Disabling application elements fixed

custom/conf/app.example.ini

@@ -541,6 +541,8 @@ IMPORT_LOCAL_PATHS = false
 ; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
 ; WARNING: This maybe harmful to you website or your operating system.
 DISABLE_GIT_HOOKS = true
+; Set to false to disable 2FA feature.
+DISABLE_2FA = false
 ; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
 ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
 ;Comma separated list of character classes required to pass minimum complexity.

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -400,6 +400,7 @@ relation to port exhaustion.
    It also enables them to access other resources available to the user on the operating system that is running the
    Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
    This maybe harmful to you website or your operating system.
+- `DISABLE_2FA`: **false**: Set to `true` to disable 2FA feature.
 - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
 - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.

modules/cron/tasks_extended.go

@@ -121,9 +121,15 @@ func initExtendedTasks() {
 	registerDeleteInactiveUsers()
 	registerDeleteRepositoryArchives()
 	registerGarbageCollectRepositories()
-	registerRewriteAllPublicKeys()
-	registerRewriteAllPrincipalKeys()
-	registerRepositoryUpdateHook()
+	if !setting.SSH.Disabled && !setting.SSH.StartBuiltinServer && setting.SSH.CreateAuthorizedKeysFile {
+		registerRewriteAllPublicKeys()
+	}
+	if !setting.SSH.Disabled && !setting.SSH.StartBuiltinServer && setting.SSH.CreateAuthorizedPrincipalsFile {
+		registerRewriteAllPrincipalKeys()
+	}
+	if !setting.DisableGitHooks {
+		registerRepositoryUpdateHook()
+	}
 	registerReinitMissingRepositories()
 	registerDeleteMissingRepositories()
 	registerRemoveRandomAvatars()

modules/setting/setting.go

@@ -152,6 +152,7 @@ var (
 	MinPasswordLength                  int
 	ImportLocalPaths                   bool
 	DisableGitHooks                    bool
+	Disable2FA                         bool
 	OnlyAllowPushIfGiteaEnvironmentSet bool
 	PasswordComplexity                 []string
 	PasswordHashAlgo                   string
@@ -770,6 +771,7 @@ func NewContext() {
 	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
 	ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
 	DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true)
+	Disable2FA = sec.Key("DISABLE_2FA").MustBool(false)
 	OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true)
 	PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("argon2")
 	CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)

modules/templates/helper.go

@@ -228,6 +228,15 @@ func NewFuncMap() []template.FuncMap {
 		"DisableImportLocal": func() bool {
 			return !setting.ImportLocalPaths
 		},
+		"DisableSSH": func() bool {
+			return setting.SSH.Disabled
+		},
+		"DisableOAuth2": func() bool {
+			return !setting.OAuth2.Enable
+		},
+		"Disable2FA": func() bool {
+			return setting.Disable2FA
+		},
 		"TrN": TrN,
 		"Dict": func(values ...interface{}) (map[string]interface{}, error) {
 			if len(values)%2 != 0 {

options/locale/locale_bg-BG.ini

@@ -358,7 +358,6 @@ account=Профил
 password=Парола
 security=Сигурност
 avatar=Аватар
-ssh_gpg_keys=SSH / GPG ключове
 social=Социални профили
 applications=Приложения
 orgs=Управление на организации

options/locale/locale_cs-CZ.ini

@@ -416,7 +416,6 @@ account=Účet
 password=Heslo
 security=Zabezpečení
 avatar=Avatar
-ssh_gpg_keys=SSH / GPG klíče
 social=Účty sociálních sítí
 applications=Aplikace
 orgs=Spravovat organizace

options/locale/locale_de-DE.ini

@@ -416,7 +416,6 @@ account=Account
 password=Passwort
 security=Sicherheit
 avatar=Profilbild
-ssh_gpg_keys=SSH- / GPG-Schlüssel
 social=Soziale Konten
 applications=Anwendungen
 orgs=Organisationen verwalten

options/locale/locale_en-US.ini

@@ -418,7 +418,7 @@ account = Account
 password = Password
 security = Security
 avatar = Avatar
-ssh_gpg_keys = SSH / GPG Keys
+keys = Keys
 social = Social Accounts
 applications = Applications
 orgs = Manage Organizations

options/locale/locale_es-ES.ini

@@ -417,7 +417,6 @@ account=Cuenta
 password=Contraseña
 security=Seguridad
 avatar=Avatar
-ssh_gpg_keys=SSH / claves GPG
 social=Redes Sociales
 applications=Aplicaciones
 orgs=Administrar organizaciones

options/locale/locale_fa-IR.ini

@@ -407,7 +407,6 @@ account=حساب کاربری
 password=گذرواژه
 security=امنیت
 avatar=آواتار
-ssh_gpg_keys=کلید‌های SSH / GPG
 social=حساب های اجتماعی
 applications=برنامه‌ها
 orgs=مدیریت سازمان‌ها

options/locale/locale_fi-FI.ini

@@ -348,7 +348,6 @@ account=Tili
 password=Salasana
 security=Turvallisuus
 avatar=Profiilikuva
-ssh_gpg_keys=SSH / GPG-avaimet
 social=Sosiaaliset tilit
 applications=Sovellukset
 orgs=Hallitse organisaatioita

options/locale/locale_fr-FR.ini

@@ -394,7 +394,6 @@ account=Compte
 password=Mot de passe
 security=Sécurité
 avatar=Avatar
-ssh_gpg_keys=Clés SSH / GPG
 social=Réseaux Sociaux
 applications=Applications
 orgs=Gérer les organisations

options/locale/locale_hu-HU.ini

@@ -380,7 +380,6 @@ account=Fiók
 password=Jelszó
 security=Biztonság
 avatar=Profilkép
-ssh_gpg_keys=SSH / GPG kulcsok
 social=Közösségi fiókok
 applications=Alkalmazások
 orgs=Szervezetek kezelése

options/locale/locale_id-ID.ini

@@ -384,7 +384,6 @@ account=Akun
 password=Kata Sandi
 security=Keamanan
 avatar=Avatar
-ssh_gpg_keys=Kunci SSH / GPG
 social=Akun Sosial
 applications=Aplikasi
 orgs=Kelola organisasi

options/locale/locale_it-IT.ini

@@ -416,7 +416,6 @@ account=Account
 password=Password
 security=Sicurezza
 avatar=Avatar
-ssh_gpg_keys=Chiavi SSH / GPG
 social=Account Sociali
 applications=Applicazioni
 orgs=Gestisci le organizzazioni

options/locale/locale_ja-JP.ini

@@ -417,7 +417,6 @@ account=アカウント
 password=パスワード
 security=セキュリティ
 avatar=アバター
-ssh_gpg_keys=SSH / GPGキー
 social=ソーシャルアカウント
 applications=アプリケーション
 orgs=組織の管理

options/locale/locale_ko-KR.ini

@@ -365,7 +365,6 @@ account=계정
 password=비밀번호
 security=보안
 avatar=아바타
-ssh_gpg_keys=SSH / GPG 키
 social=소셜 계정
 applications=어플리케이션
 orgs=조직 관리

options/locale/locale_lv-LV.ini

@@ -417,7 +417,6 @@ account=Konts
 password=Parole
 security=Drošība
 avatar=Profila attēls
-ssh_gpg_keys=SSH / GPG atslēgas
 social=Sociālie konti
 applications=Lietotnes
 orgs=Pārvaldīt organizācijas

options/locale/locale_ml-IN.ini

@@ -356,7 +356,6 @@ account=അക്കൗണ്ട്
 password=രഹസ്യവാക്കു്
 security=സുരക്ഷ
 avatar=അവതാര്‍
-ssh_gpg_keys=SSH / GPG കീകള്‍
 social=സോഷ്യൽ അക്കൗണ്ടുകൾ
 applications=അപ്ലിക്കേഷനുകൾ
 orgs=സംഘടനകളെ നിയന്ത്രിക്കുക

options/locale/locale_nl-NL.ini

@@ -417,7 +417,6 @@ account=Account
 password=Wachtwoord
 security=Beveiliging
 avatar=Profielfoto
-ssh_gpg_keys=SSH / GPG sleutels
 social=Sociale netwerk-accounts
 applications=Applicaties
 orgs=Beheer organisaties

options/locale/locale_pl-PL.ini

@@ -407,7 +407,7 @@ account=Konto
 password=Hasło
 security=Bezpieczeństwo
 avatar=Awatar
-ssh_gpg_keys=Klucze SSH / GPG
+keys=Klucze
 social=Konta społecznościowe
 applications=Aplikacje
 orgs=Zarządzaj organizacjami

options/locale/locale_pt-BR.ini

@@ -396,7 +396,6 @@ account=Conta
 password=Senha
 security=Segurança
 avatar=Avatar
-ssh_gpg_keys=Chaves SSH / GPG
 social=Contas sociais
 applications=Aplicativos
 orgs=Gerenciar organizações

options/locale/locale_pt-PT.ini

@@ -417,7 +417,6 @@ account=Conta
 password=Senha
 security=Segurança
 avatar=Avatar
-ssh_gpg_keys=Chaves SSH / GPG
 social=Contas sociais
 applications=Aplicações
 orgs=Gerir organizações

options/locale/locale_ru-RU.ini

@@ -416,7 +416,6 @@ account=Аккаунт
 password=Пароль
 security=Безопасность
 avatar=Аватар
-ssh_gpg_keys=SSH / GPG ключи
 social=Учетные записи в соцсетях
 applications=Приложения
 orgs=Управление организациями

options/locale/locale_sv-SE.ini

@@ -416,7 +416,6 @@ account=Konto
 password=Lösenord
 security=Säkerhet
 avatar=Visningsbild
-ssh_gpg_keys=SSH / GPG-nycklar
 social=Sociala konton
 applications=Applikationer
 orgs=Hantera Organisationer

options/locale/locale_tr-TR.ini

@@ -417,7 +417,6 @@ account=Hesap
 password=Parola
 security=Güvenlik
 avatar=Avatar
-ssh_gpg_keys=SSH / GPG Anahtarları
 social=Sosyal Medya Hesapları
 applications=Uygulamalar
 orgs=Organizasyonları Yönet

options/locale/locale_uk-UA.ini

@@ -407,7 +407,6 @@ account=Обліковий запис
 password=Пароль
 security=Безпека
 avatar=Аватар
-ssh_gpg_keys=SSH / GPG ключі
 social=Соціальні облікові записи
 applications=Додатки
 orgs=Керування організаціями

options/locale/locale_zh-CN.ini

@@ -417,7 +417,6 @@ account=账号
 password=修改密码
 security=安全
 avatar=头像设置
-ssh_gpg_keys=SSH / GPG 密钥
 social=社交帐号绑定
 applications=应用
 orgs=管理组织

options/locale/locale_zh-HK.ini

@@ -167,7 +167,6 @@ form.name_reserved=這個使用者名稱已被系統保留，請改用其他名
 profile=個人訊息
 password=修改密碼
 avatar=頭像
-ssh_gpg_keys=SSH / GPG 金鑰
 social=社交帳號綁定
 delete=刪除帳戶
 twofa=兩步驟驗證

options/locale/locale_zh-TW.ini

@@ -407,7 +407,6 @@ account=帳戶
 password=修改密碼
 security=安全性
 avatar=大頭貼
-ssh_gpg_keys=SSH / GPG 金鑰
 social=社群帳戶
 applications=應用程式
 orgs=管理組織

routers/routes/routes.go

@@ -370,9 +370,18 @@ func RegisterRoutes(m *macaron.Macaron) {
 			m.Get("/:provider", user.SignInOAuth)
 			m.Get("/:provider/callback", user.SignInOAuthCallback)
 		})
-		m.Get("/link_account", user.LinkAccount)
-		m.Post("/link_account_signin", bindIgnErr(auth.SignInForm{}), user.LinkAccountPostSignIn)
-		m.Post("/link_account_signup", bindIgnErr(auth.RegisterForm{}), user.LinkAccountPostRegister)
+		m.Group("/link_account", func() {
+			m.Get("", user.LinkAccount)
+		}, openIDSignInEnabled)
+
+		m.Group("/link_account_signin", func() {
+			m.Post("", bindIgnErr(auth.SignInForm{}), user.LinkAccountPostSignIn)
+		}, openIDSignInEnabled)
+
+		m.Group("/link_account_signup", func() {
+			m.Post("", bindIgnErr(auth.RegisterForm{}), user.LinkAccountPostRegister)
+		}, openIDSignUpEnabled)
+
 		m.Group("/two_factor", func() {
 			m.Get("", user.TwoFactor)
 			m.Post("", bindIgnErr(auth.TwoFactorAuthForm{}), user.TwoFactorPost)
@@ -429,7 +438,10 @@ func RegisterRoutes(m *macaron.Macaron) {
 				m.Post("/delete", userSetting.DeleteOpenID)
 				m.Post("/toggle_visibility", userSetting.ToggleOpenIDVisibility)
 			}, openIDSignInEnabled)
-			m.Post("/account_link", userSetting.DeleteAccountLink)
+
+			m.Group("/account_link", func() {
+				m.Post("", userSetting.DeleteAccountLink)
+			}, openIDSignInEnabled)
 		})
 		m.Group("/applications/oauth2", func() {
 			m.Get("/:id", userSetting.OAuth2ApplicationShow)

routers/user/setting/applications.go

@@ -6,6 +6,8 @@
 package setting
 
 import (
+	"fmt"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
@@ -39,6 +41,11 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) {
 		return
 	}
 
+	if !setting.API.EnableSwagger {
+		ctx.ServerError("AccessToken", fmt.Errorf("cannot modify access tokens; swagger disabled"))
+		return
+	}
+
 	t := &models.AccessToken{
 		UID:  ctx.User.ID,
 		Name: form.Name,
@@ -68,6 +75,11 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) {
 
 // DeleteApplication response for delete user access token
 func DeleteApplication(ctx *context.Context) {
+	if !setting.API.EnableSwagger {
+		ctx.ServerError("DeleteAccessToken", fmt.Errorf("cannot delete access token; swagger disabled"))
+		return
+	}
+
 	if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id"), ctx.User.ID); err != nil {
 		ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())
 	} else {
@@ -80,14 +92,17 @@ func DeleteApplication(ctx *context.Context) {
 }
 
 func loadApplicationsData(ctx *context.Context) {
-	tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})
-	if err != nil {
-		ctx.ServerError("ListAccessTokens", err)
-		return
+	if setting.API.EnableSwagger {
+		tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})
+		if err != nil {
+			ctx.ServerError("ListAccessTokens", err)
+			return
+		}
+		ctx.Data["Tokens"] = tokens
 	}
-	ctx.Data["Tokens"] = tokens
 	ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
 	if setting.OAuth2.Enable {
+		var err error
 		ctx.Data["Applications"], err = models.GetOAuth2ApplicationsByUserID(ctx.User.ID)
 		if err != nil {
 			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)

templates/admin/dashboard.tmpl

@@ -35,22 +35,26 @@
 							<td>{{.i18n.Tr "admin.dashboard.git_gc_repos"}}</td>
 							<td><button type="submit" class="ui green button" name="op" value="git_gc_repos">{{svg "octicon-play"}} {{.i18n.Tr "admin.dashboard.operation_run"}}</button></td>
 						</tr>
-						{{if and (not .SSH.Disabled) (not .SSH.StartBuiltinServer)}}
+						{{if and (not .SSH.Disabled) (not .SSH.StartBuiltinServer) (.SSH.CreateAuthorizedKeysFile) }}
 						<tr>
 							<td>{{.i18n.Tr "admin.dashboard.resync_all_sshkeys"}}<br/>
 							{{.i18n.Tr "admin.dashboard.resync_all_sshkeys.desc"}}</td>
 							<td><button type="submit" class="ui green button" name="op" value="resync_all_sshkeys">{{svg "octicon-play"}} {{.i18n.Tr "admin.dashboard.operation_run"}}</button></td>
 						</tr>
 						{{end}}
+						{{if and (not .SSH.Disabled) (not .SSH.StartBuiltinServer) (.SSH.CreateAuthorizedPrincipalsFile) }}
 						<tr>
 							<td>{{.i18n.Tr "admin.dashboard.resync_all_sshprincipals"}}<br/>
 							{{.i18n.Tr "admin.dashboard.resync_all_sshprincipals.desc"}}</td>
 							<td><button type="submit" class="ui green button" name="op" value="resync_all_sshprincipals">{{svg "octicon-play" 16}} {{.i18n.Tr "admin.dashboard.operation_run"}}</button></td>
 						</tr>
+						{{end}}
+						{{if not DisableGitHooks}}
 						<tr>
 							<td>{{.i18n.Tr "admin.dashboard.resync_all_hooks"}}</td>
 							<td><button type="submit" class="ui green button" name="op" value="resync_all_hooks">{{svg "octicon-play"}} {{.i18n.Tr "admin.dashboard.operation_run"}}</button></td>
 						</tr>
+						{{end}}
 						<tr>
 							<td>{{.i18n.Tr "admin.dashboard.reinit_missing_repos"}}</td>
 							<td><button type="submit" class="ui green button" name="op" value="reinit_missing_repos">{{svg "octicon-play"}} {{.i18n.Tr "admin.dashboard.operation_run"}}</button></td>