Commit graph

1802 commits

Author SHA1 Message Date
zeripath b2e9894988 Fix reported issue in repo description (#6306) 2019-03-11 22:23:34 -04:00
zeripath 663874e8be Use url.PathEscape to escape the branchname (#6304)
* Use url.PathEscape to escape the branchname

* GetRepositoryByOwnerAndName should also have url.PathEscape as the owner and reponame are provided by the client
2019-03-12 00:53:41 +02:00
zeripath dbab98c8e0 Remove util.RemoveAll - should have been removed since go 1.7 (#6299) 2019-03-10 23:56:36 +02:00
Jonas Franz e777c6bdc6 Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
mrsdizzie f2de5dc8c8 Replace linkRegex with xurls library (#6261)
* Replace linkRegex with xurls library

Rather than maintaining a complicated regex to match URLs for
autolinking, gitea can use this existing go library that takes care of
the matching with very little code change to gitea itself. After
spending a while trying to find the perfect regex for all cases this library
still works better as it is more flexible than a single regex ever will be.

This will also fix the following issues: #5844 #3095 #3381

This passes all our current tests and I've added new ones mentioned in
those issues as well.

* Use xurls.StrictMatchingScheme instead of xurls.Strict

This is much faster and we only care about https? links to preserve
existing behavior.
2019-03-07 15:12:01 -05:00
mrsdizzie 020075e12f Remove visitLinksForShortLinks features (#6257)
The visitLinksForShortLinks feature would look inside of an <a> tag and
run shortLinkProcessorFull on any text, which attempts to create links
out of potential 'short links' like [[test]] [[link|example]] etc...
This makes no sense because you can't have nested links within an <a>
tag. Specifically, the html5 standard says <a> tags can't include
interactive content if they contain the href attribute:

 http://w3c.github.io/html/single-page.html#the-a-element

And also defines an <a> element with a href attribute as interactive:

 http://w3c.github.io/html/single-page.html#interactive-content

Therefore you can't really put a link inside of another link. In
practice none of this works anyways since browsers won't render it, it
would probably be broken if they tried, and it is causing a bug
(#4946). No current tests rely on this behavior either.

This removes the feature and also explicitly excludes the
current visitNodeForShortLinks from looking in <a> tags.
2019-03-07 14:13:44 -05:00
Zsombor f80caa5a8c Fix #6234 : Check organization visibility before everything else (#6235)
* Fix #6234 : Check organization visibility before everything else

* Ensure that Owner is available in the Repo
2019-03-05 15:15:24 -05:00
mrsdizzie 4a2e92bcd1 Modify linkRegex to require http|https (#6171)
Modify the current linkRegex to require http|https which appears to be
the intended behavior based on the comments. Right now, it also matches
anything starting with www as well. Also add testing for linkRegex
2019-02-28 20:31:53 +08:00
Lunny Xiao c812ba7f87
fix display dashboard even if require to change password (#6214)
* fix display dashboard even if require to change password

* fix comments
2019-02-28 16:01:42 +08:00
James E. Blair 48c101affe Create a repo redirect when transferring ownership (#6210) (#6211)
When transferring ownership of a repo to a different user/org,
create a repo redirect that points to the new location in the same
way that is done when a repo is renamed.

Signed-off-by: James E. Blair <jeblair@redhat.com>
2019-02-28 11:51:46 +08:00
Segev Finer 594f591691 Increase Username and Orgname MaxSize 35 -> 40 (#6178)
* Increase Username and Orgname MaxSize 35 -> 40

Signed-off-by: Segev Finer <segev@codeocean.com>

* Dep update code.gitea.io/sdk

Signed-off-by: Segev Finer <segev@codeocean.com>

* Run generate-swagger

Signed-off-by: Segev Finer <segev@codeocean.com>
2019-02-25 13:56:47 -05:00
Lunny Xiao 15ecc08475 fix bug when set indexer as db and add tests (#6173) 2019-02-24 11:16:20 -05:00
Lunny Xiao 477ef46251
Add more tests and docs for issue indexer, add db indexer type for searching from database (#6144)
* add more tests and docs for issue indexer, add db indexer type for searching from database

* fix typo

* fix typo

* fix lint

* improve docs
2019-02-21 13:01:28 +08:00
Lunny Xiao 0751153613
refactor issue indexer, add some testing and fix a bug (#6131)
* refactor issue indexer, add some testing and fix a bug

* fix error copyright year on comment header

* issues indexer package import keep consistent
2019-02-21 08:54:05 +08:00
John Olheiser d26d249748 Minor UI tweaks (#5980)
* Remove all CommitStatus when a repo is deleted

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* More UI tweaks
More info in PR

* Generate stylesheet for arc-green

* Make gofmt work

* Change PR integration since the button is changed

* Rebase

* Generate stylesheet

* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed

* Commit to reference related issues
Resolves #5782
Resolves #5861
Addresses original question in #5993

* Change the comment wording since PR button is no longer little and green.

* Revert changes that made Windows work

* Regenerate stylesheet

* Regenerate stylesheets

* make generate-stylesheets

* Update integration again, changed button style

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future

* Added missing semi-colons

* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns

* Remove extra tab formatting in list.tmpl

* Remove more formatting from GoLand

* Replace hardcoded "No License" with i18n license helper.
2019-02-19 18:09:47 -05:00
Lunny Xiao 987a521e2f remove unused file (#6121) 2019-02-19 17:22:42 +02:00
Lunny Xiao 830ae61456 Refactor issue indexer (#5363) 2019-02-19 09:39:39 -05:00
Lunny Xiao f5fa22a499 Fix prohibit login check on authorization (#6106)
* fix bug prohibit login not applied on dashboard

* fix tests

* fix bug user status leak

* fix typo

* return after render
2019-02-19 09:19:28 +02:00
Lanre Adelowo 44114b38e6 Implement "conversation lock" for issue comments (#5073) 2019-02-18 22:55:04 +02:00
Rémy Boulanouar 64ce159a6e Allow to set organization visibility (public, internal, private) (#1763) 2019-02-18 18:00:27 +02:00
zeripath 22770c324d
Move to ldap.v3 to fix #5928 (#6105)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-18 12:34:37 +00:00
xdch47 5e7dee0db5 modules/context/auth.go: fix redirect loop (#5965)
Closes #5815
2019-02-17 13:44:25 +08:00
zeripath 2a03e96bce
Allow markdown files to read from the LFS (#5787)
This PR makes it possible for the markdown renderer to render images and media straight from the LFS.

Fix #5746

Signed-off-by: Andrew Thornton [art27@cantab.net](mailto:art27@cantab.net)
2019-02-12 15:09:43 +00:00
zeripath 296814e887 Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile

* Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview

* Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile

* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles

* Move branch checkout functions out of repo_editor.go as they are no longer used there

* BUGFIX: The default permissions should be 100644

    This is a change from the previous code but is more in keeping
    with the default behaviour of git.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Standardise cleanUploadFilename to more closely match git

See verify_path in: 7f4e641693/read-cache.c (L951)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Redirect on bad paths

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Refactor to move the uploading functions out to a module

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add LFS support

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update upload.go attribution header

Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution.

* Delete upload files after session committed

* Ensure that GIT_AUTHOR_NAME etc. are valid for git

see #5774

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add in test cases per @lafriks comment

* Add space between gitea and github imports

Signed-off-by: Andrew Thornton <art27@cantab.net>

* more examples in TestCleanUploadName

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix formatting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Set the SSH_ORIGINAL_COMMAND to ensure hooks are run

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Switch off SSH_ORIGINAL_COMMAND

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-12 15:07:31 +02:00
manuelluis fc038caa69 In basic auth check for tokens before call UserSignIn (#5725)
* Check first if user/password is a token

* In basic auth check if user/password is a token

* Remove unnecessary else statement

* Changes of fmt
2019-02-12 11:20:08 +02:00
Lanre Adelowo 9d8178b3ac Add option to close issues via commit on a non master branch (#5992)
* fixes #5957

* add tests to make sure config option is respected

* use already defined struct

* - use migration to make the flag repo wide not for the entire gitea instance
Also note that the config value can still be set so as to be able to control the value for new repositories that are to be created

- fix copy/paste error in copyright header year and rearrange import

- use repo config instead of server config value to determine if a commit should close an issue

- update testsuite

* use global config only when creating a new repository

* allow repo admin toggle feature via UI

* fix typo and improve testcase

* fix fixtures

* add DEFAULT prefix to config value

* fix test
2019-02-10 21:27:19 +02:00
Lunny Xiao 820e28c904
Split setting.go as multiple files (#6014)
* split setting.go as multiple files

* fix comments
2019-02-10 09:37:37 +08:00
Lunny Xiao 9e8cc3b18d add default time out for git operations (#6015) 2019-02-09 22:44:24 +00:00
Thomas Loubiou d252d4eb8c Remove extra spaces (#6016) 2019-02-09 14:48:28 +02:00
Thomas Loubiou 7fb09f035a Fix #5799 - swagger for mergePullRequest (#5996) 2019-02-08 08:08:38 +00:00
Lunny Xiao 2d213b64d1 use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines (#5976)
* use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines

* fix tests and add comment head
2019-02-07 02:13:12 -05:00
Richard Mahn da1edbfb79 Feature - Pagination for git tree API (#5838)
* Feature - Pagination for git tree API

* Handles case when page is negative

* Does a for loop over the start and end rather than all entries

* Removed redundent logic

* Adds per_page as a query parameter

* Adds DEFAULT_GIT_TREES_PER_PAGE for settings, ran make fmt

* Fix typo in cheat-sheet en

* Makes page start at 1, generated swagger

* Use updates to SDK

* Updates to use latest sdk

* Updates swagger for tree api

* Adds test for GetTreeBySHA

* Updates per PR reviews

* Updates per PR reviews

* Remove file

* Formatting

* Fix to swagger file

* Fix to swagger

* Update v1_json.tmpl

* Fix to swagger file
2019-02-06 18:19:26 +00:00
zeripath f286a5abb4 Allow Macaron to be set to log through to gitea.log (#5667)
* Allow Macaron to be set to log through gitea.log

Fix #4291
2019-02-05 22:06:41 -05:00
techknowlogick 9de871a0f8
add other session providers (#5963) 2019-02-05 11:52:51 -05:00
zeripath 01c10a951b
Fix ssh deploy and user key constraints (#1357) (#5939)
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-03 23:56:53 +00:00
zeripath 3d91bb2f2d Make log mailer for testing (#5893)
* Create log mailer for testing email settings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Switch on the log mailer for the integration tests

This ensures that the sending mail process works

Signed-off-by: Andrew Thornton <art27@cantab.net>

* rename the from user for mysql/mssql

* rename log sender to dummy sender

* update the integration tests
2019-02-02 21:06:52 -05:00
Lunny Xiao bbad9b6178 Fix bug when read public repo lfs file (#5912)
* fix bug when read public repo lfs file

* add comment on lfs permission check
2019-01-31 13:36:57 +00:00
zeripath 0823791d17 Recover panic in orgmode.Render if bad orgfile (#4982) (#5903)
This PR protects against the panic referred to in chaseadmsio/goorgeous#82
by recovering from the panic and just returning the raw bytes if
there is an error.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-30 17:17:43 -05:00
zeripath ca00ca8ee4 Provide better panic handling (#5902)
This PR gitea'ises the macaron.Recovery() handler meaning that in
the event of panic we get proper gitea 500 pages and the stacktrace
is logged with the gitea logger.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-30 17:00:00 -05:00
zeripath 0f295ababa Only allow local login if password is non-empty (#5906) 2019-01-30 23:18:54 +02:00
Lauris BH 80098bd752 Fix go-get URL generation (#5905) 2019-01-30 21:04:19 +00:00
sebastian-sauer 84076211b3 Config option to disable automatic repo watching (#5852)
Add a new config option to enable / disable the automatic watching of
repos for new repositories and if a user is added to a team.

Fixes #653

Signed-off-by: Sebastian Sauer <sauer.sebastian@gmail.com>
2019-01-27 09:25:21 +00:00
Lunny Xiao 892bfd0b19 improve the releases api paging (#5831)
* improve the releases api paging

* add max limit on API paging
2019-01-24 20:59:27 +02:00
Joona Hoikkala 3b364029f7 Fix TLS errors when using acme/autocert for local connections (#5820) 2019-01-23 19:47:54 -05:00
Lauris BH 331c9120e8
Request for public keys only if LDAP attribute is set (#5816)
* Update go-ldap dependency

* Request for public keys only if attribute is set
2019-01-24 01:25:33 +02:00
kolaente 0b510725c9 Feature: Archive repos (#5009) 2019-01-23 13:58:38 -05:00
zeripath 7d434376f1 Pooled and buffered gzip implementation (#5722)
* Pooled and buffered gzip implementation

* Add test for gzip

* Add integration test

* Ensure lfs check within transaction

The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.

* Try to avoid primary key problem in postgres

The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
2019-01-23 10:56:51 +02:00
Lanre Adelowo e1fcd6b742 Disallow empty titles (#5785)
* add util method and tests

* make sure the title of an issue cannot be empty

* wiki title cannot be empty

* pull request title cannot be empty

* update to make use of the new util methof
2019-01-21 13:45:32 +02:00
Paul Brackin 1bb22b2b47 Make db connect more robust (#5738) 2019-01-19 16:17:08 -05:00
John Olheiser 6f194b83c6 Moved defaults in defaults.go to setting.go (#5764)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-01-19 15:39:27 -05:00
Harshit Bansal 6822a8993b ldap: Adjust log settings when a user is not found. (#5771)
Fixes: #3849.
2019-01-19 14:57:27 -05:00
Robert Sprunk 65b6ebf243 Log IP of failed ssh connection (#5766)
Fix #5765 by log the IP address of a connecting remote machine in case of a SSH connection error for the built-in ssh server.

Signed-off-by: Robert Sprunk <github@sprunk.me>
2019-01-19 16:29:17 +00:00
zeripath 07802a2bc5 Refactor repo.isBare to repo.isEmpty #5629 (#5714)
* Refactor repo.isBare to repo.isEmpty #5629

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove Sync call
2019-01-17 19:01:04 -05:00
Lunny Xiao 82e08a3364
Refactor notification for indexer (#5111)
* notification for indexer

* use NullNotifier as parent struct
2019-01-17 22:23:22 +08:00
Lunny Xiao 270fa6d63b Support CORS headers to git smart http protocol (#5719) 2019-01-14 16:05:27 -05:00
Khaled Hamed bd75965296 Prioritize "readme.md" (#5691)
* prioritize readme.md

* Improve IsReadmeFile

* Add more tests
2019-01-14 14:15:06 -05:00
techknowlogick 5c44f751a3
Discord Oauth2 support (#4476)
* add discord auth

* add vendor for discord

* fix syntax error

* make fmt

* update version of goth in use

* update markbates/goth
2019-01-13 14:06:22 -05:00
Lunny Xiao beab2df122 Refactor mail notification (#5110)
* mail notification implement interface

* fix file comment year

* use NullNotifier as parent struct of notifiers
2019-01-13 16:42:55 +02:00
zeripath dd13327382 When redirecting clean the path to avoid redirecting to //www.othersite.com (#5669)
Fix #5627

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-09 13:39:01 -05:00
Lanre Adelowo 8d2c24f7f9 Allow for user specific themes (#5668)
* add migration and basic UI for changing a user's theme

* update user themem

* use right text on button

* load theme based on users' selection

* load theme based on users' selection in pwa too

* update sample config

* delete older theme loading

* implement AfterLoad to set users' theme properly

* set up default theme when creating a user. This uses the installation wide theme

* use flash messages for error

* set default theme when creating a user from the cli

* fix @lunny review
2019-01-09 12:22:57 -05:00
zeripath 8bb0a6f425 Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
* Synchronize SSH keys on login with LDAP

* BUG: Fix hang on sqlite during LDAP key deletion
2018-12-27 12:28:48 -05:00
Tony Homrich 2058c362a8 LDAP via simple auth separate bind user and search base (#5055) 2018-12-27 11:51:19 -05:00
Julian 4a685f8b87 Add rebase with merge commit merge style (#3844) (#4052)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2018-12-27 12:27:08 +02:00
Lunny Xiao b65e37ed72
fix indexer reindex bug when gitea restart (#5563)
* fix issue indexer bug reindex when restart gitea

* also fix code indexer reindex when gitea restart
2018-12-19 16:37:48 +08:00
Lunny Xiao 7fd34c0517
fix lfs version check warning log when using ssh protocol (#5501) 2018-12-19 09:17:43 +08:00
zeripath 2a660a1de1 Support reverse proxy providing email (#5554)
This PR implements #2347
2018-12-18 12:05:48 -05:00
Lunny Xiao ba75319157 fix clone wiki failed via ssh (#5503) 2018-12-11 13:37:32 -05:00
Jonas Franz 9681c83734 Approvals at Branch Protection (#5350)
* Add branch protection for approvals

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add required approvals

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add missing comments and fmt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add type = approval and group by reviewer_id to review

* Prevent users from adding negative review limits

* Add migration for approval whitelists

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-12-11 19:28:37 +08:00
Lunny Xiao eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
Michael Kuhn 0222623be9 Explicitly disable Git credential helper (#5367)
* Explicitly disable Git credential helper

If the user running Gitea has configured a credential helper, Git
credentials might leak out of Gitea.

There are two problems with credential helpers when combined with Gitea:

1. Credentials entered by a user when doing a migration or setting up a
   mirror will end up in the credential store. In the worst case, this
   is the plain text file ~/.git-credentials.
2. Credentials in the credential store will be used for migrations and
   mirrors by all users. For example, if user A sets up a mirror, their
   credentials will be stored. If user B later sets up a mirror from the
   same host and does not enter any credentials, user A's credentials
   will be used.

This PR prepends -c credential.helper= to all Git commands to clear the
list of helpers. This requires at least Git version 2.9, as previous
versions will try to load an empty helper instead. For more details, see
24321375cd

* Update git module
2018-11-28 09:00:25 +02:00
SohnyBohny 294904321c Create Progressive Web App (#4730)
* Create manifest and serviceworker

* Create templates and add AppSubUrl

* Add JSRenderer

* fix ctx type

* Add JSRenderer to static.go

* Complete adding {{AppSubUrl}}

* Add more fonts to urlsToCache

* Add 512px and 192px icons

* Hardcode font MD5

* Default theme doesn't have a specific CSS file
2018-11-27 10:18:26 -05:00
Lauris BH e09fe48773 Refactor heatmap to vue component (#5401) 2018-11-27 10:36:54 +01:00
Lanre Adelowo 3a1ed82529 Explicitly decide whether to use TLS in mailer's configuration (#5024)
* explicitly decide on using TLS for mail connections

* explicitly decide on using TLS for mail connections

* keep compatibility
2018-11-26 14:21:41 -05:00
Lunny Xiao cef0f12c51 support envs on external render commands (#5278) 2018-11-20 17:11:21 -05:00
Peter Hoffmann e08c7e521b Add raw blob endpoint to get objects by SHA ID (#5334)
* Add raw blob endpoint

This should make it possible to download raw blobs directly from
/:repo/:username/raw/blob/:sha1 URLs.

* fix: Make it work

* As an SHA-ID is no path getRefNameFromPath can't be used to verify
file specifying parameter
* added relevant change in go-gitea/git #132

Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>

* Update Gopkg.lock

Can't update all vendors due to errors

Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>

* style: Add Gitea copyright header

* feat: Added integration test for /repo/u/r/raw/blob

* fix: correct year in copyright header
2018-11-18 13:45:40 -05:00
Lanre Adelowo b97af15de6 Block registration based on email domain (#5157)
* implement email domain whitelist
2018-11-14 20:00:04 -05:00
Lauris BH 8f8ff5a295
Remove maxlines option for file logger (#5282) 2018-11-07 06:48:53 +02:00
Stanislav 078c404c3b Prometheus endpoint (#5256)
* Add prometheus collector and route

* dep ensure -add github.com/prometheus/client_golang/prometheus

* dep ensure -update github.com/golang/protobuf

* add metrics to reserved usernames

* add comment head in metrics package

* fix style imports

* add metrics settings

* add bearer token check

* mapping metrics configs

* fix lint

* update config cheat sheet

* update conf sample, typo fix
2018-11-04 22:20:00 -05:00
zeripath 7096085f2b Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
2018-11-03 21:15:55 -04:00
zeripath 7d9a191a3c Create AuthorizedKeysCommand (#5236) 2018-11-01 09:41:07 -04:00
L.E.R b686bd0c94 Fix markdown image with link (#4675)
* Fix markdown image with link

* Add gitea copyright notice

* add a test for markdown image with link

* remove svg related variables
2018-10-30 18:26:28 -04:00
Nicolas Lenz 220ee6ae42 Pass link prefixes to external markup parsers (#5201)
* Pass environment variables for URL prefixes to external markup parser

Signed-off-by: Nicolas Lenz <nicolas@eisfunke.com>

* Document external markup link prefix environment variables

Signed-off-by: Nicolas Lenz <nicolas@eisfunke.com>

* Run format on link prefix changes

Signed-off-by: Nicolas Lenz <nicolas@eisfunke.com>
2018-10-30 10:34:12 -04:00
Antoine GIRARD 617a2433a3 Make gitea serv use api/internal (#4886)
* Start to move to internal/private

* Add GetPublicKeyByID

* Add HasDeployKey

* Add private.UpdateDeployKeyUpdated

* Add private.GetUserByKeyID

* Add private.AccessLevel

* Add private.CheckUnitUser

* Fix mistakes I made

* Some cleaning + moving code to separate files

* Fix error handling

* Remove useless error handling for setup

* lint: fix comment on exported func

* fix copyright header

* Fix order of args
2018-10-30 14:20:13 +08:00
Jonas Bröms db30d6d791 Serve audio files using HTML5 audio tag (#5221)
* Serve audio files using HTML5 audio tag

* Correct copy paste error
2018-10-30 10:17:26 +08:00
Antoine GIRARD ffd5fb8139 Set heatmap color range configurable (#5165) 2018-10-24 16:38:04 +02:00
kolaente 6759237eda User action heatmap (#5131)
* Added basic heatmap data

* Added extra case for sqlite

* Built basic heatmap into user profile

* Get contribution data from api & styling

* Fixed lint & added extra group by statements for all database types

* generated swagger spec

* generated swagger spec

* generated swagger spec

* fixed swagger spec

* fmt

* Added tests

* Added setting to enable/disable user heatmap

* Added locale for loading text

* Removed UseTiDB

* Updated librejs & moment.js

* Fixed import order

* Fixed heatmap in postgresql

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: kolaente <konrad@kola-entertainments.de>

* Added copyright header

* Fixed a bug to show the heatmap for the actual user instead of the currently logged in

* Added integration test for heatmaps

* Added a heatmap on the dashboard

* Fixed timestamp parsing

* Hide heatmap on mobile

* optimized postgresql group by query

* Improved sqlite group by statement
2018-10-23 10:57:42 +08:00
Jonas Franz f38fce916e Add comment replies (#5104)
* Add comment replies

* Replace reviewID with review.ID
2018-10-22 16:13:35 -04:00
Oleg Kovalov 5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
Julien Tant dea3d849e1 Give user a link to create PR after push (#4716)
* Give user a link to create PR after push

* Forks now create PR in the base repository + make sure PR creation is allowed

* fix code style
2018-10-20 09:59:06 +03:00
Oleg Kovalov 971dccda16 Use type switch (#5122) 2018-10-19 14:54:26 -04:00
Lunny Xiao ea619b39b2
Add notification interface and refactor UI notifications (#5085)
* add notification interface and refactor UI notifications

* add missing methods on notification interface and notifiy only issue status really changed

* implement NotifyPullRequestReview for ui notification
2018-10-18 19:23:05 +08:00
SagePtr eb0c848f5b Use native go method to get current user rather than environment variable (#4930)
* Use native go method to get current user rather than environment var

* Use t.Skip instead of return in test
2018-10-18 15:08:20 +08:00
Lauris BH 81702e6ec9 Detect charset and convert non UTF-8 files for display (#4950)
* Detect charset and convert non UTF-8 files for display

* Refactor and move function to correct module

* Revert unrelated changes

* More unrelated changes

* Duplicate content for small text to have better encoding detection

* Check if original content is valid before duplicating it
2018-09-29 16:33:54 +08:00
Lanre Adelowo 2a6d3ba058 Allow admin toggle forcing a password change for newly created users (#4563) 2018-09-13 12:34:36 -04:00
Lanre Adelowo 126ba796dc Force user to change password (#4489)
* redirect to login page after successfully activating account

* force users to change password if account was created by an admin

* force users to change password if account was created by an admin

* fixed build

* fixed build

* fix pending issues with translation and wrong routes

* make sure path check is safe

* remove unneccessary newline

* make sure users that don't have to view the form get redirected

* move route to use /settings prefix so as to make sure unauthenticated users can't view the page

* update as per @lafriks review

* add necessary comment

* remove unrelated changes

* support redirecting to location the user actually want to go to before being forced to change his/her password

* run make fmt

* added tests

* improve assertions

* add assertion

* fix copyright year

Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
2018-09-13 15:04:25 +03:00
Drew Bowering 8e3e59fdb8 Fix: Let's Encrypt configuration settings (#4911)
ENABLE_LETSENCRYPT and LETSENCRYPT_ACCEPTTOS were not being properly loaded from the config file, always resulting in the default settings being in place.
2018-09-12 00:06:44 -04:00
B-OnTheGo e47df0b301 Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
Lanre Adelowo be48397945 Slack webhook channel name cannot be empty or just contain an hashtag (#4786) 2018-09-10 10:31:08 -04:00
Lauris BH fa4663e61e Add push webhook support for mirrored repositories (#4127) 2018-09-06 22:06:09 -04:00
SagePtr bf55276189 Fix redirect with non-ascii branch names (#4764) (#4810)
* Fix redirect with non-ascii branch names (#4764)

* Add integration tests for non-ascii branch redirect

* Fix mysql test and coverage test
2018-09-06 21:37:02 -04:00