These are chat archives for go-gitea/gitea

22nd
Feb 2017
Lunny Xiao
@lunny
Feb 22 2017 00:09
How do you compile?
Starz0r
@Starz0r
Feb 22 2017 00:10
GOOS=linux go build code.gitea.io/gitea
Lunny Xiao
@lunny
Feb 22 2017 00:11
This method will not embed the resource
Starz0r
@Starz0r
Feb 22 2017 00:13
huh, that's odd because I think it does for freebsd
what should I add so that it embeds the resources?
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 00:17
you need TAGS=bindata
erm, -tags=bindata
Lunny Xiao
@lunny
Feb 22 2017 00:19
See the docs, you couldcuse make
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 00:25
But it should be go-gettable ;)
Starz0r
@Starz0r
Feb 22 2017 00:28
it compiled with the bindata, but locale_en-US.ini isn't even in my copy of the project
so I'm getting the same issue
Lunny Xiao
@lunny
Feb 22 2017 00:40
TAGS="bindata" make generate build
puffybsd
@puffybsd
Feb 22 2017 00:56
Hello, setting up SMTP, my smtp relay service provides a user name, but it's not an email - is this supported?
puffybsd
@puffybsd
Feb 22 2017 01:34
Answered my own question - edit the app.ini file directly. Seems like the web admin ui shouldn't force an email address for the user field.
Lunny Xiao
@lunny
Feb 22 2017 01:35
Yes. :smile:
Lunny Xiao
@lunny
Feb 22 2017 01:47
@puffybsd could you send a PR to help fix that?
puffybsd
@puffybsd
Feb 22 2017 01:47
sure
Lunny Xiao
@lunny
Feb 22 2017 01:47
Thanks! :+1:
puffybsd
@puffybsd
Feb 22 2017 01:56
Is there a reason "docs" is Apache 2.0 license, while gitea itself is MIT?
Starz0r
@Starz0r
Feb 22 2017 01:57
Gitea was forked from Gogs which is under the MIT license
Docs is just self hosted PeachDocs which is under the Apache 2 license
puffybsd
@puffybsd
Feb 22 2017 01:57
fair enough.
puffybsd
@puffybsd
Feb 22 2017 02:12
@lunny would it make sense to point the install link from contributing to the "hacking on gitea" https://docs.gitea.io/en-us/hacking-on-gitea/ instead?
Lunny Xiao
@lunny
Feb 22 2017 02:13
maybe, but someone maybe only submit issues or translation. So maybe he only use the binaries.
puffybsd
@puffybsd
Feb 22 2017 02:14
That makes sense. In that case, there is no install landing page, just the main page with links to the various types of installs in the sidebar. Point to the main page?
effectively this: https://docs.gitea.io/en-us/
Lunny Xiao
@lunny
Feb 22 2017 02:15
OKay, then.
Mura Li
@typeless
Feb 22 2017 02:41
Does anyone want to implement gogits/gogs@d521e71 or have better idieas?
Lunny Xiao
@lunny
Feb 22 2017 02:41
I’m working on first part of it.
Mura Li
@typeless
Feb 22 2017 02:42
@lunny :+1:
Lunny Xiao
@lunny
Feb 22 2017 02:42
I will send a PR some time of today.
Then we will support one gitea-update and multiple user-updates, also pre-receive and post-receive
Mura Li
@typeless
Feb 22 2017 02:43
@lunny I was expecting to do it myself. Good to know you beat me to it.
Lunny Xiao
@lunny
Feb 22 2017 02:44
I’m only a first part of them, only rewrite the hooks part. Then you can continue the other things.
Mura Li
@typeless
Feb 22 2017 02:48
I'll have a look at it when your PR is merged.
Lunny Xiao
@lunny
Feb 22 2017 02:48
Yes. Maybe you can review my PR also. :smile:
Mura Li
@typeless
Feb 22 2017 02:51
:+1: no problem.
puffybsd
@puffybsd
Feb 22 2017 03:11
@lunny, sent pull request for 1003, broken link on CONTRIBUTING.md.
Lunny Xiao
@lunny
Feb 22 2017 03:11
Thanks!
puffybsd
@puffybsd
Feb 22 2017 03:12
no problem. will try the fix for SMTP user validation in the next day or two.
Bo-Yi Wu
@appleboy
Feb 22 2017 03:13
@lunny @puffybsd go-gitea/gitea#1005 I send PR also fix drone document link.
Lunny Xiao
@lunny
Feb 22 2017 03:26
go-gitea/gitea#1006 please review. This PR will refactor the hooks directory.
@appleboy your PR seems the same with @puffybsd ?
Bo-Yi Wu
@appleboy
Feb 22 2017 03:31
@lunny Yes and also fix drone document link.
maybe we can closed #1004
Lunny Xiao
@lunny
Feb 22 2017 03:31
OK. then.
Have you find any clue of #934?
Bo-Yi Wu
@appleboy
Feb 22 2017 03:36
I will take it.
Lunny Xiao
@lunny
Feb 22 2017 03:36
:+1:
Willem van Dreumel
@willemvd
Feb 22 2017 07:06
@bkcsoft merge of master to PR is done, could you LGTM go-gitea/gitea#679 ?
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 07:14
:tada:
Willem van Dreumel
@willemvd
Feb 22 2017 07:15
thanks! LGTM worked :P
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 07:15
(hopefully it works as intended :joy: )
Willem van Dreumel
@willemvd
Feb 22 2017 07:15
hehe ;)
renothing
@renothing
Feb 22 2017 07:41
is it gitea 1.1 delayed?
Lunny Xiao
@lunny
Feb 22 2017 07:50
I think maybe yes
But we just released 1.0.2
Sandro Santilli
@strk
Feb 22 2017 08:40
@bkcsoft: regSignIn ? I don't find it
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 08:49
reqSignIn* :P
Lunny Xiao
@lunny
Feb 22 2017 08:50
I have setup login with your github account on https://try.gitea.io
bkcsoft @bkcsoft is tired and should sleep :unamused:
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 08:50
\o/
Lunny Xiao
@lunny
Feb 22 2017 08:50
works well. @willemvd
Sandro Santilli
@strk
Feb 22 2017 08:51
@bkcsoft: ok, I'm putting all openid routes under the same Group, hope it's enough
Willem van Dreumel
@willemvd
Feb 22 2017 08:51
:)
Sandro Santilli
@strk
Feb 22 2017 08:52
nope, doesn't work if I put all under the group
that is, m.Group("/user", m.Group("/settings/openid", mCombo("", ...
seems to be hidden by the later:
m.Group("/user/settings", func() {
@bkcsoft: ^^^ I don't understand what else you're suggesting, but it's really 3 different routes
ok, 2
Sandro Santilli
@strk
Feb 22 2017 09:02
congrats for OAuth2 @willemvd ! :
so now we have User.LoginSource possibly being "OAuth2" and unknown semantic of user/password ?
Lunny Xiao
@lunny
Feb 22 2017 09:06
This PR handle well then LDAP. Maybe LDAP could be refactored like this PR. User always has an account and password. An account could link to many other login sources.
Sandro Santilli
@strk
Feb 22 2017 09:08
@lunny: right, a use always has a user/password pair
...at the moment
are you suggesting you'd want a local user/password pair in addition to the LDAP one ?
as I don't really want that
what I'd want is a user has N ways to be authenticated, some ways have user/password, some other ways have an URI some others who knows
(an SSL cert?)
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:09
GitLab does that as well (local user/password for LDAP)
Sandro Santilli
@strk
Feb 22 2017 09:09
@bkcsoft: for LDAP too ?
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:09
indeed
Sandro Santilli
@strk
Feb 22 2017 09:09
but it doesn't ask for one
or does it use the same user/password as the LDAP one ?
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:10
nah, it creates a local user (for UID) and then sets password to nil ;)
Willem van Dreumel
@willemvd
Feb 22 2017 09:10
and if you want to delete your account? first password reset?
Sandro Santilli
@strk
Feb 22 2017 09:10
that's similar to what I'm doing with the OpenID part, except I use a random password rather than nil
Willem van Dreumel
@willemvd
Feb 22 2017 09:10
or can you just delete the account without password?
Sandro Santilli
@strk
Feb 22 2017 09:11
and thus I filed the "password reset" link PR
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:11
@willemvd you delete with LDAP user-password
Willem van Dreumel
@willemvd
Feb 22 2017 09:11
ah ok!
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:11
(like OAuth2 in Gitea does AFAIK, otherwise someone will send a patch :trollface: )
Sandro Santilli
@strk
Feb 22 2017 09:11
@bkcsoft: does gitlab has oauth2 login ?
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:11
yes
Sandro Santilli
@strk
Feb 22 2017 09:11
what happens in that case ?
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:12
same
Sandro Santilli
@strk
Feb 22 2017 09:12
nil password and delete account wiht oauth2 flow ?
Kim "BKC" Carlbäcker
@bkcsoft
Feb 22 2017 09:12
yeah
Sandro Santilli
@strk
Feb 22 2017 09:18
what's LinkAccountMode @willemvd ?
Sandro Santilli
@strk
Feb 22 2017 09:27
rebasing the OpenID PR I need to resolve the conflict / decide how to act on that form
I didn't really like the OpenID one to be honest, so I'm happy to change it to an inline input field
should then it be in signin_inner.tmpl ?
Sandro Santilli
@strk
Feb 22 2017 09:46
ok, rebased and force-pushed
@bkcsoft: again, review welcome
Sandro Santilli
@strk
Feb 22 2017 09:51
I think it'd be great to have OpenID support in 1.1.0 too
given OAuth2 made it into there (just to make sure proprietary services do not get more love than free/open ones...)
the "forgot password" reset link is added by go-gitea/gitea#862 (please review as @lunny raised a dubt about localization files updates)
Sandro Santilli
@strk
Feb 22 2017 11:25
where's translation handling (crowdin) documented ?
Willem van Dreumel
@willemvd
Feb 22 2017 12:45
just created go-gitea/gitea#1010 with support for
Google+
GitLab
Bitbucket
Twitter
Facebook
Dropbox
OpenID Connect
support for more can be requested , list is at https://github.com/markbates/goth/#supported-providers
Willem van Dreumel
@willemvd
Feb 22 2017 12:55
do any of you know why this is not compatible cross platform?
store.MaxLength(math.MaxInt64) ->

Compiling for linux/386...
31s
8

code.gitea.io/gitea/modules/auth/oauth2

34s
9
modules/auth/oauth2/oauth2.go:47: constant 9223372036854775807 overflows int
34s
10
2017/02/22 12:48:12 Failed to cross compile package: exit status 2.

what is the limit for linux/386 of an int?
MaxInt32 ?
and will give this more issues on other platforms we support?
Andrey Nering
@andreynering
Feb 22 2017 13:03
@willemvd On Go 32-bits, int is an alias to int32. On Go 64, int is an alias to int64
Willem van Dreumel
@willemvd
Feb 22 2017 13:07
will use MaxInt32 :P
or maybe even less...
Sandro Santilli
@strk
Feb 22 2017 16:40
@willemvd: I'll be very curious to look at the OpenID Connect one
does it let you enter your own URL, like OpenID-2.0 ?
and, do you know of such an URL-based OpenID-Connect provider ? Like openid.stackexchange.com for OpenID-2.0 ...
Sandro Santilli
@strk
Feb 22 2017 16:54
@willemvd: I pulled your branch, I see "OpenID Connect" is the only one prompting you for "OpenID Connect Auto Discovery URL"
in addition to clientID/clientSecret
but are you sure those clientID/clientSecret are really needed ?
does an "OpenID Connect" provider really needs to know all clients ?
that "Tips" section in AdminPanel->Authentication is getting too big, would be nice to get it indexed by AuthenticationType at least
Willem van Dreumel
@willemvd
Feb 22 2017 17:13
@strk OpenID Connect is also supported by Google https://accounts.google.com/.well-known/openid-configuration) , perhaps you can use that
And I'm very sure ClientID and secret are needed, it nothing compared to OpenID , it's totally based on OAuth2 with an additional id_token in the authorize response that contains user info in a JWT token
What do you mean with "known all the clients"?
Good point to render the tips based on the selected value
Number of OAuth2 providers also support the openid connect way
Sandro Santilli
@strk
Feb 22 2017 18:04
by "know all clients" I mean that the provider needs to "emit" a clientID/clientSecret pair
so it's really nothing compared with the URI-based authetnication of OpenID-2.0
it strikes me that the model changed so much between OID and OIDC
it makes no sense to even keep the same name :/
Sandro Santilli
@strk
Feb 22 2017 18:13
there must be a way to do it differently
"All clients talking to the server must be registered with server."
this is not practical/possible when you cannot (and don't want to) know all the providers in advance
ah, but this is interesting: "The MIT OIDC server supports OpenID Connect Dynamic Client Registration"
that's what we need @willemvd
"dynamic client registration" is the keyword
Sandro Santilli
@strk
Feb 22 2017 19:32
@bkcsoft, @lunny I've blindly added a new(UserOpenID) statement in models/models.go as per go-gitea/gitea#1012 -- but as I hadn't noticed the need for it, is that only needed upon first registration ?
Willem van Dreumel
@willemvd
Feb 22 2017 19:32
@strk sorry to say, but it seems that you don't understand what OpenID Connect is about and YES they should absolutly have given it another name!. You quoting something that has nothing to do with users , but with applications (gitea) that wants to connect to an OpenID Connect server (which is exactly the same as registering an application for OAuth2). Then you will get an clientID and secret which you need to configure in your application (as admin in gitea)
Sandro Santilli
@strk
Feb 22 2017 19:33
@willemvd: wouldn't "Dynamic Client Registration" allow you NOT to hard-code those ID/Secret in the LoginSource configuration ?
but rather dynamically obtain them upon first meeting a new provider
as in the case in which the provider is advertised in a meta tag (like OpenID-2.0)
so user gives URL, gitea reads HTML at URL, extracts openid.provider (however it's called), dynamically registers with it, requests authentication token etc. etc.
it would be crazy for OPenID foundation to say : OpenID-Connect replaces OpenID-2.0 if they couldn't be used the same
Willem van Dreumel
@willemvd
Feb 22 2017 19:36
And then still it needs to be stored in the loginsource and most of the providers dont do dynamic registration so that would mean a total new flow for just a few edge cases
matrixbot
@matrixbot
Feb 22 2017 20:23
strk Well "a few edge cases" is actually whether or not to support federated authentication. It's not an edge case but a model you may or may not want to pursue.
Dan Morrill
@morrildl
Feb 22 2017 20:43
Hi! Is this the right place to ask a couple nuance questions re: the OAuth2 work?
Willem van Dreumel
@willemvd
Feb 22 2017 22:23
@Dan , regarding go-gitea/gitea#1012 ?
Willem van Dreumel
@willemvd
Feb 22 2017 22:28
sorry @Dan , should have been @morrildl :)
but for all your questions, this is a good starting point (after the docs :smile: )
Dan Morrill
@morrildl
Feb 22 2017 22:30
@willemvd well more about plans in general
basically I'm wondering what the ultimate plans are for passwords. Current behavior is that if you log in via OAuth2, you pick a username but are also required to enter a password
the password can be used to log in with the bare/local username. for my use case I would like the only way to log in be through OAuth2
From discussion on #679 it looks like that might be in the plans, via a to-be-created "LoginNone", but I wanted to confirm if that is how you plan to handle it :)
A local password would be required for git-over-HTTPS, but actually I'd like to disable that anyway (at least for push) and only use git-over-SSH
Willem van Dreumel
@willemvd
Feb 22 2017 22:42
there is a more general discussion about the login mechanism , but opinions are different about how it is working now and how it should work
I’m thinking of creating another PR that only enables GUI login for admins and/or optional to other configured authentication sources
so you can disable that if required
Dan Morrill
@morrildl
Feb 22 2017 22:44
That sounds like what I would need
Willem van Dreumel
@willemvd
Feb 22 2017 22:44
I know you can disable git over SSH , but not sure if you can disable git over http(s)
otherwise that needs to be added as well
Dan Morrill
@morrildl
Feb 22 2017 22:45
Another thing that would be useful would be an option to restrict logins to a domain, although this might be too OAuth-provider-specific to be general
I didn't see a way to disable HTTP-git in app.ini or the GUI, at least
Willem van Dreumel
@willemvd
Feb 22 2017 22:45
found it in the repo conf/app.ini
; Disable ability to interact with repositories by HTTP protocol
DISABLE_HTTP_GIT = false
Dan Morrill
@morrildl
Feb 22 2017 22:46
doh, don't know how I missed that. I'll give it a try, thank you
puffybsd
@puffybsd
Feb 22 2017 22:46
in dev mode, should there be a sqlite3 option?
Willem van Dreumel
@willemvd
Feb 22 2017 22:46
np
Dan Morrill
@morrildl
Feb 22 2017 22:46
Here is a quick summary of my use case for OAuth2, as input to your discussion :D
Willem van Dreumel
@willemvd
Feb 22 2017 22:47
will read it later, need to go to sleep :smile:
Dan Morrill
@morrildl
Feb 22 2017 22:47
cool, sleep well :D
In a nutshell, we are a Google Apps user (and work with a lot of portfolio companies that are also mostly Google Apps users) and ideally we never want to touch passwords on services we run
So I have written a couple in-house apps that use the Google OpenID Connect flow, we use YouTrack/JIRA/Confluence etc. with OAuth2 plugins, and so on
Ultimately if one of our staff leaves, we turn off all their services by simpling disabling their Google Apps accounts
Dan Morrill
@morrildl
Feb 22 2017 22:52
In the case of git hosting, without a local password, if I were to disable the Google Apps account, that would essentially orphan all of that user's repos -- but in fact, we're okay with this and it's actually the behavior we want
(All this is also why I'd like to be able to limit logins to just our own Google Apps users, but that's merely a nice-to-have)
So, ideally, I'd like to be able to turn off passwords in the UI for OAuth2 accounts. An option to disallow local-password logins except by Admins would be fine, but still have a minor issue of allowing users to type in a password which they might have reused. That may just be me being paranoid though.
puffybsd
@puffybsd
Feb 22 2017 23:41
@lunny I've got a patch for the install form SMTP user discussed yesterday. I'll open an issue and send a pull request.