diff --git a/packaging/root/etc/drone/drone.toml b/packaging/root/etc/drone/drone.toml index 3f74c6bcf..084db1d15 100644 --- a/packaging/root/etc/drone/drone.toml +++ b/packaging/root/etc/drone/drone.toml @@ -22,22 +22,11 @@ port=":80" driver="sqlite3" datasource="/var/lib/drone/drone.sqlite" - -##################################################################### -# Open Registration allows users to self-register for Drone. -# This is recommended if Drone is being hosted behind a -# firewall. -# -# When false, the system admin will need to manually add -# users to Drone through the admin screens. -# -# [registration] -# open=true - # [github] # client="" # secret="" # orgs=[] +# open=false # [github_enterprise] # client="" @@ -46,18 +35,22 @@ datasource="/var/lib/drone/drone.sqlite" # url="" # orgs=[] # private_mode=false +# open=false # [bitbucket] # client="" # secret="" +# open=false # [gitlab] # url="" # skip_verify=false +# open=false # [gogs] # url="" # secret="" +# open=false ##################################################################### # SMTP configuration for Drone. This is required if you plan diff --git a/plugin/remote/bitbucket/bitbucket.go b/plugin/remote/bitbucket/bitbucket.go index 410d1bb41..27e137421 100644 --- a/plugin/remote/bitbucket/bitbucket.go +++ b/plugin/remote/bitbucket/bitbucket.go @@ -27,19 +27,21 @@ type Bitbucket struct { API string Client string Secret string + Open bool } -func New(url, api, client, secret string) *Bitbucket { +func New(url, api, client, secret string, open bool) *Bitbucket { return &Bitbucket{ URL: url, API: api, Client: client, Secret: secret, + Open: open, } } -func NewDefault(client, secret string) *Bitbucket { - return New(DefaultURL, DefaultAPI, client, secret) +func NewDefault(client, secret string, open bool) *Bitbucket { + return New(DefaultURL, DefaultAPI, client, secret, open) } // Authorize handles Bitbucket API Authorization @@ -269,3 +271,7 @@ func (r *Bitbucket) ParseHook(req *http.Request) (*model.Hook, error) { Message: hook.Commits[len(hook.Commits)-1].Message, }, nil } + +func (r *Bitbucket) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/bitbucket/register.go b/plugin/remote/bitbucket/register.go index ae513a87a..108c68d90 100644 --- a/plugin/remote/bitbucket/register.go +++ b/plugin/remote/bitbucket/register.go @@ -9,6 +9,7 @@ var ( // Bitbucket cloud configuration details bitbucketClient = config.String("bitbucket-client", "") bitbucketSecret = config.String("bitbucket-secret", "") + bitbucketOpen = config.Bool("bitbucket-open", false) ) // Registers the Bitbucket plugin using the default @@ -19,6 +20,6 @@ func Register() { return } remote.Register( - NewDefault(*bitbucketClient, *bitbucketSecret), + NewDefault(*bitbucketClient, *bitbucketSecret, *bitbucketOpen), ) } diff --git a/plugin/remote/github/github.go b/plugin/remote/github/github.go index 840d493f1..3919cae66 100644 --- a/plugin/remote/github/github.go +++ b/plugin/remote/github/github.go @@ -28,9 +28,10 @@ type GitHub struct { Private bool SkipVerify bool Orgs []string + Open bool } -func New(url, api, client, secret string, private, skipVerify bool, orgs []string) *GitHub { +func New(url, api, client, secret string, private, skipVerify bool, orgs []string, open bool) *GitHub { var github = GitHub{ URL: url, API: api, @@ -39,6 +40,7 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin Private: private, SkipVerify: skipVerify, Orgs: orgs, + Open: open, } // the API must have a trailing slash if !strings.HasSuffix(github.API, "/") { @@ -51,8 +53,8 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin return &github } -func NewDefault(client, secret string, orgs []string) *GitHub { - return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs) +func NewDefault(client, secret string, orgs []string, open bool) *GitHub { + return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs, open) } // Authorize handles GitHub API Authorization. @@ -305,3 +307,7 @@ func (r *GitHub) ParsePullRequestHook(req *http.Request) (*model.Hook, error) { return &hook, nil } + +func (r *GitHub) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/github/register.go b/plugin/remote/github/register.go index 52c72838c..21d714e05 100644 --- a/plugin/remote/github/register.go +++ b/plugin/remote/github/register.go @@ -10,6 +10,7 @@ var ( githubClient = config.String("github-client", "") githubSecret = config.String("github-secret", "") githubOrgs = config.Strings("github-orgs") + githubOpen = config.Bool("github-open", false) // GitHub Enterprise configuration details githubEnterpriseURL = config.String("github-enterprise-url", "") @@ -19,6 +20,7 @@ var ( githubEnterprisePrivate = config.Bool("github-enterprise-private-mode", true) githubEnterpriseSkipVerify = config.Bool("github-enterprise-skip-verify", false) githubEnterpriseOrgs = config.Strings("github-enterprise-orgs") + githubEnterpriseOpen = config.Bool("github-enterprise-open", false) ) // Registers the GitHub plugins using the default @@ -35,7 +37,7 @@ func registerGitHub() { return } remote.Register( - NewDefault(*githubClient, *githubSecret, *githubOrgs), + NewDefault(*githubClient, *githubSecret, *githubOrgs, *githubOpen), ) } @@ -56,6 +58,7 @@ func registerGitHubEnterprise() { *githubEnterprisePrivate, *githubEnterpriseSkipVerify, *githubEnterpriseOrgs, + *githubEnterpriseOpen, ), ) } diff --git a/plugin/remote/gitlab/gitlab.go b/plugin/remote/gitlab/gitlab.go index 560678ece..73f5bf9ec 100644 --- a/plugin/remote/gitlab/gitlab.go +++ b/plugin/remote/gitlab/gitlab.go @@ -13,12 +13,14 @@ import ( type Gitlab struct { url string SkipVerify bool + Open bool } -func New(url string, skipVerify bool) *Gitlab { +func New(url string, skipVerify, open bool) *Gitlab { return &Gitlab{ url: url, SkipVerify: skipVerify, + Open: open, } } @@ -191,3 +193,7 @@ func (r *Gitlab) ParseHook(req *http.Request) (*model.Hook, error) { return hook, nil } + +func (r *Gitlab) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/gitlab/gitlab_test.go b/plugin/remote/gitlab/gitlab_test.go index 38c331364..81d0d4e53 100644 --- a/plugin/remote/gitlab/gitlab_test.go +++ b/plugin/remote/gitlab/gitlab_test.go @@ -14,7 +14,7 @@ func Test_Github(t *testing.T) { var server = testdata.NewServer() defer server.Close() - var gitlab = New(server.URL, false) + var gitlab = New(server.URL, false, false) var user = model.User{ Access: "e3b0c44298fc1c149afbf4c8996fb", } diff --git a/plugin/remote/gitlab/register.go b/plugin/remote/gitlab/register.go index c4e7e4c48..ebd45a8b9 100644 --- a/plugin/remote/gitlab/register.go +++ b/plugin/remote/gitlab/register.go @@ -8,6 +8,7 @@ import ( var ( gitlabURL = config.String("gitlab-url", "") gitlabSkipVerify = config.Bool("gitlab-skip-verify", false) + gitlabOpen = config.Bool("gitlab-open", false) ) // Registers the Gitlab plugin using the default @@ -21,6 +22,7 @@ func Register() { New( *gitlabURL, *gitlabSkipVerify, + *gitlabOpen, ), ) } diff --git a/plugin/remote/gogs/gogs.go b/plugin/remote/gogs/gogs.go index 9ad32a209..c1ee50f7c 100644 --- a/plugin/remote/gogs/gogs.go +++ b/plugin/remote/gogs/gogs.go @@ -16,10 +16,11 @@ import ( type Gogs struct { URL string Secret string + Open bool } -func New(url string, secret string) *Gogs { - return &Gogs{URL: url, Secret: secret} +func New(url string, secret string, open bool) *Gogs { + return &Gogs{URL: url, Secret: secret, Open: open} } // Authorize handles Gogs authorization @@ -181,3 +182,7 @@ func (r *Gogs) ParseHook(req *http.Request) (*model.Hook, error) { Message: payload.Commits[0].Message, }, nil } + +func (r *Gogs) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/gogs/register.go b/plugin/remote/gogs/register.go index 592d729f3..aa2479e6f 100644 --- a/plugin/remote/gogs/register.go +++ b/plugin/remote/gogs/register.go @@ -8,6 +8,7 @@ import ( var ( gogsUrl = config.String("gogs-url", "") gogsSecret = config.String("gogs-secret", "") + gogsOpen = config.Bool("gogs-open", false) ) // Registers the Gogs plugin using the default @@ -18,6 +19,6 @@ func Register() { return } remote.Register( - New(*gogsUrl, *gogsSecret), + New(*gogsUrl, *gogsSecret, *gogsOpen), ) } diff --git a/plugin/remote/remote.go b/plugin/remote/remote.go index ad6c3f162..cfba0108e 100644 --- a/plugin/remote/remote.go +++ b/plugin/remote/remote.go @@ -32,6 +32,9 @@ type Remote interface { // ParseHook parses the post-commit hook from the Request body // and returns the required data in a standard format. ParseHook(r *http.Request) (*model.Hook, error) + + // Registration returns true if open registration is allowed + OpenRegistration() bool } // List of registered plugins. diff --git a/server/capability/capability_test.go b/server/capability/capability_test.go index b0ffe2ae3..25c772fe8 100644 --- a/server/capability/capability_test.go +++ b/server/capability/capability_test.go @@ -9,7 +9,6 @@ import ( func TestBlobstore(t *testing.T) { caps := map[string]bool{} - caps[Registration] = true ctx := NewContext(context.Background(), caps) @@ -17,7 +16,6 @@ func TestBlobstore(t *testing.T) { g.Describe("Capabilities", func() { g.It("Should get capabilities from context", func() { - g.Assert(Enabled(ctx, Registration)).Equal(true) g.Assert(Enabled(ctx, "Fake Key")).Equal(false) }) }) diff --git a/server/handler/login.go b/server/handler/login.go index 2f08debed..2ae13603a 100644 --- a/server/handler/login.go +++ b/server/handler/login.go @@ -6,7 +6,6 @@ import ( "net/http" "github.com/drone/drone/plugin/remote" - "github.com/drone/drone/server/capability" "github.com/drone/drone/server/datastore" "github.com/drone/drone/server/session" "github.com/drone/drone/server/sync" @@ -49,7 +48,7 @@ func GetLogin(c web.C, w http.ResponseWriter, r *http.Request) { // if self-registration is disabled we should // return a notAuthorized error. the only exception // is if no users exist yet in the system we'll proceed. - if capability.Enabled(ctx, capability.Registration) == false { + if remote.OpenRegistration() == false { users, err := datastore.GetUserList(ctx) if err != nil || len(users) != 0 { log.Println("Unable to create account. Registration is closed") diff --git a/server/main.go b/server/main.go index ae41dc7b3..73fd0637f 100644 --- a/server/main.go +++ b/server/main.go @@ -56,10 +56,6 @@ var ( sslcrt = config.String("server-ssl-cert", "") sslkey = config.String("server-ssl-key", "") - // Enable self-registration. When false, the system admin - // must grant user access. - open = config.Bool("registration-open", false) - workers *pool.Pool worker *director.Director pub *pubsub.PubSub @@ -105,7 +101,6 @@ func main() { gogs.Register() caps = map[string]bool{} - caps[capability.Registration] = *open // setup the database and cancel all pending // commits in the system.