Allow options to disable user ssh keys configuration from the interface on app.ini (#29447)
Follow #29275 Extract from #20549 Fix #24716 --------- Co-authored-by: delvh <dev.lh@web.de> (cherry picked from commit 8e12ba34bab7e728ac93ccfaecbe91e053ef1c89) Conflicts: custom/conf/app.example.ini trivial context conflict
This commit is contained in:
parent
eadf1d4fa3
commit
bb09ad2b63
|
@ -1496,10 +1496,11 @@ LEVEL = Info
|
||||||
;;
|
;;
|
||||||
;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
|
;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
|
||||||
;DEFAULT_EMAIL_NOTIFICATIONS = enabled
|
;DEFAULT_EMAIL_NOTIFICATIONS = enabled
|
||||||
;; Disabled features for users, could be "deletion","manage_gpg_keys" more features can be disabled in future
|
;; Send an email to all admins when a new user signs up to inform the admins about this act. Options: true, false
|
||||||
;SEND_NOTIFICATION_EMAIL_ON_NEW_USER = false
|
;SEND_NOTIFICATION_EMAIL_ON_NEW_USER = false
|
||||||
;; Disabled features for users, could be "deletion", more features can be disabled in future
|
;; Disabled features for users, could be "deletion", "manage_ssh_keys","manage_gpg_keys" more features can be disabled in future
|
||||||
;; - deletion: a user cannot delete their own account
|
;; - deletion: a user cannot delete their own account
|
||||||
|
;; - manage_ssh_keys: a user cannot configure ssh keys
|
||||||
;; - manage_gpg_keys: a user cannot configure gpg keys
|
;; - manage_gpg_keys: a user cannot configure gpg keys
|
||||||
;USER_DISABLED_FEATURES =
|
;USER_DISABLED_FEATURES =
|
||||||
|
|
||||||
|
|
|
@ -518,9 +518,10 @@ And the following unique queues:
|
||||||
|
|
||||||
- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
|
- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
|
||||||
- `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations.
|
- `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations.
|
||||||
- `USER_DISABLED_FEATURES`: **_empty_** Disabled features for users, could be `deletion`, `manage_gpg_keys` and more features can be added in future.
|
- `USER_DISABLED_FEATURES`: **_empty_** Disabled features for users, could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys` and more features can be added in future.
|
||||||
- `deletion`: User cannot delete their own account.
|
- `deletion`: User cannot delete their own account.
|
||||||
- `manage_gpg_keys`: User cannot configure gpg keys
|
- `manage_ssh_keys`: User cannot configure ssh keys.
|
||||||
|
- `manage_gpg_keys`: User cannot configure gpg keys.
|
||||||
|
|
||||||
## Security (`security`)
|
## Security (`security`)
|
||||||
|
|
||||||
|
|
|
@ -497,9 +497,10 @@ Gitea 创建以下非唯一队列:
|
||||||
|
|
||||||
- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**:用户电子邮件通知的默认配置(用户可配置)。选项:enabled、onmention、disabled
|
- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**:用户电子邮件通知的默认配置(用户可配置)。选项:enabled、onmention、disabled
|
||||||
- `DISABLE_REGULAR_ORG_CREATION`: **false**:禁止普通(非管理员)用户创建组织。
|
- `DISABLE_REGULAR_ORG_CREATION`: **false**:禁止普通(非管理员)用户创建组织。
|
||||||
- `USER_DISABLED_FEATURES`:**_empty_** 禁用的用户特性,当前允许为空或者 `deletion`,`manage_gpg_keys` 未来可以增加更多设置。
|
- `USER_DISABLED_FEATURES`:**_empty_** 禁用的用户特性,当前允许为空或者 `deletion`,`manage_ssh_keys`, `manage_gpg_keys` 未来可以增加更多设置。
|
||||||
- `deletion`: 用户不能通过界面或者API删除他自己。
|
- `deletion`: 用户不能通过界面或者API删除他自己。
|
||||||
- `manage_gpg_keys`: 用户不能配置 GPG 密钥
|
- `manage_ssh_keys`: 用户不能通过界面或者API配置SSH Keys。
|
||||||
|
- `manage_gpg_keys`: 用户不能配置 GPG 密钥。
|
||||||
|
|
||||||
## 安全性 (`security`)
|
## 安全性 (`security`)
|
||||||
|
|
||||||
|
|
|
@ -22,5 +22,6 @@ func loadAdminFrom(rootCfg ConfigProvider) {
|
||||||
|
|
||||||
const (
|
const (
|
||||||
UserFeatureDeletion = "deletion"
|
UserFeatureDeletion = "deletion"
|
||||||
|
UserFeatureManageSSHKeys = "manage_ssh_keys"
|
||||||
UserFeatureManageGPGKeys = "manage_gpg_keys"
|
UserFeatureManageGPGKeys = "manage_gpg_keys"
|
||||||
)
|
)
|
||||||
|
|
|
@ -5,6 +5,7 @@ package user
|
||||||
|
|
||||||
import (
|
import (
|
||||||
std_ctx "context"
|
std_ctx "context"
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
||||||
|
@ -198,6 +199,11 @@ func GetPublicKey(ctx *context.APIContext) {
|
||||||
|
|
||||||
// CreateUserPublicKey creates new public key to given user by ID.
|
// CreateUserPublicKey creates new public key to given user by ID.
|
||||||
func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) {
|
func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) {
|
||||||
|
if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {
|
||||||
|
ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
content, err := asymkey_model.CheckPublicKeyString(form.Key)
|
content, err := asymkey_model.CheckPublicKeyString(form.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
repo.HandleCheckKeyStringError(ctx, err)
|
repo.HandleCheckKeyStringError(ctx, err)
|
||||||
|
@ -263,6 +269,11 @@ func DeletePublicKey(ctx *context.APIContext) {
|
||||||
// "404":
|
// "404":
|
||||||
// "$ref": "#/responses/notFound"
|
// "$ref": "#/responses/notFound"
|
||||||
|
|
||||||
|
if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {
|
||||||
|
ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
id := ctx.ParamsInt64(":id")
|
id := ctx.ParamsInt64(":id")
|
||||||
externallyManaged, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, id)
|
externallyManaged, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -159,6 +159,11 @@ func KeysPost(ctx *context.Context) {
|
||||||
ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID))
|
ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID))
|
||||||
ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
|
ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
|
||||||
case "ssh":
|
case "ssh":
|
||||||
|
if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {
|
||||||
|
ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
content, err := asymkey_model.CheckPublicKeyString(form.Content)
|
content, err := asymkey_model.CheckPublicKeyString(form.Content)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if db.IsErrSSHDisabled(err) {
|
if db.IsErrSSHDisabled(err) {
|
||||||
|
@ -198,6 +203,11 @@ func KeysPost(ctx *context.Context) {
|
||||||
ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title))
|
ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title))
|
||||||
ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
|
ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
|
||||||
case "verify_ssh":
|
case "verify_ssh":
|
||||||
|
if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {
|
||||||
|
ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
token := asymkey_model.VerificationToken(ctx.Doer, 1)
|
token := asymkey_model.VerificationToken(ctx.Doer, 1)
|
||||||
lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)
|
lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)
|
||||||
|
|
||||||
|
@ -240,6 +250,11 @@ func DeleteKey(ctx *context.Context) {
|
||||||
ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success"))
|
ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success"))
|
||||||
}
|
}
|
||||||
case "ssh":
|
case "ssh":
|
||||||
|
if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {
|
||||||
|
ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
keyID := ctx.FormInt64("id")
|
keyID := ctx.FormInt64("id")
|
||||||
external, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, keyID)
|
external, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, keyID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -318,4 +333,5 @@ func loadKeysData(ctx *context.Context) {
|
||||||
|
|
||||||
ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg")
|
ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg")
|
||||||
ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh")
|
ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh")
|
||||||
|
ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings sshkeys")}}
|
{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings sshkeys")}}
|
||||||
<div class="user-setting-content">
|
<div class="user-setting-content">
|
||||||
{{template "user/settings/keys_ssh" .}}
|
{{if not ($.UserDisabledFeatures.Contains "manage_ssh_keys")}}
|
||||||
|
{{template "user/settings/keys_ssh" .}}
|
||||||
|
{{end}}
|
||||||
{{template "user/settings/keys_principal" .}}
|
{{template "user/settings/keys_principal" .}}
|
||||||
{{if not ($.UserDisabledFeatures.Contains "manage_gpg_keys")}}
|
{{if not ($.UserDisabledFeatures.Contains "manage_gpg_keys")}}
|
||||||
{{template "user/settings/keys_gpg" .}}
|
{{template "user/settings/keys_gpg" .}}
|
||||||
|
|
Loading…
Reference in New Issue