Add OpenID configuration in install page #2276
Conversation
strk
force-pushed
the
install-time-openid-config
branch
2 times, most recently
from
d003d54
to
b6ca8d9
Compare
strk
changed the title
|
This needs be merged before 1.2.0 is out - but there's still a problem with routes depending on the configuration and the configuration being changed by install page but not being re-read upon changing it... So it takes re-starting gitea to be able to register first user via OpenID. I've to figure out how to do the settings update from form submission |
tboerger
added
the
lgtm/need 2
|
I think the fix here is to always define the route but then return a Forbidden status if the service is not enabled |
|
Ready for merge, tested locally. |
|
@cweiske you might be interested in testing this too. It basically adds a way to configure OpenID at installation time (was missing, so it took manual intervention to enable it) |
|
@lafriks 754dd4ea7c9b8c009bf164153dedead98331b636 fixes that,
thanks for spotting it !
|
|
@strk CI failed. |
routers/user/auth_openid.go
Outdated
| @@ -29,6 +29,11 @@ const ( | |||
| func SignInOpenID(ctx *context.Context) { | |||
| ctx.Data["Title"] = ctx.Tr("sign_in") | |||
|
|
|||
| if ! setting.Service.EnableOpenIDSignIn { | |||
There was a problem hiding this comment.
CI is failing because of space after ! in multiple places
|
Thanks @lafriks, I removed all those spaces and verified
that `make check` passes locally
|
routers/routes/routes.go
Outdated
| Post(bindIgnErr(auth.SignInOpenIDForm{}), user.SignInOpenIDPost) | ||
| m.Group("/openid", func() { | ||
| m.Combo("/connect"). | ||
| Get(user.ConnectOpenID). |
There was a problem hiding this comment.
ConnectOpenID is still missing check if EnableOpenIDSignIn is enabled
There was a problem hiding this comment.
Agreed, any pre-requisite settings should be checked in the route-setup, not the route-handler 🙂
| } | ||
|
|
||
| m.Group("/openid", func() { | ||
| m.Combo("").Get(user.SettingsOpenID). |
There was a problem hiding this comment.
SettingsOpenID is still missing check if EnableOpenIDSignIn is enabled
routers/user/setting_openid.go
Outdated
| @@ -40,6 +40,12 @@ func SettingsOpenID(ctx *context.Context) { | |||
|
|
|||
| // SettingsOpenIDPost response for change user's openid | |||
| func SettingsOpenIDPost(ctx *context.Context, form auth.AddOpenIDForm) { | |||
|
|
|||
| if !setting.Service.EnableOpenIDSignUp { | |||
There was a problem hiding this comment.
I think there should be check for EnableOpenIDSignIn not for EnableOpenIDSignUp that is for new user registration
routers/user/setting_openid.go
Outdated
| @@ -132,6 +138,10 @@ func settingsOpenIDVerify(ctx *context.Context) { | |||
|
|
|||
| // DeleteOpenID response for delete user's openid | |||
| func DeleteOpenID(ctx *context.Context) { | |||
| if !setting.Service.EnableOpenIDSignUp { | |||
There was a problem hiding this comment.
There should also be check for EnableOpenIDSignIn
routers/user/setting_openid.go
Outdated
| @@ -146,6 +156,10 @@ func DeleteOpenID(ctx *context.Context) { | |||
|
|
|||
| // ToggleOpenIDVisibility response for toggle visibility of user's openid | |||
| func ToggleOpenIDVisibility(ctx *context.Context) { | |||
| if !setting.Service.EnableOpenIDSignUp { | |||
There was a problem hiding this comment.
And there also should be check for EnableOpenIDSignIn
|
@lafriks please see ed9ade1d |
modules/auth/user_form.go
Outdated
| @@ -41,6 +41,8 @@ type InstallForm struct { | |||
| OfflineMode bool | |||
| DisableGravatar bool | |||
| EnableFederatedAvatar bool | |||
| EnableOpenIDSignIn bool | |||
| DisableOpenIDRegistration bool | |||
There was a problem hiding this comment.
I'd rather have these both as EnableFoo since it makes more sense when reading
routers/routes/routes.go
Outdated
| Post(bindIgnErr(auth.SignInOpenIDForm{}), user.SignInOpenIDPost) | ||
| m.Group("/openid", func() { | ||
| m.Combo("/connect"). | ||
| Get(user.ConnectOpenID). |
There was a problem hiding this comment.
Agreed, any pre-requisite settings should be checked in the route-setup, not the route-handler 🙂
|
On Fri, Aug 11, 2017 at 08:59:31AM -0700, bkcsoft wrote:
+ EnableOpenIDSignIn bool
+ DisableOpenIDRegistration bool
I'd rather have these both as `EnableFoo` since it makes more sense when reading
Please take a look at the user GUI first.
There's a "DisableRegistration", so I made this
"DisableOpenIDRegistration" for consistency on that side of things.
The GUI makes the two go togheter (via Javascript).
|
|
@bkcsoft do you really want to hold this PR back due to the enable vs. disable wording ? |
strk
force-pushed
the
install-time-openid-config
branch
2 times, most recently
from
bf01ca3
to
e11db5b
Compare
strk
force-pushed
the
install-time-openid-config
branch
from
e11db5b
to
b83addc
Compare
|
actually, the change was partial, more changes were needed around, so I reverted it. |
|
latest commits fix the handling of checkboxes and turn openid sign-in on by default for new installs |
|
And for @bkcsoft now I've also turned the "OpenID Registration" form into an "enable" rather than "disable". Also added more javascript to check/uncheck dependents... |
|
As for consideration it would probably be better as @bkcsoft recommended to create new handler/filter to check if openid signin/signup is enabled. Something like this: |
strk
force-pushed
the
install-time-openid-config
branch
from
a6336e1
to
fd66feb
Compare
|
Can we get this merged before 1.2.0 please ? Aesthetic changes can happen in a second step, for now it's important for the functionality to be there. |
|
I'm not against it, @bkcsoft? |
|
BTW don't write LG-TM in comments for your own PR ;) otherwise I see LG-TM 1 label |
|
Sorry about that, I thought it was fixed (definitely a bug, isn't it ?) - I wasn't seeing the label when I wrote the next comment, btw. Now I see it. |
|
@strk it was fixed I remember. |
|
@lunny so it was not deployed? |
|
@strk I don't think it's necessary for add this config to installation on v1.2 since LDAP, OAuth and SMTP didn't add to the page. And I think a middleware to check is better than so many settings check on the route functions. |
Forbid them upon usage, if needed. This allows registering first user via openid.
Also fix label for the checkbox
Does not affect existing installs (upgrades)
strk
force-pushed
the
install-time-openid-config
branch
from
fd66feb
to
34b9bee
Compare
|
Ok now that master branch is fixed I've rebased and also committed a change using filters as suggested in previous comment. @bkcsoft can you please review and merge or at least label as targetted at 1.2.0 |
|
@strk please fix formatting issues (see Drone) |
|
@lunny I committed the middleware check and dropped the checks in the
route functions. As per installation steps: OpenID is special in that
it is a config file, not database, configuration. That's why LDAP
and OAuth and SMTP do not belong in the installation page, while
OpenID does.
|
|
LG-TM |
|
LGTM |
tboerger
added
lgtm/done
Allows enabling OpenID signin via installation page GUI