Pre-register OAuth application for tea (#27509)

It remains to implement OAuth login in tea
https://gitea.com/gitea/tea/issues/598

Fixes #27510
This commit is contained in:
M Hickford 2023-10-08 04:51:08 +01:00 committed by GitHub
parent 08efeb5cdc
commit a825cc0f34
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 11 additions and 4 deletions

View file

@ -548,7 +548,8 @@ ENABLE = true
;; Pre-register OAuth2 applications for some universally useful services ;; Pre-register OAuth2 applications for some universally useful services
;; * https://github.com/hickford/git-credential-oauth ;; * https://github.com/hickford/git-credential-oauth
;; * https://github.com/git-ecosystem/git-credential-manager ;; * https://github.com/git-ecosystem/git-credential-manager
;DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager ;; * https://gitea.com/gitea/tea
;DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager, tea
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

View file

@ -1107,7 +1107,7 @@ This section only does "set" config, a removed config key from this section won'
- `JWT_SECRET_URI`: **_empty_**: Instead of defining JWT_SECRET in the configuration, this configuration option can be used to give Gitea a path to a file that contains the secret (example value: `file:/etc/gitea/oauth2_jwt_secret`) - `JWT_SECRET_URI`: **_empty_**: Instead of defining JWT_SECRET in the configuration, this configuration option can be used to give Gitea a path to a file that contains the secret (example value: `file:/etc/gitea/oauth2_jwt_secret`)
- `JWT_SIGNING_PRIVATE_KEY_FILE`: **jwt/private.pem**: Private key file path used to sign OAuth2 tokens. The path is relative to `APP_DATA_PATH`. This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `RS256`, `RS384`, `RS512`, `ES256`, `ES384` or `ES512`. The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you. - `JWT_SIGNING_PRIVATE_KEY_FILE`: **jwt/private.pem**: Private key file path used to sign OAuth2 tokens. The path is relative to `APP_DATA_PATH`. This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `RS256`, `RS384`, `RS512`, `ES256`, `ES384` or `ES512`. The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
- `MAX_TOKEN_LENGTH`: **32767**: Maximum length of token/cookie to accept from OAuth2 provider - `MAX_TOKEN_LENGTH`: **32767**: Maximum length of token/cookie to accept from OAuth2 provider
- `DEFAULT_APPLICATIONS`: **git-credential-oauth, git-credential-manager**: Pre-register OAuth applications for some services on startup. See the [OAuth2 documentation](/development/oauth2-provider.md) for the list of available options. - `DEFAULT_APPLICATIONS`: **git-credential-oauth, git-credential-manager, tea**: Pre-register OAuth applications for some services on startup. See the [OAuth2 documentation](/development/oauth2-provider.md) for the list of available options.
## i18n (`i18n`) ## i18n (`i18n`)

View file

@ -1056,7 +1056,7 @@ Gitea 创建以下非唯一队列:
- `JWT_SECRET_URI`**_empty_**:可以使用此配置选项,而不是在配置中定义`JWT_SECRET`以向Gitea提供包含密钥的文件的路径示例值`file:/etc/gitea/oauth2_jwt_secret`)。 - `JWT_SECRET_URI`**_empty_**:可以使用此配置选项,而不是在配置中定义`JWT_SECRET`以向Gitea提供包含密钥的文件的路径示例值`file:/etc/gitea/oauth2_jwt_secret`)。
- `JWT_SIGNING_PRIVATE_KEY_FILE`**jwt/private.pem**用于签署OAuth2令牌的私钥文件路径。路径相对于`APP_DATA_PATH`。仅当`JWT_SIGNING_ALGORITHM`设置为`RS256``RS384``RS512``ES256``ES384`或`ES512`时才需要此设置。文件必须包含PKCS8格式的RSA或ECDSA私钥。如果不存在密钥则将为您创建一个4096位密钥。 - `JWT_SIGNING_PRIVATE_KEY_FILE`**jwt/private.pem**用于签署OAuth2令牌的私钥文件路径。路径相对于`APP_DATA_PATH`。仅当`JWT_SIGNING_ALGORITHM`设置为`RS256``RS384``RS512``ES256``ES384`或`ES512`时才需要此设置。文件必须包含PKCS8格式的RSA或ECDSA私钥。如果不存在密钥则将为您创建一个4096位密钥。
- `MAX_TOKEN_LENGTH`**32767**从OAuth2提供者接受的令牌/cookie的最大长度。 - `MAX_TOKEN_LENGTH`**32767**从OAuth2提供者接受的令牌/cookie的最大长度。
- `DEFAULT_APPLICATIONS`**git-credential-oauthgit-credential-manager**在启动时预注册用于某些服务的OAuth应用程序。有关可用选项列表请参阅[OAuth2文档](/development/oauth2-provider.md)。 - `DEFAULT_APPLICATIONS`**git-credential-oauthgit-credential-manager, tea**在启动时预注册用于某些服务的OAuth应用程序。有关可用选项列表请参阅[OAuth2文档](/development/oauth2-provider.md)。
## i18n (`i18n`) ## i18n (`i18n`)

View file

@ -86,6 +86,7 @@ Gitea creates OAuth applications for the following services by default on startu
|-----------|-----------|---------| |-----------|-----------|---------|
|[git-credential-oauth](https://github.com/hickford/git-credential-oauth)|Git credential helper|`a4792ccc-144e-407e-86c9-5e7d8d9c3269`| |[git-credential-oauth](https://github.com/hickford/git-credential-oauth)|Git credential helper|`a4792ccc-144e-407e-86c9-5e7d8d9c3269`|
|[Git Credential Manager](https://github.com/git-ecosystem/git-credential-manager)|Git credential helper|`e90ee53c-94e2-48ac-9358-a874fb9e0662`| |[Git Credential Manager](https://github.com/git-ecosystem/git-credential-manager)|Git credential helper|`e90ee53c-94e2-48ac-9358-a874fb9e0662`|
|[tea](https://gitea.com/gitea/tea)|tea|`d57cb8c4-630c-4168-8324-ec79935e18d4`|
To prevent unexpected behavior, they are being displayed as locked in the UI and their creation can instead be controlled by the `DEFAULT_APPLICATIONS` parameter in `app.ini`. To prevent unexpected behavior, they are being displayed as locked in the UI and their creation can instead be controlled by the `DEFAULT_APPLICATIONS` parameter in `app.ini`.

View file

@ -66,6 +66,11 @@ func BuiltinApplications() map[string]*BuiltinOAuth2Application {
DisplayName: "Git Credential Manager", DisplayName: "Git Credential Manager",
RedirectURIs: []string{"http://127.0.0.1", "https://127.0.0.1"}, RedirectURIs: []string{"http://127.0.0.1", "https://127.0.0.1"},
} }
m["d57cb8c4-630c-4168-8324-ec79935e18d4"] = &BuiltinOAuth2Application{
ConfigName: "tea",
DisplayName: "tea",
RedirectURIs: []string{"http://127.0.0.1", "https://127.0.0.1"},
}
return m return m
} }

View file

@ -110,7 +110,7 @@ var OAuth2 = struct {
JWTSigningAlgorithm: "RS256", JWTSigningAlgorithm: "RS256",
JWTSigningPrivateKeyFile: "jwt/private.pem", JWTSigningPrivateKeyFile: "jwt/private.pem",
MaxTokenLength: math.MaxInt16, MaxTokenLength: math.MaxInt16,
DefaultApplications: []string{"git-credential-oauth", "git-credential-manager"}, DefaultApplications: []string{"git-credential-oauth", "git-credential-manager", "tea"},
} }
func loadOAuth2From(rootCfg ConfigProvider) { func loadOAuth2From(rootCfg ConfigProvider) {