allow anonymous SSH clone

This commit is contained in:
Unknwon 2015-08-05 11:14:17 +08:00
parent 487fc8ca39
commit e50982f5ec
20 changed files with 109 additions and 92 deletions

View file

@ -78,35 +78,18 @@ func runServ(c *cli.Context) {
setup("serv.log")
fail := func(userMessage, logMessage string, args ...interface{}) {
fmt.Fprintln(os.Stderr, "Gogs: ", userMessage)
log.GitLogger.Fatal(2, logMessage, args...)
fmt.Fprintln(os.Stderr, "Gogs:", userMessage)
log.GitLogger.Fatal(3, logMessage, args...)
}
if len(c.Args()) < 1 {
fail("Not enough arguments", "Not enough arguments")
}
keys := strings.Split(c.Args()[0], "-")
if len(keys) != 2 {
fail("key-id format error", "Invalid key id: %s", c.Args()[0])
}
keyId, err := com.StrTo(keys[1]).Int64()
if err != nil {
fail("key-id format error", "Invalid key id: %s", err)
}
user, err := models.GetUserByKeyId(keyId)
if err != nil {
fail("internal error", "Failed to get user by key ID(%d): %v", keyId, err)
}
cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
if cmd == "" {
fmt.Printf("Hi, %s! You've successfully authenticated, but Gogs does not provide shell access.\n", user.Name)
if user.IsAdmin {
println("If this is unexpected, please log in with password and setup Gogs under another user.")
}
if len(cmd) == 0 {
println("Hi there, You've successfully authenticated, but Gogs does not provide shell access.")
println("If this is unexpected, please log in with password and setup Gogs under another user.")
return
}
@ -121,7 +104,7 @@ func runServ(c *cli.Context) {
repoUser, err := models.GetUserByName(repoUserName)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
fail("Repository owner does not exist", "Unregistered owner: %s", repoUserName)
}
fail("Internal error", "Failed to get repository owner(%s): %v", repoUserName, err)
@ -130,11 +113,7 @@ func runServ(c *cli.Context) {
repo, err := models.GetRepositoryByName(repoUser.Id, repoName)
if err != nil {
if models.IsErrRepoNotExist(err) {
if user.Id == repoUser.Id || repoUser.IsOwnedBy(user.Id) {
fail("Repository does not exist", "Repository does not exist: %s/%s", repoUser.Name, repoName)
} else {
fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName)
}
fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName)
}
fail("Internal error", "Failed to get repository: %v", err)
}
@ -144,17 +123,39 @@ func runServ(c *cli.Context) {
fail("Unknown git command", "Unknown git command %s", verb)
}
mode, err := models.AccessLevel(user, repo)
if err != nil {
fail("Internal error", "Fail to check access: %v", err)
} else if mode < requestedMode {
clientMessage := _ACCESS_DENIED_MESSAGE
if mode >= models.ACCESS_MODE_READ {
clientMessage = "You do not have sufficient authorization for this action"
// Allow anonymous clone for public repositories.
var (
keyID int64
user *models.User
)
if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate {
keys := strings.Split(c.Args()[0], "-")
if len(keys) != 2 {
fail("key-id format error", "Invalid key id: %s", c.Args()[0])
}
keyID, err = com.StrTo(keys[1]).Int64()
if err != nil {
fail("key-id format error", "Invalid key id: %s", err)
}
user, err = models.GetUserByKeyId(keyID)
if err != nil {
fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
}
mode, err := models.AccessLevel(user, repo)
if err != nil {
fail("Internal error", "Fail to check access: %v", err)
} else if mode < requestedMode {
clientMessage := _ACCESS_DENIED_MESSAGE
if mode >= models.ACCESS_MODE_READ {
clientMessage = "You do not have sufficient authorization for this action"
}
fail(clientMessage,
"User %s does not have level %v access to repository %s",
user.Name, requestedMode, repoPath)
}
fail(clientMessage,
"User %s does not have level %v access to repository %s",
user.Name, requestedMode, repoPath)
}
uuid := uuid.NewV4().String()
@ -201,12 +202,15 @@ func runServ(c *cli.Context) {
}
// Update key activity.
key, err := models.GetPublicKeyById(keyId)
if err != nil {
fail("Internal error", "GetPublicKeyById: %v", err)
}
key.Updated = time.Now()
if err = models.UpdatePublicKey(key); err != nil {
fail("Internal error", "UpdatePublicKey: %v", err)
if keyID > 0 {
key, err := models.GetPublicKeyById(keyID)
if err != nil {
fail("Internal error", "GetPublicKeyById: %v", err)
}
key.Updated = time.Now()
if err = models.UpdatePublicKey(key); err != nil {
fail("Internal error", "UpdatePublicKey: %v", err)
}
}
}

View file

@ -17,7 +17,7 @@ import (
"github.com/gogits/gogs/modules/setting"
)
const APP_VER = "0.6.3.0802 Beta"
const APP_VER = "0.6.3.0805 Beta"
func init() {
runtime.GOMAXPROCS(runtime.NumCPU())

View file

@ -54,6 +54,20 @@ func (err ErrUserAlreadyExist) Error() string {
return fmt.Sprintf("user already exists: [name: %s]", err.Name)
}
type ErrUserNotExist struct {
UID int64
Name string
}
func IsErrUserNotExist(err error) bool {
_, ok := err.(ErrUserNotExist)
return ok
}
func (err ErrUserNotExist) Error() string {
return fmt.Sprintf("user does not exist: [uid: %d, name: %s]", err.UID, err.Name)
}
type ErrEmailAlreadyUsed struct {
Email string
}

View file

@ -57,7 +57,7 @@ type Issue struct {
func (i *Issue) GetPoster() (err error) {
i.Poster, err = GetUserById(i.PosterId)
if err == ErrUserNotExist {
if IsErrUserNotExist(err) {
i.Poster = &User{Name: "FakeUser"}
return nil
}
@ -92,7 +92,7 @@ func (i *Issue) GetAssignee() (err error) {
return nil
}
i.Assignee, err = GetUserById(i.AssigneeId)
if err == ErrUserNotExist {
if IsErrUserNotExist(err) {
return nil
}
return err

View file

@ -41,7 +41,7 @@ var (
var LoginTypes = map[LoginType]string{
LDAP: "LDAP",
SMTP: "SMTP",
PAM: "PAM",
PAM: "PAM",
}
// Ensure structs implemented interface.
@ -192,7 +192,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
// Now verify password.
if u.LoginType == PLAIN {
if !u.ValidatePassword(passwd) {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{u.Id, u.Name}
}
return u, nil
}
@ -229,7 +229,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
}
}
return nil, ErrUserNotExist
return nil, ErrUserNotExist{u.Id, u.Name}
}
var source LoginSource
@ -261,7 +261,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
if !logged {
// User not in LDAP, do nothing
return nil, ErrUserNotExist
return nil, ErrUserNotExist{u.Id, u.Name}
}
if !autoRegister {
return u, nil
@ -362,7 +362,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
if err := SmtpAuth(cfg.Host, cfg.Port, auth, cfg.TLS); err != nil {
if strings.Contains(err.Error(), "Username and Password not accepted") {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{u.Id, u.Name}
}
return nil, err
}
@ -397,7 +397,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
if strings.Contains(err.Error(), "Authentication failure") {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{u.Id, u.Name}
}
return nil, err
}

View file

@ -624,7 +624,7 @@ func GetRepositoriesWithUsers(num, offset int) ([]*Repository, error) {
if err != nil {
return nil, err
} else if !has {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{repo.OwnerId, ""}
}
}

View file

@ -36,7 +36,6 @@ const (
)
var (
ErrUserNotExist = errors.New("User does not exist")
ErrUserNotKeyOwner = errors.New("User does not the owner of public key")
ErrEmailNotExist = errors.New("E-mail does not exist")
ErrEmailNotActivated = errors.New("E-mail address has not been activated")
@ -555,7 +554,7 @@ func getUserById(e Engine, id int64) (*User, error) {
if err != nil {
return nil, err
} else if !has {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{id, ""}
}
return u, nil
}
@ -568,14 +567,14 @@ func GetUserById(id int64) (*User, error) {
// GetUserByName returns user by given name.
func GetUserByName(name string) (*User, error) {
if len(name) == 0 {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{0, name}
}
u := &User{LowerName: strings.ToLower(name)}
has, err := x.Get(u)
if err != nil {
return nil, err
} else if !has {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{0, name}
}
return u, nil
}
@ -700,7 +699,7 @@ func MakeEmailPrimary(email *EmailAddress) error {
if err != nil {
return err
} else if !has {
return ErrUserNotExist
return ErrUserNotExist{email.Uid, ""}
}
// Make sure the former primary email doesn't disappear
@ -763,7 +762,7 @@ func ValidateCommitsWithEmails(oldCommits *list.List) *list.List {
// GetUserByEmail returns the user object by given e-mail if exists.
func GetUserByEmail(email string) (*User, error) {
if len(email) == 0 {
return nil, ErrUserNotExist
return nil, ErrUserNotExist{0, "email"}
}
// First try to find the user by primary email
user := &User{Email: strings.ToLower(email)}
@ -785,7 +784,7 @@ func GetUserByEmail(email string) (*User, error) {
return GetUserById(emailAddress.Uid)
}
return nil, ErrUserNotExist
return nil, ErrUserNotExist{0, "email"}
}
// SearchUserByName returns given number of users whose name contains keyword.

View file

@ -55,7 +55,7 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
}
if id, ok := uid.(int64); ok {
if _, err := models.GetUserById(id); err != nil {
if err != models.ErrUserNotExist {
if !models.IsErrUserNotExist(err) {
log.Error(4, "GetUserById: %v", err)
}
return 0
@ -80,7 +80,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
if len(webAuthUser) > 0 {
u, err := models.GetUserByName(webAuthUser)
if err != nil {
if err != models.ErrUserNotExist {
if !models.IsErrUserNotExist(err) {
log.Error(4, "GetUserByName: %v", err)
return nil, false
}
@ -115,7 +115,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
u, err := models.UserSignIn(uname, passwd)
if err != nil {
if err != models.ErrUserNotExist {
if !models.IsErrUserNotExist(err) {
log.Error(4, "UserSignIn: %v", err)
}
return nil, false

View file

@ -34,7 +34,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
var err error
ctx.Org.Organization, err = models.GetUserByName(orgName)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Handle(404, "GetUserByName", err)
} else if redirect {
log.Error(4, "GetUserByName", err)

View file

@ -41,7 +41,7 @@ func ApiRepoAssignment() macaron.Handler {
} else {
u, err = models.GetUserByName(userName)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
} else {
ctx.JSON(500, &base.ApiJsonErr{"GetUserByName: " + err.Error(), base.DOC_URL})
@ -217,7 +217,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
} else {
u, err = models.GetUserByName(userName)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Handle(404, "GetUserByName", err)
} else {
ctx.Handle(500, "GetUserByName", err)

View file

@ -139,7 +139,7 @@ func CreateRepo(ctx *middleware.Context, opt api.CreateRepoOption) {
func CreateOrgRepo(ctx *middleware.Context, opt api.CreateRepoOption) {
org, err := models.GetOrgByName(ctx.Params(":org"))
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
} else {
ctx.Error(500)
@ -157,7 +157,7 @@ func CreateOrgRepo(ctx *middleware.Context, opt api.CreateRepoOption) {
func MigrateRepo(ctx *middleware.Context, form auth.MigrateRepoForm) {
u, err := models.GetUserByName(ctx.Query("username"))
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.HandleAPI(422, err)
} else {
ctx.HandleAPI(500, err)
@ -174,7 +174,7 @@ func MigrateRepo(ctx *middleware.Context, form auth.MigrateRepoForm) {
if form.Uid != u.Id {
org, err := models.GetUserById(form.Uid)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.HandleAPI(422, err)
} else {
ctx.HandleAPI(500, err)

View file

@ -61,7 +61,7 @@ func SearchUsers(ctx *middleware.Context) {
func GetUserInfo(ctx *middleware.Context) {
u, err := models.GetUserByName(ctx.Params(":username"))
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
} else {
ctx.JSON(500, &base.ApiJsonErr{"GetUserByName: " + err.Error(), base.DOC_URL})

View file

@ -100,7 +100,7 @@ func Invitation(ctx *middleware.Context) {
uname := ctx.Query("uname")
u, err := models.GetUserByName(uname)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
ctx.Redirect(ctx.Org.OrgLink + "/invitations/new")
} else {

View file

@ -77,7 +77,7 @@ func TeamsAction(ctx *middleware.Context) {
var u *models.User
u, err = models.GetUserByName(uname)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + ctx.Org.Team.LowerName)
} else {

View file

@ -55,7 +55,7 @@ func Http(ctx *middleware.Context) {
repoUser, err := models.GetUserByName(username)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Handle(404, "GetUserByName", nil)
} else {
ctx.Handle(500, "GetUserByName", err)
@ -107,7 +107,7 @@ func Http(ctx *middleware.Context) {
authUser, err = models.UserSignIn(authUsername, authPasswd)
if err != nil {
if err != models.ErrUserNotExist {
if !models.IsErrUserNotExist(err) {
ctx.Handle(500, "UserSignIn error: %v", err)
return
}

View file

@ -35,7 +35,7 @@ func checkContextUser(ctx *middleware.Context, uid int64) *models.User {
}
org, err := models.GetUserById(uid)
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
return ctx.User
}

View file

@ -118,7 +118,7 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
}
if _, err = models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
} else {
ctx.Handle(500, "UserSignIn", err)
@ -151,7 +151,7 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
}
if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
} else {
ctx.Handle(500, "UserSignIn", err)
@ -185,7 +185,7 @@ func SettingsCollaboration(ctx *middleware.Context) {
u, err := models.GetUserByName(name)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
ctx.Redirect(setting.AppSubUrl + ctx.Req.URL.Path)
} else {

View file

@ -60,7 +60,7 @@ func SignIn(ctx *middleware.Context) {
u, err := models.GetUserByName(uname)
if err != nil {
if err != models.ErrUserNotExist {
if !models.IsErrUserNotExist(err) {
ctx.Handle(500, "GetUserByName", err)
} else {
ctx.HTML(200, SIGNIN)
@ -105,7 +105,7 @@ func SignInPost(ctx *middleware.Context, form auth.SignInForm) {
u, err := models.UserSignIn(form.UserName, form.Password)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), SIGNIN, &form)
} else {
ctx.Handle(500, "UserSignIn", err)
@ -328,7 +328,7 @@ func Activate(ctx *middleware.Context) {
user.IsActive = true
user.Rands = models.GetUserSalt()
if err := models.UpdateUser(user); err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
} else {
ctx.Handle(500, "UpdateUser", err)
@ -391,7 +391,7 @@ func ForgotPasswdPost(ctx *middleware.Context) {
email := ctx.Query("email")
u, err := models.GetUserByEmail(email)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Data["Err_Email"] = true
ctx.RenderWithErr(ctx.Tr("auth.email_not_associate"), FORGOT_PASSWORD, nil)
} else {

View file

@ -38,7 +38,7 @@ func Dashboard(ctx *middleware.Context) {
// Organization.
org, err := models.GetUserByName(orgName)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Handle(404, "GetUserByName", err)
} else {
ctx.Handle(500, "GetUserByName", err)
@ -115,7 +115,7 @@ func Dashboard(ctx *middleware.Context) {
// FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
continue
}
ctx.Handle(500, "GetUserByName", err)
@ -176,7 +176,7 @@ func Profile(ctx *middleware.Context) {
u, err := models.GetUserByName(uname)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
ctx.Handle(404, "GetUserByName", err)
} else {
ctx.Handle(500, "GetUserByName", err)
@ -223,7 +223,7 @@ func Profile(ctx *middleware.Context) {
// FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName)
if err != nil {
if err == models.ErrUserNotExist {
if models.IsErrUserNotExist(err) {
continue
}
ctx.Handle(500, "GetUserByName", err)
@ -247,10 +247,10 @@ func Profile(ctx *middleware.Context) {
func Email2User(ctx *middleware.Context) {
u, err := models.GetUserByEmail(ctx.Query("email"))
if err != nil {
if err == models.ErrUserNotExist {
ctx.Handle(404, "user.Email2User(GetUserByEmail)", err)
if models.IsErrUserNotExist(err) {
ctx.Handle(404, "GetUserByEmail", err)
} else {
ctx.Handle(500, "user.Email2User(GetUserByEmail)", err)
ctx.Handle(500, "GetUserByEmail", err)
}
return
}

View file

@ -1 +1 @@
0.6.3.0802 Beta
0.6.3.0805 Beta