Browse Source
Support reverse proxy providing email (#5554)
This PR implements #2347tags/v1.7.0-dev
zeripath
techknowlogick
6 years ago
4 changed files with 26 additions and 10 deletions
Unified View
Diff Options
-
+4 -0docs/content/doc/advanced/config-cheat-sheet.en-us.md
-
+8 -1modules/auth/auth.go
-
+13 -9modules/setting/setting.go
-
+1 -0routers/admin/admin.go
+ 4
- 0
docs/content/doc/advanced/config-cheat-sheet.en-us.md
View File
| @@ -160,6 +160,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||||
| information. | information. | ||||
| - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy | - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy | ||||
| authentication. | authentication. | ||||
| - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy | |||||
| authentication provided email. | |||||
| - `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom | - `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom | ||||
| git hooks. | git hooks. | ||||
| - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. | - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. | ||||
| @@ -188,6 +190,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||||
| - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication. | - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication. | ||||
| - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration | - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration | ||||
| for reverse authentication. | for reverse authentication. | ||||
| - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a | |||||
| provided email rather than a generated email. | |||||
| - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration. | - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration. | ||||
| - `CAPTCHA_TYPE`: **image**: \[image, recaptcha\] | - `CAPTCHA_TYPE`: **image**: \[image, recaptcha\] | ||||
| - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha. | - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha. | ||||
+ 8
- 1
modules/auth/auth.go
View File
| @@ -105,9 +105,16 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) | |||||
| // Check if enabled auto-registration. | // Check if enabled auto-registration. | ||||
| if setting.Service.EnableReverseProxyAutoRegister { | if setting.Service.EnableReverseProxyAutoRegister { | ||||
| email := gouuid.NewV4().String() + "@localhost" | |||||
| if setting.Service.EnableReverseProxyEmail { | |||||
| webAuthEmail := ctx.Req.Header.Get(setting.ReverseProxyAuthEmail) | |||||
| if len(webAuthEmail) > 0 { | |||||
| email = webAuthEmail | |||||
| } | |||||
| } | |||||
| u := &models.User{ | u := &models.User{ | ||||
| Name: webAuthUser, | Name: webAuthUser, | ||||
| Email: gouuid.NewV4().String() + "@localhost", | |||||
| Email: email, | |||||
| Passwd: webAuthUser, | Passwd: webAuthUser, | ||||
| IsActive: true, | IsActive: true, | ||||
| } | } | ||||
+ 13
- 9
modules/setting/setting.go
View File
| @@ -157,15 +157,16 @@ var ( | |||||
| } | } | ||||
| // Security settings | // Security settings | ||||
| InstallLock bool | |||||
| SecretKey string | |||||
| LogInRememberDays int | |||||
| CookieUserName string | |||||
| CookieRememberName string | |||||
| ReverseProxyAuthUser string | |||||
| MinPasswordLength int | |||||
| ImportLocalPaths bool | |||||
| DisableGitHooks bool | |||||
| InstallLock bool | |||||
| SecretKey string | |||||
| LogInRememberDays int | |||||
| CookieUserName string | |||||
| CookieRememberName string | |||||
| ReverseProxyAuthUser string | |||||
| ReverseProxyAuthEmail string | |||||
| MinPasswordLength int | |||||
| ImportLocalPaths bool | |||||
| DisableGitHooks bool | |||||
| // Database settings | // Database settings | ||||
| UseSQLite3 bool | UseSQLite3 bool | ||||
| @@ -950,6 +951,7 @@ func NewContext() { | |||||
| CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome") | CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome") | ||||
| CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible") | CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible") | ||||
| ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") | ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") | ||||
| ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL") | |||||
| MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) | MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) | ||||
| ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) | ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) | ||||
| DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false) | DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false) | ||||
| @@ -1216,6 +1218,7 @@ var Service struct { | |||||
| EnableNotifyMail bool | EnableNotifyMail bool | ||||
| EnableReverseProxyAuth bool | EnableReverseProxyAuth bool | ||||
| EnableReverseProxyAutoRegister bool | EnableReverseProxyAutoRegister bool | ||||
| EnableReverseProxyEmail bool | |||||
| EnableCaptcha bool | EnableCaptcha bool | ||||
| CaptchaType string | CaptchaType string | ||||
| RecaptchaSecret string | RecaptchaSecret string | ||||
| @@ -1247,6 +1250,7 @@ func newService() { | |||||
| Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool() | Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool() | ||||
| Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() | Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() | ||||
| Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() | Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() | ||||
| Service.EnableReverseProxyEmail = sec.Key("ENABLE_REVERSE_PROXY_EMAIL").MustBool() | |||||
| Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool(false) | Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool(false) | ||||
| Service.CaptchaType = sec.Key("CAPTCHA_TYPE").MustString(ImageCaptcha) | Service.CaptchaType = sec.Key("CAPTCHA_TYPE").MustString(ImageCaptcha) | ||||
| Service.RecaptchaSecret = sec.Key("RECAPTCHA_SECRET").MustString("") | Service.RecaptchaSecret = sec.Key("RECAPTCHA_SECRET").MustString("") | ||||
+ 1
- 0
routers/admin/admin.go
View File
| @@ -215,6 +215,7 @@ func Config(ctx *context.Context) { | |||||
| ctx.Data["LogRootPath"] = setting.LogRootPath | ctx.Data["LogRootPath"] = setting.LogRootPath | ||||
| ctx.Data["ScriptType"] = setting.ScriptType | ctx.Data["ScriptType"] = setting.ScriptType | ||||
| ctx.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser | ctx.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser | ||||
| ctx.Data["ReverseProxyAuthEmail"] = setting.ReverseProxyAuthEmail | |||||
| ctx.Data["SSH"] = setting.SSH | ctx.Data["SSH"] = setting.SSH | ||||