These are chat archives for go-gitea/gitea

23rd
Jan 2017
Gregor Santner
@gsantner
Jan 23 2017 00:13
@adpande Also tried replacing the images, put them into custom/public/img, and restarted. Also no success. Maybe overriding is not implemented for /public directory (but e.g. templates dir)
Thomas Boerger
@tboerger
Jan 23 2017 05:46
For templates there is an open issue because it currently doesn't work
Michael de Wit
@mjwwit
Jan 23 2017 07:35
@lunny amazing, works like a charm! Great job!
Lunny Xiao
@lunny
Jan 23 2017 08:18
😀
Willem van Dreumel
@willemvd
Jan 23 2017 10:35
please review go-gitea/gitea#679 :smile:
Carlo Landmeter
@clandmeter
Jan 23 2017 12:29
@lunny did you check the release page pager i mention in my bug report?
Thomas Boerger
@tboerger
Jan 23 2017 12:30
Welcome Carlo :)
/me is mosez
Carlo Landmeter
@clandmeter
Jan 23 2017 12:31
Hi :)
Thomas Boerger
@tboerger
Jan 23 2017 12:31
Oh, the mobile app doesn't like to print /me properly :P
Carlo Landmeter
@clandmeter
Jan 23 2017 12:32
looks like the release page still had an issue with the pager?
s/had/has
Willem van Dreumel
@willemvd
Jan 23 2017 12:33
@bkcsoft more few things on go-gitea/gitea#679 ? ;)
Thomas Boerger
@tboerger
Jan 23 2017 12:36
Hum, looks like I need to generate some releases
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 12:41
@willemvd the deal-breaker would be, have you tried the code? :P
since I see no tests :shipit:
Willem van Dreumel
@willemvd
Jan 23 2017 12:42
ofcourse I did ;) with GitHub :)
I’m only wondering right now… how do we do authentication on HTTP clone?
(same goes for existing external logins SMTP, PAM)
Willem van Dreumel
@willemvd
Jan 23 2017 13:00
for now only OAuth2 logins can be combined with SSH clones..
SMTP, PAM and LDAP logins will be performed like login to the GUI, but for OAuth2 that won’t work
does someone has an idea on that?
Thomas Boerger
@tboerger
Jan 23 2017 13:04
We can reject authentication in that case or we can accept tokens that get validated by github and so on :)
But IMHO it should only work with a password set by the user
Michael de Wit
@mjwwit
Jan 23 2017 13:08
I don't think it's a problem to force users to set a password if they want to use git over http
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 13:17
I'm not sure how this is done on e.g. gitlab.com. You can authorize push/pull for github-repos, but sure about the rest though...
Willem van Dreumel
@willemvd
Jan 23 2017 13:20
at this moment external users are not allowed to change (or set) a password
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 13:24
well obviously :trollface:
Willem van Dreumel
@willemvd
Jan 23 2017 13:31
gitlab gives a warning when logging in with github:
vYou won't be able to pull or push project code via HTTPS until you set a password on your account
and ofcourse there is also such a warning for SSH ;)
Willem van Dreumel
@willemvd
Jan 23 2017 13:36
or should we allow the access token to be valid for authentication over HTTP?

(like Gitlab: Personal Access Tokens

You can generate a personal access token for each application you use that needs access to the GitLab API.

You can also use personal access tokens to authenticate against Git over HTTP. They are the only accepted password when you have Two-Factor Authentication (2FA) enabled.)

IMHO we should not use a password because this will also complicate the current username/password flow
access token looks more clean to me
Willem van Dreumel
@willemvd
Jan 23 2017 13:42
(oh and I would hate it when we do not support HTTP clones , because I need it since I cannot use SSH clones :) )
Michael de Wit
@mjwwit
Jan 23 2017 13:46
Generally speaking, OAuth consuming apps do allow passwords to be set right? It would just add another way to login to the same account. Some apps also allow multiple OAuth sources to be registered. I don't see how this will complicate the existing user/password flow (but I haven't looked at those parts of the code)
Willem van Dreumel
@willemvd
Jan 23 2017 13:56
you are right @mjwwit , but it has more to do with the different in general of how we now handle external logins
should we then now also allowed them to setup a password instead of the current "Non-local type users are not allowed to change their password."
Michael de Wit
@mjwwit
Jan 23 2017 13:58
I think that would greatly increase the value of the feature, since git over http would then work as expected (and without having to generate and copy-paste tokens)
Willem van Dreumel
@willemvd
Jan 23 2017 13:58
or only for the OAuth2 users?
but what is the source for checking the password then (in case of LDAP,PAM&SMTP) , external source or gitea , and in which order?
first external and if it fails , gitea ? or the other way around?
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:08
@willemvd push/pull over SSH requires SSH-Keys :)
Willem van Dreumel
@willemvd
Jan 23 2017 14:09
@bkcsoft hehe :)
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:09
so that's not an issue. over HTTPS would require setting a password/access-token (Actually, I'd say "we demand tokens!" :P )
Willem van Dreumel
@willemvd
Jan 23 2017 14:10
who is/are allowed to make that kind of decisions? password vs access token? before we end up in some sort of voting by ! :)
Michael de Wit
@mjwwit
Jan 23 2017 14:12
the maintainers will have to figure that out
Willem van Dreumel
@willemvd
Jan 23 2017 14:13
:fire: bring up the maintainers … :fire_engine: ;)
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:16
<-- maintainer, I say tokens! :D
tokens is the OAuth-way anyhow ;)
Willem van Dreumel
@willemvd
Jan 23 2017 14:16
@bkcsoft I’ve just put the 2FA in place , saw that it was not in place when configured by the user
(second place = use)
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:17
2FA? wasn't that another PR? :P
Thomas Boerger
@tboerger
Jan 23 2017 14:17
wow, the first bounty on gitea at go-gitea/gitea#730 :)
Willem van Dreumel
@willemvd
Jan 23 2017 14:17
somebody put it in the master :P
Michael de Wit
@mjwwit
Jan 23 2017 14:18
good money for a "background-color: black;" :laughing:
Willem van Dreumel
@willemvd
Jan 23 2017 14:18
hehe :D
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:19
@tboerger :joy:
And I also want that :D
Willem van Dreumel
@willemvd
Jan 23 2017 14:19
don’t forget color: white
;)
Michael de Wit
@mjwwit
Jan 23 2017 14:20
@bkcsoft why not allow user/password auth? This means that if you once created your account by "logging in with Facebook" (like a moron), you can still set a password and commit facebook-suicide, but keep your Gitea account :smile:
Willem van Dreumel
@willemvd
Jan 23 2017 14:21
@mjwwit should not every facebook user do that? ;)
Michael de Wit
@mjwwit
Jan 23 2017 14:21
ofc, but that's besides the point
or maybe we should just support everything from OAuth, tokens, user/password, etc. and let the end-users / system admins decide which ones they would like?
Willem van Dreumel
@willemvd
Jan 23 2017 14:25
think that you last comment is only valid when gitea becomes a oauth provider , this is only about consuming
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:26
@mjwwit in the future we could allow for account-migrations ;)
Minimum Viable Change <3
Michael de Wit
@mjwwit
Jan 23 2017 14:28
@willemvd How so? As a system-admin I would like to allow my slaves.. ehh users to be able to login with Google (with a domain filter), GitHub, and username/password. This is a normal use-case right?
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:29
@willemvd AFAIK 2FA is provider-side, so no need for that last commit :)
Willem van Dreumel
@willemvd
Jan 23 2017 14:29
@mjwwit thought you mean the HTTP push / pull :)
@bkcsoft but what about the 2FA in Gitea as setup by the user?
Michael de Wit
@mjwwit
Jan 23 2017 14:30
git is obviously limited to SSH or some form of basic/digest auth when using git over http
@bkcsoft I don't see why there would be a need to "migrate" accounts. All that's needed is to add another authentication method to your account
and I'm not suggesting we fix everything in @willemvd's current PR
Willem van Dreumel
@willemvd
Jan 23 2017 14:33
yes i know , and the final question is, should we allow the user to do the git over http with a username/password (so a user needs to setup a password even when he would login with OAuth to the GUI) or a username/access-token combination
created in Gitea
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:38
@mjwwit This will turn painful, having multiple auth-methods for a single user
Willem van Dreumel
@willemvd
Jan 23 2017 14:38
agree with @bkcsoft
Michael de Wit
@mjwwit
Jan 23 2017 14:39
Why though? Because of how auth currently works in Gitea?
Because logically it's not that complex at all
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:41
yes
Basically, Auth in Gitea needs to be refactored at some point
Michael de Wit
@mjwwit
Jan 23 2017 14:41
ok, clear
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 14:42
and this is true for Gogs as well, and why Unknwon does not allow any PRs for adding more auth-sources
Michael de Wit
@mjwwit
Jan 23 2017 14:44
in that case I wouldn't spend any time on an "account-migration" feature, and instead put that time into refactoring the auth system
Willem van Dreumel
@willemvd
Jan 23 2017 14:48
totally agree with the fact that it is not very clean in it’s setup (and I don’t understand the choice for the current selected auth sources btw )
but back to the main question :) git over http login ...
basic auth with username and access token ?
or basic auth with username and password (which can only be used for git over http and not to login on the GUI)
Michael de Wit
@mjwwit
Jan 23 2017 14:50
in that case it doesn't make sense to use password, it would only confuse ppl
Willem van Dreumel
@willemvd
Jan 23 2017 14:50
agree
just bringing up the possible options ;)
Willem van Dreumel
@willemvd
Jan 23 2017 14:57
so agree on user with access token?
Michael de Wit
@mjwwit
Jan 23 2017 15:43
@lunny bad news, I found another issue with the dump to postgres. The sequences aren't set correctly
this causes errors when, for instance, trying to create a repository
want me to create an issue?
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 22:06
anyone wanna have a crack at getting Gitea into ProGit-book? :trollface: https://github.com/progit/progit2/tree/master/book/04-git-server
matrixbot
@matrixbot
Jan 23 2017 22:18
strk I agree with @mjwwit that allowing for a user/password base auth is important even if your preferred method is oauth or openid
strk You might not have a password initially, but it's useful to be able to set one, for your existing account.
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 22:40
but that password would be useless for logging in, so in terms of "what you have to do" it's actually easier to press "Generate Access Token" than to think-of and input a new password...
and IF you use OAuth-login, I'd assume that people usually don't want a password lingering around
also, how do we differenciate? they could now login via oauth or "locally" ?
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 22:47
IMO allowing passwords for oauth-users just opens a can of worms that we don't want ATM :smile:
Starz0r
@Starz0r
Jan 23 2017 23:33
does Gitea have signing Commits and Releases with PGP yet?
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 23:47
AFAIK no go-gitea/gitea#425
Starz0r
@Starz0r
Jan 23 2017 23:47
darn
is it on the roadmap?
Kim "BKC" Carlbäcker
@bkcsoft
Jan 23 2017 23:49
the PR is set for 1.1, issue for 1.x :)