search

Benjamin-Loison / gitea

Git with a cup of tea, painless self-hosted git service
https://gitea.io
MIT License
0 stars 0 forks source link

Automatically create users #130

Open Benjamin-Loison opened 5 days ago

Benjamin-Loison commented 5 days ago

As I plan to have possibly at least 6 collaborators.

https://gitea.lemnoslife.com/admin/users https://gitea.lemnoslife.com/api/swagger#/user does not seem to propose to create a user DuckDuckGo search Gitea automatically create user. https://docs.gitea.com/usage/authentication does not seem to help. https://forum.gitea.com/t/sudo-for-git-requests-and-automatic-user-creation/6673 has the same need. Do forum rules allow answering partially a year and a half question?

Benjamin-Loison commented 5 days ago

Resend results in HTTP code 200 instead of 303.

Benjamin-Loison commented 5 days ago

Modifying user_name and email solve the issue.

Benjamin-Loison commented 5 days ago
diff: ```diff diff --git a/tools/minimizeCURL.py b/tools/minimizeCURL.py index 6878224..5cba1af 100755 --- a/tools/minimizeCURL.py +++ b/tools/minimizeCURL.py @@ -46,9 +46,13 @@ def printTryToRemove(toRemove): with open(curlCommandFilePath) as f: command = f.read() +INDEX = 52 def executeCommand(command): + global INDEX # `stderr = subprocess.DEVNULL` is used to get rid of curl progress. # Could also add `-s` curl argument. + command = command.replace('INDEX', str(INDEX)) + INDEX += 1 try: result = subprocess.check_output(command, shell = True, stderr = subprocess.DEVNULL) except: ``` 
minimizeCURL curl.sh 'HTTP/2 303'
Output: ``` Initial command length: 1,143. Removing headers Command with length 1,052 is still fine. Command with length 975 is still fine. Command with length 938 is still fine. Command with length 892 is still fine. Command with length 839 is still fine. Command with length 821 is still fine. Command with length 809 is still fine. Command with length 781 is still fine. Command with length 747 is still fine. Command with length 717 is still fine. Command with length 687 is still fine. Command with length 654 is still fine. Command with length 630 is still fine. Command with length 608 is still fine. Command with length 590 is still fine. Removing URL parameters Removing cookies Command with length 559 is still fine. Command with length 463 is still fine. Command with length 401 is still fine. Command with length 389 is still fine. Removing raw data Command with length 363 is still fine. Command with length 337 is still fine. Command with length 324 is still fine. Command with length 312 is still fine. curl -s https://gitea.lemnoslife.com/admin/users/new -H 'Cookie: i_like_gitea=XXXXXXXXXXXXXXXX' --data-raw '_csrf=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&login_type=0-0&user_name=Test_INDEX&email=test_INDEX%40lemnoslife.com&password=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' -D - -o /dev/null ``` 
minimizeCURL curl.sh 'user does not exist'
Output: ``` Initial command length: 943. Removing headers Command with length 852 is still fine. Command with length 775 is still fine. Command with length 738 is still fine. Command with length 692 is still fine. Command with length 639 is still fine. Command with length 621 is still fine. Command with length 609 is still fine. Command with length 581 is still fine. Command with length 547 is still fine. Command with length 517 is still fine. Command with length 487 is still fine. Command with length 454 is still fine. Command with length 430 is still fine. Command with length 408 is still fine. Command with length 390 is still fine. Removing URL parameters Removing cookies Command with length 359 is still fine. Command with length 263 is still fine. Command with length 201 is still fine. Command with length 189 is still fine. Removing raw data Command with length 178 is still fine. curl https://gitea.lemnoslife.com/admin/users/33/delete -H 'Cookie: i_like_gitea=XXXXXXXXXXXXXXXX' --data-raw _csrf=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ```

I verified that it correctly deletes another user if change 33.

Benjamin-Loison commented 5 days ago 
 for userId in `seq 25 48`
do
    echo $userId
    curl -s https://gitea.lemnoslife.com/admin/users/$userId/delete -H 'Cookie: i_like_gitea=XXXXXXXXXXXXXXXX' --data-raw _csrf=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > /dev/null
done
Benjamin-Loison commented 5 days ago

Commenting 'Content-Type': 'application/x-www-form-urlencoded', or adding 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0' does not make curlconverter result works.

I faced Benjamin_Loison/curlconverter/issues/1#issuecomment-2441300.

Benjamin-Loison commented 5 days ago
Python script: ```python import requests COOKIES = { 'i_like_gitea': 'XXXXXXXXXXXXXXXX', } INDEX = 101 data = { '_csrf': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'login_type': '0-0', 'user_name': f'Test_{INDEX}', 'email': f'test_{INDEX}@lemnoslife.com', 'password': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', } response = requests.post('https://gitea.lemnoslife.com/admin/users/new', data, cookies = COOKIES, allow_redirects = False) print(response.status_code) ```
Benjamin-Loison commented 4 days ago 
data['must_change_password'] =  'on'
Benjamin-Loison commented 4 days ago

https://gitea.lemnoslife.com/api/swagger#/admin/adminCreateUser :roll_eyes: