88 Commits

Author SHA1 Message Date
Jonathan Miller 9a5720e8ad chore: rename Go module from git. to code.mokoconsulting.tech (#336)
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Full namespace migration: update the Go module path and all import
statements from git.mokoconsulting.tech to code.mokoconsulting.tech.
Also updates all URL references in templates, workflows, configs,
tests, and documentation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-31 10:28:25 -05:00
Jonathan Miller 25268d7dd7 feat: login notification via email and ntfy on successful sign-in
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
When a user signs in, sends notifications with username, IP address,
user agent, and timestamp. Notifications go through:
- Email to the user's registered address
- ntfy push to the configured topic

Enabled by default, configurable via app.ini:
  [login_notification]
  ENABLED = true

The notification fires asynchronously (goroutine) so it doesn't
block the login redirect. Hooks into handleSignInFull which is the
single choke point for all auth methods (password, 2FA, OAuth).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-26 11:39:44 -05:00
Jonathan Miller c572fcfe04 chore(core): rename Go module from code.gitea.io/gitea to MokoGitea namespace
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Rename the Go module path from code.gitea.io/gitea to
git.mokoconsulting.tech/MokoConsulting/MokoGitea across the entire
codebase.

Scope:
- go.mod module declaration
- 2,235 Go source files (import paths)
- Dockerfile WORKDIR and COPY paths
- Swagger API templates
- golangci.yml linter config

External dependencies (code.gitea.io/gitea-vet, code.gitea.io/sdk/gitea,
gitea.com/gitea/act, etc.) are intentionally NOT renamed — they are
separate upstream modules.

Closes #132

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-25 00:22:38 -05:00
rootful 3d838ef96a Fix mCaptcha broken after Vite migration (#37492)
After the Webpack-to-Vite migration (#37002), mCaptcha stopped working
entirely on the registration page, throwing an error:

`TypeError: setting getter-only property "INPUT_NAME"`

This fix stops trying to mutate the read-only INPUT_NAME export. Instead
it probes for the Widget constructor at module.default (direct) or
module.default.default (CJS-wrapped), constructs the widget, and then
renames the hidden input element it creates to m-captcha-response which
is the field name Gitea's backend reads from the submitted form.

Generative AI was used to help with making this PR.

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2026-05-02 17:21:56 +02:00
wxiaoguang aee6628bf5 Fix URL related escaping for oauth2 (#37334)
Follow up #37327. See the comments.

* Root problem: the design of OAuth2 providers is a mess, the display
name is used as provider's name and used in the URL directly
* The regressions:
* When trying to fix https://github.com/go-gitea/gitea/issues/36409 , it
introduced inconsistent URL escaping for the "path" part.
* This fix: always use "path escaping" for the path part, add more tests
to cover all escaping cases.

Now, frontend "pathEscape" and "pathEscapeSegments" generate exactly the
same result as backend.
2026-04-21 23:58:32 +08:00
silverwind aba87285f0 Remove dead code identified by deadcode tool (#37271)
Ran [`deadcode`](https://pkg.go.dev/golang.org/x/tools/cmd/deadcode)
(`-test ./...`) to find functions, methods and error types unreachable
from any call path (including tests), and removed the truly-dead ones.

Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
2026-04-20 07:52:48 +00:00
Elisei Roca 16d7817338 Implement logout redirection for reverse proxy auth setups (#36085)
When authentication is handled externally by a reverse proxy SSO
provider, users can be redirected to an external logout URL or relative
path defined on the reverse proxy.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-04-10 13:02:35 +00:00
wxiaoguang 74060bb849 Fix various legacy problems (#37092)
1.  Fix #36439
2. Fix #37089
3. Fix incorrect layout of admin auth oidc page
4. Fix #35866
5. Fix #35800
6. Fix #36243
2026-04-03 12:19:04 +00:00
Navneet 3ffccb8fe5 Redirect to the only OAuth2 provider when no other login methods and fix various problems (#36901)
Fixes: #36846 

1. When there is only on OAuth2 login method, automatically direct to it
2. Fix legacy problems in code, including:
   * Rename template filename and fix TODO comments
   * Fix legacy variable names
   * Add missing SSPI variable for template
   * Fix unnecessary layout, remove garbage styles
* Only do AppUrl(ROOT_URL) check when it is needed (avoid unnecessary
warnings to end users)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-04-01 12:50:57 +00:00
wxiaoguang 6f8ab6aaaf Fix URLJoin, markup render link reoslving, sign-in/up/linkaccount page common data (#36861)
The logic of "URLJoin" is unclear and it is often abused.

Also:
* Correct the `resolveLinkRelative` behavior
* Fix missing "PathEscape" in `ToTag`
* Fix more FIXMEs, and add new FIXMEs for newly found problems
* Refactor "auth page common template data"
2026-03-08 15:57:37 +00:00
Nikita Vakula 649ebeb120 Implements OIDC RP-Initiated Logout (#36724)
At logout time, if the user authenticated via OIDC, we look up the
provider's `end_session_endpoint` (already discovered by Goth from the
OIDC metadata) and redirect there with `client_id` and
`post_logout_redirect_uri`.

Non-OIDC OAuth2 providers (GitHub, GitLab, etc.) are unaffected — they
fall back to local-only logout.

Fix #14270 

---------

Signed-off-by: Nikita Vakula <nikita.vakula@alpsalpine.com>
Co-authored-by: Nikita Vakula <nikita.vakula@alpsalpine.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-03-01 06:28:26 +00:00
wxiaoguang 619db646f5 Deprecate RenderWithErr (#36769) 2026-02-27 12:38:44 +00:00
Nicolas 26d83c932a Instance-wide (global) info banner and maintenance mode (#36571)
The banner allows site operators to communicate important announcements
(e.g., maintenance windows, policy updates, service notices) directly
within the UI.

The maintenance mode only allows admin to access the web UI.

* Fix #2345
* Fix #9618

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-02-26 23:16:11 +08:00
wxiaoguang b79dbfa990 Fix link/origin referrer and login redirect (#36279)
Fix #35998

1. Fix `<a rel>` :
    * "_blank" already means "noopener"
* "noreferrer" is already provided by page's `<meta name="referrer">`
2. Fix "redirect_to" mechisam
* Use "referer" header to determine the redirect link for a successful
login
3. Simplify code and merge duplicate logic
2026-01-03 11:43:04 +08:00
silverwind 42d294941c Replace CSRF cookie with CrossOriginProtection (#36183)
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-25 12:33:34 +02:00
wxiaoguang 86aafea3fb Fix session gob (#35128)
Fix #35126
2025-07-20 01:49:36 +00:00
wxiaoguang a5a3d9b101 Refactor OpenIDConnect to support SSH/FullName sync (#34978)
* Fix #26585
* Fix #28327
* Fix #34932
2025-07-10 18:35:59 +00:00
Kerwin Bryant 0548c10293 Add post-installation redirect based on admin account status (#34493)
This PR adds a feature to direct users to appropriate pages after system
installation:
- If no admin credentials were provided during installation, redirect to
the registration page with a prominent notice about creating the first
administrative account
- If admin credentials were already set, redirect directly to the login
page


![4d396ad132d9b57fc4f45a62117177f1](https://github.com/user-attachments/assets/3a5d8700-9194-4d3b-a862-e64c8c347932)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-21 18:48:06 +00:00
wxiaoguang 0082cb51fa Fix last admin check when syncing users (#34649)
Fix #34358
2025-06-09 20:57:45 +00:00
wxiaoguang 0148d03f21 Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187)
Fix #880

Design:

1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-04-28 15:31:59 -07:00
TheFox0x7 2a59dfbd47 enable staticcheck QFxxxx rules (#34064) 2025-03-29 17:32:28 -04:00
wxiaoguang f35850f48e Refactor error system (#33610) 2025-02-16 22:13:17 -08:00
yp05327 a0b3d9add0 Support disable passkey auth (#33348)
Fix #33314

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-01-22 22:58:36 +00:00
Zettat123 2d1a171dc7 Support for email addresses containing uppercase characters when activating user account (#32998)
Fix #32807

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-27 19:16:23 +08:00
wxiaoguang a163c53a60 Refactor template & test related code (#32938)
Move some legacy code from "base" package to proper packages.
2024-12-22 15:33:19 +00:00
wxiaoguang def13ece7c Allow to disable the password-based login (sign-in) form (#32687)
Usually enterprise/organization users would like to only allow OAuth2
login.

This PR adds a new config option to disable the password-based login
form. It is a simple and clear approach and won't block the future
login-system refactoring works.

Fix a TODO in #24821

Replace  #21851

Close #7633 , close #13606
2024-12-02 02:03:15 +08:00
wxiaoguang dd83cfcacc Refactor CSRF token (#32216) 2024-10-10 03:48:21 +00:00
Daniel 64298dcb9e Failed authentications are logged to level Warning (#32016)
PR for issue #31968 
Replaces PR #31983 to comply with gitea's error definition

Failed authentications are now logged to level `Warning` instead of
`Info`.
2024-09-11 17:58:45 +00:00
techknowlogick f183783baa Save initial signup information for users to aid in spam prevention (#31852)
This will allow instance admins to view signup pattern patterns for
public instances. It is modelled after discourse, mastodon, and
MediaWiki's approaches.

Note: This has privacy implications, but as the above-stated open-source
projects take this approach, especially MediaWiki, which I have no doubt
looked into this thoroughly, it is likely okay for us, too. However, I
would be appreciative of any feedback on how this could be improved.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-09-09 17:05:16 -04:00
Denys Konovalov 83f37f6302 Remove urls from translations (#31950)
Part of #27700

Removes all URLs from translation strings to easy up changing them in
the future and to exclude people injecting malicious URLs through
translations. First measure as long as #24402 is out of scope.
2024-09-02 18:36:24 +00:00
Rowan Bohde 416c36f303 allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-16 20:33:16 +02:00
Lunny Xiao b6f15c7948 Add missed return after ctx.ServerError (#31130) 2024-05-28 12:31:59 +03:00
wxiaoguang 67c1a07285 Refactor AppURL usage (#30885)
Fix #30883
Fix #29591

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-05-07 08:26:13 +00:00
wxiaoguang bffbbf5470 Improve oauth2 client "preferred username field" logic and the error handling (#30622)
Follow #30454
And fix #24957

When using "preferred_username", if no such field,
`extractUserNameFromOAuth2` (old `getUserName`) shouldn't return an
error. All other USERNAME options do not return such error.

And fine tune some logic and error messages, make code more stable and
more friendly to end users.
2024-04-25 11:22:32 +00:00
SimonErm 6ba0c371c2 Allow preferred_username as username source for OIDC (#30454)
This PR adds the preferred_username claim as a possible username source
for the oauth2_client.

Closes #21518
2024-04-16 05:41:39 +00:00
wxiaoguang ca4107dc96 Refactor external URL detection (#29973)
Follow #29960, `IsExternalURL` is not needed anymore. 
Add some tests for `RedirectToCurrentSite`
2024-03-22 04:32:40 +08:00
wxiaoguang 01500957c2 Refactor URL detection (#29960)
"Redirect" functions should only redirect if the target is for current Gitea site.
2024-03-21 12:02:34 +00:00
wxiaoguang df1268ca08 Make "/user/login" page redirect if the current user has signed in (#29583)
Fix #29582 and maybe more.
Maybe fix #29116
2024-03-05 02:12:03 +00:00
6543 a3f05d0d98 remove util.OptionalBool and related functions (#29513)
and migrate affected code

_last refactoring bits to replace **util.OptionalBool** with
**optional.Option[bool]**_
2024-03-02 16:42:31 +01:00
wxiaoguang 6bdfc84e6c Allow to change primary email before account activation (#29412) 2024-02-27 10:55:13 +00:00
Lunny Xiao 29f149bd9f Move context from modules to services (#29440)
Since `modules/context` has to depend on `models` and many other
packages, it should be moved from `modules/context` to
`services/context` according to design principles. There is no logic
code change on this PR, only move packages.

- Move `code.gitea.io/gitea/modules/context` to
`code.gitea.io/gitea/services/context`
- Move `code.gitea.io/gitea/modules/contexttest` to
`code.gitea.io/gitea/services/contexttest` because of depending on
context
- Move `code.gitea.io/gitea/modules/upload` to
`code.gitea.io/gitea/services/context/upload` because of depending on
context
2024-02-27 08:12:22 +01:00
wxiaoguang 49e4826747 Refactor "user/active" related logic (#29390)
And add more tests. Remove a lot of fragile "if" blocks.

The old logic is kept as-is.
2024-02-25 21:55:00 +00:00
6543 4ba642d07d Revert "Support SAML authentication (#25165)" (#29358)
This reverts #25165 (5bb8d1924d), as there
was a chance some important reviews got missed.

so after reverting this patch it will be resubmitted for reviewing again

https://github.com/go-gitea/gitea/pull/25165#issuecomment-1960670242

temporary Open #5512 again
2024-02-24 12:18:49 +08:00
techknowlogick 5bb8d1924d Support SAML authentication (#25165)
Closes https://github.com/go-gitea/gitea/issues/5512

This PR adds basic SAML support
- Adds SAML 2.0 as an auth source
- Adds SAML configuration documentation
- Adds integration test:
- Use bare-bones SAML IdP to test protocol flow and test account is
linked successfully (only runs on Postgres by default)
- Adds documentation for configuring and running SAML integration test
locally

Future PRs:
- Support group mapping
- Support auto-registration (account linking)

Co-Authored-By: @jackHay22

---------

Co-authored-by: jackHay22 <jack@allspice.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: morphelinho <morphelinho@users.noreply.github.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
2024-02-23 00:08:17 +00:00
KN4CK3R f8b471ace1 Unify user update methods (#28733)
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.
2024-02-04 13:29:09 +00:00
Kyle D 54acf7b0d4 Normalize oauth email username (#28561) 2024-01-03 18:48:20 -06:00
wxiaoguang e5d8c4b8d4 Avoid cycle-redirecting user/login page (#28636)
Fix #28231, and remove some unused code. The `db.HasEngine` doesn't seem
useful because the db engine is always initialized before web route.
2023-12-30 08:48:34 +00:00
Lunny Xiao e7cb8da2a8 Always enable caches (#28527)
Nowadays, cache will be used on almost everywhere of Gitea and it cannot
be disabled, otherwise some features will become unaviable.

Then I think we can just remove the option for cache enable. That means
cache cannot be disabled.
But of course, we can still use cache configuration to set how should
Gitea use the cache.
2023-12-19 09:29:05 +00:00
Lunny Xiao 1bf5527eac Refactor Find Sources and fix bug when view a user who belongs to an unactive auth source (#27798)
The steps to reproduce it.

First, create a new oauth2 source.
Then, a user login with this oauth2 source.
Disable the oauth2 source.
Visit users -> settings -> security, 500 will be displayed.
This is because this page only load active Oauth2 sources but not all
Oauth2 sources.
2023-11-03 01:41:00 +00:00
JakobDev 76a85a4ce9 Final round of db.DefaultContext refactor (#27587)
Last part of #27065
2023-10-14 08:37:24 +00:00