Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Respect DefaultUserIsRestricted system default when creating new user #19310

Merged
merged 15 commits into from
Apr 29, 2022
Merged

Respect DefaultUserIsRestricted system default when creating new user #19310

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
9020faa
Apply DefaultUserIsRestricted in CreateUser
jpraet Apr 1, 2022
1f8710e
Enforce system defaults in CreateUser
jpraet Apr 2, 2022
4172f3f
Fix compilation errors
jpraet Apr 2, 2022
f747cdd
Add "restricted" option to create user command
jpraet Apr 2, 2022
a795e55
Add "restricted" option to create user admin api
jpraet Apr 2, 2022
5ceff35
Merge branch 'main' into create-user-system-defaults
jpraet Apr 4, 2022
a8dc6ec
Merge branch 'main' into create-user-system-defaults
jpraet Apr 10, 2022
ee95d3e
Respect default setting.Service.RegisterEmailConfirm and setting.Serv…
jpraet Apr 10, 2022
c481b65
Merge branch 'main' into create-user-system-defaults
jpraet Apr 22, 2022
dd8f66d
Merge branch 'main' into create-user-system-defaults
jpraet Apr 25, 2022
dc26370
Merge branch 'master' into create-user-system-defaults
jpraet Apr 26, 2022
5574ad1
Revert "Respect default setting.Service.RegisterEmailConfirm and sett…
jpraet Apr 26, 2022
a2e3b13
Merge branch 'main' into create-user-system-defaults
jpraet Apr 27, 2022
1a086b8
Merge branch 'main' into create-user-system-defaults
jpraet Apr 28, 2022
fb9ba55
Merge branch 'main' into create-user-system-defaults
jpraet Apr 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 17 additions & 3 deletions cmd/admin.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
repo_module "code.gitea.io/gitea/modules/repository"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
"code.gitea.io/gitea/modules/util"
auth_service "code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/auth/source/oauth2"
"code.gitea.io/gitea/services/auth/source/smtp"
Expand Down Expand Up @@ -114,6 +115,10 @@ var (
Name: "access-token",
Usage: "Generate access token for the user",
},
cli.BoolFlag{
Name: "restricted",
Usage: "Make a restricted user account",
},
},
}

Expand Down Expand Up @@ -559,17 +564,26 @@ func runCreateUser(c *cli.Context) error {
changePassword = c.Bool("must-change-password")
}

restricted := util.OptionalBoolNone

if c.IsSet("restricted") {
restricted = util.OptionalBoolOf(c.Bool("restricted"))
}

u := &user_model.User{
Name: username,
Email: c.String("email"),
Passwd: password,
IsActive: true,
IsAdmin: c.Bool("admin"),
MustChangePassword: changePassword,
Theme: setting.UI.DefaultTheme,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why default theme is removed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Already applied by default in CreateUser:

gitea/models/user/user.go

Line 646 in 5574ad1

u.Theme = setting.UI.DefaultTheme

}

if err := user_model.CreateUser(u); err != nil {
overwriteDefault := &user_model.CreateUserOverwriteOptions{
IsActive: util.OptionalBoolTrue,
zeripath marked this conversation as resolved.
Show resolved Hide resolved
IsRestricted: restricted,
}

if err := user_model.CreateUser(u, overwriteDefault); err != nil {
return fmt.Errorf("CreateUser: %v", err)
}

Expand Down
37 changes: 35 additions & 2 deletions models/user/user.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -621,7 +621,14 @@ func IsUsableUsername(name string) error {

// CreateUserOverwriteOptions are an optional options who overwrite system defaults on user creation
type CreateUserOverwriteOptions struct {
Visibility structs.VisibleType
KeepEmailPrivate util.OptionalBool
Visibility *structs.VisibleType
AllowCreateOrganization util.OptionalBool
EmailNotificationsPreference *string
MaxRepoCreation *int
Theme *string
IsRestricted util.OptionalBool
IsActive util.OptionalBool
}

// CreateUser creates record of a new user.
Expand All @@ -637,10 +644,36 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e
u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
u.MaxRepoCreation = -1
u.Theme = setting.UI.DefaultTheme
u.IsRestricted = setting.Service.DefaultUserIsRestricted
u.IsActive = !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm)

// overwrite defaults if set
if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {
u.Visibility = overwriteDefault[0].Visibility
overwrite := overwriteDefault[0]
if !overwrite.KeepEmailPrivate.IsNone() {
u.KeepEmailPrivate = overwrite.KeepEmailPrivate.IsTrue()
}
if overwrite.Visibility != nil {
u.Visibility = *overwrite.Visibility
}
if !overwrite.AllowCreateOrganization.IsNone() {
u.AllowCreateOrganization = overwrite.AllowCreateOrganization.IsTrue()
}
if overwrite.EmailNotificationsPreference != nil {
u.EmailNotificationsPreference = *overwrite.EmailNotificationsPreference
}
if overwrite.MaxRepoCreation != nil {
u.MaxRepoCreation = *overwrite.MaxRepoCreation
}
if overwrite.Theme != nil {
u.Theme = *overwrite.Theme
}
if !overwrite.IsRestricted.IsNone() {
u.IsRestricted = overwrite.IsRestricted.IsTrue()
}
if !overwrite.IsActive.IsNone() {
u.IsActive = overwrite.IsActive.IsTrue()
}
}

// validate data
Expand Down
1 change: 1 addition & 0 deletions modules/structs/admin_user.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ type CreateUserOption struct {
Password string `json:"password" binding:"Required;MaxSize(255)"`
MustChangePassword *bool `json:"must_change_password"`
SendNotify bool `json:"send_notify"`
Restricted *bool `json:"restricted"`
Visibility string `json:"visibility" binding:"In(,public,limited,private)"`
}

Expand Down
16 changes: 11 additions & 5 deletions routers/api/v1/admin/user.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/routers/api/v1/user"
"code.gitea.io/gitea/routers/api/v1/utils"
Expand Down Expand Up @@ -82,7 +83,6 @@ func CreateUser(ctx *context.APIContext) {
Email: form.Email,
Passwd: form.Password,
MustChangePassword: true,
IsActive: true,
LoginType: auth.Plain,
}
if form.MustChangePassword != nil {
Expand All @@ -108,11 +108,17 @@ func CreateUser(ctx *context.APIContext) {
return
}

var overwriteDefault *user_model.CreateUserOverwriteOptions
overwriteDefault := &user_model.CreateUserOverwriteOptions{
IsActive: util.OptionalBoolTrue,
jpraet marked this conversation as resolved.
Show resolved Hide resolved
}

if form.Restricted != nil {
overwriteDefault.IsRestricted = util.OptionalBoolOf(*form.Restricted)
}

if form.Visibility != "" {
overwriteDefault = &user_model.CreateUserOverwriteOptions{
Visibility: api.VisibilityModes[form.Visibility],
}
visibility := api.VisibilityModes[form.Visibility]
overwriteDefault.Visibility = &visibility
}

if err := user_model.CreateUser(u, overwriteDefault); err != nil {
Expand Down
16 changes: 10 additions & 6 deletions routers/install/install.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -499,13 +499,17 @@ func SubmitInstall(ctx *context.Context) {
// Create admin account
if len(form.AdminName) > 0 {
u := &user_model.User{
Name: form.AdminName,
Email: form.AdminEmail,
Passwd: form.AdminPasswd,
IsAdmin: true,
IsActive: true,
Name: form.AdminName,
Email: form.AdminEmail,
Passwd: form.AdminPasswd,
IsAdmin: true,
}
if err = user_model.CreateUser(u); err != nil {
overwriteDefault := &user_model.CreateUserOverwriteOptions{
IsRestricted: util.OptionalBoolFalse,
IsActive: util.OptionalBoolTrue,
}

if err = user_model.CreateUser(u, overwriteDefault); err != nil {
if !user_model.IsErrUserAlreadyExist(err) {
setting.InstallLock = false
ctx.Data["Err_AdminName"] = true
Expand Down
8 changes: 6 additions & 2 deletions routers/web/admin/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,10 +125,14 @@ func NewUserPost(ctx *context.Context) {
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
IsActive: true,
LoginType: auth.Plain,
}

overwriteDefault := &user_model.CreateUserOverwriteOptions{
IsActive: util.OptionalBoolTrue,
jpraet marked this conversation as resolved.
Show resolved Hide resolved
Visibility: &form.Visibility,
}

if len(form.LoginType) > 0 {
fields := strings.Split(form.LoginType, "-")
if len(fields) == 2 {
Expand Down Expand Up @@ -163,7 +167,7 @@ func NewUserPost(ctx *context.Context) {
u.MustChangePassword = form.MustChangePassword
}

if err := user_model.CreateUser(u, &user_model.CreateUserOverwriteOptions{Visibility: form.Visibility}); err != nil {
if err := user_model.CreateUser(u, overwriteDefault); err != nil {
switch {
case user_model.IsErrUserAlreadyExist(err):
ctx.Data["Err_UserName"] = true
Expand Down
18 changes: 8 additions & 10 deletions routers/web/auth/auth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -507,14 +507,12 @@ func SignUpPost(ctx *context.Context) {
}

u := &user_model.User{
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
IsRestricted: setting.Service.DefaultUserIsRestricted,
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
}

if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) {
if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, nil, false) {
// error already handled
return
}
Expand All @@ -525,17 +523,17 @@ func SignUpPost(ctx *context.Context) {

// createAndHandleCreatedUser calls createUserInContext and
// then handleUserCreated.
func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, gothUser *goth.User, allowLink bool) bool {
if !createUserInContext(ctx, tpl, form, u, gothUser, allowLink) {
func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, gothUser *goth.User, allowLink bool) bool {
if !createUserInContext(ctx, tpl, form, u, overwrites, gothUser, allowLink) {
return false
}
return handleUserCreated(ctx, u, gothUser)
}

// createUserInContext creates a user and handles errors within a given context.
// Optionally a template can be specified.
func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, gothUser *goth.User, allowLink bool) (ok bool) {
if err := user_model.CreateUser(u); err != nil {
func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, gothUser *goth.User, allowLink bool) (ok bool) {
if err := user_model.CreateUser(u, overwrites); err != nil {
if allowLink && (user_model.IsErrUserAlreadyExist(err) || user_model.IsErrEmailAlreadyUsed(err)) {
if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingAuto {
var user *user_model.User
Expand Down
3 changes: 1 addition & 2 deletions routers/web/auth/linkaccount.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,13 +283,12 @@ func LinkAccountPostRegister(ctx *context.Context) {
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
LoginType: auth.OAuth2,
LoginSource: authSource.ID,
LoginName: gothUser.UserID,
}

if !createAndHandleCreatedUser(ctx, tplLinkAccount, form, u, &gothUser, false) {
if !createAndHandleCreatedUser(ctx, tplLinkAccount, form, u, nil, &gothUser, false) {
// error already handled
return
}
Expand Down
21 changes: 12 additions & 9 deletions routers/web/auth/oauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"code.gitea.io/gitea/modules/session"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/modules/web/middleware"
auth_service "code.gitea.io/gitea/services/auth"
Expand Down Expand Up @@ -867,19 +868,21 @@ func SignInOAuthCallback(ctx *context.Context) {
return
}
u = &user_model.User{
Name: getUserName(&gothUser),
FullName: gothUser.Name,
Email: gothUser.Email,
IsActive: !setting.OAuth2Client.RegisterEmailConfirm,
LoginType: auth.OAuth2,
LoginSource: authSource.ID,
LoginName: gothUser.UserID,
IsRestricted: setting.Service.DefaultUserIsRestricted,
Name: getUserName(&gothUser),
FullName: gothUser.Name,
Email: gothUser.Email,
LoginType: auth.OAuth2,
LoginSource: authSource.ID,
LoginName: gothUser.UserID,
}

overwriteDefault := &user_model.CreateUserOverwriteOptions{
IsActive: util.OptionalBoolOf(!setting.OAuth2Client.RegisterEmailConfirm),
jpraet marked this conversation as resolved.
Show resolved Hide resolved
}

setUserGroupClaims(authSource, u, &gothUser)

if !createAndHandleCreatedUser(ctx, base.TplName(""), nil, u, &gothUser, setting.OAuth2Client.AccountLinking != setting.OAuth2AccountLinkingDisabled) {
if !createAndHandleCreatedUser(ctx, base.TplName(""), nil, u, overwriteDefault, &gothUser, setting.OAuth2Client.AccountLinking != setting.OAuth2AccountLinkingDisabled) {
// error already handled
return
}
Expand Down
9 changes: 4 additions & 5 deletions routers/web/auth/openid.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -423,12 +423,11 @@ func RegisterOpenIDPost(ctx *context.Context) {
}

u := &user_model.User{
Name: form.UserName,
Email: form.Email,
Passwd: password,
IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
Name: form.UserName,
Email: form.Email,
Passwd: password,
}
if !createUserInContext(ctx, tplSignUpOID, form, u, nil, false) {
if !createUserInContext(ctx, tplSignUpOID, form, u, nil, nil, false) {
// error already handled
return
}
Expand Down
13 changes: 9 additions & 4 deletions services/auth/reverseproxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/mailer"

Expand Down Expand Up @@ -105,11 +106,15 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
}

user := &user_model.User{
Name: username,
Email: email,
IsActive: true,
Name: username,
Email: email,
}
if err := user_model.CreateUser(user); err != nil {

overwriteDefault := user_model.CreateUserOverwriteOptions{
IsActive: util.OptionalBoolTrue,
jpraet marked this conversation as resolved.
Show resolved Hide resolved
}

if err := user_model.CreateUser(user, &overwriteDefault); err != nil {
// FIXME: should I create a system notice?
log.Error("CreateUser: %v", err)
return nil
Expand Down
25 changes: 14 additions & 11 deletions services/auth/source/ldap/source_authenticate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/services/mailer"
user_service "code.gitea.io/gitea/services/user"
)
Expand Down Expand Up @@ -85,19 +86,21 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
}

user = &user_model.User{
LowerName: strings.ToLower(sr.Username),
Name: sr.Username,
FullName: composeFullName(sr.Name, sr.Surname, sr.Username),
Email: sr.Mail,
LoginType: source.authSource.Type,
LoginSource: source.authSource.ID,
LoginName: userName,
IsActive: true,
IsAdmin: sr.IsAdmin,
IsRestricted: sr.IsRestricted,
LowerName: strings.ToLower(sr.Username),
Name: sr.Username,
FullName: composeFullName(sr.Name, sr.Surname, sr.Username),
Email: sr.Mail,
LoginType: source.authSource.Type,
LoginSource: source.authSource.ID,
LoginName: userName,
IsAdmin: sr.IsAdmin,
}
overwriteDefault := &user_model.CreateUserOverwriteOptions{
IsRestricted: util.OptionalBoolOf(sr.IsRestricted),
IsActive: util.OptionalBoolTrue,
jpraet marked this conversation as resolved.
Show resolved Hide resolved
}

err := user_model.CreateUser(user)
err := user_model.CreateUser(user, overwriteDefault)
if err != nil {
return user, err
}
Expand Down
Loading