Commit graph

443 commits

Author SHA1 Message Date
zeripath
2b36bdd490 Do not display the raw OpenID error in the UI (#5705)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-12 14:24:47 -05:00
Lanre Adelowo
8d2c24f7f9 Allow for user specific themes (#5668)
* add migration and basic UI for changing a user's theme

* update user themem

* use right text on button

* load theme based on users' selection

* load theme based on users' selection in pwa too

* update sample config

* delete older theme loading

* implement AfterLoad to set users' theme properly

* set up default theme when creating a user. This uses the installation wide theme

* use flash messages for error

* set default theme when creating a user from the cli

* fix @lunny review
2019-01-09 12:22:57 -05:00
Lunny Xiao
b3b7598ec6 Improve performance of dashboard (#4977) 2018-12-13 10:55:43 -05:00
Lunny Xiao
eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
Lanre Adelowo
b97af15de6 Block registration based on email domain (#5157)
* implement email domain whitelist
2018-11-14 20:00:04 -05:00
AJ ONeal
b8451190d8 UX of link account (Step 1) (#5006)
* Show either sign up OR sign in

* disambiguate fresh start from adding recovery options

* use tabs to switch between account link flows

* add active to tab body as well

* changes as per discussion

* handle specific error; fix missing err typo
2018-10-28 18:46:16 -04:00
Rodrigo Villablanca Vásquez
48badd59e9 Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
* Fix to 3819

* Changes suggested

* Empty line removed

* Fix error: non-name opts.Labels on left side of :=
2018-10-28 07:55:01 +01:00
kolaente
6759237eda User action heatmap (#5131)
* Added basic heatmap data

* Added extra case for sqlite

* Built basic heatmap into user profile

* Get contribution data from api & styling

* Fixed lint & added extra group by statements for all database types

* generated swagger spec

* generated swagger spec

* generated swagger spec

* fixed swagger spec

* fmt

* Added tests

* Added setting to enable/disable user heatmap

* Added locale for loading text

* Removed UseTiDB

* Updated librejs & moment.js

* Fixed import order

* Fixed heatmap in postgresql

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: kolaente <konrad@kola-entertainments.de>

* Added copyright header

* Fixed a bug to show the heatmap for the actual user instead of the currently logged in

* Added integration test for heatmaps

* Added a heatmap on the dashboard

* Fixed timestamp parsing

* Hide heatmap on mobile

* optimized postgresql group by query

* Improved sqlite group by statement
2018-10-23 10:57:42 +08:00
Oleg Kovalov
5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
Lanre Adelowo
126ba796dc Force user to change password (#4489)
* redirect to login page after successfully activating account

* force users to change password if account was created by an admin

* force users to change password if account was created by an admin

* fixed build

* fixed build

* fix pending issues with translation and wrong routes

* make sure path check is safe

* remove unneccessary newline

* make sure users that don't have to view the form get redirected

* move route to use /settings prefix so as to make sure unauthenticated users can't view the page

* update as per @lafriks review

* add necessary comment

* remove unrelated changes

* support redirecting to location the user actually want to go to before being forced to change his/her password

* run make fmt

* added tests

* improve assertions

* add assertion

* fix copyright year

Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
2018-09-13 15:04:25 +03:00
Bo-Yi Wu
ea20adaa84
feat(repo): support search repository by topic name (#4505)
* feat(repo): support search repository by topic name
2018-09-13 10:33:48 +08:00
SagePtr
0449330dbc Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) 2018-08-14 23:16:37 +03:00
Lanre Adelowo
69a855f3d4 log user in after a successful sign up (#4615) 2018-08-11 15:33:19 -04:00
Dingjun
819f50ccd5 fix panic issue on update avatar email (#4580) (#4581)
fix #4580
2018-08-01 17:38:56 +08:00
techknowlogick
adf3f004b6
Switch plaintext scratch tokens to use hash instead (#4331) 2018-07-27 08:54:50 -04:00
Lanre Adelowo
630f234223 Add flash message after an account has been successfully activated (#4510)
* added new locale text
2018-07-25 20:54:56 +03:00
techknowlogick
492ec97a46
Redirect to correct page after using scratch token (#4458) 2018-07-19 13:58:33 -04:00
Fluf
f035dcd4f2 Add Recaptcha functionality to Gitea (#4044) 2018-07-05 00:13:05 -04:00
Clar Charr
c71ee33057 Increase default TOTP secret size to 320 bits (#4287) 2018-07-03 18:10:35 -04:00
Jonas Franz
801843b011 Fix open redirect vulnerability on login screen (#4312)
* Fix open redirect vulnerability on login screen

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Reorder imports

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Replace www. from Domain too

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-06-26 22:45:18 +08:00
David Schneiderbauer
0b3ea42847 hide issues from org private repos w/o team assignment (#4034) 2018-06-21 12:00:13 -04:00
David Schneiderbauer
69bfd81b1c fix missing data on redirects (#3975) 2018-06-18 14:24:45 -04:00
Magnus Lindvall
cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Alexey Terentyev
b908ac9fab Added repository search ordered by stars or forks. Forks column in admin repo list. (#3969)
* Added repository search order by stars or forks.
Added Forks column to admin repository list.

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed search repo template

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-24 09:03:42 +08:00
David Schneiderbauer
31067c0a89 remove collaborative repositories from search on user profiles (#3996)
* remove collaborative repositories from search on user profiles

* rename 'My Repositories' to 'Repositories'
2018-05-21 23:07:34 +03:00
Jonas Franz
951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00
David Schneiderbauer
44754774f1 Re-enable random avatar feature (#3988)
* reenable random avatar feature

* replace Size check by Filename check
2018-05-19 21:22:09 +08:00
David Schneiderbauer
2aabfc1afa Splitted the user settings code into several files to be more maintainable (#3968)
* refactor setting router code

splitted up one huge router settings file into the smaller files
representing the actual page structure

* move code to subfolder

* rename functions

* renamed files

* add copyright information
2018-05-17 12:05:00 +08:00
David Schneiderbauer
099372d76c Refactor User Settings (#3900)
* moved avatar to profile page

* combined password change, email and account deletion into account settings page

* combined totp, access tokens, linked accounts and openid into security settings page

* move access tokens to applications settings page

* small change to restart drone build

* fix change avatar url on profile page

* redirect old settings urls to new ones

* enforce only one autofocus attribute on settings pages

* set correct redirect status code

* fmt fix
2018-05-15 13:07:32 +03:00
FabioFortini
1546458f7d issue-2768: added new option allow_only_external_registration (#3910) 2018-05-13 15:51:16 +08:00
kolaente
1fdf560678 Added user language setting (#3875)
* Added user language setting

* Added translation string for setting

* Fixed import order + typo

* improved checking if the user has a language saved in the db

* The current saved language is now set a default inside the dropdown

* fmt

* When a user signs in and doesn't have a language saved, the current browser language is saved

* updated gitea-sdk

* Merge branch 'master' of https://github.com/go-gitea/gitea into save-user-language

# Conflicts:
#	models/migrations/migrations.go
#	models/migrations/v62.go

* Made tests work again

* trigger CI

* trigger CI

* fmt

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* When loggin in, only the language col gets updated instead of everything
2018-05-05 08:28:30 +08:00
Lauris BH
1e1ece8f3d
Do not allow to reuse TOTP passcode (#3878) 2018-05-02 18:02:02 +03:00
Lauris BH
7b2b900e13 Refactor and simplify redirect to url (#3674) 2018-03-15 22:13:34 +01:00
bugreport0
521945a2d2 Fix missing translations when updating username. (#3564)
* Fix missing translations when updating username.

* Fix reserved username translated string test.

* Fix 'username reserved' string test a bit more.
2018-02-25 15:56:25 +02:00
Bo-Yi Wu
04b3e8cbdc
refactor: reduce sql query in retrieveFeeds (#3547) 2018-02-21 18:55:34 +08:00
Codruț Constantin Gușoi
96c268c0fc Implements generator cli for secrets (#3531)
Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>
2018-02-18 20:14:37 +02:00
Kim "BKC" Carlbäcker
e5b8b4b5ec Cleanup models.User.HashPassword (#3334) 2018-01-12 00:19:38 +02:00
Morgan Bazalgette
65861900cd Handle refactor (#3339)
* Replace all ctx.Handle with ctx.ServerError or ctx.NotFound

* Change Handle(403) to NotFound, avoid using macaron's NotFound
2018-01-10 23:34:17 +02:00
Antoine GIRARD
84feb016f5 Remove useless fmt.Errorf("%v", err) (#3337) 2018-01-09 16:40:05 -02:00
Morgan Bazalgette
674cfb7cac Change EncodePasswd to HashPassword (#3329)
* Change EncodePasswd to HashPassword

* Create test+benchmark for HashPassword
2018-01-08 23:28:18 +01:00
Ethan Koenig
4c9341f689 Fix bugs in issue dashboard stats (#3073) 2017-12-26 01:25:16 +02:00
Ethan Koenig
68179dc676 Remove unnecessary function call (#3109) 2017-12-08 09:02:34 +08:00
Sasha Varlamov
7ec6cddd27 Add 'mark all read' option to notifications (#3097)
* Add 'mark all read' option to notifications

Signed-off-by: Sasha Varlamov <sasha@sashavarlamov.com>

* Fix exported comment

Signed-off-by: Sasha Varlamov <sasha@sashavarlamov.com>

* Format method comments

Signed-off-by: Sasha Varlamov <sasha@sashavarlamov.com>

* Fix exported comment

Signed-off-by: Sasha Varlamov <sasha@sashavarlamov.com>

Format method comments

Signed-off-by: Sasha Varlamov <sasha@sashavarlamov.com>

Tests for reactions (#3083)

* Unit tests for reactions

* Fix import order

Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>

Fix reaction possition when there is attachments (#3099)

Refactor notifications swap function

* Accept change to drop beforeupdate call

* Update purge notifications error message for consistency

* Drop unnecessary check for mark all as read button

* Remove debugging comment
2017-12-07 13:52:57 +08:00
Ethan Koenig
c0a7899416 Sort repos in issues dashboard sidebar (#3072)
* Sort repos in issues dashboard sidebar

* Sort repos by name
2017-12-04 12:39:01 +08:00
Lunny Xiao
b3d5ba6f90 Fix missing password length check when change password (#3039)
* fix missing password length check when change password

* add tests for change password
2017-12-02 19:11:22 +02:00
Lunny Xiao
13e59c8b7a remove unused variable (#3038) 2017-11-30 20:44:25 +02:00
Ethan Koenig
91f3d77ceb Unit tests for wiki routers (#3022) 2017-11-30 17:52:15 +02:00
Michael Kuhn
420fc8efc2 Disable add key button if SSH is disabled (#2873) 2017-11-21 11:49:33 +08:00
schaffman5
7e6c198f21 Apply LANDING_PAGE config options for logged in users (#2894)
* Extended LANDINGPAGE config variable to logged in users and added switch for 'organizations' in addition to 'home' and 'explore'.

* Updated comments.

Signed-off-by: Mike Schaffer <mschaff@gmail.com>

* Extended LANDINGPAGE config variable to trigger when user logs in and added switch for 'organizations' in addition to 'home' and 'explore'.

Signed-off-by: Mike Schaffer <mschaff@gmail.com>

* Extended LANDINGPAGE config variable to logged in users and added switch for 'organizations' in addition to 'home' and 'explore'.

* Updated comments.

Signed-off-by: Mike Schaffer <mschaff@gmail.com>

* Extended LANDINGPAGE config variable to trigger when user logs in and added switch for 'organizations' in addition to 'home' and 'explore'.

Signed-off-by: Mike Schaffer <mschaff@gmail.com>

* Removed superfluous conditional and correct whitespace.

Signed-off-by: Mike Schaffer <mschaff@gmail.com>

* Update app.ini

Reverted new line.

* Formatting.

Signed-off-by: Mike Schaffer <mschaff@gmail.com>
2017-11-20 15:48:09 +08:00
Morlinest
ddb7f59ef4 Add search mode option to /api/repo/search (#2756)
* Add repo type option to /api/repo/search

* Add tests and fix result of collaborative filter in specific condition

* Fix/optimize search & tests

* Improve integration tests

* Fix lint errors

* Fix unit tests

* Change and improve internal implementation of repo search

* Use NonexistentID

* Make search api more general

* Change mirror and fork search behaviour

* Fix tests & typo in comment
2017-10-27 00:16:13 +03:00