Add Password Algorithm option to install page (#14701)

Add Password Algorithm option to install page Fix #14674 Co-authored-by: John Olheiser <john.olheiser@gmail.com>
go-gitea · Feb 16, 2021 · ad43b11 · ad43b11
1 parent 66a148e
commit ad43b11
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 1 deletion.
diff --git a/models/user.go b/models/user.go
@@ -56,7 +56,17 @@ const (
 	algoScrypt = "scrypt"
 	algoArgon2 = "argon2"
 	algoPbkdf2 = "pbkdf2"
+)
+
+// AvailableHashAlgorithms represents the available password hashing algorithms
+var AvailableHashAlgorithms = []string{
+	algoPbkdf2,
+	algoArgon2,
+	algoScrypt,
+	algoBcrypt,
+}
 
+const (
 	// EmailNotificationsEnabled indicates that the user would like to receive all email notifications
 	EmailNotificationsEnabled = "enabled"
 	// EmailNotificationsOnMention indicates that the user would like to be notified via email when mentioned.

diff --git a/modules/forms/user_form.go b/modules/forms/user_form.go
@@ -60,6 +60,8 @@ type InstallForm struct {
 	DefaultEnableTimetracking      bool
 	NoReplyAddress                 string
 
+	PasswordAlgorithm string
+
 	AdminName          string `binding:"OmitEmpty;AlphaDashDot;MaxSize(30)" locale:"install.admin_name"`
 	AdminPasswd        string `binding:"OmitEmpty;MaxSize(255)" locale:"install.admin_password"`
 	AdminConfirmPasswd string

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
@@ -205,6 +205,8 @@ default_enable_timetracking = Enable Time Tracking by Default
 default_enable_timetracking_popup = Enable time tracking for new repositories by default.
 no_reply_address = Hidden Email Domain
 no_reply_address_helper = Domain name for users with a hidden email address. For example, the username 'joe' will be logged in Git as 'joe@noreply.example.org' if the hidden email domain is set to 'noreply.example.org'.
+password_algorithm = Password Hash Algorithm
+password_algorithm_helper = Set the password hashing algorithm. Algorithms have differing requirements and strength. `argon2` whilst having good characteristics uses a lot of memory and may be inappropriate for small systems.
 
 [home]
 uname_holder = Username or Email Address
@@ -931,7 +933,7 @@ ext_issues = Ext. Issues
 ext_issues.desc = Link to an external issue tracker.
 
 projects = Projects
-projects.desc = Manage issues and pulls in project boards. 
+projects.desc = Manage issues and pulls in project boards.
 projects.description = Description (optional)
 projects.description_placeholder = Description
 projects.create = Create Project

diff --git a/routers/install.go b/routers/install.go
@@ -66,6 +66,7 @@ func InstallInit(next http.Handler) http.Handler {
 				"TmplLoadTimes": func() string {
 					return time.Since(startTime).String()
 				},
+				"PasswordHashAlgorithms": models.AvailableHashAlgorithms,
 			},
 		}
 		ctx.Req = context.WithContext(req, &ctx)
@@ -142,6 +143,7 @@ func Install(ctx *context.Context) {
 	form.DefaultAllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization
 	form.DefaultEnableTimetracking = setting.Service.DefaultEnableTimetracking
 	form.NoReplyAddress = setting.Service.NoReplyAddress
+	form.PasswordAlgorithm = setting.PasswordHashAlgo
 
 	middleware.AssignForm(form, ctx.Data)
 	ctx.HTML(200, tplInstall)
@@ -185,6 +187,8 @@ func InstallPost(ctx *context.Context) {
 	setting.Database.Charset = form.Charset
 	setting.Database.Path = form.DbPath
 
+	setting.PasswordHashAlgo = form.PasswordAlgorithm
+
 	if (setting.Database.Type == "sqlite3") &&
 		len(setting.Database.Path) == 0 {
 		ctx.Data["Err_DbPath"] = true
@@ -380,6 +384,9 @@ func InstallPost(ctx *context.Context) {
 		return
 	}
 	cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)
+	if len(form.PasswordAlgorithm) > 0 {
+		cfg.Section("security").Key("PASSWORD_HASH_ALGO").SetValue(form.PasswordAlgorithm)
+	}
 
 	err = os.MkdirAll(filepath.Dir(setting.CustomConf), os.ModePerm)
 	if err != nil {

diff --git a/templates/install.tmpl b/templates/install.tmpl
@@ -267,6 +267,20 @@
 								<input id="_no_reply_address" name="no_reply_address" value="{{.no_reply_address}}">
 								<span class="help">{{.i18n.Tr "install.no_reply_address_helper"}}</span>
 							</div>
+							<div class="inline field">
+								<label for="password_algorithm">{{.i18n.Tr "install.password_algorithm"}}</label>
+								<div class="ui selection dropdown">
+									<input id="password_algorithm" type="hidden" name="password_algorithm" value="{{.password_algorithm}}">
+									<div class="text">{{.password_algorithm}}</div>
+									{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+									<div class="menu">
+										{{range .PasswordHashAlgorithms}}
+											<div class="item" data-value="{{.}}">{{.}}</div>
+										{{end}}
+									</div>
+								</div>
+								<span class="help">{{.i18n.Tr "install.password_algorithm_helper"}}</span>
+							</div>
 						</div>
 					</div>