From 129b0d6a4b408555c579e7ccb2fb15d3d8fcef29 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Wed, 29 Mar 2017 12:57:43 +0200 Subject: [PATCH] Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION (#1369) * Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION Omit the configuration variable (the default) to be dependent. Fixes #1363 * Move OpenID settings under Service object * Show OpenID SignUp and SignIn status in admin panel / configuration --- cmd/web.go | 4 +-- conf/app.ini | 3 +- modules/context/context.go | 2 +- modules/setting/setting.go | 50 +++++++++++++++++---------------- options/locale/locale_en-US.ini | 2 ++ routers/user/auth_openid.go | 20 ++++++------- templates/admin/config.tmpl | 4 +++ 7 files changed, 47 insertions(+), 38 deletions(-) diff --git a/cmd/web.go b/cmd/web.go index 3a20191bc..1f2561ca6 100644 --- a/cmd/web.go +++ b/cmd/web.go @@ -200,7 +200,7 @@ func runWeb(ctx *cli.Context) error { m.Group("/user", func() { m.Get("/login", user.SignIn) m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost) - if setting.EnableOpenIDSignIn { + if setting.Service.EnableOpenIDSignIn { m.Combo("/login/openid"). Get(user.SignInOpenID). Post(bindIgnErr(auth.SignInOpenIDForm{}), user.SignInOpenIDPost) @@ -243,7 +243,7 @@ func runWeb(ctx *cli.Context) error { m.Post("/email/delete", user.DeleteEmail) m.Get("/password", user.SettingsPassword) m.Post("/password", bindIgnErr(auth.ChangePasswordForm{}), user.SettingsPasswordPost) - if setting.EnableOpenIDSignIn { + if setting.Service.EnableOpenIDSignIn { m.Group("/openid", func() { m.Combo("").Get(user.SettingsOpenID). Post(bindIgnErr(auth.AddOpenIDForm{}), user.SettingsOpenIDPost) diff --git a/conf/app.ini b/conf/app.ini index 32791ed16..07c3a1d21 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -203,7 +203,8 @@ IMPORT_LOCAL_PATHS = false ; Whether to allow signin in via OpenID ENABLE_OPENID_SIGNIN = true ; Whether to allow registering via OpenID -ENABLE_OPENID_SIGNUP = true +; Do not include to rely on DISABLE_REGISTRATION setting +;ENABLE_OPENID_SIGNUP = true ; Allowed URI patterns (POSIX regexp). ; Space separated. ; Only these would be allowed if non-blank. diff --git a/modules/context/context.go b/modules/context/context.go index 52e50af6a..e96bf5bd3 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -197,7 +197,7 @@ func Contexter() macaron.Handler { ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion - ctx.Data["EnableOpenIDSignIn"] = setting.EnableOpenIDSignIn + ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn c.Map(ctx) } diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 8c45e61e8..59cc755d0 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -121,12 +121,6 @@ var ( MinPasswordLength int ImportLocalPaths bool - // OpenID settings - EnableOpenIDSignIn bool - EnableOpenIDSignUp bool - OpenIDWhitelist []*regexp.Regexp - OpenIDBlacklist []*regexp.Regexp - // Database settings UseSQLite3 bool UseMySQL bool @@ -758,24 +752,6 @@ please consider changing to GITEA_CUSTOM`) MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) - sec = Cfg.Section("openid") - EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(true) - EnableOpenIDSignUp = sec.Key("ENABLE_OPENID_SIGNUP").MustBool(true) - pats := sec.Key("WHITELISTED_URIS").Strings(" ") - if len(pats) != 0 { - OpenIDWhitelist = make([]*regexp.Regexp, len(pats)) - for i, p := range pats { - OpenIDWhitelist[i] = regexp.MustCompilePOSIX(p) - } - } - pats = sec.Key("BLACKLISTED_URIS").Strings(" ") - if len(pats) != 0 { - OpenIDBlacklist = make([]*regexp.Regexp, len(pats)) - for i, p := range pats { - OpenIDBlacklist[i] = regexp.MustCompilePOSIX(p) - } - } - sec = Cfg.Section("attachment") AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments")) if !filepath.IsAbs(AttachmentPath) { @@ -939,6 +915,13 @@ var Service struct { EnableCaptcha bool DefaultKeepEmailPrivate bool NoReplyAddress string + + // OpenID settings + EnableOpenIDSignIn bool + EnableOpenIDSignUp bool + OpenIDWhitelist []*regexp.Regexp + OpenIDBlacklist []*regexp.Regexp + } func newService() { @@ -953,6 +936,25 @@ func newService() { Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool() Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool() Service.NoReplyAddress = sec.Key("NO_REPLY_ADDRESS").MustString("noreply.example.org") + + sec = Cfg.Section("openid") + Service.EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(true) + Service.EnableOpenIDSignUp = sec.Key("ENABLE_OPENID_SIGNUP").MustBool(!Service.DisableRegistration) + pats := sec.Key("WHITELISTED_URIS").Strings(" ") + if len(pats) != 0 { + Service.OpenIDWhitelist = make([]*regexp.Regexp, len(pats)) + for i, p := range pats { + Service.OpenIDWhitelist[i] = regexp.MustCompilePOSIX(p) + } + } + pats = sec.Key("BLACKLISTED_URIS").Strings(" ") + if len(pats) != 0 { + Service.OpenIDBlacklist = make([]*regexp.Regexp, len(pats)) + for i, p := range pats { + Service.OpenIDBlacklist[i] = regexp.MustCompilePOSIX(p) + } + } + } var logLevels = map[string]string{ diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 225107596..80260d4b7 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -1211,6 +1211,8 @@ config.db_path_helper = (for "sqlite3" and "tidb") config.service_config = Service Configuration config.register_email_confirm = Require Email Confirmation config.disable_register = Disable Registration +config.enable_openid_signup = Enable Registration via OpenID +config.enable_openid_signin = Enable OpenID Sign In config.show_registration_button = Show Register Button config.require_sign_in_view = Require Sign In View config.mail_notify = Mail Notification diff --git a/routers/user/auth_openid.go b/routers/user/auth_openid.go index c5575814f..7d4df342e 100644 --- a/routers/user/auth_openid.go +++ b/routers/user/auth_openid.go @@ -68,8 +68,8 @@ func allowedOpenIDURI(uri string) (err error) { // In case a Whitelist is present, URI must be in it // in order to be accepted - if len(setting.OpenIDWhitelist) != 0 { - for _, pat := range setting.OpenIDWhitelist { + if len(setting.Service.OpenIDWhitelist) != 0 { + for _, pat := range setting.Service.OpenIDWhitelist { if pat.MatchString(uri) { return nil // pass } @@ -79,7 +79,7 @@ func allowedOpenIDURI(uri string) (err error) { } // A blacklist match expliclty forbids - for _, pat := range setting.OpenIDBlacklist { + for _, pat := range setting.Service.OpenIDBlacklist { if pat.MatchString(uri) { return fmt.Errorf("URI forbidden by blacklist") } @@ -231,7 +231,7 @@ func signInOpenIDVerify(ctx *context.Context) { ctx.Session.Set("openid_determined_username", nickname) - if u != nil || !setting.EnableOpenIDSignUp { + if u != nil || !setting.Service.EnableOpenIDSignUp { ctx.Redirect(setting.AppSubURL + "/user/openid/connect") } else { ctx.Redirect(setting.AppSubURL + "/user/openid/register") @@ -248,7 +248,7 @@ func ConnectOpenID(ctx *context.Context) { ctx.Data["Title"] = "OpenID connect" ctx.Data["PageIsSignIn"] = true ctx.Data["PageIsOpenIDConnect"] = true - ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp + ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp ctx.Data["OpenID"] = oid userName, _ := ctx.Session.Get("openid_determined_username").(string) if userName != "" { @@ -267,7 +267,7 @@ func ConnectOpenIDPost(ctx *context.Context, form auth.ConnectOpenIDForm) { ctx.Data["Title"] = "OpenID connect" ctx.Data["PageIsSignIn"] = true ctx.Data["PageIsOpenIDConnect"] = true - ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp + ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp ctx.Data["OpenID"] = oid u, err := models.UserSignIn(form.UserName, form.Password) @@ -300,7 +300,7 @@ func ConnectOpenIDPost(ctx *context.Context, form auth.ConnectOpenIDForm) { // RegisterOpenID shows a form to create a new user authenticated via an OpenID URI func RegisterOpenID(ctx *context.Context) { - if !setting.EnableOpenIDSignUp { + if !setting.Service.EnableOpenIDSignUp { ctx.Error(403) return } @@ -312,7 +312,7 @@ func RegisterOpenID(ctx *context.Context) { ctx.Data["Title"] = "OpenID signup" ctx.Data["PageIsSignIn"] = true ctx.Data["PageIsOpenIDRegister"] = true - ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp + ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha ctx.Data["OpenID"] = oid userName, _ := ctx.Session.Get("openid_determined_username").(string) @@ -328,7 +328,7 @@ func RegisterOpenID(ctx *context.Context) { // RegisterOpenIDPost handles submission of a form to create a new user authenticated via an OpenID URI func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.SignUpOpenIDForm) { - if !setting.EnableOpenIDSignUp { + if !setting.Service.EnableOpenIDSignUp { ctx.Error(403) return } @@ -341,7 +341,7 @@ func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.Si ctx.Data["Title"] = "OpenID signup" ctx.Data["PageIsSignIn"] = true ctx.Data["PageIsOpenIDRegister"] = true - ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp + ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha ctx.Data["OpenID"] = oid diff --git a/templates/admin/config.tmpl b/templates/admin/config.tmpl index 225c23b97..7348ab7b9 100644 --- a/templates/admin/config.tmpl +++ b/templates/admin/config.tmpl @@ -114,6 +114,10 @@
{{.i18n.Tr "admin.config.show_registration_button"}}
+
{{.i18n.Tr "admin.config.enable_openid_signup"}}
+
+
{{.i18n.Tr "admin.config.enable_openid_signin"}}
+
{{.i18n.Tr "admin.config.require_sign_in_view"}}
{{.i18n.Tr "admin.config.mail_notify"}}