When doing GET /api/v1/users/{user} as an unauthenticated user,
gitea throws a 500 because it's trying to dereference elements
from the context user. It wants to do this to see whether to
show the primary email and will do that if the logged in user
is admin or the user in question. However, if ctx.User is nil,
go gets really unhappy.
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.
## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
- [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
- Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
- [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
- app.ini configuration done
- [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation
I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
editorconfig-core-go made breaking api changes and has recently released
v2.1.1. This change consumes the new api and fixes up any breaking
references.
Add password complexity checks. The default settings require a lowercase, uppercase, number and a special character within passwords.
Co-Authored-By: T-M-A <maxim.tkachenko@gmail.com>
Co-Authored-By: Lanre Adelowo <adelowomailbox@gmail.com>
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add API for Repo Advanced Settings of wiki and issue tracker
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add some integration tests for tracker and wiki settings through API
* Should return StatusUnprocessableEntity in case of invalid API values.
* Add tests for invalid URLs for external tracker and wiki.
* Do not set inital values if they are default of type
* Make issue tracker and wiki units separate structures in Repository API structure.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix comment of structures
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Rewrite API to use struct for setting tracker and wiki settings.
* LetOnlyContributorsTrackTime -> AllowOnlyContributorsToTrackTime
* Api endpoint for searching teams.
Signed-off-by: dasv <david.svantesson@qrtech.se>
* Move API to /orgs/:org/teams/search
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Regenerate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix search is Get
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test for search team API.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update routers/api/v1/org/team.go
grammar
Co-Authored-By: Richard Mahn <richmahn@users.noreply.github.com>
* Fix review comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix some issues in repo collaboration team search, after changes in this PR.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Remove teamUser which is not used and replace with actual user id.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Remove unused search variable UserIsAdmin.
* Add paging to team search.
* Re-genereate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix review comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* fix
* Regenerate swagger
* Add logging for when user requested attachment doesn't belong to the specified release.
* Fix API to use correct variable for release asset (attachment)
* extract actions on new pull request from models to pulls service
* improve code
* move code.gitea.io/gitea/modules/pull to code.gitea.io/gitea/services/pull
* fix fmt
* Rename pulls.go to pull.go
* move all mail related codes from models to modules/mailer
* fix lint
* use DBContext instead Engine
* use WithContext not WithEngine
* Use DBContext instead of Engine
* don't use defer when sess.Close()
* move DBContext to context.go and add some methods
* move mailer from modules/ to services
* fix lint
* fix tests
* fix fmt
* add gitea copyright
* fix tests
* don't expose db functions
* make code clear
* add DefaultDBContext
* fix build
* fix bug
* Add teams to repo on collaboration page.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add option for repository admins to change teams access to repo.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add comment for functions
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make RepoAdminChangeTeamAccess default false in xorm and make it default checked in template instead.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make proper language strings and fix error redirection.
* Add unit tests for adding and deleting team from repository.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add database migration
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix redirect
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix locale string mismatch.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Move team access mode text logic to template.
* Move collaborator access mode text logic to template.
* refuse merge until ci successfully
* deny merge request when required status checkes not succeed on merge Post and API
* add database migration for added columns on protected_branch
* fix migration
* fix protected branch check bug
* fix protected branch settings
* remove duplicated code on check pull request's required commit statuses pass
* remove unused codes
* fix migration
* add newline for template file
* fix go mod
* rename function name and some other fixes
* fix template
* fix bug pull view
* remove go1.12 wrong dependencies
* add administrator bypass when protected branch status check enabled
* fix bug
* improve the codes
* move create release from models to a standalone package
* fix lint
* fix comment year
* fix lint
* fix lint
* fix package import name
* fix vendor
* fix go mod
* some refactors
* fix vendor
* use go1.12 make vendor
* fix vendor
* Add optional label sets on repo creation
* Fix CRLF
* Instead of hardcoding default, make it the helper
* Move label set init out of repo init
Add a new error for the router
Combine router label init with repo creation label init
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add issue labels to Swagger for repo creation
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update models/issue_label.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Update models/issue_label.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Create API endpoints for repo topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Generate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add documentation to functions
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Grammar fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix function comment
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Can't use FindTopics when looking for a single repo topic, as it doesnt use exact match
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add PUT /repos/{owner}/{repo}/topics and remove GET /repos/{owner}/{repo}/topics
* Ignore if topic is sent twice in same request, refactoring.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix topic dropdown with api changes.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Style fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update API documentation
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Better way to handle duplicate topics in slice
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make response element TopicName an array of strings, instead of using an array of TopicName
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test cases for API Repo Topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix format of tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix unit tests after adding some more topics to the test fixture.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update models/topic.go
Limit multiple if else if ...
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Engine as first parameter in function
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Replace magic numbers with http status code constants.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix variable scope
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Test one read with login and one with token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add some more tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Apply suggestions from code review
Use empty struct for efficiency
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add test case to check access for user with write access
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix access, repo admin required to change topics
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Correct first test to be without token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Any repo reader should be able to access topics.
* No need for string pointer
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add description in repository search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Refactor SearchRepositoryByName with a general function SearchRepository
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Allow to specify if description shall be included in API repo search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add new app.ini setting for whether to search within repo description.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Search keyword in description (if setting enabled) on:
- Explore page
- Organization profile page
- User profile page
- Admin repo page
Do not search keyword in description on:
- Any non-keyword search (not relevant)
- Incremental search (uses API)
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Put parameters related to keyword directly after it
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test cases for including (and not including) repository description in search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Rename test function from TestSearchRepositoryByName to TestSearchRepository.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make setting SEARCH_REPO_DESCRIPTION default to true
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* display ui time with customize time location
* fix lint
* rename UILocation to DefaultUILocation
* move time related functions to modules/timeutil
* fix tests
* fix tests
* fix build
* fix swagger
when you use gitea as OAuth2 provider, the /api/v1/user should return
user primary email as identifier, which is unique in OAuth2 clients.
this patch use convert.ToUser replace all u.APIFormat in api requests,
return primary email when caller is yourself or admin.
On merge we walk the merge history and ensure that all lfs objects pointed to in
the history are added to the base repository. This switches from relying on having git-lfs installed on the server, (and in fact .gitattributes being correctly installed.)
* Fixes #2738 - /git/tags API
* proper URLs
* Adds function comments
* Updates swagger
* Removes newline from tag message
* Removes trailing newline from commit message
* Adds integration test
* Removed debugging
* Adds tests
* Fixes bug where multiple tags of same commit show wrong tag name
* Fix formatting
* Removes unused varaible
* Fix to annotated tag function names and response
* Update modules/git/repo_tag.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Uses TagPrefix
* Changes per review, better error handling for getting tag and commit IDs
* Fix to getting commit ID
* Fix to getting commit ID
* Fix to getting commit ID
* Fix to getting commit ID
* Supports tags when comparing commits or branches
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Hide headline when only comparing and don't load unused data
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Merges compare logics to allow comparing branches, commits and tags with eachother
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Display branch or tag instead of commit when used for comparing
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Show pull request form after click on button
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Transfers relevant pull.go changes from master to compare.go
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Fixes error when comparing forks against a commit or tag
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Removes console.log from JavaScript file
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Show icon next to commit reference when comparing branch or tag
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Updates css file
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Fixes import order
* Renames template variable
* Update routers/repo/compare.go
Co-Authored-By: zeripath <art27@cantab.net>
* Update from master
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Allow short-shas in compare
* Renames prInfo to compareInfo
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Check PR permissions only if compare is pull request
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Adjusts comment
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Use compareInfo instead of prInfo
* Feature - #5960 - API Endpoint for Repo Editing
* Revert from merge
* Adds integration testing
* Updates to integration tests
* Revert changes
* Update year in file header
* Misspell fix
* XORM = test
* XORM = test
* revert XORM = file
* Makes RepoUnit.ID be pk and autoincr
* Fix to units
* revert header
* Remove print statement
* Adds other responses
* Improves swagger for creating repo
* Fixes import order
* Better Unit Type does not exist error
* Adds editable repo properties to the response repo structure
* Fix to api_repo_edit_test.go
* Fixes repo test
* Changes per review
* Fixes typo and standardizes comments in the EditRepoOption struct for swagger
* Fixes typo and standardizes comments in the EditRepoOption struct for swagger
* Actually can unarchive through the API
* Unlike delete, user doesn't have to be the owner of the org, just admin to the repo
* Fix to swagger comments for field name change
* Update to swagger docs
* Update swagger
* Changes allow_pull_requests to has_pull_requests
* fix org visibility bug
* fix permission check
* add integration tests
* fix tests
* change test user name for easier maintainance and fix test
* fix test git repo name
* Add log.ColorFormat and log.ColorFormatted
Structs can now implement log.ColorFormatted to provide their own
colored format when logged with `%-v` or additional flags.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add basic ColorFormat to repository and user
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add basic ColorFormat to access and unit
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ColorFormat to permission and on trace log it
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add log.NewColoredIDValue to make ID value coloring consistent
Signed-off-by: Andrew Thornton <art27@cantab.net>
* formatting changes
* Add some better tracing to permission denied for read issues/pulls
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Trace logging on permission denied
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove isTrace() check from deferred func
* Adjust repo and allow logging of team
* use FormatInt instead of Itoa
* Add blank line
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update access.go
* Use go-git for tree reading and commit info lookup.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use TreeEntry.IsRegular() instead of ObjectType that was removed.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use the treePath to optimize commit info search.
Signed-off-by: Filip Navara <navara@emclient.com>
* Extract the latest commit at treePath along with the other commits.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix listing commit info for a directory that was created in one commit and never modified after.
Signed-off-by: Filip Navara <navara@emclient.com>
* Avoid nearly all external 'git' invocations when doing directory listing (.editorconfig code path is still hit).
Signed-off-by: Filip Navara <navara@emclient.com>
* Use go-git for reading blobs.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make SHA1 type alias for plumbing.Hash in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make Signature type alias for object.Signature in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix GetCommitsInfo for repository with only one commit.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix PGP signature verification.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix issues with walking commit graph across merges.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix typo in condition.
Signed-off-by: Filip Navara <navara@emclient.com>
* Speed up loading branch list by keeping the repository reference (and thus all the loaded packfile indexes).
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix lising submodules.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix build
Signed-off-by: Filip Navara <navara@emclient.com>
* Add back commit cache because of name-rev
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix tests
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix code style
* Fix spelling
* Address PR feedback
Signed-off-by: Filip Navara <navara@emclient.com>
* Update vendor module list
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix getting trees by commit id
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix remaining unit test failures
* Fix GetTreeBySHA
* Avoid running `git name-rev` if not necessary
Signed-off-by: Filip Navara <navara@emclient.com>
* Move Branch code to git module
* Clean up GPG signature verification and fix it for tagged commits
* Address PR feedback (import formatting, copyright headers)
* Make blob lookup by SHA working
* Update tests to use public API
* Allow getting content from any type of object through the blob interface
* Change test to actually expect the object content that is in the GIT repository
* Change one more test to actually expect the object content that is in the GIT repository
* Add comments
* Add API for manipulating Git hooks
Signed-off-by: Segev Finer <segev@codeocean.com>
* Replace code.gitea.io/sdk with PR branch temporarily for CI
* Switch back to code.gitea.io/sdk@master
* Return 403 instead of 404 on no permission to edit hooks in API
* Add tests for Git hooks API
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* empty line
* Improve issue autolinks
Update autolinks to match what github does here:
Issue in same repo: #1
Issue in different repo: org/repo#1
Fixes #6264
* Use setting.AppURL when parsing URL
Using setting.AppURL here is a more reliable way of parsing the current
URL and what other functions in this file seem to use.
* Make ComposeMetas always return a valid context
* Add per repository markdown renderers for better context
* Update for use of context metas
Now that we include the user and repo name inside context metas, update
various code and tests for this new logic
* cleaned permission checks for API -> site admin can now do anything
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* PR #6483: helper methods moved to context/context.go, added missing return
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* PR #6483: added documentation to new exported helper functions in context/context.go
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* Panic don't fatal on create new logger
Fixes #5854
Signed-off-by: Andrew Thornton <art27@cantab.net>
* partial broken
* Update the logging infrastrcture
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset the skip levels for Fatal and Error
Signed-off-by: Andrew Thornton <art27@cantab.net>
* broken ncsa
* More log.Error fixes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove nal
* set log-levels to lowercase
* Make console_test test all levels
* switch to lowercased levels
* OK now working
* Fix vetting issues
* Fix lint
* Fix tests
* change default logging to match current gitea
* Improve log testing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* reset error skip levels to 0
* Update documentation and access logger configuration
* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE
* Fix broken level caching
* Refactor the router log
* Add Router logger
* Add colorizing options
* Adjust router colors
* Only create logger if they will be used
* update app.ini.sample
* rename Attribute ColorAttribute
* Change from white to green for function
* Set fatal/error levels
* Restore initial trace logger
* Fix Trace arguments in modules/auth/auth.go
* Properly handle XORMLogger
* Improve admin/config page
* fix fmt
* Add auto-compression of old logs
* Update error log levels
* Remove the unnecessary skip argument from Error, Fatal and Critical
* Add stacktrace support
* Fix tests
* Remove x/sync from vendors?
* Add stderr option to console logger
* Use filepath.ToSlash to protect against Windows in tests
* Remove prefixed underscores from names in colors.go
* Remove not implemented database logger
This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.
* Ensure that log paths are relative to ROOT_PATH
* use path.Join
* rename jsonConfig to logConfig
* Rename "config" to "jsonConfig" to make it clearer
* Requested changes
* Requested changes: XormLogger
* Try to color the windows terminal
If successful default to colorizing the console logs
* fixup
* Colorize initially too
* update vendor
* Colorize logs on default and remove if this is not a colorizing logger
* Fix documentation
* fix test
* Use go-isatty to detect if on windows we are on msys or cygwin
* Fix spelling mistake
* Add missing vendors
* More changes
* Rationalise the ANSI writer protection
* Adjust colors on advice from @0x5c
* Make Flags a comma separated list
* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING
* Ensure matching is done on the non-colored message - to simpify EXPRESSION
* Markdown: enable some more extensions
Improve Markdown-rendering by enabling some extensions:
- enable definitions lists
- enable footnotes
- enable header-ids and automatically generate header-ids (for linking to README-sections or creating table-of-contents for larger READMEs)
* Markdown: update and exted tests
Update and add tests for additionally enabled Markdown-extensions.
* Feature - Pagination for git tree API
* Handles case when page is negative
* Does a for loop over the start and end rather than all entries
* Removed redundent logic
* Adds per_page as a query parameter
* Adds DEFAULT_GIT_TREES_PER_PAGE for settings, ran make fmt
* Fix typo in cheat-sheet en
* Makes page start at 1, generated swagger
* Use updates to SDK
* Updates to use latest sdk
* Updates swagger for tree api
* Adds test for GetTreeBySHA
* Updates per PR reviews
* Updates per PR reviews
* Remove file
* Formatting
* Fix to swagger file
* Fix to swagger
* Update v1_json.tmpl
* Fix to swagger file
* Fix serving of raw wiki files other than .md
Closes #4690.
Closes #4395.
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Simplify code at routers/repo/wiki.go
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add more files to user2/repo1.wiki for testing
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Update macaron to v1.3.2
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add tests for WikiRaw
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Fix NewResponseWriter usage due to macaron update
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add raw to reserved wiki names
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Revert #5877
This unfortunately was not the solution.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change permission check to create pull requests to CanReadIssuesOrPulls
Signed-off-by: Andrew Thornton <art27@cantab.net>
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix #1357
* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived
* Refuse creating an issue/PR via API calls too
* api: Add an endpoint to list a particular member of team.
* models: Rename `GetUserTeams()` to `GetUserOrgTeams()` in `org_team` model.
`GetUserTeams()` sounds a bit misnomer since it actually returns
the teams that user belongs to in a given organization rather than
all the teams across all the organization that the user has joined.
* models: Add `GetUserTeams()`.
Returns all the teams that a user belongs to.
* api: Add an endpoint for GET '/user/teams'.
A GET request to this endpoint lists all the teams that a user
belongs to.
* added the ability to provide an empty array at the EditPullRequests API to remove all labels
Signed-off-by: Lucien Kerl <lucien.kerl@wuerth-it.com>
* Update pull.go
* Inital routes to git refs api
* Git refs API implementation
* Update swagger
* Fix copyright
* Make swagger happy add basic test
* Fix test
* Fix test again :)
* show only opened milestones on issues page milestone filter
* update Godoc
* update Godoc everywhere
* update swagger
* use false instead of 0
* Add seccond ordering by ID for milestones where no deadline is set
* add api for user to create org
* remove unused blank line on the swagger file end
* fix create and add test
* fix tests
* fix routes of create org API
* fix bug
* add copyright heads
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation
Fixes #5226, #5249
* /api/v1/admin/users routes should have reqToken middleware
* Add private information to the deploy keys api
This commit adds more information to the deploy keys to allow for back
reference in to the main keys list. It also adds information about the
repository that the key is referring to.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add private information to the user keys API
This adjusts the keys API to give out private information to user keys if
the current user is the owner or an admin.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ability to search keys by fingerprint
This commit adds the functionality to search ssh-keys by fingerprint of
the ssh-key. Deploy keys per repository can also be searched. There is
no current clear API point to allow search of all deploy keys by
fingerprint or keyID.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add integration test
* Added basic heatmap data
* Added extra case for sqlite
* Built basic heatmap into user profile
* Get contribution data from api & styling
* Fixed lint & added extra group by statements for all database types
* generated swagger spec
* generated swagger spec
* generated swagger spec
* fixed swagger spec
* fmt
* Added tests
* Added setting to enable/disable user heatmap
* Added locale for loading text
* Removed UseTiDB
* Updated librejs & moment.js
* Fixed import order
* Fixed heatmap in postgresql
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: kolaente <konrad@kola-entertainments.de>
* Added copyright header
* Fixed a bug to show the heatmap for the actual user instead of the currently logged in
* Added integration test for heatmaps
* Added a heatmap on the dashboard
* Fixed timestamp parsing
* Hide heatmap on mobile
* optimized postgresql group by query
* Improved sqlite group by statement
* Fix Swagger JSON.
Remove unnecessary schema references for the forbidden and empty responses
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix swagger API for CreateAccessToken
* Fix admin create org swagger
* Fix swagger for adminCreateRepo
* More swagger fixes
Set int64 format for those which are int64
Some more form fixes
* Fix swagger description of GET /repos/{owner}/{repo}/pulls
* add notification interface and refactor UI notifications
* add missing methods on notification interface and notifiy only issue status really changed
* implement NotifyPullRequestReview for ui notification
* prevent pull request to be merged when PR is a WIP
* add tests
* add helper to prepend WIP: in PR title
* move default wip prefixes into settings
* use configurable WIP prefixes in javascript and default to first one in templates
* add documentation
* add unit test on pull model
Signed-off-by: Julien Tant <julien@craftyx.fr>
* an inactive user shouldn't be able to be a collaborator
* use translated error message
* add active user check when adding a new collaborator via the api
* fix translation text
* added collaborator test
* improvee testcases
The backend SearchRepositoryByName function supports several sort order
options, hook these up to the /repos/search API.
New parameters for /repos/search:
'sort': alpha, created, updated, size, or id
'order': asc or desc
'sort' defaults to alpha.
'order' defaults to ascending, and is ignored if 'sort' is not specified.
The overall default behavior is unchanged (alphabetically ascending).
This partially implements issue #3963
Signed-off-by: Allen Wild <allenwild93@gmail.com>
* Implemented basic api endpoint to manage deadlines
* Fixed checking for permissions
* Updating a deadline from the ui is now entirely done via the api
* cleanup
* Cosmetics
* fixed lint + fmt
* Added swagger model definition for deadline response
* Updated gitea-sdk
* Updated gitea-sdk
* More cleanup
* Generate swagger json
* Merge branch 'master' of https://github.com/go-gitea/gitea into issue-due-date-api
# Conflicts:
# public/swagger.v1.json
* Fixed permission to update a deadline via api
* Re-added form to change a deadline
* Added client-side validation + not ignore error messages from the api
* Added locale for error message
* Merge branch 'master' of https://github.com/go-gitea/gitea
# Conflicts:
# models/issue_comment.go
* Proper date validation
* Fixed indention
* moved css to css file
* added documentation for error codes
* after merge cleanup
* Added swagger description
* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD
* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD
* regenerated stylesheets
* Repositories can only migrated to own user or organizations
* Add check for organization that user does not belong to
* Allow admin to migrate repositories for other users
Fix all the resting errors to have a valid swagger file.
They are still some warnings but nothing blocking.
Doing so I found that some request still misses son parameters for some POST/PUT/PATCH request. This means the a client generated from the swagger file will not work completely.
Fix #4088 by activating validation in drone
Should fix #4010.
* Partial fix for #4010
Swagger validation needs 'required: true' for parameters that are in
the URL path.
Signed-off-by: Steve Traugott <stevegt@t7a.org>
* Partial fix for #4010
Swagger needs a description field in each swagger:operation response. Adding
minimal text for now on the way to getting swagger validate to pass. Many
standard swagger client libraries will not work with gitea until validate
passes, so prioritizing that over better descriptions for now.
Signed-off-by: Steve Traugott <stevegt@t7a.org>
* Partial fix for #4010
Swagger needs a comment line above each swagger:response comment -- it
uses these to populate the description: fields. Adding minimal text
for now on the way to getting swagger validate to pass. Many standard
swagger client libraries will not work at all with gitea until validate
passes, so prioritizing that over better descriptions for now.
Signed-off-by: Steve Traugott <stevegt@t7a.org>
* Add LDAP Key Synchronization feature
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Add migration: add login source id column for public_key table
* Only update keys if needed
* Add function to only list pubkey synchronized from ldap
* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.
* Only get keys belonging to current login source id
* Set default login source id to 0
* Some minor cleanup. Add integration tests (updete dep testify)
* add more webhook support
* move hooks templates to standalone dir and add more webhooks ui
* fix tests
* update vendor checksum
* add more webhook support
* move hooks templates to standalone dir and add more webhooks ui
* fix tests
* update vendor checksum
* update vendor
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* load attributes when created release
* update comparsion doc
* Started adding deadline to ui
* Implemented basic issue due date managing
* Improved UI for due date managing
* Added at least write access to the repo in order to modify issue due dates
* Ui improvements
* Added issue comments creation when adding/modifying/removing a due date
* Show due date in issue list
* Added api support for issue due dates
* Fixed lint suggestions
* Added deadline to sdk
* Updated css
* Added support for adding/modifiying deadlines for pull requests via api
* Fixed comments not created when updating or removing a deadline
* update sdk (will do properly once go-gitea/go-sdk#103 is merged)
* enhanced updateIssueDeadline
* Removed unnessecary Issue.DeadlineString
* UI improvements
* Small improvments to comment creation
+ ui & validation improvements
* Check if an issue is overdue is now a seperate function
* Updated go-sdk with govendor as it was merged
* Simplified isOverdue method
* removed unessecary deadline to 0 set
* Update swagger definitions
* Added missing return
* Added an explanary comment
* Improved updateIssueDeadline method so it'll only update `deadline_unix`
* Small changes and improvements
* no need to explicitly load the issue when updating a deadline, just use whats already there
* small optimisations
* Added check if a deadline was modified before updating it
* Moved comment creating logic into its own function
* Code cleanup for creating deadline comment
* locale improvement
* When modifying a deadline, the old deadline is saved with the comment
* small improvments to xorm session handling when updating an issue deadline
+ style nitpicks
* style nitpicks
* Moved checking for if the user has write acces to middleware
* add topic models and unit tests
* fix comments
* fix comment
* add the UI to show or add topics for a repo
* show topics on repositories list
* fix test
* don't show manage topics link when no permission
* use green basic as topic label
* fix topic label color
* remove trace content
* remove debug function
* Add Attachment API
* repos/:owner/:repo/releases (add attachments)
* repos/:owner/:repo/releases/:id (add attachments)
* repos/:owner/:repo/releases/:id/attachments
* repos/:owner/:repo/releases/:id/attachments/:attachment_id
Signed-off-by: Jonas Franz <info@jonasfranz.de>
* Add unit tests for new attachment functions
Fix comments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* fix lint
* Update vendor.json
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* remove version of sdk
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix unit tests
Add missing license header
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add CreateReleaseAttachment
Add EditReleaseAttachment
Add DeleteReleaseAttachment
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add filename query parameter for choosing another name for an attachment
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix order of imports
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Restricting updatable attachment columns
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* gofmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update go-sdk
Replace Attachments with Assets
Signed-off-by: Jonas Franz <info@jonasfranz.de>
* Update go-sdk
Signed-off-by: Jonas Franz <info@jonasfranz.de>
* Updating go-sdk and regenerating swagger
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing file of go-sdk
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Change origin of code.gitea.io/sdk to code.gitea.io/sdk
Update code.gitea.io/sdk
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update swagger
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update updateAttachment
* Get rid of autolink
* autolink in markdown
* Replace email addresses with mailto links
* better handling of links
* Remove autolink.js from footer
* Refactor entire html.go
* fix some bugs
* Make tests green, move what we can to html_internal_test, various other changes to processor logic
* Make markdown tests work again
This is just a description to allow me to force push in order to restart
the drone build.
* Fix failing markdown tests in routers/api/v1/misc
* Add license headers, log errors, future-proof <body>
* fix formatting
* Pull request options migration and UI in settings
* Add ignore whitespace functionality
* Fix settings if pull requests are disabled
* Fix migration transaction
* Merge with Rebase functionality
* UI changes and related functionality for pull request merging button
* Implement squash functionality
* Fix rebase merging
* Fix pull request merge tests
* Add squash and rebase tests
* Fix API method to reuse default message functions
* Some refactoring and small fixes
* Remove more hardcoded values from tests
* Remove unneeded check from API method
* Fix variable name and comment typo
* Fix reset commit count after PR merge