Commit Graph

90 Commits

Author SHA1 Message Date
Moritz Heiber
7e12aac61c Only allow token authentication with 2FA enabled (#2184)
* Don't allow for plain username/password authentication when 2FA is enabled

* Removed debugging statement

* Don't assume a token belongs to a given user, handle two-factor errors properly

* Simplified user/token matching, refactored error handling for two-factor authentication

* Change authentication response to avoid bruteforcing

* Add TODO item as a comment for changing the response for security purposes
2017-07-26 15:33:16 +08:00
Shuanglei Tao
d389ed25a5 Fix: http: multiple response.WriteHeader calls (#2038)
We can't change the http status code here, because the response has been written.
2017-06-28 14:08:47 +08:00
Lunny Xiao
6362462da8
fix admin lost permission caused by #947 2017-05-19 08:59:26 +08:00
Lunny Xiao
fd6034aaf2 Add units to team (#947)
* add units to team

* fix lint

* finish team setting backend

* finished permission controll on routes

* fix import blank line

* add unit check on ssh/http pull and push and fix test failed

* fix fixtures data

* remove unused code
2017-05-18 22:54:24 +08:00
Lunny Xiao
930d1759ae Remove env user salt since no need to use (#1515)
* remove env user salt since no need to use

* remove unused variable from update.go
2017-05-06 21:21:22 +08:00
Lunny Xiao
f0db3da713 fix go get sub package and add domain on installation to let go get work defaultly (#1518)
* fix go get sub package and add domain on installation to let go get work defaultly

* fix import sequence

* fix .git problem
2017-04-21 10:43:29 +08:00
Ethan Koenig
ec0ae5d50c Refactor and fix incorrect comment (#1247) 2017-03-15 08:51:46 +08:00
Lunny Xiao
cd1821a7e2 Move push update to post-receive and protected branch check to pre-receive (#1030)
* move all push update to git hook post-receive and protected branch check to git hook pre-receive

* add SSH_ORIGINAL_COMMAND check back

* remove all unused codes

* fix the import
2017-02-25 22:54:40 +08:00
Willem van Dreumel
01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Denis Denisov
fd941db246 Protected branches system (#339)
* Protected branches system

* Moved default branch to branches section (`:org/:reponame/settings/branches`).
* Initial support Protected Branch.
  - Admin does not restrict
  - Owner not to limit
  - To write permission restrictions

* reformat tmpl

* finished the UI and add/delete protected branch response

* remove unused comment

* indent all the template files and remove ru translations since we use crowdin

* fix the push bug
2017-02-21 23:02:10 +08:00
Bo-Yi Wu
6510e57758 fix gofmt error
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2016-12-30 20:41:10 +01:00
Gogs
37eec6c9b7 push + pull now works with reverse proxy + basic auth on apache 2.4 2016-12-29 22:37:50 +01:00
Lunny Xiao
47a7529d96 update code.gitea.io/git (#450) 2016-12-22 10:30:52 +01:00
Lunny Xiao
3917ed45de golint fixed for routers (#208) 2016-11-24 15:04:31 +08:00
Sandro Santilli
4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
Sandro Santilli
f388661bda ACCESS_MODE_* -> AccessMode* 2016-11-07 17:20:37 +01:00
Rachid Zarouali
be5607e510 Merge pull request #50 from 0xbaadf00d/feature/2583-disablehttpcloning
Disable HTTP cloning
2016-11-07 11:23:30 +01:00
Sandro Santilli
6e4252dad4 Replace gogits/git-module dependency with go-gitea/git (#94)
* Replace gogits/git-module dependency with go-gitea/git

Fixes #92

* Remove git alias for git module import (not needed)
2016-11-06 11:18:34 -02:00
Rémy Boulanouar
2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
Thibault Meyer
93f1eabe30
rename variable + fix wiki link 2016-10-04 18:58:14 +02:00
Thibault Meyer
9d66497abc
Can disable GIT interactions by HTTP protocol 2016-09-18 10:54:33 +02:00
Unknwon
a00c932bbc General code quality improvement 2016-08-16 23:06:38 -07:00
Unknwon
dccb0c15b9 Replace convert.To with APIFormat calls 2016-08-14 04:17:26 -07:00
Unknwon
3f7f4852ef #2246 fully support of webhooks for pull request 2016-08-14 03:32:24 -07:00
Unknwon
1f2e173a74 Refactor User.Id to User.ID 2016-07-24 01:08:22 +08:00
Franz Schmidt
8b35c194ec Fixes #3110 (#3136) 2016-06-27 17:02:39 +08:00
Unknwon
c041273dd3 repo/http: clean code 2016-06-01 04:19:01 -07:00
Unknwon
60ae8ac3d2 Add route for #2846 2016-03-21 10:49:46 -04:00
Unknwon
514382e2eb Rename module: middleware -> context 2016-03-11 11:56:52 -05:00
Unknwon
338af89d56 #2650 fix possbility that use email as pusher user name
Remove the possibility of using email as user name when user actually push
through combination of email and password with HTTP.

Also refactor update action function to replcae tons of arguments with
single PushUpdateOptions struct.
And define the user who pushes code as pusher, therefore variable names shouldn't
be confusing any more.
2016-02-17 22:47:06 -05:00
Florian Kaiser
0e4ae27caa Use pretty 404 pages in repo.HTTPBackend 2016-02-02 14:09:47 +00:00
zhuharev
0d5dc8a064 typo fix 2016-01-06 22:41:42 +03:00
Unknwon
a62290de52 #2311 improve HTTP auth error message 2015-12-30 21:29:30 -05:00
Unknwon
40f3142264 #2114 External URL for wiki 2015-12-11 04:55:08 -05:00
Unknwon
830d000667 finish wiki 2015-11-30 20:45:55 -05:00
Unknwon
c50a3503e6 introduce git-shell 2015-11-26 17:33:45 -05:00
Unknwon
0128036514 #1681 some fixes for builtin SSH server on Windows 2015-11-23 22:32:07 -05:00
Unknwon
b55499d039 go vet and fix #1890 2015-11-08 14:31:49 -05:00
Unknwon
0fbb8c8826 New push to head repo of head branch: regenerate patch and retest apply 2015-10-24 03:36:47 -04:00
Unknwon
2ac8e11f46 #842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00
Unknwon
03b85b73af token recent activity 2015-08-19 06:22:33 +08:00
Unknwon
d17f102339 try to fix HTTP ops not GC 2015-08-17 22:32:43 +08:00
Unknwon
407385db7e work on #1493 2015-08-17 17:05:37 +08:00
Unknwon
dea3a8c6a4 WIP: create PR - choose branch 2015-08-08 22:43:14 +08:00
Unknwon
e50982f5ec allow anonymous SSH clone 2015-08-05 11:14:17 +08:00
Unknwon
fa298a2c30 #835: Realtime webhooks 2015-07-25 21:32:04 +08:00
Linquize
f26f8d5afa Set Content-Type to text/plain for http status 401
This is because git command line shows the failure reason only if Content-Type is text/plain.
2015-03-28 22:30:05 +08:00
Unknwon
588f3215c6 #1040: dashboard no longer accessible when repo is missing 2015-03-16 04:04:27 -04:00
Unknwon
4aafeace23 fix HTTP/HTTPS push update func call panic #1037 and http: multiple response.WriteHeader calls 2015-03-12 01:15:01 -04:00
Unknwon
b0b11fd7b1 Merge branch 'access' of github.com:gogits/gogs into dev 2015-02-28 21:50:29 -05:00