Committer verification #1181

@sapk commented on GitHub (Oct 24, 2017):

From git point, I would recommend you to use gpg commit verification (allready implemented) that allow a "pusher" to push commit from another "commiter" and still be able to verify that the commit hasn't be tempered or that the identity of the commiter ins't falsify. This type of verification is totally decentralized and verification can also be done locally and is supported natively by git.

This solution, doesn't cover the part of only allowing to push commit from the logged user that maybe needed for your corporation (this would block cherry-pick and some git flow if enable).

If the gpg method doesn't fully comply with your need, gitea support server-side hook but those need to be added manually via git cli. More generaly, we could provide a way to apply predifined list of server-side hooks.

EDIT: it is also possible to edit the pre-receive hook via web interface.

@sapk commented on GitHub (Oct 24, 2017): From git point, I would recommend you to use gpg commit verification (allready implemented) that allow a "pusher" to push commit from another "commiter" and still be able to verify that the commit hasn't be tempered or that the identity of the commiter ins't falsify. This type of verification is totally decentralized and verification can also be done locally and is supported natively by git. This solution, doesn't cover the part of only allowing to push commit from the logged user that maybe needed for your corporation (this would block cherry-pick and some git flow if enable). If the gpg method doesn't fully comply with your need, gitea support server-side hook but those need to be added manually via git cli. More generaly, we could provide a way to apply predifined list of server-side hooks. EDIT: it is also possible to edit the pre-receive hook via web interface.

GiteaMirror commented

@sapk commented on GitHub (Oct 24, 2017):

Some examples of pre-receive hook : https://github.com/github/platform-samples/blob/master/pre-receive-hooks/reject-external-email.sh or https://github.com/github/platform-samples/blob/master/pre-receive-hooks/commit-current-user-check.sh

@sapk commented on GitHub (Oct 24, 2017): Some examples of pre-receive hook : https://github.com/github/platform-samples/blob/master/pre-receive-hooks/reject-external-email.sh or https://github.com/github/platform-samples/blob/master/pre-receive-hooks/commit-current-user-check.sh

GiteaMirror commented

@lunny commented on GitHub (Oct 27, 2017):

So maybe we could have an option on repository setting to deny all push gpg verify failed.

@lunny commented on GitHub (Oct 27, 2017): So maybe we could have an option on repository setting to deny all push gpg verify failed.

GiteaMirror commented

@stale[bot] commented on GitHub (Feb 11, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Feb 11, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

GiteaMirror commented

@Sebazzz commented on GitHub (Nov 10, 2019):

Does gitea pass any user info through environmental variables? That would allow these hooks to work.

@Sebazzz commented on GitHub (Nov 10, 2019): Does gitea pass any user info through environmental variables? That would allow these hooks to work.

GiteaMirror commented

ee1d64ddd1/cmd/serv.go (L187-L195)

@zeripath commented on GitHub (Nov 10, 2019):

Yes it does.

However read my comments on #8584

It can be done we just need to do a bit more work.

@zeripath commented on GitHub (Nov 10, 2019): Yes it does. https://github.com/go-gitea/gitea/blob/ee1d64ddd1456764de692fcdeb42db1398fcf97b/cmd/serv.go#L187-L195 However read my comments on #8584 It can be done we just need to do a bit more work.

GiteaMirror commented

@Sebazzz commented on GitHub (Nov 12, 2019):

For simple committer verification this works work well in Gitea v1.9.5:

#!/bin/sh
err(){
    >&2 echo "Pre-receive validation: $*"
}

hasErr = 0
while read oldrev newrev ref
do
	if [[ "$oldrev" == "0000000000000000000000000000000000000000" ]]; then
		#create new branch
		continue;
	fi
	
	export committers="$(git log --format="%H %ce" $oldrev..$newrev)"
	
	while IFS=' ' read -r commitHash committerEmail;
	do
		if [[ "$committerEmail" != "$GITEA_PUSHER_EMAIL" ]]; then
			err "You are not $GITEA_PUSHER_EMAIL! You pushed commit $commitHash as $committerEmail"
			exit -1
		fi
	done <<< $committers
done

exit 0

This verifies every pushed commit against the Gitea users e-mail address. Indeed, gpg signing might be more perfect, but this does work.

Delta compression using up to 16 threads
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.02 KiB | 1.02 MiB/s, done.
Total 9 (delta 3), reused 0 (delta 0)
remote: ./hooks/pre-receive.d/enforce-author: line 8: hasErr: command not found
remote: Pre-receive validation: You are not sebastiaan@example.com! You pushed commit edb3fc3b808fdaea26fd43a128a40e3457021ac6 as Jean.luc.picard@example.com
To https://git.[redacted]/[user]/test2
 ! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'https://git.[redacted]/[user]/test2'

@Sebazzz commented on GitHub (Nov 12, 2019): For simple committer verification this works work well in Gitea v1.9.5: ``` sh #!/bin/sh err(){ >&2 echo "Pre-receive validation: $*" } hasErr = 0 while read oldrev newrev ref do if [[ "$oldrev" == "0000000000000000000000000000000000000000" ]]; then #create new branch continue; fi export committers="$(git log --format="%H %ce" $oldrev..$newrev)" while IFS=' ' read -r commitHash committerEmail; do if [[ "$committerEmail" != "$GITEA_PUSHER_EMAIL" ]]; then err "You are not $GITEA_PUSHER_EMAIL! You pushed commit $commitHash as $committerEmail" exit -1 fi done <<< $committers done exit 0 ``` This verifies every pushed commit against the Gitea users e-mail address. Indeed, gpg signing might be more perfect, but this does work. ``` Delta compression using up to 16 threads Compressing objects: 100% (9/9), done. Writing objects: 100% (9/9), 1.02 KiB | 1.02 MiB/s, done. Total 9 (delta 3), reused 0 (delta 0) remote: ./hooks/pre-receive.d/enforce-author: line 8: hasErr: command not found remote: Pre-receive validation: You are not sebastiaan@example.com! You pushed commit edb3fc3b808fdaea26fd43a128a40e3457021ac6 as Jean.luc.picard@example.com To https://git.[redacted]/[user]/test2 ! [remote rejected] master -> master (pre-receive hook declined) error: failed to push some refs to 'https://git.[redacted]/[user]/test2' ```

GiteaMirror commented

@guillep2k commented on GitHub (Nov 12, 2019):

@Sebazzz there seems to be a typo in your example:

remote: ./hooks/pre-receive.d/enforce-author: line 8: hasErr: command not found

I think you need to change:

hasErr = 0

to

hasErr=0

@guillep2k commented on GitHub (Nov 12, 2019): @Sebazzz there seems to be a typo in your example: ``` remote: ./hooks/pre-receive.d/enforce-author: line 8: hasErr: command not found ``` I think you need to change: ``` hasErr = 0 ``` to ``` hasErr=0 ```

GiteaMirror commented

@Sebazzz commented on GitHub (Nov 12, 2019):

Yes, forgot it when copy pasting.

The only thing missing is that it doesn't verify the committer name because gitea doesn't pass that in an env. variable. You could do an api call for that though.

Met vriendelijke groet,
Sebastiaan Dammann

Van: guillep2k notifications@github.com
Verzonden: Tuesday, November 12, 2019 10:12:46 PM
Aan: go-gitea/gitea gitea@noreply.github.com
CC: Sebastiaan Dammann sebastiaandammann@outlook.com; Mention mention@noreply.github.com
Onderwerp: Re: [go-gitea/gitea] Committer verification (#2770)

@Sebazzzhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSebazzz&data=02%7C01%7C%7Cc3884d7275d441c0e51a08d767b51123%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091899677346257&sdata=CauI0wqpyoZigfLmczvd6SBBJ2JqZhCXa%2BD%2F%2FdMxuQ8%3D&reserved=0 there seems to be a typo in your example:

remote: ./hooks/pre-receive.d/enforce-author: line 8: hasErr: command not found

I think you need to change:

hasErr = 0

to

hasErr=0

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fissues%2F2770%3Femail_source%3Dnotifications%26email_token%3DAAK4FMLGZR4Q3OB5FB7A46DQTML45A5CNFSM4EAKXJRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED36HSI%23issuecomment-553116617&data=02%7C01%7C%7Cc3884d7275d441c0e51a08d767b51123%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091899677356262&sdata=UaseFGf4%2FV%2B40uKGazweo69P2dsAkapkViI%2BI%2Fu%2BR%2FI%3D&reserved=0, or unsubscribehttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAK4FMIGADBIAFX2LCSLFKLQTML45ANCNFSM4EAKXJRA&data=02%7C01%7C%7Cc3884d7275d441c0e51a08d767b51123%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091899677366273&sdata=OxsC0lOmhu74%2F96UsLnB2ukxrsaqStoBx%2FuL3uGrhcU%3D&reserved=0.

@Sebazzz commented on GitHub (Nov 12, 2019): Yes, forgot it when copy pasting. The only thing missing is that it doesn't verify the committer name because gitea doesn't pass that in an env. variable. You could do an api call for that though. Met vriendelijke groet, Sebastiaan Dammann ________________________________ Van: guillep2k <notifications@github.com> Verzonden: Tuesday, November 12, 2019 10:12:46 PM Aan: go-gitea/gitea <gitea@noreply.github.com> CC: Sebastiaan Dammann <sebastiaandammann@outlook.com>; Mention <mention@noreply.github.com> Onderwerp: Re: [go-gitea/gitea] Committer verification (#2770) @Sebazzz<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSebazzz&data=02%7C01%7C%7Cc3884d7275d441c0e51a08d767b51123%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091899677346257&sdata=CauI0wqpyoZigfLmczvd6SBBJ2JqZhCXa%2BD%2F%2FdMxuQ8%3D&reserved=0> there seems to be a typo in your example: remote: ./hooks/pre-receive.d/enforce-author: line 8: hasErr: command not found I think you need to change: hasErr = 0 to hasErr=0 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fissues%2F2770%3Femail_source%3Dnotifications%26email_token%3DAAK4FMLGZR4Q3OB5FB7A46DQTML45A5CNFSM4EAKXJRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED36HSI%23issuecomment-553116617&data=02%7C01%7C%7Cc3884d7275d441c0e51a08d767b51123%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091899677356262&sdata=UaseFGf4%2FV%2B40uKGazweo69P2dsAkapkViI%2BI%2Fu%2BR%2FI%3D&reserved=0>, or unsubscribe<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAK4FMIGADBIAFX2LCSLFKLQTML45ANCNFSM4EAKXJRA&data=02%7C01%7C%7Cc3884d7275d441c0e51a08d767b51123%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091899677366273&sdata=OxsC0lOmhu74%2F96UsLnB2ukxrsaqStoBx%2FuL3uGrhcU%3D&reserved=0>.

GiteaMirror commented

@Sebazzz commented on GitHub (Nov 12, 2019):

Yes, but it is also on my profile. Thanks though 👍

Met vriendelijke groet,
Sebastiaan Dammann

Van: guillep2k notifications@github.com
Verzonden: Tuesday, November 12, 2019 10:16:55 PM
Aan: go-gitea/gitea gitea@noreply.github.com
CC: Sebastiaan Dammann sebastiaandammann@outlook.com; Mention mention@noreply.github.com
Onderwerp: Re: [go-gitea/gitea] Committer verification (#2770)

@Sebazzzhttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSebazzz&data=02%7C01%7C%7Cb9264726c4ae46a1f5df08d767b5a5a5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091902168298842&sdata=GBXU%2BS1EUyXJLElyh48K2tJeTTEUDRS%2BRKfJSxUbCZE%3D&reserved=0 just so you know, your comment exposed your e-mail.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fissues%2F2770%3Femail_source%3Dnotifications%26email_token%3DAAK4FMINUACLPIUJ5KYJW5DQTMMMPA5CNFSM4EAKXJRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED36UWY%23issuecomment-553118299&data=02%7C01%7C%7Cb9264726c4ae46a1f5df08d767b5a5a5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091902168298842&sdata=OJrhAg4XA2A0HJr6vWW9WpyAVGJei2Z6SxpC7Xn823Y%3D&reserved=0, or unsubscribehttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAK4FMPMNJC4NFEEYCWOKBLQTMMMPANCNFSM4EAKXJRA&data=02%7C01%7C%7Cb9264726c4ae46a1f5df08d767b5a5a5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091902168308846&sdata=Ao50vY17koIHAu99kZExA%2BihRQz2FWtIoBp1gSrTpH8%3D&reserved=0.

@Sebazzz commented on GitHub (Nov 12, 2019): Yes, but it is also on my profile. Thanks though 👍 Met vriendelijke groet, Sebastiaan Dammann ________________________________ Van: guillep2k <notifications@github.com> Verzonden: Tuesday, November 12, 2019 10:16:55 PM Aan: go-gitea/gitea <gitea@noreply.github.com> CC: Sebastiaan Dammann <sebastiaandammann@outlook.com>; Mention <mention@noreply.github.com> Onderwerp: Re: [go-gitea/gitea] Committer verification (#2770) @Sebazzz<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSebazzz&data=02%7C01%7C%7Cb9264726c4ae46a1f5df08d767b5a5a5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091902168298842&sdata=GBXU%2BS1EUyXJLElyh48K2tJeTTEUDRS%2BRKfJSxUbCZE%3D&reserved=0> just so you know, your comment exposed your e-mail. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fissues%2F2770%3Femail_source%3Dnotifications%26email_token%3DAAK4FMINUACLPIUJ5KYJW5DQTMMMPA5CNFSM4EAKXJRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED36UWY%23issuecomment-553118299&data=02%7C01%7C%7Cb9264726c4ae46a1f5df08d767b5a5a5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091902168298842&sdata=OJrhAg4XA2A0HJr6vWW9WpyAVGJei2Z6SxpC7Xn823Y%3D&reserved=0>, or unsubscribe<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAK4FMPMNJC4NFEEYCWOKBLQTMMMPANCNFSM4EAKXJRA&data=02%7C01%7C%7Cb9264726c4ae46a1f5df08d767b5a5a5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091902168308846&sdata=Ao50vY17koIHAu99kZExA%2BihRQz2FWtIoBp1gSrTpH8%3D&reserved=0>.

GiteaMirror commented

@zeripath commented on GitHub (Nov 12, 2019):

So Gitea won't be able to pass the committer name as a variable as that's in the commits themselves - you'd need to examine the commit and then interrogate Gitea over the API to do it.

I am aware of how to go about adding this to Gitea's protected branch stuff but I've not had time. If you're willing and understand what I've written in #8584 this could be a good PR.

@zeripath commented on GitHub (Nov 12, 2019): So Gitea won't be able to pass the committer name as a variable as that's in the commits themselves - you'd need to examine the commit and then interrogate Gitea over the API to do it. I am aware of how to go about adding this to Gitea's protected branch stuff but I've not had time. If you're willing and understand what I've written in #8584 this could be a good PR.

GiteaMirror commented

@Sebazzz commented on GitHub (Nov 13, 2019):

Hi zeripath,

I meant the full name (display name). That info is readily available. A hook can then compare it to whatever is in the commits.

Met vriendelijke groet,
Sebastiaan Dammann

Van: zeripath notifications@github.com
Verzonden: Tuesday, November 12, 2019 11:48:24 PM
Aan: go-gitea/gitea gitea@noreply.github.com
CC: Sebastiaan Dammann sebastiaandammann@outlook.com; Mention mention@noreply.github.com
Onderwerp: Re: [go-gitea/gitea] Committer verification (#2770)

So Gitea won't be able to pass the committer name as a variable as that's in the commits themselves - you'd need to examine the commit and then interrogate Gitea over the API to do it.

I am aware of how to go about adding this to Gitea's protected branch stuff but I've not had time. If you're willing and understand what I've written in #8584 https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fpull%2F8584&data=02%7C01%7C%7Cb27ef3dc361449a58b6308d767c26e2b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091957070836201&sdata=oQEKqkWdas4MVbq7SPMH2yZSRYqCMzuVmQt0HIwY7YY%3D&reserved=0 this could be a good PR.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fissues%2F2770%3Femail_source%3Dnotifications%26email_token%3DAAK4FMIKZ2627BSLU4OKABLQTMXDRA5CNFSM4EAKXJRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED4HD5I%23issuecomment-553153013&data=02%7C01%7C%7Cb27ef3dc361449a58b6308d767c26e2b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091957070846194&sdata=rE0ZbwEJO5aYiQ83ez%2BfPP0bX1s1KUQyuNWg2ivda2s%3D&reserved=0, or unsubscribehttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAK4FMJL52NJWLFTFGDJ5N3QTMXDRANCNFSM4EAKXJRA&data=02%7C01%7C%7Cb27ef3dc361449a58b6308d767c26e2b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091957070856205&sdata=%2B%2BPx80dxK7xRo0aiVOT3MF2jQxqFEuOAXT5Bwoxo%2FME%3D&reserved=0.

@Sebazzz commented on GitHub (Nov 13, 2019): Hi zeripath, I meant the full name (display name). That info is readily available. A hook can then compare it to whatever is in the commits. Met vriendelijke groet, Sebastiaan Dammann ________________________________ Van: zeripath <notifications@github.com> Verzonden: Tuesday, November 12, 2019 11:48:24 PM Aan: go-gitea/gitea <gitea@noreply.github.com> CC: Sebastiaan Dammann <sebastiaandammann@outlook.com>; Mention <mention@noreply.github.com> Onderwerp: Re: [go-gitea/gitea] Committer verification (#2770) So Gitea won't be able to pass the committer name as a variable as that's in the commits themselves - you'd need to examine the commit and then interrogate Gitea over the API to do it. I am aware of how to go about adding this to Gitea's protected branch stuff but I've not had time. If you're willing and understand what I've written in #8584<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fpull%2F8584&data=02%7C01%7C%7Cb27ef3dc361449a58b6308d767c26e2b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091957070836201&sdata=oQEKqkWdas4MVbq7SPMH2yZSRYqCMzuVmQt0HIwY7YY%3D&reserved=0> this could be a good PR. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgo-gitea%2Fgitea%2Fissues%2F2770%3Femail_source%3Dnotifications%26email_token%3DAAK4FMIKZ2627BSLU4OKABLQTMXDRA5CNFSM4EAKXJRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED4HD5I%23issuecomment-553153013&data=02%7C01%7C%7Cb27ef3dc361449a58b6308d767c26e2b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091957070846194&sdata=rE0ZbwEJO5aYiQ83ez%2BfPP0bX1s1KUQyuNWg2ivda2s%3D&reserved=0>, or unsubscribe<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAK4FMJL52NJWLFTFGDJ5N3QTMXDRANCNFSM4EAKXJRA&data=02%7C01%7C%7Cb27ef3dc361449a58b6308d767c26e2b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091957070856205&sdata=%2B%2BPx80dxK7xRo0aiVOT3MF2jQxqFEuOAXT5Bwoxo%2FME%3D&reserved=0>.

GiteaMirror commented

@zeripath commented on GitHub (Nov 13, 2019):

Ah, I'd forgotten what this issue was asking for.

Yeah we don't put the full name or email address in the environment because we don't use it - however you can easily get that from the Gitea API with a sufficiently powerful token (if you need to override hide email address) at /api/v1/users/{user}

Yeah it's a little slow to have to send an API request but it's not overly long.

@zeripath commented on GitHub (Nov 13, 2019): Ah, I'd forgotten what this issue was asking for. Yeah we don't put the full name or email address in the environment because we don't use it - however you can easily get that from the Gitea API with a sufficiently powerful token (if you need to override hide email address) at `/api/v1/users/{user}` Yeah it's a little slow to have to send an API request but it's not overly long.

GiteaMirror commented