mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Allow options to disable user ssh keys configuration from the interface on app.ini (#29447)
Follow #29275 Extract from #20549 Fix #24716 --------- Co-authored-by: delvh <dev.lh@web.de>
This commit is contained in:
		| @@ -1480,8 +1480,9 @@ LEVEL = Info | |||||||
| ;; | ;; | ||||||
| ;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled | ;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled | ||||||
| ;DEFAULT_EMAIL_NOTIFICATIONS = enabled | ;DEFAULT_EMAIL_NOTIFICATIONS = enabled | ||||||
| ;; Disabled features for users, could be "deletion","manage_gpg_keys" more features can be disabled in future | ;; Disabled features for users, could be "deletion", "manage_ssh_keys","manage_gpg_keys" more features can be disabled in future | ||||||
| ;; - deletion: a user cannot delete their own account | ;; - deletion: a user cannot delete their own account | ||||||
|  | ;; - manage_ssh_keys: a user cannot configure ssh keys | ||||||
| ;; - manage_gpg_keys: a user cannot configure gpg keys | ;; - manage_gpg_keys: a user cannot configure gpg keys | ||||||
| ;USER_DISABLED_FEATURES = | ;USER_DISABLED_FEATURES = | ||||||
|  |  | ||||||
|   | |||||||
| @@ -518,9 +518,10 @@ And the following unique queues: | |||||||
|  |  | ||||||
| - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled | - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled | ||||||
| - `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations. | - `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations. | ||||||
| - `USER_DISABLED_FEATURES`: **_empty_** Disabled features for users, could be `deletion`, `manage_gpg_keys` and more features can be added in future. | - `USER_DISABLED_FEATURES`: **_empty_** Disabled features for users, could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys` and more features can be added in future. | ||||||
|   - `deletion`: User cannot delete their own account. |   - `deletion`: User cannot delete their own account. | ||||||
|   - `manage_gpg_keys`: User cannot configure gpg keys |   - `manage_ssh_keys`: User cannot configure ssh keys. | ||||||
|  |   - `manage_gpg_keys`: User cannot configure gpg keys. | ||||||
|  |  | ||||||
| ## Security (`security`) | ## Security (`security`) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -497,9 +497,10 @@ Gitea 创建以下非唯一队列: | |||||||
|  |  | ||||||
| - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**:用户电子邮件通知的默认配置(用户可配置)。选项:enabled、onmention、disabled | - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**:用户电子邮件通知的默认配置(用户可配置)。选项:enabled、onmention、disabled | ||||||
| - `DISABLE_REGULAR_ORG_CREATION`: **false**:禁止普通(非管理员)用户创建组织。 | - `DISABLE_REGULAR_ORG_CREATION`: **false**:禁止普通(非管理员)用户创建组织。 | ||||||
| - `USER_DISABLED_FEATURES`:**_empty_** 禁用的用户特性,当前允许为空或者 `deletion`,`manage_gpg_keys` 未来可以增加更多设置。 | - `USER_DISABLED_FEATURES`:**_empty_** 禁用的用户特性,当前允许为空或者 `deletion`,`manage_ssh_keys`, `manage_gpg_keys` 未来可以增加更多设置。 | ||||||
|   - `deletion`: 用户不能通过界面或者API删除他自己。 |   - `deletion`: 用户不能通过界面或者API删除他自己。 | ||||||
|   - `manage_gpg_keys`: 用户不能配置 GPG 密钥 |   - `manage_ssh_keys`: 用户不能通过界面或者API配置SSH Keys。 | ||||||
|  |   - `manage_gpg_keys`: 用户不能配置 GPG 密钥。 | ||||||
|  |  | ||||||
| ## 安全性 (`security`) | ## 安全性 (`security`) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -21,5 +21,6 @@ func loadAdminFrom(rootCfg ConfigProvider) { | |||||||
|  |  | ||||||
| const ( | const ( | ||||||
| 	UserFeatureDeletion      = "deletion" | 	UserFeatureDeletion      = "deletion" | ||||||
|  | 	UserFeatureManageSSHKeys = "manage_ssh_keys" | ||||||
| 	UserFeatureManageGPGKeys = "manage_gpg_keys" | 	UserFeatureManageGPGKeys = "manage_gpg_keys" | ||||||
| ) | ) | ||||||
|   | |||||||
| @@ -5,6 +5,7 @@ package user | |||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	std_ctx "context" | 	std_ctx "context" | ||||||
|  | 	"fmt" | ||||||
| 	"net/http" | 	"net/http" | ||||||
|  |  | ||||||
| 	asymkey_model "code.gitea.io/gitea/models/asymkey" | 	asymkey_model "code.gitea.io/gitea/models/asymkey" | ||||||
| @@ -198,6 +199,11 @@ func GetPublicKey(ctx *context.APIContext) { | |||||||
|  |  | ||||||
| // CreateUserPublicKey creates new public key to given user by ID. | // CreateUserPublicKey creates new public key to given user by ID. | ||||||
| func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) { | func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) { | ||||||
|  | 	if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { | ||||||
|  | 		ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  |  | ||||||
| 	content, err := asymkey_model.CheckPublicKeyString(form.Key) | 	content, err := asymkey_model.CheckPublicKeyString(form.Key) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		repo.HandleCheckKeyStringError(ctx, err) | 		repo.HandleCheckKeyStringError(ctx, err) | ||||||
| @@ -263,6 +269,11 @@ func DeletePublicKey(ctx *context.APIContext) { | |||||||
| 	//   "404": | 	//   "404": | ||||||
| 	//     "$ref": "#/responses/notFound" | 	//     "$ref": "#/responses/notFound" | ||||||
|  |  | ||||||
|  | 	if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { | ||||||
|  | 		ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  |  | ||||||
| 	id := ctx.ParamsInt64(":id") | 	id := ctx.ParamsInt64(":id") | ||||||
| 	externallyManaged, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, id) | 	externallyManaged, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, id) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
|   | |||||||
| @@ -159,6 +159,11 @@ func KeysPost(ctx *context.Context) { | |||||||
| 		ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID)) | 		ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID)) | ||||||
| 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys") | 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys") | ||||||
| 	case "ssh": | 	case "ssh": | ||||||
|  | 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { | ||||||
|  | 			ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) | ||||||
|  | 			return | ||||||
|  | 		} | ||||||
|  |  | ||||||
| 		content, err := asymkey_model.CheckPublicKeyString(form.Content) | 		content, err := asymkey_model.CheckPublicKeyString(form.Content) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			if db.IsErrSSHDisabled(err) { | 			if db.IsErrSSHDisabled(err) { | ||||||
| @@ -198,6 +203,11 @@ func KeysPost(ctx *context.Context) { | |||||||
| 		ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title)) | 		ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title)) | ||||||
| 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys") | 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys") | ||||||
| 	case "verify_ssh": | 	case "verify_ssh": | ||||||
|  | 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { | ||||||
|  | 			ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) | ||||||
|  | 			return | ||||||
|  | 		} | ||||||
|  |  | ||||||
| 		token := asymkey_model.VerificationToken(ctx.Doer, 1) | 		token := asymkey_model.VerificationToken(ctx.Doer, 1) | ||||||
| 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0) | 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0) | ||||||
|  |  | ||||||
| @@ -240,6 +250,11 @@ func DeleteKey(ctx *context.Context) { | |||||||
| 			ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success")) | 			ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success")) | ||||||
| 		} | 		} | ||||||
| 	case "ssh": | 	case "ssh": | ||||||
|  | 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { | ||||||
|  | 			ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) | ||||||
|  | 			return | ||||||
|  | 		} | ||||||
|  |  | ||||||
| 		keyID := ctx.FormInt64("id") | 		keyID := ctx.FormInt64("id") | ||||||
| 		external, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, keyID) | 		external, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, keyID) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| @@ -318,4 +333,5 @@ func loadKeysData(ctx *context.Context) { | |||||||
|  |  | ||||||
| 	ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg") | 	ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg") | ||||||
| 	ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh") | 	ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh") | ||||||
|  | 	ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures | ||||||
| } | } | ||||||
|   | |||||||
| @@ -1,6 +1,8 @@ | |||||||
| {{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings sshkeys")}} | {{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings sshkeys")}} | ||||||
| 	<div class="user-setting-content"> | 	<div class="user-setting-content"> | ||||||
|  | 		{{if not ($.UserDisabledFeatures.Contains "manage_ssh_keys")}} | ||||||
| 			{{template "user/settings/keys_ssh" .}} | 			{{template "user/settings/keys_ssh" .}} | ||||||
|  | 		{{end}} | ||||||
| 		{{template "user/settings/keys_principal" .}} | 		{{template "user/settings/keys_principal" .}} | ||||||
| 		{{if not ($.UserDisabledFeatures.Contains "manage_gpg_keys")}} | 		{{if not ($.UserDisabledFeatures.Contains "manage_gpg_keys")}} | ||||||
| 		{{template "user/settings/keys_gpg" .}} | 		{{template "user/settings/keys_gpg" .}} | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user