allow anonymous SSH clone

cmd/serve.go

@@ -78,35 +78,18 @@ func runServ(c *cli.Context) {
 	setup("serv.log")
 
 	fail := func(userMessage, logMessage string, args ...interface{}) {
-		fmt.Fprintln(os.Stderr, "Gogs: ", userMessage)
-		log.GitLogger.Fatal(2, logMessage, args...)
+		fmt.Fprintln(os.Stderr, "Gogs:", userMessage)
+		log.GitLogger.Fatal(3, logMessage, args...)
 	}
 
 	if len(c.Args()) < 1 {
 		fail("Not enough arguments", "Not enough arguments")
 	}
 
-	keys := strings.Split(c.Args()[0], "-")
-	if len(keys) != 2 {
-		fail("key-id format error", "Invalid key id: %s", c.Args()[0])
-	}
-
-	keyId, err := com.StrTo(keys[1]).Int64()
-	if err != nil {
-		fail("key-id format error", "Invalid key id: %s", err)
-	}
-
-	user, err := models.GetUserByKeyId(keyId)
-	if err != nil {
-		fail("internal error", "Failed to get user by key ID(%d): %v", keyId, err)
-	}
-
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
-	if cmd == "" {
-		fmt.Printf("Hi, %s! You've successfully authenticated, but Gogs does not provide shell access.\n", user.Name)
-		if user.IsAdmin {
-			println("If this is unexpected, please log in with password and setup Gogs under another user.")
-		}
+	if len(cmd) == 0 {
+		println("Hi there, You've successfully authenticated, but Gogs does not provide shell access.")
+		println("If this is unexpected, please log in with password and setup Gogs under another user.")
 		return
 	}
 
@@ -121,7 +104,7 @@ func runServ(c *cli.Context) {
 
 	repoUser, err := models.GetUserByName(repoUserName)
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			fail("Repository owner does not exist", "Unregistered owner: %s", repoUserName)
 		}
 		fail("Internal error", "Failed to get repository owner(%s): %v", repoUserName, err)
@@ -130,11 +113,7 @@ func runServ(c *cli.Context) {
 	repo, err := models.GetRepositoryByName(repoUser.Id, repoName)
 	if err != nil {
 		if models.IsErrRepoNotExist(err) {
-			if user.Id == repoUser.Id || repoUser.IsOwnedBy(user.Id) {
-				fail("Repository does not exist", "Repository does not exist: %s/%s", repoUser.Name, repoName)
-			} else {
-				fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName)
-			}
+			fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName)
 		}
 		fail("Internal error", "Failed to get repository: %v", err)
 	}
@@ -144,17 +123,39 @@ func runServ(c *cli.Context) {
 		fail("Unknown git command", "Unknown git command %s", verb)
 	}
 
-	mode, err := models.AccessLevel(user, repo)
-	if err != nil {
-		fail("Internal error", "Fail to check access: %v", err)
-	} else if mode < requestedMode {
-		clientMessage := _ACCESS_DENIED_MESSAGE
-		if mode >= models.ACCESS_MODE_READ {
-			clientMessage = "You do not have sufficient authorization for this action"
+	// Allow anonymous clone for public repositories.
+	var (
+		keyID int64
+		user  *models.User
+	)
+	if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate {
+		keys := strings.Split(c.Args()[0], "-")
+		if len(keys) != 2 {
+			fail("key-id format error", "Invalid key id: %s", c.Args()[0])
+		}
+
+		keyID, err = com.StrTo(keys[1]).Int64()
+		if err != nil {
+			fail("key-id format error", "Invalid key id: %s", err)
+		}
+
+		user, err = models.GetUserByKeyId(keyID)
+		if err != nil {
+			fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
+		}
+
+		mode, err := models.AccessLevel(user, repo)
+		if err != nil {
+			fail("Internal error", "Fail to check access: %v", err)
+		} else if mode < requestedMode {
+			clientMessage := _ACCESS_DENIED_MESSAGE
+			if mode >= models.ACCESS_MODE_READ {
+				clientMessage = "You do not have sufficient authorization for this action"
+			}
+			fail(clientMessage,
+				"User %s does not have level %v access to repository %s",
+				user.Name, requestedMode, repoPath)
 		}
-		fail(clientMessage,
-			"User %s does not have level %v access to repository %s",
-			user.Name, requestedMode, repoPath)
 	}
 
 	uuid := uuid.NewV4().String()
@@ -201,12 +202,15 @@ func runServ(c *cli.Context) {
 	}
 
 	// Update key activity.
-	key, err := models.GetPublicKeyById(keyId)
-	if err != nil {
-		fail("Internal error", "GetPublicKeyById: %v", err)
-	}
-	key.Updated = time.Now()
-	if err = models.UpdatePublicKey(key); err != nil {
-		fail("Internal error", "UpdatePublicKey: %v", err)
+	if keyID > 0 {
+		key, err := models.GetPublicKeyById(keyID)
+		if err != nil {
+			fail("Internal error", "GetPublicKeyById: %v", err)
+		}
+
+		key.Updated = time.Now()
+		if err = models.UpdatePublicKey(key); err != nil {
+			fail("Internal error", "UpdatePublicKey: %v", err)
+		}
 	}
 }

gogs.go

@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.6.3.0802 Beta"
+const APP_VER = "0.6.3.0805 Beta"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())

models/error.go

@@ -54,6 +54,20 @@ func (err ErrUserAlreadyExist) Error() string {
 	return fmt.Sprintf("user already exists: [name: %s]", err.Name)
 }
 
+type ErrUserNotExist struct {
+	UID  int64
+	Name string
+}
+
+func IsErrUserNotExist(err error) bool {
+	_, ok := err.(ErrUserNotExist)
+	return ok
+}
+
+func (err ErrUserNotExist) Error() string {
+	return fmt.Sprintf("user does not exist: [uid: %d, name: %s]", err.UID, err.Name)
+}
+
 type ErrEmailAlreadyUsed struct {
 	Email string
 }

models/issue.go

@@ -57,7 +57,7 @@ type Issue struct {
 
 func (i *Issue) GetPoster() (err error) {
 	i.Poster, err = GetUserById(i.PosterId)
-	if err == ErrUserNotExist {
+	if IsErrUserNotExist(err) {
 		i.Poster = &User{Name: "FakeUser"}
 		return nil
 	}
@@ -92,7 +92,7 @@ func (i *Issue) GetAssignee() (err error) {
 		return nil
 	}
 	i.Assignee, err = GetUserById(i.AssigneeId)
-	if err == ErrUserNotExist {
+	if IsErrUserNotExist(err) {
 		return nil
 	}
 	return err

models/login.go

@@ -41,7 +41,7 @@ var (
 var LoginTypes = map[LoginType]string{
 	LDAP: "LDAP",
 	SMTP: "SMTP",
-	PAM: "PAM",
+	PAM:  "PAM",
 }
 
 // Ensure structs implemented interface.
@@ -192,7 +192,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
 	// Now verify password.
 	if u.LoginType == PLAIN {
 		if !u.ValidatePassword(passwd) {
-			return nil, ErrUserNotExist
+			return nil, ErrUserNotExist{u.Id, u.Name}
 		}
 		return u, nil
 	}
@@ -229,7 +229,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
 			}
 		}
 
-		return nil, ErrUserNotExist
+		return nil, ErrUserNotExist{u.Id, u.Name}
 	}
 
 	var source LoginSource
@@ -261,7 +261,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
 	name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
 	if !logged {
 		// User not in LDAP, do nothing
-		return nil, ErrUserNotExist
+		return nil, ErrUserNotExist{u.Id, u.Name}
 	}
 	if !autoRegister {
 		return u, nil
@@ -362,7 +362,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
 
 	if err := SmtpAuth(cfg.Host, cfg.Port, auth, cfg.TLS); err != nil {
 		if strings.Contains(err.Error(), "Username and Password not accepted") {
-			return nil, ErrUserNotExist
+			return nil, ErrUserNotExist{u.Id, u.Name}
 		}
 		return nil, err
 	}
@@ -397,7 +397,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
 func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
 	if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
 		if strings.Contains(err.Error(), "Authentication failure") {
-			return nil, ErrUserNotExist
+			return nil, ErrUserNotExist{u.Id, u.Name}
 		}
 		return nil, err
 	}

models/repo.go

@@ -624,7 +624,7 @@ func GetRepositoriesWithUsers(num, offset int) ([]*Repository, error) {
 		if err != nil {
 			return nil, err
 		} else if !has {
-			return nil, ErrUserNotExist
+			return nil, ErrUserNotExist{repo.OwnerId, ""}
 		}
 	}
 

models/user.go

@@ -36,7 +36,6 @@ const (
 )
 
 var (
-	ErrUserNotExist          = errors.New("User does not exist")
 	ErrUserNotKeyOwner       = errors.New("User does not the owner of public key")
 	ErrEmailNotExist         = errors.New("E-mail does not exist")
 	ErrEmailNotActivated     = errors.New("E-mail address has not been activated")
@@ -555,7 +554,7 @@ func getUserById(e Engine, id int64) (*User, error) {
 	if err != nil {
 		return nil, err
 	} else if !has {
-		return nil, ErrUserNotExist
+		return nil, ErrUserNotExist{id, ""}
 	}
 	return u, nil
 }
@@ -568,14 +567,14 @@ func GetUserById(id int64) (*User, error) {
 // GetUserByName returns user by given name.
 func GetUserByName(name string) (*User, error) {
 	if len(name) == 0 {
-		return nil, ErrUserNotExist
+		return nil, ErrUserNotExist{0, name}
 	}
 	u := &User{LowerName: strings.ToLower(name)}
 	has, err := x.Get(u)
 	if err != nil {
 		return nil, err
 	} else if !has {
-		return nil, ErrUserNotExist
+		return nil, ErrUserNotExist{0, name}
 	}
 	return u, nil
 }
@@ -700,7 +699,7 @@ func MakeEmailPrimary(email *EmailAddress) error {
 	if err != nil {
 		return err
 	} else if !has {
-		return ErrUserNotExist
+		return ErrUserNotExist{email.Uid, ""}
 	}
 
 	// Make sure the former primary email doesn't disappear
@@ -763,7 +762,7 @@ func ValidateCommitsWithEmails(oldCommits *list.List) *list.List {
 // GetUserByEmail returns the user object by given e-mail if exists.
 func GetUserByEmail(email string) (*User, error) {
 	if len(email) == 0 {
-		return nil, ErrUserNotExist
+		return nil, ErrUserNotExist{0, "email"}
 	}
 	// First try to find the user by primary email
 	user := &User{Email: strings.ToLower(email)}
@@ -785,7 +784,7 @@ func GetUserByEmail(email string) (*User, error) {
 		return GetUserById(emailAddress.Uid)
 	}
 
-	return nil, ErrUserNotExist
+	return nil, ErrUserNotExist{0, "email"}
 }
 
 // SearchUserByName returns given number of users whose name contains keyword.

modules/auth/auth.go

@@ -55,7 +55,7 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
 	}
 	if id, ok := uid.(int64); ok {
 		if _, err := models.GetUserById(id); err != nil {
-			if err != models.ErrUserNotExist {
+			if !models.IsErrUserNotExist(err) {
 				log.Error(4, "GetUserById: %v", err)
 			}
 			return 0
@@ -80,7 +80,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
 			if len(webAuthUser) > 0 {
 				u, err := models.GetUserByName(webAuthUser)
 				if err != nil {
-					if err != models.ErrUserNotExist {
+					if !models.IsErrUserNotExist(err) {
 						log.Error(4, "GetUserByName: %v", err)
 						return nil, false
 					}
@@ -115,7 +115,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
 
 				u, err := models.UserSignIn(uname, passwd)
 				if err != nil {
-					if err != models.ErrUserNotExist {
+					if !models.IsErrUserNotExist(err) {
 						log.Error(4, "UserSignIn: %v", err)
 					}
 					return nil, false

modules/middleware/org.go

@@ -34,7 +34,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
 		var err error
 		ctx.Org.Organization, err = models.GetUserByName(orgName)
 		if err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.Handle(404, "GetUserByName", err)
 			} else if redirect {
 				log.Error(4, "GetUserByName", err)

modules/middleware/repo.go

@@ -41,7 +41,7 @@ func ApiRepoAssignment() macaron.Handler {
 		} else {
 			u, err = models.GetUserByName(userName)
 			if err != nil {
-				if err == models.ErrUserNotExist {
+				if models.IsErrUserNotExist(err) {
 					ctx.Error(404)
 				} else {
 					ctx.JSON(500, &base.ApiJsonErr{"GetUserByName: " + err.Error(), base.DOC_URL})
@@ -217,7 +217,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
 		} else {
 			u, err = models.GetUserByName(userName)
 			if err != nil {
-				if err == models.ErrUserNotExist {
+				if models.IsErrUserNotExist(err) {
 					ctx.Handle(404, "GetUserByName", err)
 				} else {
 					ctx.Handle(500, "GetUserByName", err)

routers/api/v1/repo.go

@@ -139,7 +139,7 @@ func CreateRepo(ctx *middleware.Context, opt api.CreateRepoOption) {
 func CreateOrgRepo(ctx *middleware.Context, opt api.CreateRepoOption) {
 	org, err := models.GetOrgByName(ctx.Params(":org"))
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			ctx.Error(404)
 		} else {
 			ctx.Error(500)
@@ -157,7 +157,7 @@ func CreateOrgRepo(ctx *middleware.Context, opt api.CreateRepoOption) {
 func MigrateRepo(ctx *middleware.Context, form auth.MigrateRepoForm) {
 	u, err := models.GetUserByName(ctx.Query("username"))
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			ctx.HandleAPI(422, err)
 		} else {
 			ctx.HandleAPI(500, err)
@@ -174,7 +174,7 @@ func MigrateRepo(ctx *middleware.Context, form auth.MigrateRepoForm) {
 	if form.Uid != u.Id {
 		org, err := models.GetUserById(form.Uid)
 		if err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.HandleAPI(422, err)
 			} else {
 				ctx.HandleAPI(500, err)

routers/api/v1/user.go

@@ -61,7 +61,7 @@ func SearchUsers(ctx *middleware.Context) {
 func GetUserInfo(ctx *middleware.Context) {
 	u, err := models.GetUserByName(ctx.Params(":username"))
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			ctx.Error(404)
 		} else {
 			ctx.JSON(500, &base.ApiJsonErr{"GetUserByName: " + err.Error(), base.DOC_URL})

routers/org/members.go

@@ -100,7 +100,7 @@ func Invitation(ctx *middleware.Context) {
 		uname := ctx.Query("uname")
 		u, err := models.GetUserByName(uname)
 		if err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
 				ctx.Redirect(ctx.Org.OrgLink + "/invitations/new")
 			} else {

routers/org/teams.go

@@ -77,7 +77,7 @@ func TeamsAction(ctx *middleware.Context) {
 		var u *models.User
 		u, err = models.GetUserByName(uname)
 		if err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
 				ctx.Redirect(ctx.Org.OrgLink + "/teams/" + ctx.Org.Team.LowerName)
 			} else {

routers/repo/http.go

@@ -55,7 +55,7 @@ func Http(ctx *middleware.Context) {
 
 	repoUser, err := models.GetUserByName(username)
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			ctx.Handle(404, "GetUserByName", nil)
 		} else {
 			ctx.Handle(500, "GetUserByName", err)
@@ -107,7 +107,7 @@ func Http(ctx *middleware.Context) {
 
 		authUser, err = models.UserSignIn(authUsername, authPasswd)
 		if err != nil {
-			if err != models.ErrUserNotExist {
+			if !models.IsErrUserNotExist(err) {
 				ctx.Handle(500, "UserSignIn error: %v", err)
 				return
 			}

routers/repo/repo.go

@@ -35,7 +35,7 @@ func checkContextUser(ctx *middleware.Context, uid int64) *models.User {
 	}
 
 	org, err := models.GetUserById(uid)
-	if err == models.ErrUserNotExist {
+	if models.IsErrUserNotExist(err) {
 		return ctx.User
 	}
 

routers/repo/setting.go

@@ -118,7 +118,7 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
 		}
 
 		if _, err = models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
 			} else {
 				ctx.Handle(500, "UserSignIn", err)
@@ -151,7 +151,7 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
 		}
 
 		if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
 			} else {
 				ctx.Handle(500, "UserSignIn", err)
@@ -185,7 +185,7 @@ func SettingsCollaboration(ctx *middleware.Context) {
 
 		u, err := models.GetUserByName(name)
 		if err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
 				ctx.Redirect(setting.AppSubUrl + ctx.Req.URL.Path)
 			} else {

routers/user/auth.go

@@ -60,7 +60,7 @@ func SignIn(ctx *middleware.Context) {
 
 	u, err := models.GetUserByName(uname)
 	if err != nil {
-		if err != models.ErrUserNotExist {
+		if !models.IsErrUserNotExist(err) {
 			ctx.Handle(500, "GetUserByName", err)
 		} else {
 			ctx.HTML(200, SIGNIN)
@@ -105,7 +105,7 @@ func SignInPost(ctx *middleware.Context, form auth.SignInForm) {
 
 	u, err := models.UserSignIn(form.UserName, form.Password)
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), SIGNIN, &form)
 		} else {
 			ctx.Handle(500, "UserSignIn", err)
@@ -328,7 +328,7 @@ func Activate(ctx *middleware.Context) {
 		user.IsActive = true
 		user.Rands = models.GetUserSalt()
 		if err := models.UpdateUser(user); err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.Error(404)
 			} else {
 				ctx.Handle(500, "UpdateUser", err)
@@ -391,7 +391,7 @@ func ForgotPasswdPost(ctx *middleware.Context) {
 	email := ctx.Query("email")
 	u, err := models.GetUserByEmail(email)
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("auth.email_not_associate"), FORGOT_PASSWORD, nil)
 		} else {

routers/user/home.go

@@ -38,7 +38,7 @@ func Dashboard(ctx *middleware.Context) {
 		// Organization.
 		org, err := models.GetUserByName(orgName)
 		if err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				ctx.Handle(404, "GetUserByName", err)
 			} else {
 				ctx.Handle(500, "GetUserByName", err)
@@ -115,7 +115,7 @@ func Dashboard(ctx *middleware.Context) {
 		// FIXME: cache results?
 		u, err := models.GetUserByName(act.ActUserName)
 		if err != nil {
-			if err == models.ErrUserNotExist {
+			if models.IsErrUserNotExist(err) {
 				continue
 			}
 			ctx.Handle(500, "GetUserByName", err)
@@ -176,7 +176,7 @@ func Profile(ctx *middleware.Context) {
 
 	u, err := models.GetUserByName(uname)
 	if err != nil {
-		if err == models.ErrUserNotExist {
+		if models.IsErrUserNotExist(err) {
 			ctx.Handle(404, "GetUserByName", err)
 		} else {
 			ctx.Handle(500, "GetUserByName", err)
@@ -223,7 +223,7 @@ func Profile(ctx *middleware.Context) {
 			// FIXME: cache results?
 			u, err := models.GetUserByName(act.ActUserName)
 			if err != nil {
-				if err == models.ErrUserNotExist {
+				if models.IsErrUserNotExist(err) {
 					continue
 				}
 				ctx.Handle(500, "GetUserByName", err)
@@ -247,10 +247,10 @@ func Profile(ctx *middleware.Context) {
 func Email2User(ctx *middleware.Context) {
 	u, err := models.GetUserByEmail(ctx.Query("email"))
 	if err != nil {
-		if err == models.ErrUserNotExist {
-			ctx.Handle(404, "user.Email2User(GetUserByEmail)", err)
+		if models.IsErrUserNotExist(err) {
+			ctx.Handle(404, "GetUserByEmail", err)
 		} else {
-			ctx.Handle(500, "user.Email2User(GetUserByEmail)", err)
+			ctx.Handle(500, "GetUserByEmail", err)
 		}
 		return
 	}

templates/.VERSION

@@ -1 +1 @@
-0.6.3.0802 Beta
+0.6.3.0805 Beta