meissa
/
forgejo
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
forgejo-federated-star
forgejo
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9066d09c57'
${ noResults }
forgejo/modules
History
Wim 9066d09c57
Add ssh certificate support (#12281) 
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Fix linting issue

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
 		4 years ago
..
analyze Exclude generated files from language statistics (#11653) 4 years ago
auth hCaptcha Support (#12594) 4 years ago
avatar Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) 4 years ago
base Use a simple format for the big number on ui (#12822) 4 years ago
cache Allow common redis and leveldb connections (#12385) 4 years ago
charset Ensure that the detected charset order is set in chardet test (#12574) 4 years ago
context Return sample message for login error in api context (#12994) 4 years ago
convert [#13004] Add Timestamp to Tag list API (#13026) 4 years ago
cron Add ssh certificate support (#12281) 4 years ago
emoji Fix emoji detection in certain cases (#12320) 4 years ago
eventsource Move EventSource to SharedWorker (#12095) 4 years ago
generate Add gitea-vet (#10948) 4 years ago
git Cache last commit when pushing for big repository (#10109) 4 years ago
gitgraph Render the git graph on the server (#12333) 4 years ago
graceful Set TLS minimum version to 1.2 (#12689) 4 years ago
hcaptcha hCaptcha Support (#12594) 4 years ago
highlight Escape failed highlighted code (#12685) 4 years ago
httplib Add golangci (#6418) 5 years ago
indexer fix: use Base36 for all code indexers (#12830) 4 years ago
lfs LFS support to be stored on minio (#12518) 4 years ago
log Re-attempt to delete temporary upload if the file is locked by another process (#12447) 4 years ago
markup fix: media links in org files not liked to media files (#12997) 4 years ago
metrics Prometheus endpoint (#5256) 6 years ago
migrations Hopefully support GH enterprise (#12863) 4 years ago
nosql Allow common redis and leveldb connections (#12385) 4 years ago
notification Fix repository create/delete event webhooks (#13008) 4 years ago
options Rename scripts to build and add revive command as a new build tool command (#10942) 4 years ago
password Check passwords against HaveIBeenPwned (#12716) 4 years ago
pprof Add golangci (#6418) 5 years ago
private Rename models.ProtectedBranchRepoID to models.EnvRepoID and ensure EnvPusherEmail is set (#12646) 4 years ago
process Only write to global gitconfig if necessary (#11876) 4 years ago
public fix go1.15 lint error in modules/public/public.go (#12707) 4 years ago
queue Fix the issue reported on #12385 (#12969) 4 years ago
recaptcha hCaptcha Support (#12594) 4 years ago
references Add spent time to referenced issue in commit message (#12220) 4 years ago
repofiles Add configurable Trust Models (#11712) 4 years ago
repository Cache last commit when pushing for big repository (#10109) 4 years ago
secret Attachments: Add extension support, allow all types for releases (#12465) 4 years ago
session Allow common redis and leveldb connections (#12385) 4 years ago
setting Add ssh certificate support (#12281) 4 years ago
ssh Add ssh certificate support (#12281) 4 years ago
storage Add default storage configurations (#12813) 4 years ago
structs [#13004] Add Timestamp to Tag list API (#13026) 4 years ago
svg Fix filepath basename on Windows for SVG bindata (#12241) 4 years ago
sync Fix missing unlock in uniquequeue (#9790) 5 years ago
task [API] Migration: Change ServiceType String (#12672) 4 years ago
templates Use a simple format for the big number on ui (#12822) 4 years ago
test Macaron 1.5 (#12596) 4 years ago
timeutil Fix timezone on issue deadline (#11697) 4 years ago
upload Fix attachments list in edit comment (#13036) 4 years ago
user Add gitea-vet (#10948) 4 years ago
util Completely quote AppPath and CustomConf paths (#12955) 4 years ago
validation [API] Get a single commit via Ref (#10915) 4 years ago
webhook Fix line break for MS teams webhook (#13081) 4 years ago