Commit Graph

64 Commits

Author SHA1 Message Date
Jonas Franz
e777c6bdc6 Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
manuelluis
fc038caa69 In basic auth check for tokens before call UserSignIn (#5725)
* Check first if user/password is a token

* In basic auth check if user/password is a token

* Remove unnecessary else statement

* Changes of fmt
2019-02-12 11:20:08 +02:00
zeripath
2a660a1de1 Support reverse proxy providing email (#5554)
This PR implements #2347
2018-12-18 12:05:48 -05:00
Oleg Kovalov
5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
B-OnTheGo
e47df0b301 Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
Lunny Xiao
f2e20c81b6 Refactor struct's time to remove unnecessary memory usage (#3142)
* refactor struct's time to remove unnecessary memory usage

* use AsTimePtr simple code

* fix tests

* fix time compare

* fix template on gpg

* use AddDuration instead of Add
2017-12-11 06:37:04 +02:00
Lauris BH
f42ec6120e Better URL validation (#1507)
* Add correct git branch name validation

* Change git refname validation error constant name

* Implement URL validation based on GoLang url.Parse method

* Backward compatibility with older Go compiler

* Add git reference name validation unit tests

* Remove unused variable in unit test

* Implement URL validation based on GoLang url.Parse method

* Backward compatibility with older Go compiler

* Add url validation unit tests
2017-04-19 11:02:20 +08:00
Bo-Yi Wu
28a5bc313a fix: gofmt errors. (#1106) 2017-03-03 16:21:31 +08:00
Willem van Dreumel
01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Ethan Koenig
e86d935175 Avoid duplicate queries in auth (#827)
Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
2017-02-05 21:10:46 +08:00
Kim "BKC" Carlbäcker
e6cfccdd40 GitHub API Compliance (& linting) 2016-12-02 09:18:15 +01:00
Lunny Xiao
ec87a75c00 golint fixed for modules/auth 2016-11-27 21:39:06 +08:00
Sandro Santilli
4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
Rémy Boulanouar
2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
Franz Schmidt
8b35c194ec Fixes #3110 (#3136) 2016-06-27 17:02:39 +08:00
Unknwon
ac78bae7b5 Replace uuid module with original package 2016-02-20 18:13:12 -05:00
zhuharev
0d5dc8a064 typo fix 2016-01-06 22:41:42 +03:00
Unknwon
7d72c8333e work on #470 and fix miror JS issue when choose targets on compare and pull 2015-10-29 21:09:48 -04:00
Unknwon
932dbccb67 fix import path, fix #1782 2015-10-15 21:28:12 -04:00
Unknwon
65e73c4ac6 support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00
Unknwon
2ac8e11f46 #842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00
Unknwon
bb3b90fcd6 #1487 Readme Template 2015-08-28 18:33:09 +08:00
Unknwon
03b85b73af token recent activity 2015-08-19 06:22:33 +08:00
Unknwon
407385db7e work on #1493 2015-08-17 17:05:37 +08:00
Unknwon
dea3a8c6a4 WIP: create PR - choose branch 2015-08-08 22:43:14 +08:00
Unknwon
e50982f5ec allow anonymous SSH clone 2015-08-05 11:14:17 +08:00
Unknwon
ac95f6d50f UI: basic label list
- create new label
2015-07-24 21:02:49 +08:00
Unknwon
ff051e2106 #1128: API calls are not hidden behind sign in 2015-07-15 19:17:57 +08:00
Unknwon
5cf3732339 UI: install - new version 2015-07-08 19:47:56 +08:00
Gogs
fab038b175 Attempt #3 of ldap fixes 2015-02-27 13:18:29 +00:00
Unknwon
b293b6eaa6 cmd: CMD option for port number of gogs web to prevent first time run conflict
- routers: use new binding convention to simplify code
- templates: able to set HTTP port number in install page
2015-02-01 12:41:03 -05:00
Unknwon
9803c421f5 fix binding api broken 2014-12-15 01:49:59 -05:00
Joseph Crail
39c068400e Fix spelling errors in comments. 2014-12-06 20:22:48 -05:00
Unknwon
0b785ad967 work on #672 2014-12-05 18:08:09 -05:00
Unknwon
069486d169 fix #165 2014-12-05 17:54:57 -05:00
Unknwon
37d8d3afe9 more APIs on #12 2014-11-18 11:07:16 -05:00
Unknwon
8eb5120fbd #12, API: list user repos, list repo hooks 2014-11-13 02:32:18 -05:00
Unknwon
8c9338a537 add personal access token panel #12 2014-11-12 06:48:50 -05:00
Unknwon
e0de6cb5ad work on #616 and update locales 2014-11-10 05:30:07 -05:00
Unknwon
fa241efa6d Use binding middleware 2014-10-15 11:19:20 -04:00
Unknwon
669552e255 Fix #340 2014-08-01 06:12:14 -04:00
Unknwon
8dd07c0ddd New UI merge in progress 2014-07-26 00:24:27 -04:00
Unknown
465dc962b5 Finish create organization team 2014-07-02 16:42:16 -04:00
Lunny Xiao
55019bfbc5 merge all login methods 2014-05-11 14:12:45 +08:00
Unknown
09dba7d63e Clean names 2014-05-08 22:12:05 -04:00
Unknown
6e3dba2cc5 Clean repo code 2014-05-05 19:58:13 -04:00
Unknown
bbdfe25769 User code clean and ui improve 2014-05-05 16:21:43 -04:00
Unknown
c1eb4d894a Clean api code 2014-05-05 13:08:01 -04:00
Lunny Xiao
d8136c9c3c Merge branch 'dev-ldap' into dev 2014-05-05 16:42:15 +08:00
Lunny Xiao
1652dd5068 basic authentications 2014-05-05 16:40:25 +08:00