Fix inconsistent naming of OAuth 2.0 ENABLE
setting (#28951)
Renames it to `ENABLED` to be consistent with other settings and deprecates it. I believe this change is necessary because other setting groups such as `attachment`, `cors`, `mailer`, etc. have an `ENABLED` setting, but `oauth2` is the only one with an `ENABLE` setting, which could cause confusion for users. This is no longer a breaking change because `ENABLE` has been set as deprecated and as an alias to `ENABLED`.
This commit is contained in:
parent
61f8ca4906
commit
d9b3849454
|
@ -524,7 +524,7 @@ INTERNAL_TOKEN=
|
||||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||||
;;
|
;;
|
||||||
;; Enables OAuth2 provider
|
;; Enables OAuth2 provider
|
||||||
ENABLE = true
|
ENABLED = true
|
||||||
;;
|
;;
|
||||||
;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
|
;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
|
||||||
;JWT_SIGNING_ALGORITHM = RS256
|
;JWT_SIGNING_ALGORITHM = RS256
|
||||||
|
|
|
@ -1107,7 +1107,7 @@ This section only does "set" config, a removed config key from this section won'
|
||||||
|
|
||||||
## OAuth2 (`oauth2`)
|
## OAuth2 (`oauth2`)
|
||||||
|
|
||||||
- `ENABLE`: **true**: Enables OAuth2 provider.
|
- `ENABLED`: **true**: Enables OAuth2 provider.
|
||||||
- `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
|
- `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
|
||||||
- `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 refresh token in hours
|
- `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 refresh token in hours
|
||||||
- `INVALIDATE_REFRESH_TOKENS`: **false**: Check if refresh token has already been used
|
- `INVALIDATE_REFRESH_TOKENS`: **false**: Check if refresh token has already been used
|
||||||
|
|
|
@ -1043,7 +1043,7 @@ Gitea 创建以下非唯一队列:
|
||||||
|
|
||||||
## OAuth2 (`oauth2`)
|
## OAuth2 (`oauth2`)
|
||||||
|
|
||||||
- `ENABLE`: **true**:启用OAuth2提供者。
|
- `ENABLED`: **true**:启用OAuth2提供者。
|
||||||
- `ACCESS_TOKEN_EXPIRATION_TIME`:**3600**:OAuth2访问令牌的生命周期,以秒为单位。
|
- `ACCESS_TOKEN_EXPIRATION_TIME`:**3600**:OAuth2访问令牌的生命周期,以秒为单位。
|
||||||
- `REFRESH_TOKEN_EXPIRATION_TIME`:**730**:OAuth2刷新令牌的生命周期,以小时为单位。
|
- `REFRESH_TOKEN_EXPIRATION_TIME`:**730**:OAuth2刷新令牌的生命周期,以小时为单位。
|
||||||
- `INVALIDATE_REFRESH_TOKENS`:**false**:检查刷新令牌是否已被使用。
|
- `INVALIDATE_REFRESH_TOKENS`:**false**:检查刷新令牌是否已被使用。
|
||||||
|
|
|
@ -93,7 +93,7 @@ func parseScopes(sec ConfigSection, name string) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
var OAuth2 = struct {
|
var OAuth2 = struct {
|
||||||
Enable bool
|
Enabled bool
|
||||||
AccessTokenExpirationTime int64
|
AccessTokenExpirationTime int64
|
||||||
RefreshTokenExpirationTime int64
|
RefreshTokenExpirationTime int64
|
||||||
InvalidateRefreshTokens bool
|
InvalidateRefreshTokens bool
|
||||||
|
@ -103,7 +103,7 @@ var OAuth2 = struct {
|
||||||
MaxTokenLength int
|
MaxTokenLength int
|
||||||
DefaultApplications []string
|
DefaultApplications []string
|
||||||
}{
|
}{
|
||||||
Enable: true,
|
Enabled: true,
|
||||||
AccessTokenExpirationTime: 3600,
|
AccessTokenExpirationTime: 3600,
|
||||||
RefreshTokenExpirationTime: 730,
|
RefreshTokenExpirationTime: 730,
|
||||||
InvalidateRefreshTokens: false,
|
InvalidateRefreshTokens: false,
|
||||||
|
@ -114,16 +114,23 @@ var OAuth2 = struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadOAuth2From(rootCfg ConfigProvider) {
|
func loadOAuth2From(rootCfg ConfigProvider) {
|
||||||
if err := rootCfg.Section("oauth2").MapTo(&OAuth2); err != nil {
|
sec := rootCfg.Section("oauth2")
|
||||||
log.Fatal("Failed to OAuth2 settings: %v", err)
|
if err := sec.MapTo(&OAuth2); err != nil {
|
||||||
|
log.Fatal("Failed to map OAuth2 settings: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !OAuth2.Enable {
|
// Handle the rename of ENABLE to ENABLED
|
||||||
|
deprecatedSetting(rootCfg, "oauth2", "ENABLE", "oauth2", "ENABLED", "v1.23.0")
|
||||||
|
if sec.HasKey("ENABLE") && !sec.HasKey("ENABLED") {
|
||||||
|
OAuth2.Enabled = sec.Key("ENABLE").MustBool(OAuth2.Enabled)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !OAuth2.Enabled {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
OAuth2.JWTSecretBase64 = loadSecret(rootCfg.Section("oauth2"), "JWT_SECRET_URI", "JWT_SECRET")
|
OAuth2.JWTSecretBase64 = loadSecret(sec, "JWT_SECRET_URI", "JWT_SECRET")
|
||||||
|
|
||||||
if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) {
|
if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) {
|
||||||
OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
|
OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
|
||||||
|
|
|
@ -95,9 +95,9 @@ func loadApplicationsData(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.Data["Tokens"] = tokens
|
ctx.Data["Tokens"] = tokens
|
||||||
ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
|
ctx.Data["EnableOAuth2"] = setting.OAuth2.Enabled
|
||||||
ctx.Data["IsAdmin"] = ctx.Doer.IsAdmin
|
ctx.Data["IsAdmin"] = ctx.Doer.IsAdmin
|
||||||
if setting.OAuth2.Enable {
|
if setting.OAuth2.Enabled {
|
||||||
ctx.Data["Applications"], err = db.Find[auth_model.OAuth2Application](ctx, auth_model.FindOAuth2ApplicationsOptions{
|
ctx.Data["Applications"], err = db.Find[auth_model.OAuth2Application](ctx, auth_model.FindOAuth2ApplicationsOptions{
|
||||||
OwnerID: ctx.Doer.ID,
|
OwnerID: ctx.Doer.ID,
|
||||||
})
|
})
|
||||||
|
|
|
@ -304,7 +304,7 @@ func registerRoutes(m *web.Route) {
|
||||||
validation.AddBindingRules()
|
validation.AddBindingRules()
|
||||||
|
|
||||||
linkAccountEnabled := func(ctx *context.Context) {
|
linkAccountEnabled := func(ctx *context.Context) {
|
||||||
if !setting.Service.EnableOpenIDSignIn && !setting.Service.EnableOpenIDSignUp && !setting.OAuth2.Enable {
|
if !setting.Service.EnableOpenIDSignIn && !setting.Service.EnableOpenIDSignUp && !setting.OAuth2.Enabled {
|
||||||
ctx.Error(http.StatusForbidden)
|
ctx.Error(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -768,7 +768,7 @@ func registerRoutes(m *web.Route) {
|
||||||
m.Post("/delete", admin.DeleteApplication)
|
m.Post("/delete", admin.DeleteApplication)
|
||||||
})
|
})
|
||||||
}, func(ctx *context.Context) {
|
}, func(ctx *context.Context) {
|
||||||
if !setting.OAuth2.Enable {
|
if !setting.OAuth2.Enabled {
|
||||||
ctx.Error(http.StatusForbidden)
|
ctx.Error(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -779,7 +779,7 @@ func registerRoutes(m *web.Route) {
|
||||||
addSettingsRunnersRoutes()
|
addSettingsRunnersRoutes()
|
||||||
addSettingsVariablesRoutes()
|
addSettingsVariablesRoutes()
|
||||||
})
|
})
|
||||||
}, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enable, "EnablePackages", setting.Packages.Enabled))
|
}, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enabled, "EnablePackages", setting.Packages.Enabled))
|
||||||
// ***** END: Admin *****
|
// ***** END: Admin *****
|
||||||
|
|
||||||
m.Group("", func() {
|
m.Group("", func() {
|
||||||
|
@ -891,7 +891,7 @@ func registerRoutes(m *web.Route) {
|
||||||
m.Post("/delete", org.DeleteOAuth2Application)
|
m.Post("/delete", org.DeleteOAuth2Application)
|
||||||
})
|
})
|
||||||
}, func(ctx *context.Context) {
|
}, func(ctx *context.Context) {
|
||||||
if !setting.OAuth2.Enable {
|
if !setting.OAuth2.Enabled {
|
||||||
ctx.Error(http.StatusForbidden)
|
ctx.Error(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -943,7 +943,7 @@ func registerRoutes(m *web.Route) {
|
||||||
m.Post("/rebuild", org.RebuildCargoIndex)
|
m.Post("/rebuild", org.RebuildCargoIndex)
|
||||||
})
|
})
|
||||||
}, packagesEnabled)
|
}, packagesEnabled)
|
||||||
}, ctxDataSet("EnableOAuth2", setting.OAuth2.Enable, "EnablePackages", setting.Packages.Enabled, "PageIsOrgSettings", true))
|
}, ctxDataSet("EnableOAuth2", setting.OAuth2.Enabled, "EnablePackages", setting.Packages.Enabled, "PageIsOrgSettings", true))
|
||||||
}, context.OrgAssignment(true, true))
|
}, context.OrgAssignment(true, true))
|
||||||
}, reqSignIn)
|
}, reqSignIn)
|
||||||
// ***** END: Organization *****
|
// ***** END: Organization *****
|
||||||
|
|
Loading…
Reference in a new issue