conf: overhaul auth and user settings (#5942)

* conf: overhaul auth and user settings

* ci: update travis Go versions

Author: unknwon

.travis.yml

@@ -1,8 +1,8 @@
 os: linux
 language: go
 go:
-  - 1.12.x
   - 1.13.x
+  - 1.14.x
 go_import_path: gogs.io/gogs
 
 env:

CHANGELOG.md

@@ -22,7 +22,13 @@ All notable changes to Gogs are documented in this file.
 - Configuration option `[server] LANDING_PAGE` is deprecated and will end support in 0.13.0, please start using `[server] LANDING_URL`.
 - Configuration option `[database] DB_TYPE` is deprecated and will end support in 0.13.0, please start using `[database] TYPE`.
 - Configuration option `[database] PASSWD` is deprecated and will end support in 0.13.0, please start using `[database] PASSWORD`.
+- Configuration option `[security] REVERSE_PROXY_AUTHENTICATION_USER` is deprecated and will end support in 0.13.0, please start using `[auth] REVERSE_PROXY_AUTHENTICATION_HEADER`.
 - Configuration section `[mailer]` is deprecated and will end support in 0.13.0, please start using `[email]`.
+- Configuration section `[service]` is deprecated and will end support in 0.13.0, please start using `[auth]`.
+- Configuration option `[auth] ACTIVE_CODE_LIVE_MINUTES` is deprecated and will end support in 0.13.0, please start using `[auth] ACTIVATE_CODE_LIVES`.
+- Configuration option `[auth] RESET_PASSWD_CODE_LIVE_MINUTES` is deprecated and will end support in 0.13.0, please start using `[auth] RESET_PASSWORD_CODE_LIVES`.
+- Configuration option `[auth] ENABLE_CAPTCHA` is deprecated and will end support in 0.13.0, please start using `[auth] ENABLE_REGISTRATION_CAPTCHA`.
+- Configuration option `[auth] ENABLE_NOTIFY_MAIL` is deprecated and will end support in 0.13.0, please start using `[user] ENABLE_EMAIL_NOTIFICATION`.
 
 ### Fixed
 

conf/app.ini

@@ -172,8 +172,6 @@ COOKIE_REMEMBER_NAME = gogs_incredible
 COOKIE_USERNAME = gogs_awesome
 ; Whether to set secure cookie.
 COOKIE_SECURE = false
-; The HTTP header for reverse proxy authentication via username.
-REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 ; Whether to set cookie to indicate user login status.
 ENABLE_LOGIN_STATUS_COOKIE = false
 ; The cookie name to store user login status.
@@ -213,6 +211,32 @@ USE_PLAIN_TEXT = false
 ; It is used to support older mail clients and make spam filters happier.
 ADD_PLAIN_TEXT_ALT = false
 
+[auth]
+; The valid duration of activate code in minutes.
+ACTIVATE_CODE_LIVES = 180
+; The valid duration of reset password code in minutes.
+RESET_PASSWORD_CODE_LIVES = 180
+; Whether to require email confirmation for adding new email addresses.
+; Enable this option will also require user to confirm the email for registration.
+REQUIRE_EMAIL_CONFIRMATION = false
+; Whether to disallow anonymous users visiting the site.
+REQUIRE_SIGNIN_VIEW = false
+; Whether to disable self-registration. When disabled, accounts would have to be created by admins.
+DISABLE_REGISTRATION = false
+; Whether to enable captcha validation for registration
+ENABLE_REGISTRATION_CAPTCHA = true
+
+; Whether to enable reverse proxy authentication via HTTP header.
+ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+; Whether to automatically create new users for reverse proxy authentication.
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+; The HTTP header used as username for reverse proxy authentication.
+REVERSE_PROXY_AUTHENTICATION_HEADER = X-WEBAUTH-USER
+
+[user]
+; Whether to enable email notifications for users.
+ENABLE_EMAIL_NOTIFICATION = false
+
 ; Attachment settings for releases
 [release.attachment]
 ; Whether attachments are enabled. Defaults to `true`
@@ -251,23 +275,6 @@ ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Disable regular (non-admin) users to create organizations
 DISABLE_REGULAR_ORG_CREATION = false
 
-[service]
-ACTIVE_CODE_LIVE_MINUTES = 180
-RESET_PASSWD_CODE_LIVE_MINUTES = 180
-; User need to confirm e-mail for registration
-REGISTER_EMAIL_CONFIRM = false
-; Does not allow register and admin create account only
-DISABLE_REGISTRATION = false
-; User must sign in to view anything.
-REQUIRE_SIGNIN_VIEW = false
-; Mail notification
-ENABLE_NOTIFY_MAIL = false
-; More detail: https://github.com/gogits/gogs/issues/165
-ENABLE_REVERSE_PROXY_AUTHENTICATION = false
-ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
-; Enable captcha validation for registration
-ENABLE_CAPTCHA = false
-
 [webhook]
 ; Types are enabled for users to use, can be "gogs", "slack", "discord", "dingtalk"
 TYPES = gogs, slack, discord, dingtalk

conf/locale/locale_en-US.ini

@@ -1270,21 +1270,25 @@ config.email.send_test_mail = Send test email
 config.email.test_mail_failed = Failed to send test email to '%s': %v
 config.email.test_mail_sent = Test email has been sent to '%s'.
 
+config.auth_config = Authentication configuration
+config.auth.activate_code_lives = Activate code lives
+config.auth.reset_password_code_lives = Reset password code lives
+config.auth.require_email_confirm = Require email confirmation
+config.auth.require_sign_in_view = Require sign in view
+config.auth.disable_registration = Disable registration
+config.auth.enable_registration_captcha = Enable registration captcha
+config.auth.enable_reverse_proxy_authentication = Enable reverse proxy authentication
+config.auth.enable_reverse_proxy_auto_registration = Enable reverse proxy auto registration
+config.auth.reverse_proxy_authentication_header = Reverse proxy authentication header
+
+config.user_config = User configuration
+config.user.enable_email_notify = Enable email notification
+
 config.log_file_root_path = Log File Root Path
 
 config.http_config = HTTP Configuration
 config.http_access_control_allow_origin = Access Control Allow Origin
 
-config.service_config = Service Configuration
-config.register_email_confirm = Require Email Confirmation
-config.disable_register = Disable Registration
-config.show_registration_button = Show Register Button
-config.require_sign_in_view = Require Sign In View
-config.mail_notify = Mail Notification
-config.disable_key_size_check = Disable Minimum Key Size Check
-config.enable_captcha = Enable Captcha
-config.active_code_lives = Active Code Lives
-config.reset_password_code_lives = Reset Password Code Lives
 
 config.webhook_config = Webhook Configuration
 config.queue_length = Queue Length

internal/assets/conf/conf_gen.go

@@ -90,7 +90,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *db.User, isBasic
 	uid, isTokenAuth := SignedInID(ctx, sess)
 
 	if uid <= 0 {
-		if conf.Service.EnableReverseProxyAuth {
+		if conf.Auth.EnableReverseProxyAuthentication {
 			webAuthUser := ctx.Req.Header.Get(conf.Security.ReverseProxyAuthenticationUser)
 			if len(webAuthUser) > 0 {
 				u, err := db.GetUserByName(webAuthUser)
@@ -101,7 +101,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *db.User, isBasic
 					}
 
 					// Check if enabled auto-registration.
-					if conf.Service.EnableReverseProxyAutoRegister {
+					if conf.Auth.EnableReverseProxyAutoRegistration {
 						u := &db.User{
 							Name:     webAuthUser,
 							Email:    gouuid.NewV4().String() + "@localhost",

internal/assets/templates/templates_gen.go

@@ -198,7 +198,6 @@ func runHookPostReceive(c *cli.Context) error {
 
 	// Post-receive hook does more than just gather Git information,
 	// so we need to setup additional services for email notifications.
-	conf.NewPostReceiveHookServices()
 	email.NewContext()
 
 	isWiki := strings.Contains(os.Getenv(db.ENV_REPO_CUSTOM_HOOKS_PATH), ".wiki.git/")

internal/auth/auth.go

@@ -235,12 +235,11 @@ func runServ(c *cli.Context) error {
 			}
 		}
 	} else {
-		conf.NewService()
 		// Check if the key can access to the repository in case of it is a deploy key (a deploy keys != user key).
-		// A deploy key doesn't represent a signed in user, so in a site with Service.RequireSignInView activated
-		// we should give read access only in repositories where this deploy key is in use. In other case, a server
-		// or system using an active deploy key can get read access to all the repositories in a Gogs service.
-		if key.IsDeployKey() && conf.Service.RequireSignInView {
+		// A deploy key doesn't represent a signed in user, so in a site with Auth.RequireSignInView enabled,
+		// we should give read access only in repositories where this deploy key is in use. In other cases,
+		// a server or system using an active deploy key can get read access to all repositories on a Gogs instace.
+		if key.IsDeployKey() && conf.Auth.RequireSigninView {
 			checkDeployKey(key, repo)
 		}
 	}

internal/cmd/hook.go

@@ -177,7 +177,7 @@ func runWeb(c *cli.Context) error {
 	m := newMacaron()
 
 	reqSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: true})
-	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: conf.Service.RequireSignInView})
+	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: conf.Auth.RequireSigninView})
 	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
 	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
 

internal/cmd/serv.go

@@ -61,6 +61,8 @@ var File *ini.File
 // It is safe to call this function multiple times with desired `customConf`, but it is
 // not concurrent safe.
 //
+// NOTE: The order of loading configuration sections matters as one may depend on another.
+//
 // ⚠️ WARNING: Do not print anything in this function other than wanrings.
 func Init(customConf string) error {
 	var err error
@@ -232,6 +234,26 @@ func Init(customConf string) error {
 		Email.FromEmail = parsed.Address
 	}
 
+	// ***********************************
+	// ----- Authentication settings -----
+	// ***********************************
+
+	if err = File.Section("auth").MapTo(&Auth); err != nil {
+		return errors.Wrap(err, "mapping [auth] section")
+	}
+	// LEGACY [0.13]: In case there are values with old section name.
+	if err = File.Section("service").MapTo(&Auth); err != nil {
+		return errors.Wrap(err, "mapping [service] section")
+	}
+
+	// ***********************************
+	// ----- User settings -----
+	// ***********************************
+
+	if err = File.Section("user").MapTo(&User); err != nil {
+		return errors.Wrap(err, "mapping [user] section")
+	}
+
 	handleDeprecated()
 
 	// TODO
@@ -690,31 +712,6 @@ func InitLogging() {
 	}
 }
 
-var Service struct {
-	ActiveCodeLives                int
-	ResetPwdCodeLives              int
-	RegisterEmailConfirm           bool
-	DisableRegistration            bool
-	ShowRegistrationButton         bool
-	RequireSignInView              bool
-	EnableNotifyMail               bool
-	EnableReverseProxyAuth         bool
-	EnableReverseProxyAutoRegister bool
-	EnableCaptcha                  bool
-}
-
-func newService() {
-	sec := File.Section("service")
-	Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
-	Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
-	Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool()
-	Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration)
-	Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool()
-	Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
-	Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
-	Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
-}
-
 func newCacheService() {
 	CacheAdapter = File.Section("cache").Key("ADAPTER").In("memory", []string{"memory", "redis", "memcache"})
 	switch CacheAdapter {
@@ -744,53 +741,11 @@ func newSessionService() {
 	log.Trace("Session service is enabled")
 }
 
-func newRegisterMailService() {
-	if !File.Section("service").Key("REGISTER_EMAIL_CONFIRM").MustBool() {
-		return
-	} else if !Email.Enabled {
-		log.Warn("Email confirmation is not enabled due to the mail service is not available")
-		return
-	}
-	Service.RegisterEmailConfirm = true
-	log.Trace("Email confirmation is enabled")
-}
-
-// newNotifyMailService initializes notification email service options from configuration.
-// No non-error log will be printed in hook mode.
-func newNotifyMailService() {
-	if !File.Section("service").Key("ENABLE_NOTIFY_MAIL").MustBool() {
-		return
-	} else if !Email.Enabled {
-		log.Warn("Email notification is not enabled due to the mail service is not available")
-		return
-	}
-	Service.EnableNotifyMail = true
-
-	if HookMode {
-		return
-	}
-	log.Trace("Email notification is enabled")
-}
-
-func NewService() {
-	newService()
-}
-
 func NewServices() {
-	newService()
 	newCacheService()
 	newSessionService()
-	newRegisterMailService()
-	newNotifyMailService()
 }
 
 // HookMode indicates whether program starts as Git server-side hook callback.
+// All operations should be done synchronously to prevent program exits before finishing.
 var HookMode bool
-
-// NewPostReceiveHookServices initializes all services that are needed by
-// Git server-side post-receive hook callback.
-func NewPostReceiveHookServices() {
-	HookMode = true
-	newService()
-	newNotifyMailService()
-}

internal/cmd/web.go

@@ -149,15 +149,17 @@ var (
 
 	// Security settings
 	Security struct {
-		InstallLock                    bool
-		SecretKey                      string
-		LoginRememberDays              int
-		CookieRememberName             string
-		CookieUsername                 string
-		CookieSecure                   bool
+		InstallLock             bool
+		SecretKey               string
+		LoginRememberDays       int
+		CookieRememberName      string
+		CookieUsername          string
+		CookieSecure            bool
+		EnableLoginStatusCookie bool
+		LoginStatusCookieName   string
+
+		// Deprecated: Use Auth.ReverseProxyAuthenticationHeader instead, will be removed in 0.13.
 		ReverseProxyAuthenticationUser string
-		EnableLoginStatusCookie        bool
-		LoginStatusCookieName          string
 	}
 
 	// Email settings
@@ -186,6 +188,36 @@ var (
 		// Deprecated: Use Password instead, will be removed in 0.13.
 		Passwd string
 	}
+
+	// Authentication settings
+	Auth struct {
+		ActivateCodeLives         int
+		ResetPasswordCodeLives    int
+		RequireEmailConfirmation  bool
+		RequireSigninView         bool
+		DisableRegistration       bool
+		EnableRegistrationCaptcha bool
+
+		EnableReverseProxyAuthentication   bool
+		EnableReverseProxyAutoRegistration bool
+		ReverseProxyAuthenticationHeader   string
+
+		// Deprecated: Use ActivateCodeLives instead, will be removed in 0.13.
+		ActiveCodeLiveMinutes int
+		// Deprecated: Use ResetPasswordCodeLives instead, will be removed in 0.13.
+		ResetPasswdCodeLiveMinutes int
+		// Deprecated: Use RequireEmailConfirmation instead, will be removed in 0.13.
+		RegisterEmailConfirm bool
+		// Deprecated: Use EnableRegistrationCaptcha instead, will be removed in 0.13.
+		EnableCaptcha bool
+		// Deprecated: Use User.EnableEmailNotification instead, will be removed in 0.13.
+		EnableNotifyMail bool
+	}
+
+	// User settings
+	User struct {
+		EnableEmailNotification bool
+	}
 )
 
 // handleDeprecated transfers deprecated values to the new ones when set.
@@ -217,4 +249,30 @@ func handleDeprecated() {
 		Email.Password = Email.Passwd
 		Email.Passwd = ""
 	}
+
+	if Auth.ActiveCodeLiveMinutes > 0 {
+		Auth.ActivateCodeLives = Auth.ActiveCodeLiveMinutes
+		Auth.ActiveCodeLiveMinutes = 0
+	}
+	if Auth.ResetPasswdCodeLiveMinutes > 0 {
+		Auth.ResetPasswordCodeLives = Auth.ResetPasswdCodeLiveMinutes
+		Auth.ResetPasswdCodeLiveMinutes = 0
+	}
+	if Auth.RegisterEmailConfirm {
+		Auth.RequireEmailConfirmation = true
+		Auth.RegisterEmailConfirm = false
+	}
+	if Auth.EnableCaptcha {
+		Auth.EnableRegistrationCaptcha = true
+		Auth.EnableCaptcha = false
+	}
+	if Security.ReverseProxyAuthenticationUser != "" {
+		Auth.ReverseProxyAuthenticationHeader = Security.ReverseProxyAuthenticationUser
+		Security.ReverseProxyAuthenticationUser = ""
+	}
+
+	if Auth.EnableNotifyMail {
+		User.EnableEmailNotification = true
+		Auth.EnableNotifyMail = false
+	}
 }