infrastructure/blender-projects-platform
7
1
Issues 48 Projects 1 Activity

Gitea: Disable HTTPS Push method for GIT #30

New Issue
Open
opened 2023-02-14 11:23:04 +01:00 by Arnd Marijnissen · 1 comment
Arnd Marijnissen commented 2023-02-14 11:23:04 +01:00
Owner
Copy Link

Taken from #3

We want to have people able to PULL via HTTPS (unauthenticated) but would prefer to have only SSH-keys being used as a method to PUSH anything.

This involves finding a way to disable https method in a graceful way.

Allowing https-logins creates a number of issues:

  • We want to only have one set of login-data for user-accounts: blender-id
  • HTTPS-git only really works against LOCAL password in GItea (which we'd like to NOT have used)
  • Local-passwords can currently be set by using the 'forgot password' path.. so people can actually set them..)

Disabling authenticated HTTPS-push methods will prevent people from using this in production.

Goals:

  • We want to KEEP https PULLS
  • We want to DISABLE https PUSH
  • We want to discourage/remove any operations involving 'local password"
    • Password reset system needs looking at, too
Taken from #3 We want to have people able to PULL via HTTPS (unauthenticated) but would prefer to have only SSH-keys being used as a method to PUSH anything. This involves finding a way to disable https method in a graceful way. Allowing https-logins creates a number of issues: * We want to only have one set of login-data for user-accounts: blender-id * HTTPS-git only really works against LOCAL password in GItea (which we'd like to NOT have used) * Local-passwords can currently be set by using the 'forgot password' path.. so people can actually set them..) Disabling authenticated HTTPS-push methods will prevent people from using this in production. Goals: * We want to KEEP https PULLS * We want to DISABLE https PUSH * We want to discourage/remove any operations involving 'local password" * Password reset system needs looking at, too
Arnd Marijnissen added the
Service
Gitea
Type
Deployment
 labels 2023-02-14 11:23:27 +01:00
Lunny Xiao commented 2023-02-18 04:00:01 +01:00
Copy Link

I already have a PR to allow disable change local password and some other parts. https://github.com/go-gitea/gitea/pull/20549

I already have a PR to allow disable change local password and some other parts. https://github.com/go-gitea/gitea/pull/20549
Bart van der Braak added this to the DevOps Progress Board project 2024-07-16 12:58:17 +02:00
Bart van der Braak changed title from Deployment: Disable HTTPS Push method for GIT to Gitea: Disable HTTPS Push method for GIT 2024-07-17 15:12:57 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
Service
Buildbot
builder.blender.org

  
Service
Chat
chat.blender.org

  
Service
Gitea
projects.blender.org

  
Service
Translate
translate.blender.org

  
Type
Bug
Errors or incorrect behaviour

  
Type
Config
Configuration change

  
Type
Deployment
Version deployment or rollback

  
Type
Feature
New functionality or enhancement

  
Type
Setup
New service setup and deployment

No Label
Service
Buildbot
Service
Chat
Service
Gitea
Service
Translate
Type
Bug
Type
Config
Type
Deployment
Type
Feature
Type
Setup
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
DevOps Progress Board
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/blender-projects-platform#30
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?