Push to create repo

custom/conf/app.ini.sample

@@ -39,6 +39,9 @@ ACCESS_CONTROL_ALLOW_ORIGIN =
 USE_COMPAT_SSH_URI = false
 ; Close issues as long as a commit on any branch marks it as fixed
 DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
+; Allow users to push local repositories to Gitea and have them automatically created for a user or an org
+ENABLE_PUSH_CREATE_USER = false
+ENABLE_PUSH_CREATE_ORG = false
 
 [repository.editor]
 ; List of file extensions for which lines should be wrapped in the CodeMirror editor

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -66,6 +66,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    default is not to present. **WARNING**: This maybe harmful to you website if you do not
    give it a right value.
 - `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`:  **false**: Close an issue if a commit on a non default branch marks it as closed.
+- `ENABLE_PUSH_CREATE_USER`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for a user.
+- `ENABLE_PUSH_CREATE_ORG`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for an org.
 
 ### Repository - Pull Request (`repository.pull-request`)
 

integrations/git_test.go

@@ -75,6 +75,8 @@ func testGit(t *testing.T, u *url.URL) {
 			rawTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 			mediaTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 		})
+
+		t.Run("PushCreate", doPushCreate(httpContext, u))
 	})
 	t.Run("SSH", func(t *testing.T) {
 		defer PrintCurrentTest(t)()
@@ -113,6 +115,8 @@ func testGit(t *testing.T, u *url.URL) {
 				rawTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 				mediaTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 			})
+
+			t.Run("PushCreate", doPushCreate(sshContext, sshURL))
 		})
 	})
 }
@@ -407,3 +411,51 @@ func doMergeFork(ctx, baseCtx APITestContext, baseBranch, headBranch string) fun
 
 	}
 }
+
+func doPushCreate(ctx APITestContext, u *url.URL) func(t *testing.T) {
+	return func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+		ctx.Reponame = fmt.Sprintf("repo-tmp-push-create-%s", u.Scheme)
+		u.Path = ctx.GitPath()
+
+		tmpDir, err := ioutil.TempDir("", ctx.Reponame)
+		assert.NoError(t, err)
+
+		err = git.InitRepository(tmpDir, false)
+		assert.NoError(t, err)
+
+		_, err = os.Create(filepath.Join(tmpDir, "test.txt"))
+		assert.NoError(t, err)
+
+		err = git.AddChanges(tmpDir, true)
+		assert.NoError(t, err)
+
+		err = git.CommitChanges(tmpDir, git.CommitChangesOptions{
+			Committer: &git.Signature{
+				Email: "user2@example.com",
+				Name:  "User Two",
+				When:  time.Now(),
+			},
+			Author: &git.Signature{
+				Email: "user2@example.com",
+				Name:  "User Two",
+				When:  time.Now(),
+			},
+			Message: fmt.Sprintf("Testing push create @ %v", time.Now()),
+		})
+		assert.NoError(t, err)
+
+		_, err = git.NewCommand("remote", "add", "origin", u.String()).RunInDir(tmpDir)
+		assert.NoError(t, err)
+
+		// Push to create disabled
+		setting.Repository.EnablePushCreateUser = false
+		_, err = git.NewCommand("push", "origin", "master").RunInDir(tmpDir)
+		assert.Error(t, err)
+
+		// Push to create enabled
+		setting.Repository.EnablePushCreateUser = true
+		_, err = git.NewCommand("push", "origin", "master").RunInDir(tmpDir)
+		assert.NoError(t, err)
+	}
+}

modules/setting/repository.go

@@ -35,6 +35,8 @@ var (
 		AccessControlAllowOrigin                string
 		UseCompatSSHURI                         bool
 		DefaultCloseIssuesViaCommitsInAnyBranch bool
+		EnablePushCreateUser                    bool
+		EnablePushCreateOrg                     bool
 
 		// Repository editor settings
 		Editor struct {
@@ -89,6 +91,8 @@ var (
 		AccessControlAllowOrigin:                "",
 		UseCompatSSHURI:                         false,
 		DefaultCloseIssuesViaCommitsInAnyBranch: false,
+		EnablePushCreateUser:                    false,
+		EnablePushCreateOrg:                     false,
 
 		// Repository editor settings
 		Editor: struct {

routers/private/serv.go

@@ -98,44 +98,44 @@ func ServCommand(ctx *macaron.Context) {
 	}
 
 	// Now get the Repository and set the results section
+	repoExist := true
 	repo, err := models.GetRepositoryByOwnerAndName(results.OwnerName, results.RepoName)
 	if err != nil {
 		if models.IsErrRepoNotExist(err) {
-			ctx.JSON(http.StatusNotFound, map[string]interface{}{
+			repoExist = false
+		} else {
+			log.Error("Unable to get repository: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
+			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
 				"results": results,
-				"type":    "ErrRepoNotExist",
-				"err":     fmt.Sprintf("Cannot find repository %s/%s", results.OwnerName, results.RepoName),
+				"type":    "InternalServerError",
+				"err":     fmt.Sprintf("Unable to get repository: %s/%s %v", results.OwnerName, results.RepoName, err),
 			})
 			return
 		}
-		log.Error("Unable to get repository: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
-		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
-			"results": results,
-			"type":    "InternalServerError",
-			"err":     fmt.Sprintf("Unable to get repository: %s/%s %v", results.OwnerName, results.RepoName, err),
-		})
-		return
 	}
-	repo.OwnerName = ownerName
-	results.RepoID = repo.ID
 
-	if repo.IsBeingCreated() {
-		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
-			"results": results,
-			"type":    "InternalServerError",
-			"err":     "Repository is being created, you could retry after it finished",
-		})
-		return
-	}
+	if repoExist {
+		repo.OwnerName = ownerName
+		results.RepoID = repo.ID
 
-	// We can shortcut at this point if the repo is a mirror
-	if mode > models.AccessModeRead && repo.IsMirror {
-		ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
-			"results": results,
-			"type":    "ErrMirrorReadOnly",
-			"err":     fmt.Sprintf("Mirror Repository %s/%s is read-only", results.OwnerName, results.RepoName),
-		})
-		return
+		if repo.IsBeingCreated() {
+			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
+				"results": results,
+				"type":    "InternalServerError",
+				"err":     "Repository is being created, you could retry after it finished",
+			})
+			return
+		}
+
+		// We can shortcut at this point if the repo is a mirror
+		if mode > models.AccessModeRead && repo.IsMirror {
+			ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
+				"results": results,
+				"type":    "ErrMirrorReadOnly",
+				"err":     fmt.Sprintf("Mirror Repository %s/%s is read-only", results.OwnerName, results.RepoName),
+			})
+			return
+		}
 	}
 
 	// Get the Public Key represented by the keyID
@@ -161,6 +161,16 @@ func ServCommand(ctx *macaron.Context) {
 	results.KeyID = key.ID
 	results.UserID = key.OwnerID
 
+	// If repo doesn't exist, deploy key doesn't make sense
+	if !repoExist && key.Type == models.KeyTypeDeploy {
+		ctx.JSON(http.StatusNotFound, map[string]interface{}{
+			"results": results,
+			"type":    "ErrRepoNotExist",
+			"err":     fmt.Sprintf("Cannot find repository %s/%s", results.OwnerName, results.RepoName),
+		})
+		return
+	}
+
 	// Deploy Keys have ownerID set to 0 therefore we can't use the owner
 	// So now we need to check if the key is a deploy key
 	// We'll keep hold of the deploy key here for permissions checking
@@ -220,7 +230,7 @@ func ServCommand(ctx *macaron.Context) {
 	}
 
 	// Don't allow pushing if the repo is archived
-	if mode > models.AccessModeRead && repo.IsArchived {
+	if repoExist && mode > models.AccessModeRead && repo.IsArchived {
 		ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
 			"results": results,
 			"type":    "ErrRepoIsArchived",
@@ -230,7 +240,7 @@ func ServCommand(ctx *macaron.Context) {
 	}
 
 	// Permissions checking:
-	if mode > models.AccessModeRead || repo.IsPrivate || setting.Service.RequireSignInView {
+	if repoExist && (mode > models.AccessModeRead || repo.IsPrivate || setting.Service.RequireSignInView) {
 		if key.Type == models.KeyTypeDeploy {
 			if deployKey.Mode < mode {
 				ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
@@ -265,6 +275,48 @@ func ServCommand(ctx *macaron.Context) {
 		}
 	}
 
+	// We already know we aren't using a deploy key
+	if !repoExist {
+		if user.IsOrganization() && !setting.Repository.EnablePushCreateOrg {
+			ctx.JSON(http.StatusForbidden, map[string]interface{}{
+				"results": results,
+				"type":    "ErrForbidden",
+				"err":     "Push to create is not enabled for organizations.",
+			})
+			return
+		}
+		if !user.IsOrganization() && !setting.Repository.EnablePushCreateUser {
+			ctx.JSON(http.StatusForbidden, map[string]interface{}{
+				"results": results,
+				"type":    "ErrForbidden",
+				"err":     "Push to create is not enabled for users.",
+			})
+			return
+		}
+
+		owner, err := models.GetUserByName(ownerName)
+		if err != nil {
+			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
+				"results": results,
+				"type":    "InternalServerError",
+				"err":     fmt.Sprintf("Unable to get owner: %s %v", results.OwnerName, err),
+			})
+			return
+		}
+
+		repo, err = pushCreateRepo(user, owner, results.RepoName)
+		if err != nil {
+			log.Error("pushCreateRepo: %v", err)
+			ctx.JSON(http.StatusNotFound, map[string]interface{}{
+				"results": results,
+				"type":    "ErrRepoNotExist",
+				"err":     fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
+			})
+			return
+		}
+		results.RepoID = repo.ID
+	}
+
 	// Finally if we're trying to touch the wiki we should init it
 	if results.IsWiki {
 		if err = repo.InitWiki(); err != nil {
@@ -291,3 +343,24 @@ func ServCommand(ctx *macaron.Context) {
 	ctx.JSON(http.StatusOK, results)
 	// We will update the keys in a different call.
 }
+
+func pushCreateRepo(authUser, owner *models.User, repoName string) (*models.Repository, error) {
+	if !authUser.IsAdmin && authUser.ID != owner.ID {
+		return nil, fmt.Errorf("cannot push-create repository for another user")
+	}
+
+	repo, err := models.CreateRepository(authUser, owner, models.CreateRepoOptions{
+		Name:      repoName,
+		IsPrivate: true,
+	})
+	if err == nil {
+		return repo, nil
+	}
+
+	if repo != nil {
+		if errDelete := models.DeleteRepository(authUser, owner.ID, repo.ID); errDelete != nil {
+			log.Error("DeleteRepository: %v", errDelete)
+		}
+	}
+	return repo, err
+}