infrastructure
/
blender-projects-platform
5
1
Issues 20 Projects Activity

Deployment: Disable HTTPS Push method for GIT #30

New Issue
Open
opened 2023-02-14 11:23:04 +01:00 by Arnd Marijnissen · 1 comment
Arnd Marijnissen commented 2023-02-14 11:23:04 +01:00
Owner
Copy Link

Taken from #3

We want to have people able to PULL via HTTPS (unauthenticated) but would prefer to have only SSH-keys being used as a method to PUSH anything.

This involves finding a way to disable https method in a graceful way.

Allowing https-logins creates a number of issues:

  • We want to only have one set of login-data for user-accounts: blender-id
  • HTTPS-git only really works against LOCAL password in GItea (which we'd like to NOT have used)
  • Local-passwords can currently be set by using the 'forgot password' path.. so people can actually set them..)

Disabling authenticated HTTPS-push methods will prevent people from using this in production.

Goals:

  • We want to KEEP https PULLS
  • We want to DISABLE https PUSH
  • We want to discourage/remove any operations involving 'local password"
    • Password reset system needs looking at, too
Taken from #3 We want to have people able to PULL via HTTPS (unauthenticated) but would prefer to have only SSH-keys being used as a method to PUSH anything. This involves finding a way to disable https method in a graceful way. Allowing https-logins creates a number of issues: * We want to only have one set of login-data for user-accounts: blender-id * HTTPS-git only really works against LOCAL password in GItea (which we'd like to NOT have used) * Local-passwords can currently be set by using the 'forgot password' path.. so people can actually set them..) Disabling authenticated HTTPS-push methods will prevent people from using this in production. Goals: * We want to KEEP https PULLS * We want to DISABLE https PUSH * We want to discourage/remove any operations involving 'local password" * Password reset system needs looking at, too
Arnd Marijnissen added the
gitea feature request
deployment
 labels 2023-02-14 11:23:27 +01:00
Lunny Xiao commented 2023-02-18 04:00:01 +01:00
Copy Link

I already have a PR to allow disable change local password and some other parts. https://github.com/go-gitea/gitea/pull/20549

I already have a PR to allow disable change local password and some other parts. https://github.com/go-gitea/gitea/pull/20549
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
Labels
Clear labels   
blender customization

   
bug

Something is not working

  
buildbot

   
deployment

   
gitea feature request

   
help wanted

Need some help

  
policy
No Label
blender customization
bug
buildbot
deployment
gitea feature request
help wanted
policy
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/blender-projects-platform#30
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?