mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-11 00:50:27 -05:00
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
This commit is contained in:
parent
5169a0e025
commit
aae74c793a
4 changed files with 37 additions and 32 deletions
|
@ -83,6 +83,8 @@ ENABLE_NOTIFY_MAIL = false
|
|||
; More detail: https://github.com/gogits/gogs/issues/165
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
||||
; Do not check minimum key size with corresponding type
|
||||
DISABLE_MINIMUM_KEY_SIZE_CHECK = false
|
||||
|
||||
[webhook]
|
||||
; Cron task interval in minutes
|
||||
|
|
|
@ -101,17 +101,15 @@ func (key *PublicKey) GetAuthorizedString() string {
|
|||
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, setting.CustomConf, key.Content)
|
||||
}
|
||||
|
||||
var (
|
||||
MinimumKeySize = map[string]int{
|
||||
"(ED25519)": 256,
|
||||
"(ECDSA)": 256,
|
||||
"(NTRU)": 1087,
|
||||
"(MCE)": 1702,
|
||||
"(McE)": 1702,
|
||||
"(RSA)": 2048,
|
||||
"(DSA)": 1024,
|
||||
}
|
||||
)
|
||||
var minimumKeySizes = map[string]int{
|
||||
"(ED25519)": 256,
|
||||
"(ECDSA)": 256,
|
||||
"(NTRU)": 1087,
|
||||
"(MCE)": 1702,
|
||||
"(McE)": 1702,
|
||||
"(RSA)": 2048,
|
||||
"(DSA)": 1024,
|
||||
}
|
||||
|
||||
func extractTypeFromBase64Key(key string) (string, error) {
|
||||
b, err := base64.StdEncoding.DecodeString(key)
|
||||
|
@ -228,15 +226,17 @@ func CheckPublicKeyString(content string) (bool, error) {
|
|||
}
|
||||
|
||||
// Check if key type and key size match.
|
||||
keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
|
||||
if keySize == 0 {
|
||||
return false, errors.New("cannot get key size of the given key")
|
||||
}
|
||||
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
|
||||
if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {
|
||||
return false, errors.New("sorry, unrecognized public key type")
|
||||
} else if keySize < minimumKeySize {
|
||||
return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
|
||||
if !setting.Service.DisableMinimumKeySizeCheck {
|
||||
keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
|
||||
if keySize == 0 {
|
||||
return false, errors.New("cannot get key size of the given key")
|
||||
}
|
||||
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
|
||||
if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
|
||||
return false, errors.New("sorry, unrecognized public key type")
|
||||
} else if keySize < minimumKeySize {
|
||||
return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
|
||||
}
|
||||
}
|
||||
|
||||
return true, nil
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -339,6 +339,8 @@ func NewConfigContext() {
|
|||
}
|
||||
|
||||
var Service struct {
|
||||
ActiveCodeLives int
|
||||
ResetPwdCodeLives int
|
||||
RegisterEmailConfirm bool
|
||||
DisableRegistration bool
|
||||
ShowRegistrationButton bool
|
||||
|
@ -347,19 +349,20 @@ var Service struct {
|
|||
EnableNotifyMail bool
|
||||
EnableReverseProxyAuth bool
|
||||
EnableReverseProxyAutoRegister bool
|
||||
ActiveCodeLives int
|
||||
ResetPwdCodeLives int
|
||||
DisableMinimumKeySizeCheck bool
|
||||
}
|
||||
|
||||
func newService() {
|
||||
Service.ActiveCodeLives = Cfg.Section("service").Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
|
||||
Service.ResetPwdCodeLives = Cfg.Section("service").Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
|
||||
Service.DisableRegistration = Cfg.Section("service").Key("DISABLE_REGISTRATION").MustBool()
|
||||
Service.ShowRegistrationButton = Cfg.Section("service").Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration)
|
||||
Service.RequireSignInView = Cfg.Section("service").Key("REQUIRE_SIGNIN_VIEW").MustBool()
|
||||
Service.EnableCacheAvatar = Cfg.Section("service").Key("ENABLE_CACHE_AVATAR").MustBool()
|
||||
Service.EnableReverseProxyAuth = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
|
||||
Service.EnableReverseProxyAutoRegister = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
|
||||
sec := Cfg.Section("service")
|
||||
Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
|
||||
Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
|
||||
Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool()
|
||||
Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration)
|
||||
Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool()
|
||||
Service.EnableCacheAvatar = sec.Key("ENABLE_CACHE_AVATAR").MustBool()
|
||||
Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
|
||||
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
|
||||
Service.DisableRegistration = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
|
||||
}
|
||||
|
||||
var logLevels = map[string]string{
|
||||
|
|
Loading…
Reference in a new issue