-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add LDAP group sync to Org teams #1
Conversation
Fix go-gitea#15932 Signed-off-by: Andrew Thornton <[email protected]>
Use async clipboard api [1] over this dependency, saving around 10kB bundle size before minify while delivering the same functionality. The issue comment button works but does not have a popup indication. We could add some toast-style notifications in the future to fix that but I think it's out of scope of this PR. [1] https://developer.mozilla.org/en-US/docs/Web/API/Clipboard/writeText
* Make modules/context.Context a context.Context Signed-off-by: Andrew Thornton <[email protected]> * Simplify context calls Signed-off-by: Andrew Thornton <[email protected]> * Set the base context for requests to the HammerContext Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: Lunny Xiao <[email protected]>
Unfortunately go panics you try to cast a nil interface{} as another primitive therefore you need to check interfaces are not nil before casting. Fix go-gitea#16025 Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: Lunny Xiao <[email protected]> Co-authored-by: techknowlogick <[email protected]>
* encrypt migration credentials in task persistence Not sure this is the best approach, we could encrypt the entire `PayloadContent` instead. Also instead of clearing individual fields in payload content, we could just delete the task once it has (successfully) finished..? * remove credentials of past migrations * only run DB migration for completed tasks * fix binding * add omitempty * never serialize unencrypted credentials * fix import order Co-authored-by: techknowlogick <[email protected]> Co-authored-by: zeripath <[email protected]> Co-authored-by: Lunny Xiao <[email protected]>
This PR simply hides mirror passwords from being displayed on the repo settings page. Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: techknowlogick <[email protected]>
…6037) The i_like_gitea cookie appears to be missing the SameSite settings. I think they were present at some point but may have been removed in a merge. This PR ensures that they are set. Fix go-gitea#15972 Signed-off-by: Andrew Thornton <[email protected]>
* Make sshd_config more flexible regarding MaxStartups and MaxSessions. See https://man.openbsd.org/sshd_config for more information. * make property prefix equals other existing Gitea SSH properties. Co-authored-by: dlouzado <[email protected]>
* update ``.raw-content`` when edit issue/comment content fix go-gitea#16000 Signed-off-by: a1012112796 <[email protected]> * handle empty content Co-authored-by: techknowlogick <[email protected]>
Signed-off-by: a1012112796 <[email protected]>
Unforunately go-gitea#16009 makes these settings mandatory. This PR uses the same technique as used for the certificates to make these settings non-mandatory. Fix go-gitea#16044 Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: 6543 <[email protected]>
If you change the case of a username the change needs to be propagated to their repositories. Signed-off-by: Andrew Thornton <[email protected]>
* Added type sniffer. * Switched content detection from base to typesniffer. * Added GuessContentType to Blob. * Moved image info logic to client. Added support for SVG images in diff. * Restore old blocked svg behaviour. * Added missing image formats. * Execute image diff only when container is visible. * add margin to spinner * improve BIN tag on image diffs * Default to render view. * Show image diff on incomplete diff. Co-authored-by: silverwind <[email protected]> Co-authored-by: Lunny Xiao <[email protected]> Co-authored-by: Lauris BH <[email protected]>
Co-authored-by: 6543 <[email protected]> Co-authored-by: Lauris BH <[email protected]>
There is an incorrect casting in the wrapped queue. Fix go-gitea#16071 Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Steven Kriegler <[email protected]>
* Restructured code. Moved static checks out of loop. * Restructured batch api. Add support for individual errors. * Let router decide if LFS is enabled. * Renamed methods. * Return correct status from verify handler. * Unified media type check in router. * Changed error code according to spec. * Moved checks into router. * Removed invalid v1 api methods. * Unified methods. * Display better error messages. * Added size parameter. Create meta object on upload. * Use object error on invalid size. * Skip upload if object exists. * Moved methods. * Suppress fields in response. * Changed error on accept. * Added tests. * Use ErrorResponse object. * Test against message property. * Add support for the old invalid lfs client. * Fixed the check because MinIO wraps the error. * Use individual repositories. Co-authored-by: 6543 <[email protected]> Co-authored-by: Lauris BH <[email protected]>
* Fix regression of renderer * Fix render setting load twice bug
* Make modules/context.Context a context.Context Signed-off-by: Andrew Thornton <[email protected]> * Simplify context calls Signed-off-by: Andrew Thornton <[email protected]> * Set the base context for requests to the HammerContext Signed-off-by: Andrew Thornton <[email protected]> * pass context into get-last-commit Signed-off-by: Andrew Thornton <[email protected]> * Make commit_info cancellable Signed-off-by: Andrew Thornton <[email protected]> * use context as context Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: 6543 <[email protected]>
…ranch don't close related PRs (go-gitea#16067) * Fix bug when delete branch don't close related PRs * Merge all deletebranch as one method * Add missed branch.go * fix comment Co-authored-by: Lauris BH <[email protected]>
…6069) You can limit or hide organisations. This pull make it also posible for users - new strings to translte - add checkbox to user profile form - add checkbox to admin user.edit form - filter explore page user search - filter api admin and public user searches - allow admins view "hidden" users - add app option DEFAULT_USER_VISIBILITY - rewrite many files to use Visibility field - check for teams intersection - fix context output - right fake 404 if not visible Co-authored-by: 6543 <[email protected]> Co-authored-by: Andrew Thornton <[email protected]>
…-gitea#16260) One of the repeatedly reported issues has been that gitea produces too much console logging during set up even if the console logger is turned off. Fundamentally this is due to some otherwise very helpful logging that has to occur before logging is set up. This has come to a head with the merging of go-gitea#16243 where otherwise potentially helpful Trace logging in the git module now appears on the console. This PR proposes three things: 1. Change the initial default logger to Info not Trace. 2. Change the logging for the AppPath things to Info in recompense. 3. Add two new command line options to gitea web: --quiet and --verbose `gitea web -q` or `gitea web --quiet` will only log Fatal level initially. `gitea web -verbose` will log at Trace. Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: techknowlogick <[email protected]>
Signed-off-by: Steven Kriegler <[email protected]>
Fixes go-gitea#16263 Co-authored-by: zeripath <[email protected]>
* review comments: break-word for long file names fixes go-gitea#16248 Co-authored-by: zeripath <[email protected]>
Now that go-gitea#16069 is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private. This PR adds functionality and settings to constrain a user's ability to change their visibility. Co-authored-by: zeripath <[email protected]>
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`. ##⚠️ BREAKING⚠️ * The `Secret` field is no longer passed as part of the payload. * "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129). Close go-gitea#16115 Fixes go-gitea#7788 Fixes go-gitea#11755 Co-authored-by: zeripath <[email protected]>
Co-authored-by: Norwin <[email protected]> Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: zeripath <[email protected]>
* Handle misencoding of login_source cfg in mssql Unfortunately due a bug in xorm (see https://gitea.com/xorm/xorm/pulls/1957) updating loginsources on MSSQL causes them to become corrupted. (go-gitea#16252) Whilst waiting for the referenced PR to be merged and to handle the corrupted loginsources correctly we need to add a wrapper to the `FromDB()` methods to look for and ignore the misplaced BOMs that have been added. Fix go-gitea#16252 Signed-off-by: Andrew Thornton <[email protected]> * Update models/login_source.go
Adds a link to each blame hunk, to view the blame of an earlier version of the file, similar to GitHub. Also refactors the blame render from fmtstring based to template based. * Fix blame bottom line and add blame prior button * Jump to previous parent commit from the commit. * Fix previous commit link * Fix previous blame link * Fix the given file not exist in the previous commit. * Fix blameRow struct not export * fix theming issues, rename template var * remove unused LastCommit fetch * fix location of blame-hunk divider * rewrite previous commit checks * remove duplicate commit lookup its already resolved and stored in ctx.Repo.Commit! * split out blamePart processing into function Co-authored-by: rogerluo410 <[email protected]>
As title, the change counter-works the effect from go-gitea#14926 that links seem unclickable (especially in the default gitea theme), while maintaining some sort of visual harmony. Co-authored-by: Andrew Thornton <[email protected]>
Thanks. @melegiul already finished most of the work. @localleon If you like, you can review our changes. |
fad23d7
to
8e839fe
Compare
modules/auth/ldap/README.md
Outdated
* Team group map (optional) | ||
* Automatically add users to Organization teams, depending on LDAP group memberships. | ||
* Note: this function only adds users to teams, it never removes users. | ||
* Example: {'MyOrg': [{'MyTeam': 'cn=MyGroup,cn=groups,dc=example,dc=org'}, ...], ...} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@melegiul this example needs an update as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One other idea just came to mind: can we make the Org: Team dict part of a list? Otherwise it would not be possible to sync one LDAP group into multiple teams. That means it the best format probably is the following:
{'cn=MyGroup,cn=groups,dc=example,dc=org': [{'MyOrg1': 'MyTeam1'}, ...], ...}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, multiple teams is not quite supported in the moment, I will address this in a commit 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is done in c61005a with a slighty differnt json format:
{'cn=MyGroup,cn=groups,dc=example,dc=org': {'MyOrg1': ['MyTeam1', 'MyTeam2', ...]}, ...}
…gitea#16278) * Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback Following the merging of gliderlabs/ssh#143 we can now report connections to the ssh server that have failed before public key exchange has completed using the standard fail2ban message. This PR updates Gliderlabs SSH and adds a callback that will provide this logging. Signed-off-by: Andrew Thornton <[email protected]> * move the callback to its own function to make the logging appear little nicer Signed-off-by: Andrew Thornton <[email protected]>
Following the merge of go-gitea#16278 we need to update the fail2ban documentation to take account of the availability of the new sshConnectionFailed failed authentication attempt log message. Also add a deprecation notice regarding the previous publicKeyHandler messages, as these may be a source of false positives. Signed-off-by: Andrew Thornton <[email protected]>
* Removed Len field. * Added head_commit webhook field. * Added comment for returns.
b6a6605
to
d7c98f0
Compare
* Add setting for a JSON that maps LDAP groups to Org Teams. * Sync is being run on login and periodically. * Existing group filter settings are reused. Co-authored-by: Giuliano Mele <[email protected]> Co-authored-by: Sven Seeberg <[email protected]>
d7c98f0
to
50ae1e1
Compare
This is work in progress to solve go-gitea#1395
What does work:
What does not yet work (see fad23d7629b4e080eeb055c354a06098e2659713):
memberOf
attribute for a user. The attribute set in "Group Attribute Containing List Of Users" should/could be used here.)Ideas for improvement
Additional hint
In the moment LDAP groups sync only to organizations teams, that already exists.
LDAP group sync does not create new organizations or teams