Move open registration setting into remote plugins

...so that it's possible to enable or disable open registration on a
per-remote basis.

For example, the `DRONE_REGISTRATION_OPEN` environment variable now
becomes `DRONE_GITHUB_OPEN` when using GitHub as a remote.

The default for open registration in this commit is `false` (disabled),
which matches the existing behaviour.

This is useful if you need to support both public and private remotes,
e.g. GitHub.com and GitHub Enterprise, where you trust all of the
private users and want to allow open registration for those but would
not want all GitHub.com users to run builds on your server.

Tested with GitHub and GitLab.
This commit is contained in:
Matt Bostock 2015-01-12 22:59:06 +00:00
parent f79762177c
commit 307aed12bc
14 changed files with 52 additions and 34 deletions

View file

@ -22,22 +22,11 @@ port=":80"
driver="sqlite3"
datasource="/var/lib/drone/drone.sqlite"
#####################################################################
# Open Registration allows users to self-register for Drone.
# This is recommended if Drone is being hosted behind a
# firewall.
#
# When false, the system admin will need to manually add
# users to Drone through the admin screens.
#
# [registration]
# open=true
# [github]
# client=""
# secret=""
# orgs=[]
# open=false
# [github_enterprise]
# client=""
@ -46,18 +35,22 @@ datasource="/var/lib/drone/drone.sqlite"
# url=""
# orgs=[]
# private_mode=false
# open=false
# [bitbucket]
# client=""
# secret=""
# open=false
# [gitlab]
# url=""
# skip_verify=false
# open=false
# [gogs]
# url=""
# secret=""
# open=false
#####################################################################
# SMTP configuration for Drone. This is required if you plan

View file

@ -27,19 +27,21 @@ type Bitbucket struct {
API string
Client string
Secret string
Open bool
}
func New(url, api, client, secret string) *Bitbucket {
func New(url, api, client, secret string, open bool) *Bitbucket {
return &Bitbucket{
URL: url,
API: api,
Client: client,
Secret: secret,
Open: open,
}
}
func NewDefault(client, secret string) *Bitbucket {
return New(DefaultURL, DefaultAPI, client, secret)
func NewDefault(client, secret string, open bool) *Bitbucket {
return New(DefaultURL, DefaultAPI, client, secret, open)
}
// Authorize handles Bitbucket API Authorization
@ -269,3 +271,7 @@ func (r *Bitbucket) ParseHook(req *http.Request) (*model.Hook, error) {
Message: hook.Commits[len(hook.Commits)-1].Message,
}, nil
}
func (r *Bitbucket) OpenRegistration() bool {
return r.Open
}

View file

@ -9,6 +9,7 @@ var (
// Bitbucket cloud configuration details
bitbucketClient = config.String("bitbucket-client", "")
bitbucketSecret = config.String("bitbucket-secret", "")
bitbucketOpen = config.Bool("bitbucket-open", false)
)
// Registers the Bitbucket plugin using the default
@ -19,6 +20,6 @@ func Register() {
return
}
remote.Register(
NewDefault(*bitbucketClient, *bitbucketSecret),
NewDefault(*bitbucketClient, *bitbucketSecret, *bitbucketOpen),
)
}

View file

@ -28,9 +28,10 @@ type GitHub struct {
Private bool
SkipVerify bool
Orgs []string
Open bool
}
func New(url, api, client, secret string, private, skipVerify bool, orgs []string) *GitHub {
func New(url, api, client, secret string, private, skipVerify bool, orgs []string, open bool) *GitHub {
var github = GitHub{
URL: url,
API: api,
@ -39,6 +40,7 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin
Private: private,
SkipVerify: skipVerify,
Orgs: orgs,
Open: open,
}
// the API must have a trailing slash
if !strings.HasSuffix(github.API, "/") {
@ -51,8 +53,8 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin
return &github
}
func NewDefault(client, secret string, orgs []string) *GitHub {
return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs)
func NewDefault(client, secret string, orgs []string, open bool) *GitHub {
return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs, open)
}
// Authorize handles GitHub API Authorization.
@ -305,3 +307,7 @@ func (r *GitHub) ParsePullRequestHook(req *http.Request) (*model.Hook, error) {
return &hook, nil
}
func (r *GitHub) OpenRegistration() bool {
return r.Open
}

View file

@ -10,6 +10,7 @@ var (
githubClient = config.String("github-client", "")
githubSecret = config.String("github-secret", "")
githubOrgs = config.Strings("github-orgs")
githubOpen = config.Bool("github-open", false)
// GitHub Enterprise configuration details
githubEnterpriseURL = config.String("github-enterprise-url", "")
@ -19,6 +20,7 @@ var (
githubEnterprisePrivate = config.Bool("github-enterprise-private-mode", true)
githubEnterpriseSkipVerify = config.Bool("github-enterprise-skip-verify", false)
githubEnterpriseOrgs = config.Strings("github-enterprise-orgs")
githubEnterpriseOpen = config.Bool("github-enterprise-open", false)
)
// Registers the GitHub plugins using the default
@ -35,7 +37,7 @@ func registerGitHub() {
return
}
remote.Register(
NewDefault(*githubClient, *githubSecret, *githubOrgs),
NewDefault(*githubClient, *githubSecret, *githubOrgs, *githubOpen),
)
}
@ -56,6 +58,7 @@ func registerGitHubEnterprise() {
*githubEnterprisePrivate,
*githubEnterpriseSkipVerify,
*githubEnterpriseOrgs,
*githubEnterpriseOpen,
),
)
}

View file

@ -13,12 +13,14 @@ import (
type Gitlab struct {
url string
SkipVerify bool
Open bool
}
func New(url string, skipVerify bool) *Gitlab {
func New(url string, skipVerify, open bool) *Gitlab {
return &Gitlab{
url: url,
SkipVerify: skipVerify,
Open: open,
}
}
@ -191,3 +193,7 @@ func (r *Gitlab) ParseHook(req *http.Request) (*model.Hook, error) {
return hook, nil
}
func (r *Gitlab) OpenRegistration() bool {
return r.Open
}

View file

@ -14,7 +14,7 @@ func Test_Github(t *testing.T) {
var server = testdata.NewServer()
defer server.Close()
var gitlab = New(server.URL, false)
var gitlab = New(server.URL, false, false)
var user = model.User{
Access: "e3b0c44298fc1c149afbf4c8996fb",
}

View file

@ -8,6 +8,7 @@ import (
var (
gitlabURL = config.String("gitlab-url", "")
gitlabSkipVerify = config.Bool("gitlab-skip-verify", false)
gitlabOpen = config.Bool("gitlab-open", false)
)
// Registers the Gitlab plugin using the default
@ -21,6 +22,7 @@ func Register() {
New(
*gitlabURL,
*gitlabSkipVerify,
*gitlabOpen,
),
)
}

View file

@ -16,10 +16,11 @@ import (
type Gogs struct {
URL string
Secret string
Open bool
}
func New(url string, secret string) *Gogs {
return &Gogs{URL: url, Secret: secret}
func New(url string, secret string, open bool) *Gogs {
return &Gogs{URL: url, Secret: secret, Open: open}
}
// Authorize handles Gogs authorization
@ -181,3 +182,7 @@ func (r *Gogs) ParseHook(req *http.Request) (*model.Hook, error) {
Message: payload.Commits[0].Message,
}, nil
}
func (r *Gogs) OpenRegistration() bool {
return r.Open
}

View file

@ -8,6 +8,7 @@ import (
var (
gogsUrl = config.String("gogs-url", "")
gogsSecret = config.String("gogs-secret", "")
gogsOpen = config.Bool("gogs-open", false)
)
// Registers the Gogs plugin using the default
@ -18,6 +19,6 @@ func Register() {
return
}
remote.Register(
New(*gogsUrl, *gogsSecret),
New(*gogsUrl, *gogsSecret, *gogsOpen),
)
}

View file

@ -32,6 +32,9 @@ type Remote interface {
// ParseHook parses the post-commit hook from the Request body
// and returns the required data in a standard format.
ParseHook(r *http.Request) (*model.Hook, error)
// Registration returns true if open registration is allowed
OpenRegistration() bool
}
// List of registered plugins.

View file

@ -9,7 +9,6 @@ import (
func TestBlobstore(t *testing.T) {
caps := map[string]bool{}
caps[Registration] = true
ctx := NewContext(context.Background(), caps)
@ -17,7 +16,6 @@ func TestBlobstore(t *testing.T) {
g.Describe("Capabilities", func() {
g.It("Should get capabilities from context", func() {
g.Assert(Enabled(ctx, Registration)).Equal(true)
g.Assert(Enabled(ctx, "Fake Key")).Equal(false)
})
})

View file

@ -6,7 +6,6 @@ import (
"net/http"
"github.com/drone/drone/plugin/remote"
"github.com/drone/drone/server/capability"
"github.com/drone/drone/server/datastore"
"github.com/drone/drone/server/session"
"github.com/drone/drone/server/sync"
@ -49,7 +48,7 @@ func GetLogin(c web.C, w http.ResponseWriter, r *http.Request) {
// if self-registration is disabled we should
// return a notAuthorized error. the only exception
// is if no users exist yet in the system we'll proceed.
if capability.Enabled(ctx, capability.Registration) == false {
if remote.OpenRegistration() == false {
users, err := datastore.GetUserList(ctx)
if err != nil || len(users) != 0 {
log.Println("Unable to create account. Registration is closed")

View file

@ -56,10 +56,6 @@ var (
sslcrt = config.String("server-ssl-cert", "")
sslkey = config.String("server-ssl-key", "")
// Enable self-registration. When false, the system admin
// must grant user access.
open = config.Bool("registration-open", false)
workers *pool.Pool
worker *director.Director
pub *pubsub.PubSub
@ -105,7 +101,6 @@ func main() {
gogs.Register()
caps = map[string]bool{}
caps[capability.Registration] = *open
// setup the database and cancel all pending
// commits in the system.