mirror of
https://gitea.com/gitea/tea.git
synced 2025-09-01 09:28:30 +02:00
Add temporary authentication via environment variables (#639)
#633 Co-authored-by: Tim Riedl <mail@tim-riedl.de> Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com> Co-authored-by: Lunny Xiao <lunny@noreply.gitea.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/639 Co-authored-by: Tim Riedl <uvulpos@noreply.gitea.com> Co-committed-by: Tim Riedl <uvulpos@noreply.gitea.com>
This commit is contained in:

committed by
techknowlogick

parent
449b2e3117
commit
d2ccead88b
@ -9,7 +9,9 @@ import (
|
||||
"log"
|
||||
"os"
|
||||
"path"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/sdk/gitea"
|
||||
"code.gitea.io/tea/modules/config"
|
||||
@ -20,9 +22,7 @@ import (
|
||||
"github.com/urfave/cli/v3"
|
||||
)
|
||||
|
||||
var (
|
||||
errNotAGiteaRepo = errors.New("No Gitea login found. You might want to specify --repo (and --login) to work outside of a repository")
|
||||
)
|
||||
var errNotAGiteaRepo = errors.New("No Gitea login found. You might want to specify --repo (and --login) to work outside of a repository")
|
||||
|
||||
// TeaContext contains all context derived during command initialization and wraps cli.Context
|
||||
type TeaContext struct {
|
||||
@ -125,6 +125,16 @@ func InitCommand(cmd *cli.Command) *TeaContext {
|
||||
c.RepoSlug = repoFlag
|
||||
}
|
||||
|
||||
// override config user with env variable
|
||||
envLogin := GetLoginByEnvVar()
|
||||
if envLogin != nil {
|
||||
_, err := utils.ValidateAuthenticationMethod(envLogin.URL, envLogin.Token, "", "", false, "", "")
|
||||
if err != nil {
|
||||
log.Fatal(err.Error())
|
||||
}
|
||||
c.Login = envLogin
|
||||
}
|
||||
|
||||
// override login from flag, or use default login if repo based detection failed
|
||||
if len(loginFlag) != 0 {
|
||||
c.Login = config.GetLoginByName(loginFlag)
|
||||
@ -230,3 +240,40 @@ func contextFromLocalRepo(repoPath, remoteValue string) (*git.TeaRepo, *config.L
|
||||
|
||||
return repo, nil, "", errNotAGiteaRepo
|
||||
}
|
||||
|
||||
// GetLoginByEnvVar returns a login based on environment variables, or nil if no login can be created
|
||||
func GetLoginByEnvVar() *config.Login {
|
||||
var token string
|
||||
|
||||
giteaToken := os.Getenv("GITEA_TOKEN")
|
||||
githubToken := os.Getenv("GH_TOKEN")
|
||||
giteaInstanceURL := os.Getenv("GITEA_INSTANCE_URL")
|
||||
instanceInsecure := os.Getenv("GITEA_INSTANCE_INSECURE")
|
||||
insecure := false
|
||||
if len(instanceInsecure) > 0 {
|
||||
insecure, _ = strconv.ParseBool(instanceInsecure)
|
||||
}
|
||||
|
||||
// if no tokens are set, or no instance url for gitea fail fast
|
||||
if len(giteaInstanceURL) == 0 || (len(giteaToken) == 0 && len(githubToken) == 0) {
|
||||
return nil
|
||||
}
|
||||
|
||||
token = giteaToken
|
||||
if len(giteaToken) == 0 {
|
||||
token = githubToken
|
||||
}
|
||||
|
||||
return &config.Login{
|
||||
Name: "GITEA_LOGIN_VIA_ENV",
|
||||
URL: giteaInstanceURL,
|
||||
Token: token,
|
||||
Insecure: insecure,
|
||||
SSHKey: "",
|
||||
SSHCertPrincipal: "",
|
||||
SSHKeyFingerprint: "",
|
||||
SSHAgent: false,
|
||||
Created: time.Now().Unix(),
|
||||
VersionCheck: false,
|
||||
}
|
||||
}
|
||||
|
@ -63,21 +63,17 @@ func CreateLogin(name, token, user, passwd, otp, scopes, sshKey, giteaURL, sshCe
|
||||
return fmt.Errorf("token already been used, delete login '%s' first", login.Name)
|
||||
}
|
||||
|
||||
if !sshAgent && sshCertPrincipal == "" && sshKey == "" {
|
||||
// .. if we have enough information to authenticate
|
||||
if len(token) == 0 && (len(user)+len(passwd)) == 0 {
|
||||
return fmt.Errorf("No token set")
|
||||
} else if len(user) != 0 && len(passwd) == 0 {
|
||||
return fmt.Errorf("No password set")
|
||||
} else if len(user) == 0 && len(passwd) != 0 {
|
||||
return fmt.Errorf("No user set")
|
||||
}
|
||||
}
|
||||
|
||||
// Normalize URL
|
||||
serverURL, err := utils.NormalizeURL(giteaURL)
|
||||
serverURL, err := utils.ValidateAuthenticationMethod(
|
||||
giteaURL,
|
||||
token,
|
||||
user,
|
||||
passwd,
|
||||
sshAgent,
|
||||
sshKey,
|
||||
sshCertPrincipal,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to parse URL: %s", err)
|
||||
return err
|
||||
}
|
||||
|
||||
// check if it's a certificate the principal doesn't matter as the user
|
||||
|
38
modules/utils/validate.go
Normal file
38
modules/utils/validate.go
Normal file
@ -0,0 +1,38 @@
|
||||
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package utils
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/url"
|
||||
)
|
||||
|
||||
// ValidateAuthenticationMethod checks the provided authentication method parameters
|
||||
func ValidateAuthenticationMethod(
|
||||
giteaURL string,
|
||||
token string,
|
||||
user string,
|
||||
passwd string,
|
||||
sshAgent bool,
|
||||
sshKey string,
|
||||
sshCertPrincipal string,
|
||||
) (*url.URL, error) {
|
||||
// Normalize URL
|
||||
serverURL, err := NormalizeURL(giteaURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to parse URL: %s", err)
|
||||
}
|
||||
|
||||
if !sshAgent && sshCertPrincipal == "" && sshKey == "" {
|
||||
// .. if we have enough information to authenticate
|
||||
if len(token) == 0 && (len(user)+len(passwd)) == 0 {
|
||||
return nil, fmt.Errorf("No token set")
|
||||
} else if len(user) != 0 && len(passwd) == 0 {
|
||||
return nil, fmt.Errorf("No password set")
|
||||
} else if len(user) == 0 && len(passwd) != 0 {
|
||||
return nil, fmt.Errorf("No user set")
|
||||
}
|
||||
}
|
||||
return serverURL, nil
|
||||
}
|
Reference in New Issue
Block a user