1
1
mirror of https://github.com/go-gitea/gitea synced 2024-11-14 14:14:25 +00:00
Commit Graph

8 Commits

Author SHA1 Message Date
silverwind
1c523e2129
Set appropriate autocomplete attributes on password fields (#13078)
`new-password` prevents annoying autocompletion in some cases, thought
it's not semantically correct to use that for example on all three
fields on the user account page, so some annoyances remain.

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-09 10:32:30 +03:00
John Olheiser
72636fd664
hCaptcha Support (#12594)
* Initial work on hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Use module

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Format

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* At least return and debug log a captcha error

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Pass context to hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add context to recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Finish hcaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update example config

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Apply error fix for recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Change recaptcha ChallengeTS to string

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-02 23:37:53 -04:00
Tchoupinax
fd9e8951d8
fix: add type=text for user_name (password manager) (#12250)
* fix: add type=text for user_name (password manager)

* Update templates/user/auth/reset_passwd.tmpl

Co-authored-by: jaqra <48099350+jaqra@users.noreply.github.com>

Co-authored-by: jaqra <48099350+jaqra@users.noreply.github.com>
2020-07-15 16:48:50 +03:00
AJ ONeal
62d6127f1b Make captcha and password optional for external accounts (#6606) 2019-07-06 15:48:02 -04:00
AJ ONeal
b8451190d8 UX of link account (Step 1) (#5006)
* Show either sign up OR sign in

* disambiguate fresh start from adding recovery options

* use tabs to switch between account link flows

* add active to tab body as well

* changes as per discussion

* handle specific error; fix missing err typo
2018-10-28 18:46:16 -04:00
Fluf
f035dcd4f2 Add Recaptcha functionality to Gitea (#4044) 2018-07-05 00:13:05 -04:00
Sandro Santilli
15f5d8e794 Reduce conditionals in signin/signup inner forms
by always using SignInLink and SignUpLink in the form action
2017-03-20 09:40:42 +01:00
Willem van Dreumel
01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00