59 Commits

Author SHA1 Message Date
174255e74e Log failed authentication attempts with remote address for fail2ban (#2334)
Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
2017-08-24 08:57:54 +03:00
f960e19c59 Only update needed columns when update user (#2296)
* only update needed columns when update user

* fix missing update_unix column
2017-08-12 22:18:44 +08:00
32fc44aa83 Make time diff translatable (#2057) 2017-06-28 13:43:28 +08:00
b93568cce4 xxx_active_code_live setting in printed in hours and minutes instead … (#1814)
* xxx_active_code_live setting in printed in hours and minutes instead of just hours

* Update app.ini description of xxx_code_lives settings
2017-05-29 02:35:47 -05:00
e214728725 Add new text for reset password flash (#1718)
* Forgot password should use ResetPwdCodeLives, not ActiveCodeLives
 * Improve documentation for different send mail functions related to password reset
 * Improve documentation in conf/app.ini regarding xxx_CODE_LIVE_MINUTES settings
2017-05-14 10:38:30 +08:00
950f2e2074 Additional OAuth2 providers (#1010)
* add google+

* sort signin oauth2 providers based on the name so order is always the same

* update auth tip for google+

* add gitlab provider

* add bitbucket provider (and some go fmt)

* add twitter provider

* add facebook provider

* add dropbox provider

* add openid connect provider incl. new format of tips section in "Add New Source"

* lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow)

* imports according to goimport and code style

* make it possible to set custom urls to gitlab and github provider (only these could have a different host)

* split up oauth2 into multiple files

* small typo in comment

* fix indention

* fix indentation

* fix new line before external import

* fix layout of signin part

* update "broken" dependency
2017-05-01 21:26:53 +08:00
15f5d8e794 Reduce conditionals in signin/signup inner forms
by always using SignInLink and SignUpLink in the form action
2017-03-20 09:40:42 +01:00
71d16f69ff Login via OpenID-2.0 (#618) 2017-03-17 15:16:08 +01:00
7d8f9d1c46 Rename /forget_password url to /forgot_password
Also renames `forgot_password` translation key to
`forgot_password_title` and `forget_password` to
`forgot_password`

Includes entry in CHANGELOG about the breaking change
(and some markdown fixes in there)
2017-03-14 22:54:07 +01:00
8a98a25d8e Show a link to password reset from password change and delete account (#862)
It's helpful when you forgot your password thus cannot change it
(can happen if you log in via OAuth2 or OpenID)

Also make sure that both the delete-account and password-change
links to forgot-password will have the primary email pre-filled
2017-03-11 17:11:54 +08:00
8947b711aa Link OAuth2 account to 2FA enabled account (fix #1050) (#1052)
* fixes #1050 where linking an account to a 2fa enabled account failed because we forgot to really link the account when 2fa is completed

* handle errors
2017-02-27 18:10:26 +08:00
19b3c45ca7 fix 500 when use a duplicat email instead of giving an error tip (#1040) 2017-02-25 22:57:06 +08:00
01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
6dd096b7f0 Two factor authentication support (#630)
* Initial commit for 2FA support

Signed-off-by: Andrew <write@imaginarycode.com>

* Add vendored files

* Add missing depends

* A few clean ups

* Added improvements, proper encryption

* Better encryption key

* Simplify "key" generation

* Make 2FA enrollment page more robust

* Fix typo

* Rename twofa/2FA to TwoFactor

* UNIQUE INDEX -> UNIQUE
2017-01-16 10:14:29 +08:00
f27d87d93b Added minimum password length to app.ini (#223) 2016-12-24 21:40:44 +08:00
380e32e129 Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator

Fix random string generator

Random string generator should return error if it fails to read random data via crypto/rand

* Fixes variable (un)initialization mixed assign
Update test GetRandomString
2016-12-20 13:32:02 +01:00
94da472717 Golint fixed for modules/setting (#262)
* golint fixed for modules/setting

* typo fixed and renamed UNIXSOCKET to UnixSocket
2016-11-27 18:14:25 +08:00
cf045b029c golint fixed for parts of routers root, dev, user and org dirs (#167)
* golint fixed for parts of routers root, dev and org dirs

* add user/auth.go golint fixed

* rename unnecessary exported to unexported and user dir golint fixed
2016-11-18 11:03:03 +08:00
ddee4c8b58 Normalize files with gofmt 2016-11-11 13:11:45 +01:00
4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
f91cbf0fed Support to last login feature 2016-11-09 08:53:45 -02:00
2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
2cb5ec5983 Prevented user enumeration of valid users through HTTP status codes of login (#3639) (#3654) 2016-10-16 22:08:40 -04:00
f0b5c3b90a #3448 redirect if any after sign in 2016-08-27 15:07:02 -07:00
1f2e173a74 Refactor User.Id to User.ID 2016-07-24 01:08:22 +08:00
f1b8d52eb3 #2854 fix no mail notification when issue is closed/reopened 2016-07-16 00:36:39 +08:00
8966f5635d Merge pull request #2823 from zacheryph/feature/local-only-password-reset
Prevent `Forgot Password` for non local users
2016-03-14 16:44:05 -04:00
63e21c146a ensure we don’t try changing LDAP passswords 2016-03-14 09:40:16 -05:00
b4f47a7623 #1891 attempt to fix invalid csrf token 2016-03-12 20:56:03 -05:00
514382e2eb Rename module: middleware -> context 2016-03-11 11:56:52 -05:00
7f9598141b fix #2020 2015-11-24 18:49:34 -05:00
dc0c0dc06b fix typo for #1996 2015-11-19 11:52:39 -05:00
9330c943cd work on #1891 2015-11-18 23:52:09 -05:00
932dbccb67 fix import path, fix #1782 2015-10-15 21:28:12 -04:00
3fb1b6a608 drop oauth2 feature support 2015-09-17 16:11:44 -04:00
9d36fc6986 finish new auth e-mails 2015-09-17 14:57:24 -04:00
373731f5e8 user gomail and new activate account email tpl
- #1496: fallback plain text
- #1002: add date header
- #913: fix encoding of header
2015-09-17 01:54:12 -04:00
83e747bfda #697 and #1606 and new admin edit user UI 2015-09-13 11:07:21 -04:00
8e0a69f86a #697 disable captcha and new admin create user UI 2015-09-13 09:51:51 -04:00
47ac579f09 only assign auto-admin when sign up by web 2015-08-19 04:58:45 +08:00
817b48ed1e Show owner/poster tags of comments and fix #1312 2015-08-14 02:43:40 +08:00
e50982f5ec allow anonymous SSH clone 2015-08-05 11:14:17 +08:00
698b9e2acc #1070 Clearer error message for illegal characters 2015-03-26 17:11:47 -04:00
1654e9ecab templates/user/settings/emial.tmpl: little fix on UI
- routers/user: little code format
- conf/locale: update French locale
2015-02-21 22:13:47 -05:00
a18decf4cc Merge pull request #755 from phsmit/multiple_emails
Multiple emails
2014-12-20 22:47:05 -05:00
57b3be4016 work on #756 2014-12-17 23:04:05 -05:00
ec71d538fc Method for activating email addresses through verification email 2014-12-17 17:41:49 +02:00
146c8efee3 Fix API broken 2014-10-18 23:42:43 -04:00
3abc41ccca Fix API broken 2014-10-18 23:26:55 -04:00
976f1486e0 Set cookiepath to AppSubUrl 2014-09-21 14:25:22 +02:00