Migrate from U2F to Webauthn
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* use certmagic for more extensible/robust ACME cert handling
* accept TOS based on config option
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Add single sign-on support via SSPI on Windows
* Ensure plugins implement interface
* Ensure plugins implement interface
* Move functions used only by the SSPI auth method to sspi_windows.go
* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected
* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.
* Update documentation for the new 'SPNEGO with SSPI' login source
* Mention in documentation that ROOT_URL should contain the FQDN of the server
* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)
* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)
* Add option in SSPIConfig for removing of domains from logon names
* Update helper text for StripDomainNames option
* Make sure handleSignIn() is called after a new user object is created by SSPI auth method
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates
* Remove code duplication
* Log errors in ActiveLoginSources
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert suffix of randomly generated E-mails for Reverse proxy authentication
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert unneeded white-space change in template
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add copyright comments at the top of new files
* Use loopback name for randomly generated emails
* Add locale tag for the SSPISeparatorReplacement field with proper casing
* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields
* Update docs/content/doc/features/authentication.en-us.md
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Remove Priority() method and define the order in which SSO auth methods should be executed in one place
* Log authenticated username only if it's not empty
* Rephrase helper text for automatic creation of users
* Return error if more than one active SSPI auth source is found
* Change newUser() function to return error, letting caller log/handle the error
* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed
* Refactor initialization of the list containing SSO auth methods
* Validate SSPI settings on POST
* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page
* Make 'Default language' in SSPI config empty, unless changed by admin
* Show error if admin tries to add a second authentication source of type SSPI
* Simplify declaration of global variable
* Rebuild gitgraph.js on Linux
* Make sure config values containing only whitespace are not accepted
* Cleaning up public/ and documenting js/css libs.
This commit mostly addresses #1484 by moving vendor'ed plugins into a
vendor/ directory and documenting their upstream source and license in
vendor/librejs.html.
This also proves gitea is using only open source js/css libraries which
helps toward reaching #1524.
* Removing unused css file.
The version of this file in use is located at:
vendor/plugins/highlight/github.css
* Cleaned up librejs.html and added javascript header
A SafeJS function was added to templates/helper.go to allow keeping
comments inside of javascript.
A javascript comment was added in the header of templates/base/head.tmpl
to mark all non-inline source as free.
The librejs.html file was updated to meet the current librejs spec. I
have now verified that the librejs plugin detects most of the scripts
included in gitea and suspect the non-free detections are the result of
a bug in the plugin. I believe this commit is enough to meet the C0.0
requirement of #1534.
* Updating SafeJS function per lint suggestion
* Added VERSIONS file, per request