Add a way to generate access token from the CLI for automation purpose

[mscherer]

Feature Description

It would be useful to me to be able to get a access token for a user in a way that would be easier to use by a external program (eg, automation with ansible or something else).

The current options to get a token are:

• use the API (so I need a access token to generate a access token)
• use the web interface (not very automation friendly)
• generate a new user using gitea admin CLI, and parse the message, which is a bit fragile and only work with a new user.

So I would propose to add a subcommand to the admin user command:

$ gitea admin user generate-access-token --help
NAME:
   Gitea admin user generate-access-token - Generate a access token for a specific user

USAGE:
   Gitea admin user generate-access-token [command options] [arguments...]

OPTIONS:
   --username value, -u value     Username
   --token-name value, -t value   Token name (default: "gitea-admin")
   --raw                          Display only the token value
   --custom-path value, -C value  Custom path file path (default: "/tmp/custom")
   --config value, -c value       Custom configuration file path (default: "/tmp/custom/conf/app.ini")
   --version, -v                  print the version
   --work-path value, -w value    Set the gitea working path (default: "/tmp")
   

DEFAULT CONFIGURATION:
     CustomPath:  /tmp/custom 
     CustomConf:  /etc/gitea/app.ini
     AppPath:     /tmp/gitea
     AppWorkPath: /tmp

Screenshots

No response

[zeripath]

The current options to get a token are:

• use the API (so I need a access token to generate a access token)

You can't actually use an access token to generate an access token - you have to use BASIC authentication and the user's password.

Is that not acceptable?

[mscherer]

Oh right (and I even read that part of the doc twice). But in my case, I use U2F for the 2FA, so I can't use that (or it would be a security issue if I could bypass the 2FA).

And while I could create a admin user without 2FA just to have a access token, I think this would be reducing the security

[lunny]

Oh right (and I even read that part of the doc twice). But in my case, I use U2F for the 2FA, so I can't use that (or it would be a security issue if I could bypass the 2FA).

And while I could create a admin user without 2FA just to have a access token, I think this would be reducing the security

If you can run gitea admin, you already have the enough permission to do anything. It's not a security problem.

[mscherer]

I am sorry, I do not understand the comment.

I agree, the security problem is not being able to run gitea admin.
When I say security problem, I mean the fact that to get a access token, I would need to create a non 2FA protected admin user, and since the goal is to use the access token of that user, I can't just remove it once I have it (as the token would no longer work).