mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-21 16:55:06 -05:00
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
This commit is contained in:
parent
5169a0e025
commit
aae74c793a
4 changed files with 37 additions and 32 deletions
|
@ -83,6 +83,8 @@ ENABLE_NOTIFY_MAIL = false
|
||||||
; More detail: https://github.com/gogits/gogs/issues/165
|
; More detail: https://github.com/gogits/gogs/issues/165
|
||||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
||||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
||||||
|
; Do not check minimum key size with corresponding type
|
||||||
|
DISABLE_MINIMUM_KEY_SIZE_CHECK = false
|
||||||
|
|
||||||
[webhook]
|
[webhook]
|
||||||
; Cron task interval in minutes
|
; Cron task interval in minutes
|
||||||
|
|
|
@ -101,17 +101,15 @@ func (key *PublicKey) GetAuthorizedString() string {
|
||||||
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, setting.CustomConf, key.Content)
|
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, setting.CustomConf, key.Content)
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var minimumKeySizes = map[string]int{
|
||||||
MinimumKeySize = map[string]int{
|
"(ED25519)": 256,
|
||||||
"(ED25519)": 256,
|
"(ECDSA)": 256,
|
||||||
"(ECDSA)": 256,
|
"(NTRU)": 1087,
|
||||||
"(NTRU)": 1087,
|
"(MCE)": 1702,
|
||||||
"(MCE)": 1702,
|
"(McE)": 1702,
|
||||||
"(McE)": 1702,
|
"(RSA)": 2048,
|
||||||
"(RSA)": 2048,
|
"(DSA)": 1024,
|
||||||
"(DSA)": 1024,
|
}
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
func extractTypeFromBase64Key(key string) (string, error) {
|
func extractTypeFromBase64Key(key string) (string, error) {
|
||||||
b, err := base64.StdEncoding.DecodeString(key)
|
b, err := base64.StdEncoding.DecodeString(key)
|
||||||
|
@ -228,15 +226,17 @@ func CheckPublicKeyString(content string) (bool, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if key type and key size match.
|
// Check if key type and key size match.
|
||||||
keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
|
if !setting.Service.DisableMinimumKeySizeCheck {
|
||||||
if keySize == 0 {
|
keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
|
||||||
return false, errors.New("cannot get key size of the given key")
|
if keySize == 0 {
|
||||||
}
|
return false, errors.New("cannot get key size of the given key")
|
||||||
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
|
}
|
||||||
if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {
|
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
|
||||||
return false, errors.New("sorry, unrecognized public key type")
|
if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
|
||||||
} else if keySize < minimumKeySize {
|
return false, errors.New("sorry, unrecognized public key type")
|
||||||
return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
|
} else if keySize < minimumKeySize {
|
||||||
|
return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return true, nil
|
return true, nil
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -339,6 +339,8 @@ func NewConfigContext() {
|
||||||
}
|
}
|
||||||
|
|
||||||
var Service struct {
|
var Service struct {
|
||||||
|
ActiveCodeLives int
|
||||||
|
ResetPwdCodeLives int
|
||||||
RegisterEmailConfirm bool
|
RegisterEmailConfirm bool
|
||||||
DisableRegistration bool
|
DisableRegistration bool
|
||||||
ShowRegistrationButton bool
|
ShowRegistrationButton bool
|
||||||
|
@ -347,19 +349,20 @@ var Service struct {
|
||||||
EnableNotifyMail bool
|
EnableNotifyMail bool
|
||||||
EnableReverseProxyAuth bool
|
EnableReverseProxyAuth bool
|
||||||
EnableReverseProxyAutoRegister bool
|
EnableReverseProxyAutoRegister bool
|
||||||
ActiveCodeLives int
|
DisableMinimumKeySizeCheck bool
|
||||||
ResetPwdCodeLives int
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func newService() {
|
func newService() {
|
||||||
Service.ActiveCodeLives = Cfg.Section("service").Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
|
sec := Cfg.Section("service")
|
||||||
Service.ResetPwdCodeLives = Cfg.Section("service").Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
|
Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
|
||||||
Service.DisableRegistration = Cfg.Section("service").Key("DISABLE_REGISTRATION").MustBool()
|
Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
|
||||||
Service.ShowRegistrationButton = Cfg.Section("service").Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration)
|
Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool()
|
||||||
Service.RequireSignInView = Cfg.Section("service").Key("REQUIRE_SIGNIN_VIEW").MustBool()
|
Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration)
|
||||||
Service.EnableCacheAvatar = Cfg.Section("service").Key("ENABLE_CACHE_AVATAR").MustBool()
|
Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool()
|
||||||
Service.EnableReverseProxyAuth = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
|
Service.EnableCacheAvatar = sec.Key("ENABLE_CACHE_AVATAR").MustBool()
|
||||||
Service.EnableReverseProxyAutoRegister = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
|
Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
|
||||||
|
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
|
||||||
|
Service.DisableRegistration = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
|
||||||
}
|
}
|
||||||
|
|
||||||
var logLevels = map[string]string{
|
var logLevels = map[string]string{
|
||||||
|
|
Loading…
Add table
Reference in a new issue