Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION (#1369)
* Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION Omit the configuration variable (the default) to be dependent. Fixes #1363 * Move OpenID settings under Service object * Show OpenID SignUp and SignIn status in admin panel / configuration
This commit is contained in:
parent
08f7fded3c
commit
129b0d6a4b
7 changed files with 47 additions and 38 deletions
|
@ -200,7 +200,7 @@ func runWeb(ctx *cli.Context) error {
|
||||||
m.Group("/user", func() {
|
m.Group("/user", func() {
|
||||||
m.Get("/login", user.SignIn)
|
m.Get("/login", user.SignIn)
|
||||||
m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
|
m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
|
||||||
if setting.EnableOpenIDSignIn {
|
if setting.Service.EnableOpenIDSignIn {
|
||||||
m.Combo("/login/openid").
|
m.Combo("/login/openid").
|
||||||
Get(user.SignInOpenID).
|
Get(user.SignInOpenID).
|
||||||
Post(bindIgnErr(auth.SignInOpenIDForm{}), user.SignInOpenIDPost)
|
Post(bindIgnErr(auth.SignInOpenIDForm{}), user.SignInOpenIDPost)
|
||||||
|
@ -243,7 +243,7 @@ func runWeb(ctx *cli.Context) error {
|
||||||
m.Post("/email/delete", user.DeleteEmail)
|
m.Post("/email/delete", user.DeleteEmail)
|
||||||
m.Get("/password", user.SettingsPassword)
|
m.Get("/password", user.SettingsPassword)
|
||||||
m.Post("/password", bindIgnErr(auth.ChangePasswordForm{}), user.SettingsPasswordPost)
|
m.Post("/password", bindIgnErr(auth.ChangePasswordForm{}), user.SettingsPasswordPost)
|
||||||
if setting.EnableOpenIDSignIn {
|
if setting.Service.EnableOpenIDSignIn {
|
||||||
m.Group("/openid", func() {
|
m.Group("/openid", func() {
|
||||||
m.Combo("").Get(user.SettingsOpenID).
|
m.Combo("").Get(user.SettingsOpenID).
|
||||||
Post(bindIgnErr(auth.AddOpenIDForm{}), user.SettingsOpenIDPost)
|
Post(bindIgnErr(auth.AddOpenIDForm{}), user.SettingsOpenIDPost)
|
||||||
|
|
3
conf/app.ini
vendored
3
conf/app.ini
vendored
|
@ -203,7 +203,8 @@ IMPORT_LOCAL_PATHS = false
|
||||||
; Whether to allow signin in via OpenID
|
; Whether to allow signin in via OpenID
|
||||||
ENABLE_OPENID_SIGNIN = true
|
ENABLE_OPENID_SIGNIN = true
|
||||||
; Whether to allow registering via OpenID
|
; Whether to allow registering via OpenID
|
||||||
ENABLE_OPENID_SIGNUP = true
|
; Do not include to rely on DISABLE_REGISTRATION setting
|
||||||
|
;ENABLE_OPENID_SIGNUP = true
|
||||||
; Allowed URI patterns (POSIX regexp).
|
; Allowed URI patterns (POSIX regexp).
|
||||||
; Space separated.
|
; Space separated.
|
||||||
; Only these would be allowed if non-blank.
|
; Only these would be allowed if non-blank.
|
||||||
|
|
|
@ -197,7 +197,7 @@ func Contexter() macaron.Handler {
|
||||||
ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
|
ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
|
||||||
ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding
|
ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding
|
||||||
ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion
|
ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion
|
||||||
ctx.Data["EnableOpenIDSignIn"] = setting.EnableOpenIDSignIn
|
ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
|
||||||
|
|
||||||
c.Map(ctx)
|
c.Map(ctx)
|
||||||
}
|
}
|
||||||
|
|
|
@ -121,12 +121,6 @@ var (
|
||||||
MinPasswordLength int
|
MinPasswordLength int
|
||||||
ImportLocalPaths bool
|
ImportLocalPaths bool
|
||||||
|
|
||||||
// OpenID settings
|
|
||||||
EnableOpenIDSignIn bool
|
|
||||||
EnableOpenIDSignUp bool
|
|
||||||
OpenIDWhitelist []*regexp.Regexp
|
|
||||||
OpenIDBlacklist []*regexp.Regexp
|
|
||||||
|
|
||||||
// Database settings
|
// Database settings
|
||||||
UseSQLite3 bool
|
UseSQLite3 bool
|
||||||
UseMySQL bool
|
UseMySQL bool
|
||||||
|
@ -758,24 +752,6 @@ please consider changing to GITEA_CUSTOM`)
|
||||||
MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
|
MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
|
||||||
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
|
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
|
||||||
|
|
||||||
sec = Cfg.Section("openid")
|
|
||||||
EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(true)
|
|
||||||
EnableOpenIDSignUp = sec.Key("ENABLE_OPENID_SIGNUP").MustBool(true)
|
|
||||||
pats := sec.Key("WHITELISTED_URIS").Strings(" ")
|
|
||||||
if len(pats) != 0 {
|
|
||||||
OpenIDWhitelist = make([]*regexp.Regexp, len(pats))
|
|
||||||
for i, p := range pats {
|
|
||||||
OpenIDWhitelist[i] = regexp.MustCompilePOSIX(p)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pats = sec.Key("BLACKLISTED_URIS").Strings(" ")
|
|
||||||
if len(pats) != 0 {
|
|
||||||
OpenIDBlacklist = make([]*regexp.Regexp, len(pats))
|
|
||||||
for i, p := range pats {
|
|
||||||
OpenIDBlacklist[i] = regexp.MustCompilePOSIX(p)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sec = Cfg.Section("attachment")
|
sec = Cfg.Section("attachment")
|
||||||
AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
|
AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
|
||||||
if !filepath.IsAbs(AttachmentPath) {
|
if !filepath.IsAbs(AttachmentPath) {
|
||||||
|
@ -939,6 +915,13 @@ var Service struct {
|
||||||
EnableCaptcha bool
|
EnableCaptcha bool
|
||||||
DefaultKeepEmailPrivate bool
|
DefaultKeepEmailPrivate bool
|
||||||
NoReplyAddress string
|
NoReplyAddress string
|
||||||
|
|
||||||
|
// OpenID settings
|
||||||
|
EnableOpenIDSignIn bool
|
||||||
|
EnableOpenIDSignUp bool
|
||||||
|
OpenIDWhitelist []*regexp.Regexp
|
||||||
|
OpenIDBlacklist []*regexp.Regexp
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func newService() {
|
func newService() {
|
||||||
|
@ -953,6 +936,25 @@ func newService() {
|
||||||
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
|
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
|
||||||
Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool()
|
Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool()
|
||||||
Service.NoReplyAddress = sec.Key("NO_REPLY_ADDRESS").MustString("noreply.example.org")
|
Service.NoReplyAddress = sec.Key("NO_REPLY_ADDRESS").MustString("noreply.example.org")
|
||||||
|
|
||||||
|
sec = Cfg.Section("openid")
|
||||||
|
Service.EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(true)
|
||||||
|
Service.EnableOpenIDSignUp = sec.Key("ENABLE_OPENID_SIGNUP").MustBool(!Service.DisableRegistration)
|
||||||
|
pats := sec.Key("WHITELISTED_URIS").Strings(" ")
|
||||||
|
if len(pats) != 0 {
|
||||||
|
Service.OpenIDWhitelist = make([]*regexp.Regexp, len(pats))
|
||||||
|
for i, p := range pats {
|
||||||
|
Service.OpenIDWhitelist[i] = regexp.MustCompilePOSIX(p)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
pats = sec.Key("BLACKLISTED_URIS").Strings(" ")
|
||||||
|
if len(pats) != 0 {
|
||||||
|
Service.OpenIDBlacklist = make([]*regexp.Regexp, len(pats))
|
||||||
|
for i, p := range pats {
|
||||||
|
Service.OpenIDBlacklist[i] = regexp.MustCompilePOSIX(p)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var logLevels = map[string]string{
|
var logLevels = map[string]string{
|
||||||
|
|
|
@ -1211,6 +1211,8 @@ config.db_path_helper = (for "sqlite3" and "tidb")
|
||||||
config.service_config = Service Configuration
|
config.service_config = Service Configuration
|
||||||
config.register_email_confirm = Require Email Confirmation
|
config.register_email_confirm = Require Email Confirmation
|
||||||
config.disable_register = Disable Registration
|
config.disable_register = Disable Registration
|
||||||
|
config.enable_openid_signup = Enable Registration via OpenID
|
||||||
|
config.enable_openid_signin = Enable OpenID Sign In
|
||||||
config.show_registration_button = Show Register Button
|
config.show_registration_button = Show Register Button
|
||||||
config.require_sign_in_view = Require Sign In View
|
config.require_sign_in_view = Require Sign In View
|
||||||
config.mail_notify = Mail Notification
|
config.mail_notify = Mail Notification
|
||||||
|
|
|
@ -68,8 +68,8 @@ func allowedOpenIDURI(uri string) (err error) {
|
||||||
|
|
||||||
// In case a Whitelist is present, URI must be in it
|
// In case a Whitelist is present, URI must be in it
|
||||||
// in order to be accepted
|
// in order to be accepted
|
||||||
if len(setting.OpenIDWhitelist) != 0 {
|
if len(setting.Service.OpenIDWhitelist) != 0 {
|
||||||
for _, pat := range setting.OpenIDWhitelist {
|
for _, pat := range setting.Service.OpenIDWhitelist {
|
||||||
if pat.MatchString(uri) {
|
if pat.MatchString(uri) {
|
||||||
return nil // pass
|
return nil // pass
|
||||||
}
|
}
|
||||||
|
@ -79,7 +79,7 @@ func allowedOpenIDURI(uri string) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// A blacklist match expliclty forbids
|
// A blacklist match expliclty forbids
|
||||||
for _, pat := range setting.OpenIDBlacklist {
|
for _, pat := range setting.Service.OpenIDBlacklist {
|
||||||
if pat.MatchString(uri) {
|
if pat.MatchString(uri) {
|
||||||
return fmt.Errorf("URI forbidden by blacklist")
|
return fmt.Errorf("URI forbidden by blacklist")
|
||||||
}
|
}
|
||||||
|
@ -231,7 +231,7 @@ func signInOpenIDVerify(ctx *context.Context) {
|
||||||
|
|
||||||
ctx.Session.Set("openid_determined_username", nickname)
|
ctx.Session.Set("openid_determined_username", nickname)
|
||||||
|
|
||||||
if u != nil || !setting.EnableOpenIDSignUp {
|
if u != nil || !setting.Service.EnableOpenIDSignUp {
|
||||||
ctx.Redirect(setting.AppSubURL + "/user/openid/connect")
|
ctx.Redirect(setting.AppSubURL + "/user/openid/connect")
|
||||||
} else {
|
} else {
|
||||||
ctx.Redirect(setting.AppSubURL + "/user/openid/register")
|
ctx.Redirect(setting.AppSubURL + "/user/openid/register")
|
||||||
|
@ -248,7 +248,7 @@ func ConnectOpenID(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = "OpenID connect"
|
ctx.Data["Title"] = "OpenID connect"
|
||||||
ctx.Data["PageIsSignIn"] = true
|
ctx.Data["PageIsSignIn"] = true
|
||||||
ctx.Data["PageIsOpenIDConnect"] = true
|
ctx.Data["PageIsOpenIDConnect"] = true
|
||||||
ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||||
ctx.Data["OpenID"] = oid
|
ctx.Data["OpenID"] = oid
|
||||||
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
||||||
if userName != "" {
|
if userName != "" {
|
||||||
|
@ -267,7 +267,7 @@ func ConnectOpenIDPost(ctx *context.Context, form auth.ConnectOpenIDForm) {
|
||||||
ctx.Data["Title"] = "OpenID connect"
|
ctx.Data["Title"] = "OpenID connect"
|
||||||
ctx.Data["PageIsSignIn"] = true
|
ctx.Data["PageIsSignIn"] = true
|
||||||
ctx.Data["PageIsOpenIDConnect"] = true
|
ctx.Data["PageIsOpenIDConnect"] = true
|
||||||
ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||||
ctx.Data["OpenID"] = oid
|
ctx.Data["OpenID"] = oid
|
||||||
|
|
||||||
u, err := models.UserSignIn(form.UserName, form.Password)
|
u, err := models.UserSignIn(form.UserName, form.Password)
|
||||||
|
@ -300,7 +300,7 @@ func ConnectOpenIDPost(ctx *context.Context, form auth.ConnectOpenIDForm) {
|
||||||
|
|
||||||
// RegisterOpenID shows a form to create a new user authenticated via an OpenID URI
|
// RegisterOpenID shows a form to create a new user authenticated via an OpenID URI
|
||||||
func RegisterOpenID(ctx *context.Context) {
|
func RegisterOpenID(ctx *context.Context) {
|
||||||
if !setting.EnableOpenIDSignUp {
|
if !setting.Service.EnableOpenIDSignUp {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -312,7 +312,7 @@ func RegisterOpenID(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = "OpenID signup"
|
ctx.Data["Title"] = "OpenID signup"
|
||||||
ctx.Data["PageIsSignIn"] = true
|
ctx.Data["PageIsSignIn"] = true
|
||||||
ctx.Data["PageIsOpenIDRegister"] = true
|
ctx.Data["PageIsOpenIDRegister"] = true
|
||||||
ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
||||||
ctx.Data["OpenID"] = oid
|
ctx.Data["OpenID"] = oid
|
||||||
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
||||||
|
@ -328,7 +328,7 @@ func RegisterOpenID(ctx *context.Context) {
|
||||||
|
|
||||||
// RegisterOpenIDPost handles submission of a form to create a new user authenticated via an OpenID URI
|
// RegisterOpenIDPost handles submission of a form to create a new user authenticated via an OpenID URI
|
||||||
func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.SignUpOpenIDForm) {
|
func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.SignUpOpenIDForm) {
|
||||||
if !setting.EnableOpenIDSignUp {
|
if !setting.Service.EnableOpenIDSignUp {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -341,7 +341,7 @@ func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.Si
|
||||||
ctx.Data["Title"] = "OpenID signup"
|
ctx.Data["Title"] = "OpenID signup"
|
||||||
ctx.Data["PageIsSignIn"] = true
|
ctx.Data["PageIsSignIn"] = true
|
||||||
ctx.Data["PageIsOpenIDRegister"] = true
|
ctx.Data["PageIsOpenIDRegister"] = true
|
||||||
ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
||||||
ctx.Data["OpenID"] = oid
|
ctx.Data["OpenID"] = oid
|
||||||
|
|
||||||
|
|
|
@ -114,6 +114,10 @@
|
||||||
<dd><i class="fa fa{{if .Service.DisableRegistration}}-check{{end}}-square-o"></i></dd>
|
<dd><i class="fa fa{{if .Service.DisableRegistration}}-check{{end}}-square-o"></i></dd>
|
||||||
<dt>{{.i18n.Tr "admin.config.show_registration_button"}}</dt>
|
<dt>{{.i18n.Tr "admin.config.show_registration_button"}}</dt>
|
||||||
<dd><i class="fa fa{{if .Service.ShowRegistrationButton}}-check{{end}}-square-o"></i></dd>
|
<dd><i class="fa fa{{if .Service.ShowRegistrationButton}}-check{{end}}-square-o"></i></dd>
|
||||||
|
<dt>{{.i18n.Tr "admin.config.enable_openid_signup"}}</dt>
|
||||||
|
<dd><i class="fa fa{{if .Service.EnableOpenIDSignUp}}-check{{end}}-square-o"></i></dd>
|
||||||
|
<dt>{{.i18n.Tr "admin.config.enable_openid_signin"}}</dt>
|
||||||
|
<dd><i class="fa fa{{if .Service.EnableOpenIDSignIn}}-check{{end}}-square-o"></i></dd>
|
||||||
<dt>{{.i18n.Tr "admin.config.require_sign_in_view"}}</dt>
|
<dt>{{.i18n.Tr "admin.config.require_sign_in_view"}}</dt>
|
||||||
<dd><i class="fa fa{{if .Service.RequireSignInView}}-check{{end}}-square-o"></i></dd>
|
<dd><i class="fa fa{{if .Service.RequireSignInView}}-check{{end}}-square-o"></i></dd>
|
||||||
<dt>{{.i18n.Tr "admin.config.mail_notify"}}</dt>
|
<dt>{{.i18n.Tr "admin.config.mail_notify"}}</dt>
|
||||||
|
|
Reference in a new issue