Gitea: Disable HTTPS Push method for GIT #30

Open
opened 2023-02-14 11:23:04 +01:00 by Arnd Marijnissen · 1 comment

Taken from #3

We want to have people able to PULL via HTTPS (unauthenticated) but would prefer to have only SSH-keys being used as a method to PUSH anything.

This involves finding a way to disable https method in a graceful way.

Allowing https-logins creates a number of issues:

  • We want to only have one set of login-data for user-accounts: blender-id
  • HTTPS-git only really works against LOCAL password in GItea (which we'd like to NOT have used)
  • Local-passwords can currently be set by using the 'forgot password' path.. so people can actually set them..)

Disabling authenticated HTTPS-push methods will prevent people from using this in production.

Goals:

  • We want to KEEP https PULLS
  • We want to DISABLE https PUSH
  • We want to discourage/remove any operations involving 'local password"
    • Password reset system needs looking at, too
Taken from #3 We want to have people able to PULL via HTTPS (unauthenticated) but would prefer to have only SSH-keys being used as a method to PUSH anything. This involves finding a way to disable https method in a graceful way. Allowing https-logins creates a number of issues: * We want to only have one set of login-data for user-accounts: blender-id * HTTPS-git only really works against LOCAL password in GItea (which we'd like to NOT have used) * Local-passwords can currently be set by using the 'forgot password' path.. so people can actually set them..) Disabling authenticated HTTPS-push methods will prevent people from using this in production. Goals: * We want to KEEP https PULLS * We want to DISABLE https PUSH * We want to discourage/remove any operations involving 'local password" * Password reset system needs looking at, too
Arnd Marijnissen added the
Service
Gitea
Type
Deployment
labels 2023-02-14 11:23:27 +01:00

I already have a PR to allow disable change local password and some other parts. https://github.com/go-gitea/gitea/pull/20549

I already have a PR to allow disable change local password and some other parts. https://github.com/go-gitea/gitea/pull/20549
Bart van der Braak added this to the DevOps Progress Board project 2024-07-16 12:58:17 +02:00
Bart van der Braak changed title from Deployment: Disable HTTPS Push method for GIT to Gitea: Disable HTTPS Push method for GIT 2024-07-17 15:12:57 +02:00
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/blender-projects-platform#30
No description provided.