username), + Name: sr.Username, + FullName: composeFullName(sr.Name, sr.Surname, sr.Username), + Email: sr.Mail, + LoginType: source.authSource.Type, + LoginSource: source.authSource.ID, + LoginName: userName, + IsAdmin: sr.IsAdmin, + } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsRestricted: util.OptionalBoolOf(sr.IsRestricted), + IsActive: util.OptionalBoolTrue, } - err := user_model.CreateUser(user) + err := user_model.CreateUser(user, overwriteDefault) if err != nil { return user, err } diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go index 65efed78c17c1..a245f4c6ff0d6 100644 --- a/services/auth/source/ldap/source_sync.go +++ b/services/auth/source/ldap/source_sync.go @@ -15,6 +15,7 @@ import ( "code.gitea.io/gitea/models/organization" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" user_service "code.gitea.io/gitea/services/user" ) @@ -102,19 +103,21 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error { log.Trace("SyncExternalUsers[%s]: Creating user %s", source.authSource.Name, su.Username) usr = &user_model.User{ - LowerName: su.LowerName, - Name: su.Username, - FullName: fullName, - LoginType: source.authSource.Type, - LoginSource: source.authSource.ID, - LoginName: su.Username, - Email: su.Mail, - IsAdmin: su.IsAdmin, - IsRestricted: su.IsRestricted, - IsActive: true, + LowerName: su.LowerName, + Name: su.Username, + FullName: fullName, + LoginType: source.authSource.Type, + LoginSource: source.authSource.ID, + LoginName: su.Username, + Email: su.Mail, + IsAdmin: su.IsAdmin, + } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsRestricted: util.OptionalBoolOf(su.IsRestricted), + IsActive: util.OptionalBoolTrue, } - err = user_model.CreateUser(usr) + err = user_model.CreateUser(usr, overwriteDefault) if err != nil { log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.authSource.Name, su.Username, err) diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go index d5bd9409963f0..16ddc0598e47f 100644 --- a/services/auth/source/pam/source_authenticate.go +++ b/services/auth/source/pam/source_authenticate.go @@ -12,6 +12,7 @@ import ( user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/auth/pam" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/services/mailer" "github.com/google/uuid" @@ -58,10 +59,12 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str LoginType: auth.PAM, LoginSource: source.authSource.ID, LoginName: userName, // This is what the user typed in - IsActive: true, + } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, } - if err := user_model.CreateUser(user); err != nil { + if err := user_model.CreateUser(user, overwriteDefault); err != nil { return user, err } diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go index 3be2f1128de2f..dff24d494ee0f 100644 --- a/services/auth/source/smtp/source_authenticate.go +++ b/services/auth/source/smtp/source_authenticate.go @@ -74,10 +74,12 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str LoginType: auth_model.SMTP, LoginSource: source.authSource.ID, LoginName: userName, - IsActive: true, + } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, } - if err := user_model.CreateUser(user); err != nil { + if err := user_model.CreateUser(user, overwriteDefault); err != nil { return user, err } diff --git a/services/auth/sspi_windows.go b/services/auth/sspi_windows.go index 63e70e61d4335..9bc4041a74ace 100644 --- a/services/auth/sspi_windows.go +++ b/services/auth/sspi_windows.go @@ -16,6 +16,7 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/templates" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/services/auth/source/sspi" "code.gitea.io/gitea/services/mailer" @@ -187,17 +188,20 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) { func (s *SSPI) newUser(username string, cfg *sspi.Source) (*user_model.User, error) { email := gouuid.New().String() + "@localhost.localdomain" user := &user_model.User{ - Name: username, - Email: email, - KeepEmailPrivate: true, - Passwd: gouuid.New().String(), - IsActive: cfg.AutoActivateUsers, - Language: cfg.DefaultLanguage, - UseCustomAvatar: true, - Avatar: avatars.DefaultAvatarLink(), - EmailNotificationsPreference: user_model.EmailNotificationsDisabled, - } - if err := user_model.CreateUser(user); err != nil { + Name: username, + Email: email, + Passwd: gouuid.New().String(), + Language: cfg.DefaultLanguage, + UseCustomAvatar: true, + Avatar: avatars.DefaultAvatarLink(), + } + emailNotificationPreference := user_model.EmailNotificationsDisabled + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolOf(cfg.AutoActivateUsers), + KeepEmailPrivate: util.OptionalBoolTrue, + EmailNotificationsPreference: &emailNotificationPreference, + } + if err := user_model.CreateUser(user, overwriteDefault); err != nil { return nil, err } From 4172f3f74b5f8f1dc5a7720a6e269d55b283e4e2 Mon Sep 17 00:00:00 2001 From: Jimmy Praet Date: Sat, 2 Apr 2022 12:32:30 +0200 Subject: [PATCH 3/7] Fix compilation errors --- routers/install/install.go | 3 ++- routers/web/auth/auth.go | 2 +- routers/web/auth/linkaccount.go | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/routers/install/install.go b/routers/install/install.go index b680f7dd75157..9d28bc1571ac9 100644 --- a/routers/install/install.go +++ b/routers/install/install.go @@ -505,7 +505,8 @@ func SubmitInstall(ctx *context.Context) { IsAdmin: true, } overwriteDefault := &user_model.CreateUserOverwriteOptions{ - IsActive: new(bool), + IsRestricted: util.OptionalBoolFalse, + IsActive: util.OptionalBoolTrue, } if err = user_model.CreateUser(u, overwriteDefault); err != nil { diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index 7c5a3f7474ea6..1e894262d6ee5 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -512,7 +512,7 @@ func SignUpPost(ctx *context.Context) { Passwd: form.Password, } - if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) { + if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, nil, false) { // error already handled return } diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go index f5e06d1f9d8de..c3e96f077a879 100644 --- a/routers/web/auth/linkaccount.go +++ b/routers/web/auth/linkaccount.go @@ -288,7 +288,7 @@ func LinkAccountPostRegister(ctx *context.Context) { LoginName: gothUser.UserID, } - if !createAndHandleCreatedUser(ctx, tplLinkAccount, form, u, &gothUser, false) { + if !createAndHandleCreatedUser(ctx, tplLinkAccount, form, u, nil, &gothUser, false) { // error already handled return } From f747cdd36f8d2e0c273cd37e81ca4b09114563a3 Mon Sep 17 00:00:00 2001 From: Jimmy Praet Date: Sat, 2 Apr 2022 18:34:47 +0200 Subject: [PATCH 4/7] Add "restricted" option to create user command --- cmd/admin.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/cmd/admin.go b/cmd/admin.go index 722ecdd8a9f93..36cac50a47fbf 100644 --- a/cmd/admin.go +++ b/cmd/admin.go @@ -115,6 +115,10 @@ var ( Name: "access-token", Usage: "Generate access token for the user", }, + cli.BoolFlag{ + Name: "restricted", + Usage: "Make a restricted user account", + }, }, } @@ -560,6 +564,12 @@ func runCreateUser(c *cli.Context) error { changePassword = c.Bool("must-change-password") } + restricted := util.OptionalBoolNone + + if c.IsSet("restricted") { + restricted = util.OptionalBoolOf(c.Bool("restricted")) + } + u := &user_model.User{ Name: username, Email: c.String("email"), @@ -569,7 +579,8 @@ func runCreateUser(c *cli.Context) error { } overwriteDefault := &user_model.CreateUserOverwriteOptions{ - IsActive: util.OptionalBoolTrue, + IsActive: util.OptionalBoolTrue, + IsRestricted: restricted, } if err := user_model.CreateUser(u, overwriteDefault); err != nil { From a795e557c97840b940d47c0740126038966c168d Mon Sep 17 00:00:00 2001 From: Jimmy Praet Date: Sat, 2 Apr 2022 18:43:43 +0200 Subject: [PATCH 5/7] Add "restricted" option to create user admin api --- modules/structs/admin_user.go | 1 + routers/api/v1/admin/user.go | 5 +++++ templates/swagger/v1_json.tmpl | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/modules/structs/admin_user.go b/modules/structs/admin_user.go index facf16a39552a..eccbf29a46f0c 100644 --- a/modules/structs/admin_user.go +++ b/modules/structs/admin_user.go @@ -19,6 +19,7 @@ type CreateUserOption struct { Password string `json:"password" binding:"Required;MaxSize(255)"` MustChangePassword *bool `json:"must_change_password"` SendNotify bool `json:"send_notify"` + Restricted *bool `json:"restricted"` Visibility string `json:"visibility" binding:"In(,public,limited,private)"` } diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 1be1a574ddc0f..775802449abba 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -111,6 +111,11 @@ func CreateUser(ctx *context.APIContext) { overwriteDefault := &user_model.CreateUserOverwriteOptions{ IsActive: util.OptionalBoolTrue, } + + if form.Restricted != nil { + overwriteDefault.IsRestricted = util.OptionalBoolOf(*form.Restricted) + } + if form.Visibility != "" { visibility := api.VisibilityModes[form.Visibility] overwriteDefault.Visibility = &visibility diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 16b0c76400b0b..eff0cb9897f3f 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -14408,6 +14408,10 @@ "type": "string", "x-go-name": "Password" }, + "restricted": { + "type": "boolean", + "x-go-name": "Restricted" + }, "send_notify": { "type": "boolean", "x-go-name": "SendNotify" From ee95d3e8dc9e9fff4fa66a5111e4d3930280e033 Mon Sep 17 00:00:00 2001 From: Jimmy Praet Date: Sun, 10 Apr 2022 08:52:46 +0200 Subject: [PATCH 6/7] Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed --- routers/web/auth/oauth.go | 2 +- services/auth/reverseproxy.go | 7 +------ services/auth/source/ldap/source_authenticate.go | 1 - services/auth/source/pam/source_authenticate.go | 6 +----- services/auth/source/smtp/source_authenticate.go | 5 +---- 5 files changed, 4 insertions(+), 17 deletions(-) diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 4c3e3c3ace393..e7ef1faab7be2 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -877,7 +877,7 @@ func SignInOAuthCallback(ctx *context.Context) { } overwriteDefault := &user_model.CreateUserOverwriteOptions{ - IsActive: util.OptionalBoolOf(!setting.OAuth2Client.RegisterEmailConfirm), + IsActive: util.OptionalBoolOf(!(setting.OAuth2Client.RegisterEmailConfirm || setting.Service.RegisterManualConfirm)), } setUserGroupClaims(authSource, u, &gothUser) diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go index 299d7abd34aec..698902b1cf8c8 100644 --- a/services/auth/reverseproxy.go +++ b/services/auth/reverseproxy.go @@ -12,7 +12,6 @@ import ( user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" - "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/services/mailer" @@ -110,11 +109,7 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User { Email: email, } - overwriteDefault := user_model.CreateUserOverwriteOptions{ - IsActive: util.OptionalBoolTrue, - } - - if err := user_model.CreateUser(user, &overwriteDefault); err != nil { + if err := user_model.CreateUser(user); err != nil { // FIXME: should I create a system notice? log.Error("CreateUser: %v", err) return nil diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go index d8d11f18e1ef9..3a8866ef6777a 100644 --- a/services/auth/source/ldap/source_authenticate.go +++ b/services/auth/source/ldap/source_authenticate.go @@ -97,7 +97,6 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str } overwriteDefault := &user_model.CreateUserOverwriteOptions{ IsRestricted: util.OptionalBoolOf(sr.IsRestricted), - IsActive: util.OptionalBoolTrue, } err := user_model.CreateUser(user, overwriteDefault) diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go index 16ddc0598e47f..9ab1724ad50e6 100644 --- a/services/auth/source/pam/source_authenticate.go +++ b/services/auth/source/pam/source_authenticate.go @@ -12,7 +12,6 @@ import ( user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/auth/pam" "code.gitea.io/gitea/modules/setting" - "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/services/mailer" "github.com/google/uuid" @@ -60,11 +59,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str LoginSource: source.authSource.ID, LoginName: userName, // This is what the user typed in } - overwriteDefault := &user_model.CreateUserOverwriteOptions{ - IsActive: util.OptionalBoolTrue, - } - if err := user_model.CreateUser(user, overwriteDefault); err != nil { + if err := user_model.CreateUser(user); err != nil { return user, err } diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go index dff24d494ee0f..53a75773c1605 100644 --- a/services/auth/source/smtp/source_authenticate.go +++ b/services/auth/source/smtp/source_authenticate.go @@ -75,11 +75,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str LoginSource: source.authSource.ID, LoginName: userName, } - overwriteDefault := &user_model.CreateUserOverwriteOptions{ - IsActive: util.OptionalBoolTrue, - } - if err := user_model.CreateUser(user, overwriteDefault); err != nil { + if err := user_model.CreateUser(user); err != nil { return user, err } From 5574ad119beebbafeaef3dd46c3f3de022e4ab1b Mon Sep 17 00:00:00 2001 From: Jimmy Praet Date: Tue, 26 Apr 2022 20:05:43 +0200 Subject: [PATCH 7/7] Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed" This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033. --- routers/web/auth/oauth.go | 2 +- services/auth/reverseproxy.go | 7 ++++++- services/auth/source/ldap/source_authenticate.go | 1 + services/auth/source/pam/source_authenticate.go | 6 +++++- services/auth/source/smtp/source_authenticate.go | 5 ++++- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index e7ef1faab7be2..4c3e3c3ace393 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -877,7 +877,7 @@ func SignInOAuthCallback(ctx *context.Context) { } overwriteDefault := &user_model.CreateUserOverwriteOptions{ - IsActive: util.OptionalBoolOf(!(setting.OAuth2Client.RegisterEmailConfirm || setting.Service.RegisterManualConfirm)), + IsActive: util.OptionalBoolOf(!setting.OAuth2Client.RegisterEmailConfirm), } setUserGroupClaims(authSource, u, &gothUser) diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go index 698902b1cf8c8..299d7abd34aec 100644 --- a/services/auth/reverseproxy.go +++ b/services/auth/reverseproxy.go @@ -12,6 +12,7 @@ import ( user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/services/mailer" @@ -109,7 +110,11 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User { Email: email, } - if err := user_model.CreateUser(user); err != nil { + overwriteDefault := user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, + } + + if err := user_model.CreateUser(user, &overwriteDefault); err != nil { // FIXME: should I create a system notice? log.Error("CreateUser: %v", err) return nil diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go index 3a8866ef6777a..d8d11f18e1ef9 100644 --- a/services/auth/source/ldap/source_authenticate.go +++ b/services/auth/source/ldap/source_authenticate.go @@ -97,6 +97,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str } overwriteDefault := &user_model.CreateUserOverwriteOptions{ IsRestricted: util.OptionalBoolOf(sr.IsRestricted), + IsActive: util.OptionalBoolTrue, } err := user_model.CreateUser(user, overwriteDefault) diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go index 9ab1724ad50e6..16ddc0598e47f 100644 --- a/services/auth/source/pam/source_authenticate.go +++ b/services/auth/source/pam/source_authenticate.go @@ -12,6 +12,7 @@ import ( user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/auth/pam" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/services/mailer" "github.com/google/uuid" @@ -59,8 +60,11 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str LoginSource: source.authSource.ID, LoginName: userName, // This is what the user typed in } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, + } - if err := user_model.CreateUser(user); err != nil { + if err := user_model.CreateUser(user, overwriteDefault); err != nil { return user, err } diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go index 53a75773c1605..dff24d494ee0f 100644 --- a/services/auth/source/smtp/source_authenticate.go +++ b/services/auth/source/smtp/source_authenticate.go @@ -75,8 +75,11 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str LoginSource: source.authSource.ID, LoginName: userName, } + overwriteDefault := &user_model.CreateUserOverwriteOptions{ + IsActive: util.OptionalBoolTrue, + } - if err := user_model.CreateUser(user); err != nil { + if err := user_model.CreateUser(user, overwriteDefault); err != nil { return user, err }