Add support for authentication via ssh certificates and pub/privatekey #442
|
|
@ -59,6 +59,21 @@ var CmdLoginAdd = cli.Command{
|
|||
Aliases: []string{"i"},
|
||||
Usage: "Disable TLS verification",
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "ssh-certificate",
|
||||
Aliases: []string{"c"},
|
||||
Usage: "Use SSH certificate to login (needs a running ssh-agent with certificate loaded)",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "ssh-certificate-principal",
|
||||
Aliases: []string{"p"},
|
||||
Usage: "Use SSH certificate with specified principal to login (needs a running ssh-agent with certificate loaded)\nIf not specified first found principal will be used",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "ssh-key-agent-public-key",
|
||||
Aliases: []string{"a"},
|
||||
Usage: "Use SSH public key or SSH fingerprint to login (needs a running ssh-agent with ssh key loaded)",
|
||||
},
|
||||
},
|
||||
Action: runLoginAdd,
|
||||
}
|
||||
|
|
@ -69,6 +84,11 @@ func runLoginAdd(ctx *cli.Context) error {
|
|||
return interact.CreateLogin()
|
||||
}
|
||||
|
||||
sshKeyAgent := false
|
||||
if ctx.String("ssh-key-agent-public-key") != "" {
|
||||
sshKeyAgent = true
|
||||
}
|
||||
|
||||
// else use args to add login
|
||||
return task.CreateLogin(
|
||||
ctx.String("name"),
|
||||
|
|
@ -77,5 +97,9 @@ func runLoginAdd(ctx *cli.Context) error {
|
|||
ctx.String("password"),
|
||||
ctx.String("ssh-key"),
|
||||
ctx.String("url"),
|
||||
ctx.Bool("insecure"))
|
||||
ctx.String("ssh-certificate-principal"),
|
||||
ctx.String("ssh-key-agent-public-key"),
|
||||
ctx.Bool("insecure"),
|
||||
ctx.Bool("ssh-certificate"),
|
||||
sshKeyAgent)
|
||||
}
|
||||
|
|
|
|||
8
go.mod
8
go.mod
|
|
@ -17,7 +17,7 @@ require (
|
|||
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/urfave/cli/v2 v2.3.0
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
|
||||
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
)
|
||||
|
||||
|
|
@ -30,8 +30,10 @@ require (
|
|||
github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
|
||||
github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/davidmz/go-pageant v1.0.2 // indirect
|
||||
github.com/dlclark/regexp2 v1.4.0 // indirect
|
||||
github.com/emirpasic/gods v1.12.0 // indirect
|
||||
github.com/go-fed/httpsig v1.1.0 // indirect
|
||||
github.com/go-git/gcfg v1.5.0 // indirect
|
||||
github.com/go-git/go-billy/v5 v5.3.1 // indirect
|
||||
github.com/gorilla/css v1.0.0 // indirect
|
||||
|
|
@ -55,7 +57,7 @@ require (
|
|||
github.com/xanzy/ssh-agent v0.3.1 // indirect
|
||||
github.com/yuin/goldmark v1.4.0 // indirect
|
||||
github.com/yuin/goldmark-emoji v1.0.1 // indirect
|
||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
|
||||
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf // indirect
|
||||
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
|
||||
golang.org/x/text v0.3.7 // indirect
|
||||
|
|
@ -63,3 +65,5 @@ require (
|
|||
gopkg.in/warnings.v0 v0.1.2 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
|
||||
)
|
||||
|
||||
replace code.gitea.io/sdk/gitea => gitea.com/42wim/go-sdk/gitea v0.0.0-20220615192105-8c821f6c3419
|
||||
|
6543 marked this conversation as resolved
Outdated
|
||||
|
|
|
|||
18
go.sum
18
go.sum
|
|
@ -1,7 +1,7 @@
|
|||
code.gitea.io/gitea-vet v0.2.1 h1:b30by7+3SkmiftK0RjuXqFvZg2q4p68uoPGuxhzBN0s=
|
||||
code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
|
||||
code.gitea.io/sdk/gitea v0.15.1-0.20220530220844-359c771ce3d2 h1:zzvs7avrzxCtHZ6RyAfoogMLMDbjLCfPd2cG5kshXkQ=
|
||||
code.gitea.io/sdk/gitea v0.15.1-0.20220530220844-359c771ce3d2/go.mod h1:meYWFEkIHx/qUEOlIZ2VQmC7EC3ocEVs5IvXQ0qrItQ=
|
||||
gitea.com/42wim/go-sdk/gitea v0.0.0-20220615192105-8c821f6c3419 h1:nr6/27FiO35Nyd23HS481wh59614hhupte0OSEn383A=
|
||||
gitea.com/42wim/go-sdk/gitea v0.0.0-20220615192105-8c821f6c3419/go.mod h1:aRmrQC3CAHdJAU1LQt0C9zqzqI8tUB/5oQtNE746aYE=
|
||||
gitea.com/noerw/unidiff-comments v0.0.0-20201219085024-64aec5658f2b h1:CLYsMGcGLohESQDMth+RgJ4cB3CCHToxnj0zBbvB3sE=
|
||||
gitea.com/noerw/unidiff-comments v0.0.0-20201219085024-64aec5658f2b/go.mod h1:Fc8iyPm4NINRWujeIk2bTfcbGc4ZYY29/oMAAGcr4qI=
|
||||
github.com/AlecAivazis/survey/v2 v2.3.1 h1:lzkuHA60pER7L4eYL8qQJor4bUWlJe4V0gqAT19tdOA=
|
||||
|
|
@ -50,6 +50,8 @@ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9
|
|||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0=
|
||||
github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE=
|
||||
github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
|
||||
github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E=
|
||||
github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
|
||||
|
|
@ -60,6 +62,8 @@ github.com/enescakir/emoji v1.0.0/go.mod h1:Bt1EKuLnKDTYpLALApstIkAjdDrS/8IAgTkK
|
|||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
|
||||
github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
|
||||
github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
|
||||
github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
|
||||
github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
|
||||
github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
|
||||
github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
|
||||
github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
|
||||
|
|
@ -178,11 +182,13 @@ golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnf
|
|||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
|
||||
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
|
||||
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
|
|
@ -192,8 +198,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
|
|||
golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
|
||||
golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||
golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
|
||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
|
|
|
|||
|
|
@ -25,8 +25,12 @@ type Login struct {
|
|||
Default bool `yaml:"default"`
|
||||
SSHHost string `yaml:"ssh_host"`
|
||||
// optional path to the private key
|
||||
SSHKey string `yaml:"ssh_key"`
|
||||
Insecure bool `yaml:"insecure"`
|
||||
SSHKey string `yaml:"ssh_key"`
|
||||
Insecure bool `yaml:"insecure"`
|
||||
SSHCert bool `yaml:"ssh_certificate"`
|
||||
SSHCertPrincipal string `yaml:"ssh_certificate_principal"`
|
||||
SSHKeyAgent bool `yaml:"ssh_key_agent"`
|
||||
SSHKeyAgentPub string `yaml:"ssh_key_agent_pub"`
|
||||
// User is username from gitea
|
||||
User string `yaml:"user"`
|
||||
// Created is auto created unix timestamp
|
||||
|
|
@ -177,6 +181,13 @@ func (l *Login) Client(options ...gitea.ClientOption) *gitea.Client {
|
|||
|
||||
options = append(options, gitea.SetToken(l.Token), gitea.SetHTTPClient(httpClient))
|
||||
|
||||
if l.SSHCert {
|
||||
options = append(options, gitea.UseSSHCert(l.SSHCertPrincipal))
|
||||
}
|
||||
if l.SSHKeyAgent {
|
||||
options = append(options, gitea.UseSSHPubkey(l.SSHKeyAgentPub))
|
||||
}
|
||||
|
||||
client, err := gitea.NewClient(l.URL, options...)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
|
|
|
|||
|
|
@ -15,8 +15,10 @@ import (
|
|||
|
||||
// CreateLogin create an login interactive
|
||||
func CreateLogin() error {
|
||||
var name, token, user, passwd, sshKey, giteaURL string
|
||||
var name, token, user, passwd, sshKey, giteaURL, sshCertPrincipal, sshKeyAgentPub string
|
||||
var sshCert = false
|
||||
var insecure = false
|
||||
var sshKeyAgent = false
|
||||
|
||||
promptI := &survey.Input{Message: "URL of Gitea instance: "}
|
||||
if err := survey.AskOne(promptI, &giteaURL, survey.WithValidator(survey.Required)); err != nil {
|
||||
|
|
@ -38,30 +40,64 @@ func CreateLogin() error {
|
|||
return err
|
||||
}
|
||||
|
||||
var hasToken bool
|
||||
promptYN := &survey.Confirm{
|
||||
Message: "Do you have an access token?",
|
||||
Message: "Do you want to use your SSH certificate to login? (needs a running ssh-agent with certificate loaded)",
|
||||
Default: false,
|
||||
}
|
||||
if err = survey.AskOne(promptYN, &hasToken); err != nil {
|
||||
if err = survey.AskOne(promptYN, &sshCert); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if hasToken {
|
||||
promptI = &survey.Input{Message: "Token: "}
|
||||
if err := survey.AskOne(promptI, &token, survey.WithValidator(survey.Required)); err != nil {
|
||||
if sshCert {
|
||||
promptI = &survey.Input{Message: "Which SSH certificate principal to use? (if not specified the first one detected will be used): "}
|
||||
if err = survey.AskOne(promptI, &sshCertPrincipal); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
promptI = &survey.Input{Message: "Username: "}
|
||||
if err = survey.AskOne(promptI, &user, survey.WithValidator(survey.Required)); err != nil {
|
||||
}
|
||||
|
||||
if !sshCert {
|
||||
promptYN := &survey.Confirm{
|
||||
Message: "Do you want to use your SSH key to login? (needs a running ssh-agent with your key loaded)",
|
||||
Default: false,
|
||||
}
|
||||
if err = survey.AskOne(promptYN, &sshKeyAgent); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
promptPW := &survey.Password{Message: "Password: "}
|
||||
if err = survey.AskOne(promptPW, &passwd, survey.WithValidator(survey.Required)); err != nil {
|
||||
if sshKeyAgent {
|
||||
promptI = &survey.Input{Message: "Which SSH key ? (paste your public key or fingerprint): "}
|
||||
if err = survey.AskOne(promptI, &sshKeyAgentPub, survey.WithValidator(survey.Required)); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !sshCert && !sshKeyAgent {
|
||||
var hasToken bool
|
||||
promptYN = &survey.Confirm{
|
||||
Message: "Do you have an access token?",
|
||||
Default: false,
|
||||
}
|
||||
if err = survey.AskOne(promptYN, &hasToken); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if hasToken {
|
||||
promptI = &survey.Input{Message: "Token: "}
|
||||
if err := survey.AskOne(promptI, &token, survey.WithValidator(survey.Required)); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
promptI = &survey.Input{Message: "Username: "}
|
||||
if err = survey.AskOne(promptI, &user, survey.WithValidator(survey.Required)); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
promptPW := &survey.Password{Message: "Password: "}
|
||||
if err = survey.AskOne(promptPW, &passwd, survey.WithValidator(survey.Required)); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var optSettings bool
|
||||
|
|
@ -87,5 +123,5 @@ func CreateLogin() error {
|
|||
}
|
||||
}
|
||||
|
||||
return task.CreateLogin(name, token, user, passwd, sshKey, giteaURL, insecure)
|
||||
return task.CreateLogin(name, token, user, passwd, sshKey, giteaURL, sshCertPrincipal, sshKeyAgentPub, insecure, sshCert, sshKeyAgent)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ import (
|
|||
)
|
||||
|
||||
// CreateLogin create a login to be stored in config
|
||||
func CreateLogin(name, token, user, passwd, sshKey, giteaURL string, insecure bool) error {
|
||||
func CreateLogin(name, token, user, passwd, sshKey, giteaURL, sshCertPrincipal, sshKeyAgentPub string, insecure, sshCert, sshKeyAgent bool) error {
|
||||
// checks ...
|
||||
// ... if we have a url
|
||||
if len(giteaURL) == 0 {
|
||||
|
|
@ -32,13 +32,15 @@ func CreateLogin(name, token, user, passwd, sshKey, giteaURL string, insecure bo
|
|||
return fmt.Errorf("token already been used, delete login '%s' first", login.Name)
|
||||
}
|
||||
|
||||
// .. if we have enough information to authenticate
|
||||
if len(token) == 0 && (len(user)+len(passwd)) == 0 {
|
||||
return fmt.Errorf("No token set")
|
||||
} else if len(user) != 0 && len(passwd) == 0 {
|
||||
return fmt.Errorf("No password set")
|
||||
} else if len(user) == 0 && len(passwd) != 0 {
|
||||
return fmt.Errorf("No user set")
|
||||
if !sshCert && !sshKeyAgent {
|
||||
// .. if we have enough information to authenticate
|
||||
if len(token) == 0 && (len(user)+len(passwd)) == 0 {
|
||||
return fmt.Errorf("No token set")
|
||||
} else if len(user) != 0 && len(passwd) == 0 {
|
||||
return fmt.Errorf("No password set")
|
||||
} else if len(user) == 0 && len(passwd) != 0 {
|
||||
return fmt.Errorf("No user set")
|
||||
}
|
||||
}
|
||||
|
||||
// Normalize URL
|
||||
|
|
@ -48,15 +50,19 @@ func CreateLogin(name, token, user, passwd, sshKey, giteaURL string, insecure bo
|
|||
}
|
||||
|
||||
login := config.Login{
|
||||
Name: name,
|
||||
URL: serverURL.String(),
|
||||
Token: token,
|
||||
Insecure: insecure,
|
||||
SSHKey: sshKey,
|
||||
Created: time.Now().Unix(),
|
||||
Name: name,
|
||||
URL: serverURL.String(),
|
||||
Token: token,
|
||||
Insecure: insecure,
|
||||
SSHKey: sshKey,
|
||||
SSHCert: sshCert,
|
||||
SSHKeyAgent: sshKeyAgent,
|
||||
SSHCertPrincipal: sshCertPrincipal,
|
||||
SSHKeyAgentPub: sshKeyAgentPub,
|
||||
Created: time.Now().Unix(),
|
||||
}
|
||||
|
||||
if len(token) == 0 {
|
||||
if len(token) == 0 && !sshCert && !sshKeyAgent {
|
||||
if login.Token, err = generateToken(login, user, passwd); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user
sdk pull got merged
ok pulled in upstream go-sdk back