From 307aed12bc185e7cf1783f050800982b104e59ef Mon Sep 17 00:00:00 2001 From: Matt Bostock Date: Mon, 12 Jan 2015 22:59:06 +0000 Subject: [PATCH] Move open registration setting into remote plugins ...so that it's possible to enable or disable open registration on a per-remote basis. For example, the `DRONE_REGISTRATION_OPEN` environment variable now becomes `DRONE_GITHUB_OPEN` when using GitHub as a remote. The default for open registration in this commit is `false` (disabled), which matches the existing behaviour. This is useful if you need to support both public and private remotes, e.g. GitHub.com and GitHub Enterprise, where you trust all of the private users and want to allow open registration for those but would not want all GitHub.com users to run builds on your server. Tested with GitHub and GitLab. --- packaging/root/etc/drone/drone.toml | 17 +++++------------ plugin/remote/bitbucket/bitbucket.go | 12 +++++++++--- plugin/remote/bitbucket/register.go | 3 ++- plugin/remote/github/github.go | 12 +++++++++--- plugin/remote/github/register.go | 5 ++++- plugin/remote/gitlab/gitlab.go | 8 +++++++- plugin/remote/gitlab/gitlab_test.go | 2 +- plugin/remote/gitlab/register.go | 2 ++ plugin/remote/gogs/gogs.go | 9 +++++++-- plugin/remote/gogs/register.go | 3 ++- plugin/remote/remote.go | 3 +++ server/capability/capability_test.go | 2 -- server/handler/login.go | 3 +-- server/main.go | 5 ----- 14 files changed, 52 insertions(+), 34 deletions(-) diff --git a/packaging/root/etc/drone/drone.toml b/packaging/root/etc/drone/drone.toml index 3f74c6bcf..084db1d15 100644 --- a/packaging/root/etc/drone/drone.toml +++ b/packaging/root/etc/drone/drone.toml @@ -22,22 +22,11 @@ port=":80" driver="sqlite3" datasource="/var/lib/drone/drone.sqlite" - -##################################################################### -# Open Registration allows users to self-register for Drone. -# This is recommended if Drone is being hosted behind a -# firewall. -# -# When false, the system admin will need to manually add -# users to Drone through the admin screens. -# -# [registration] -# open=true - # [github] # client="" # secret="" # orgs=[] +# open=false # [github_enterprise] # client="" @@ -46,18 +35,22 @@ datasource="/var/lib/drone/drone.sqlite" # url="" # orgs=[] # private_mode=false +# open=false # [bitbucket] # client="" # secret="" +# open=false # [gitlab] # url="" # skip_verify=false +# open=false # [gogs] # url="" # secret="" +# open=false ##################################################################### # SMTP configuration for Drone. This is required if you plan diff --git a/plugin/remote/bitbucket/bitbucket.go b/plugin/remote/bitbucket/bitbucket.go index 410d1bb41..27e137421 100644 --- a/plugin/remote/bitbucket/bitbucket.go +++ b/plugin/remote/bitbucket/bitbucket.go @@ -27,19 +27,21 @@ type Bitbucket struct { API string Client string Secret string + Open bool } -func New(url, api, client, secret string) *Bitbucket { +func New(url, api, client, secret string, open bool) *Bitbucket { return &Bitbucket{ URL: url, API: api, Client: client, Secret: secret, + Open: open, } } -func NewDefault(client, secret string) *Bitbucket { - return New(DefaultURL, DefaultAPI, client, secret) +func NewDefault(client, secret string, open bool) *Bitbucket { + return New(DefaultURL, DefaultAPI, client, secret, open) } // Authorize handles Bitbucket API Authorization @@ -269,3 +271,7 @@ func (r *Bitbucket) ParseHook(req *http.Request) (*model.Hook, error) { Message: hook.Commits[len(hook.Commits)-1].Message, }, nil } + +func (r *Bitbucket) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/bitbucket/register.go b/plugin/remote/bitbucket/register.go index ae513a87a..108c68d90 100644 --- a/plugin/remote/bitbucket/register.go +++ b/plugin/remote/bitbucket/register.go @@ -9,6 +9,7 @@ var ( // Bitbucket cloud configuration details bitbucketClient = config.String("bitbucket-client", "") bitbucketSecret = config.String("bitbucket-secret", "") + bitbucketOpen = config.Bool("bitbucket-open", false) ) // Registers the Bitbucket plugin using the default @@ -19,6 +20,6 @@ func Register() { return } remote.Register( - NewDefault(*bitbucketClient, *bitbucketSecret), + NewDefault(*bitbucketClient, *bitbucketSecret, *bitbucketOpen), ) } diff --git a/plugin/remote/github/github.go b/plugin/remote/github/github.go index 840d493f1..3919cae66 100644 --- a/plugin/remote/github/github.go +++ b/plugin/remote/github/github.go @@ -28,9 +28,10 @@ type GitHub struct { Private bool SkipVerify bool Orgs []string + Open bool } -func New(url, api, client, secret string, private, skipVerify bool, orgs []string) *GitHub { +func New(url, api, client, secret string, private, skipVerify bool, orgs []string, open bool) *GitHub { var github = GitHub{ URL: url, API: api, @@ -39,6 +40,7 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin Private: private, SkipVerify: skipVerify, Orgs: orgs, + Open: open, } // the API must have a trailing slash if !strings.HasSuffix(github.API, "/") { @@ -51,8 +53,8 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin return &github } -func NewDefault(client, secret string, orgs []string) *GitHub { - return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs) +func NewDefault(client, secret string, orgs []string, open bool) *GitHub { + return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs, open) } // Authorize handles GitHub API Authorization. @@ -305,3 +307,7 @@ func (r *GitHub) ParsePullRequestHook(req *http.Request) (*model.Hook, error) { return &hook, nil } + +func (r *GitHub) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/github/register.go b/plugin/remote/github/register.go index 52c72838c..21d714e05 100644 --- a/plugin/remote/github/register.go +++ b/plugin/remote/github/register.go @@ -10,6 +10,7 @@ var ( githubClient = config.String("github-client", "") githubSecret = config.String("github-secret", "") githubOrgs = config.Strings("github-orgs") + githubOpen = config.Bool("github-open", false) // GitHub Enterprise configuration details githubEnterpriseURL = config.String("github-enterprise-url", "") @@ -19,6 +20,7 @@ var ( githubEnterprisePrivate = config.Bool("github-enterprise-private-mode", true) githubEnterpriseSkipVerify = config.Bool("github-enterprise-skip-verify", false) githubEnterpriseOrgs = config.Strings("github-enterprise-orgs") + githubEnterpriseOpen = config.Bool("github-enterprise-open", false) ) // Registers the GitHub plugins using the default @@ -35,7 +37,7 @@ func registerGitHub() { return } remote.Register( - NewDefault(*githubClient, *githubSecret, *githubOrgs), + NewDefault(*githubClient, *githubSecret, *githubOrgs, *githubOpen), ) } @@ -56,6 +58,7 @@ func registerGitHubEnterprise() { *githubEnterprisePrivate, *githubEnterpriseSkipVerify, *githubEnterpriseOrgs, + *githubEnterpriseOpen, ), ) } diff --git a/plugin/remote/gitlab/gitlab.go b/plugin/remote/gitlab/gitlab.go index 560678ece..73f5bf9ec 100644 --- a/plugin/remote/gitlab/gitlab.go +++ b/plugin/remote/gitlab/gitlab.go @@ -13,12 +13,14 @@ import ( type Gitlab struct { url string SkipVerify bool + Open bool } -func New(url string, skipVerify bool) *Gitlab { +func New(url string, skipVerify, open bool) *Gitlab { return &Gitlab{ url: url, SkipVerify: skipVerify, + Open: open, } } @@ -191,3 +193,7 @@ func (r *Gitlab) ParseHook(req *http.Request) (*model.Hook, error) { return hook, nil } + +func (r *Gitlab) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/gitlab/gitlab_test.go b/plugin/remote/gitlab/gitlab_test.go index 38c331364..81d0d4e53 100644 --- a/plugin/remote/gitlab/gitlab_test.go +++ b/plugin/remote/gitlab/gitlab_test.go @@ -14,7 +14,7 @@ func Test_Github(t *testing.T) { var server = testdata.NewServer() defer server.Close() - var gitlab = New(server.URL, false) + var gitlab = New(server.URL, false, false) var user = model.User{ Access: "e3b0c44298fc1c149afbf4c8996fb", } diff --git a/plugin/remote/gitlab/register.go b/plugin/remote/gitlab/register.go index c4e7e4c48..ebd45a8b9 100644 --- a/plugin/remote/gitlab/register.go +++ b/plugin/remote/gitlab/register.go @@ -8,6 +8,7 @@ import ( var ( gitlabURL = config.String("gitlab-url", "") gitlabSkipVerify = config.Bool("gitlab-skip-verify", false) + gitlabOpen = config.Bool("gitlab-open", false) ) // Registers the Gitlab plugin using the default @@ -21,6 +22,7 @@ func Register() { New( *gitlabURL, *gitlabSkipVerify, + *gitlabOpen, ), ) } diff --git a/plugin/remote/gogs/gogs.go b/plugin/remote/gogs/gogs.go index 9ad32a209..c1ee50f7c 100644 --- a/plugin/remote/gogs/gogs.go +++ b/plugin/remote/gogs/gogs.go @@ -16,10 +16,11 @@ import ( type Gogs struct { URL string Secret string + Open bool } -func New(url string, secret string) *Gogs { - return &Gogs{URL: url, Secret: secret} +func New(url string, secret string, open bool) *Gogs { + return &Gogs{URL: url, Secret: secret, Open: open} } // Authorize handles Gogs authorization @@ -181,3 +182,7 @@ func (r *Gogs) ParseHook(req *http.Request) (*model.Hook, error) { Message: payload.Commits[0].Message, }, nil } + +func (r *Gogs) OpenRegistration() bool { + return r.Open +} diff --git a/plugin/remote/gogs/register.go b/plugin/remote/gogs/register.go index 592d729f3..aa2479e6f 100644 --- a/plugin/remote/gogs/register.go +++ b/plugin/remote/gogs/register.go @@ -8,6 +8,7 @@ import ( var ( gogsUrl = config.String("gogs-url", "") gogsSecret = config.String("gogs-secret", "") + gogsOpen = config.Bool("gogs-open", false) ) // Registers the Gogs plugin using the default @@ -18,6 +19,6 @@ func Register() { return } remote.Register( - New(*gogsUrl, *gogsSecret), + New(*gogsUrl, *gogsSecret, *gogsOpen), ) } diff --git a/plugin/remote/remote.go b/plugin/remote/remote.go index ad6c3f162..cfba0108e 100644 --- a/plugin/remote/remote.go +++ b/plugin/remote/remote.go @@ -32,6 +32,9 @@ type Remote interface { // ParseHook parses the post-commit hook from the Request body // and returns the required data in a standard format. ParseHook(r *http.Request) (*model.Hook, error) + + // Registration returns true if open registration is allowed + OpenRegistration() bool } // List of registered plugins. diff --git a/server/capability/capability_test.go b/server/capability/capability_test.go index b0ffe2ae3..25c772fe8 100644 --- a/server/capability/capability_test.go +++ b/server/capability/capability_test.go @@ -9,7 +9,6 @@ import ( func TestBlobstore(t *testing.T) { caps := map[string]bool{} - caps[Registration] = true ctx := NewContext(context.Background(), caps) @@ -17,7 +16,6 @@ func TestBlobstore(t *testing.T) { g.Describe("Capabilities", func() { g.It("Should get capabilities from context", func() { - g.Assert(Enabled(ctx, Registration)).Equal(true) g.Assert(Enabled(ctx, "Fake Key")).Equal(false) }) }) diff --git a/server/handler/login.go b/server/handler/login.go index 2f08debed..2ae13603a 100644 --- a/server/handler/login.go +++ b/server/handler/login.go @@ -6,7 +6,6 @@ import ( "net/http" "github.com/drone/drone/plugin/remote" - "github.com/drone/drone/server/capability" "github.com/drone/drone/server/datastore" "github.com/drone/drone/server/session" "github.com/drone/drone/server/sync" @@ -49,7 +48,7 @@ func GetLogin(c web.C, w http.ResponseWriter, r *http.Request) { // if self-registration is disabled we should // return a notAuthorized error. the only exception // is if no users exist yet in the system we'll proceed. - if capability.Enabled(ctx, capability.Registration) == false { + if remote.OpenRegistration() == false { users, err := datastore.GetUserList(ctx) if err != nil || len(users) != 0 { log.Println("Unable to create account. Registration is closed") diff --git a/server/main.go b/server/main.go index ae41dc7b3..73fd0637f 100644 --- a/server/main.go +++ b/server/main.go @@ -56,10 +56,6 @@ var ( sslcrt = config.String("server-ssl-cert", "") sslkey = config.String("server-ssl-key", "") - // Enable self-registration. When false, the system admin - // must grant user access. - open = config.Bool("registration-open", false) - workers *pool.Pool worker *director.Director pub *pubsub.PubSub @@ -105,7 +101,6 @@ func main() { gogs.Register() caps = map[string]bool{} - caps[capability.Registration] = *open // setup the database and cancel all pending // commits in the system.