oppi.li
loading up the forgejo repo on tangled to test page performance
Add new CLI flags to set name and scopes when creating a user with access token (#34080)
Resolves #33474.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 55a69ae4c63ee8551eadb161cb901ba0a2a2e194)
authored by
Kemal Zebari
wxiaoguang
and committed by
Michael Jerger
f7b19964
02d9c7cd
+50
-12
+37
-9
cmd/admin_user_create.go
+37
-9
cmd/admin_user_create.go
···
6
6
import (
7
7
"errors"
8
8
"fmt"
9
+
"strings"
9
10
10
11
auth_model "forgejo.org/models/auth"
11
12
"forgejo.org/models/db"
···
60
61
&cli.BoolFlag{
61
62
Name: "access-token",
62
63
Usage: "Generate access token for the user",
64
+
},
65
+
&cli.StringFlag{
66
+
Name: "access-token-name",
67
+
Usage: `Name of the generated access token`,
68
+
Value: "gitea-admin",
69
+
},
70
+
&cli.StringFlag{
71
+
Name: "access-token-scopes",
72
+
Usage: `Scopes of the generated access token, comma separated. Examples: "all", "public-only,read:issue", "write:repository,write:user"`,
73
+
Value: "all",
63
74
},
64
75
&cli.BoolFlag{
65
76
Name: "restricted",
···
157
168
IsRestricted: restricted,
158
169
}
159
170
171
+
var accessTokenName string
172
+
var accessTokenScope auth_model.AccessTokenScope
173
+
if c.IsSet("access-token") {
174
+
accessTokenName = strings.TrimSpace(c.String("access-token-name"))
175
+
if accessTokenName == "" {
176
+
return errors.New("access-token-name cannot be empty")
177
+
}
178
+
var err error
179
+
accessTokenScope, err = auth_model.AccessTokenScope(c.String("access-token-scopes")).Normalize()
180
+
if err != nil {
181
+
return fmt.Errorf("invalid access token scope provided: %w", err)
182
+
}
183
+
if !accessTokenScope.HasPermissionScope() {
184
+
return errors.New("access token does not have any permission")
185
+
}
186
+
} else if c.IsSet("access-token-name") || c.IsSet("access-token-scopes") {
187
+
return errors.New("access-token-name and access-token-scopes flags are only valid when access-token flag is set")
188
+
}
189
+
190
+
// arguments should be prepared before creating the user & access token, in case there is anything wrong
191
+
192
+
// create the user
160
193
if err := user_model.CreateUser(ctx, u, overwriteDefault); err != nil {
161
194
return fmt.Errorf("CreateUser: %w", err)
162
195
}
196
+
fmt.Printf("New user '%s' has been successfully created!\n", username)
163
197
164
-
if c.Bool("access-token") {
165
-
t := &auth_model.AccessToken{
166
-
Name: "gitea-admin",
167
-
UID: u.ID,
168
-
}
169
-
198
+
// create the access token
199
+
if accessTokenScope != "" {
200
+
t := &auth_model.AccessToken{Name: accessTokenName, UID: u.ID, Scope: accessTokenScope}
170
201
if err := auth_model.NewAccessToken(ctx, t); err != nil {
171
202
return err
172
203
}
173
-
174
204
fmt.Printf("Access token was successfully created... %s\n", t.Token)
175
205
}
176
-
177
-
fmt.Printf("New user '%s' has been successfully created!\n", username)
178
206
return nil
179
207
}
+6
-3
cmd/admin_user_generate_access_token.go
+6
-3
cmd/admin_user_generate_access_token.go
···
34
34
},
35
35
&cli.StringFlag{
36
36
Name: "scopes",
37
-
Value: "",
38
-
Usage: "Comma separated list of scopes to apply to access token",
37
+
Value: "all",
38
+
Usage: `Comma separated list of scopes to apply to access token, examples: "all", "public-only,read:issue", "write:repository,write:user"`,
39
39
},
40
40
},
41
41
Action: runGenerateAccessToken,
···
43
43
44
44
func runGenerateAccessToken(c *cli.Context) error {
45
45
if !c.IsSet("username") {
46
-
return errors.New("You must provide a username to generate a token for")
46
+
return errors.New("you must provide a username to generate a token for")
47
47
}
48
48
49
49
ctx, cancel := installSignals()
···
76
76
accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
77
77
if err != nil {
78
78
return fmt.Errorf("invalid access token scope provided: %w", err)
79
+
}
80
+
if !accessTokenScope.HasPermissionScope() {
81
+
return errors.New("access token does not have any permission")
79
82
}
80
83
t.Scope = accessTokenScope
81
84
+4
models/auth/access_token_scope.go
+4
models/auth/access_token_scope.go
···
283
283
return bitmap.toScope(), nil
284
284
}
285
285
286
+
func (s AccessTokenScope) HasPermissionScope() bool {
287
+
return s != "" && s != AccessTokenScopePublicOnly
288
+
}
289
+
286
290
// PublicOnly checks if this token scope is limited to public resources
287
291
func (s AccessTokenScope) PublicOnly() (bool, error) {
288
292
bitmap, err := s.parse()
+3
routers/web/user/setting/applications.go
+3
routers/web/user/setting/applications.go