Commit graph

652 commits

Author SHA1 Message Date
M Hickford 191a74d622
Record OAuth client type at registration (#21316)
The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 15:59:24 +08:00
Yarden Shoham acdb92ad42
Localize all timestamps (#21440)
Following
* #21410 

We are now able to localize all timestamps. Some examples:

`short-date` format, French, user profile page:

![image](https://user-images.githubusercontent.com/20454870/195622461-aa0d5b93-f8df-42ad-881c-9c16606bf387.png)

`date-time` format, Portuguese, mirror repository settings page:

![image](https://user-images.githubusercontent.com/20454870/195623191-7a37d77c-4a02-4140-846d-f290a65ea21d.png)

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-17 12:08:21 +08:00
Yarden Shoham b9cd6fb703
Add code highlighting in issue titles (#21432)
This changes the rendering logic of issue titles. If a substring in an
issue title is enclosed with a pair of backticks, it'll be rendered with
a monospace font (HTML `code` tag).

* Closes #20887

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-16 02:24:41 +08:00
Yarden Shoham c4f7c96903
Run make fmt (#21437)
The only change is what `make fmt` did, I am merely a vessel for its
glorious function

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-10-13 21:33:54 -04:00
qwerty287 a902af75f4
Support instance-wide OAuth2 applications (#21335)
Support OAuth2 applications created by admins on the admin panel, they
aren't owned by anybody.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-10-12 22:08:29 +08:00
Lauris BH b59b0cad0a
Add user/organization code search (#19977)
Fixes #19925 

Screenshots:

![attels](https://user-images.githubusercontent.com/165205/173864718-fe789429-55bc-4cad-808c-9f02f335cddf.png)
2022-10-11 00:12:03 +01:00
qwerty287 a813c9d8f3
Allow creation of OAuth2 applications for orgs (#18084)
Adds the settings pages to create OAuth2 apps also to the org settings
and allows to create apps for orgs.

Refactoring: the oauth2 related templates are shared for
instance-wide/org/user, and the backend code uses `OAuth2CommonHandlers`
to share code for instance-wide/org/user.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-09 20:07:41 +08:00
John Olheiser 2d2cf589f7
Fix linked account translation (#21331)
fix key used for translation
2022-10-04 07:51:07 -05:00
André Jaenisch 04e97b8311
Refactor from Vue2 to Vue3 (#20044)
Close #19902
2022-10-01 22:26:38 +08:00
qwerty287 08609d439d
Add pages to view watched repos and subscribed issues/PRs (#17156)
Adds GitHub-like pages to view watched repos and subscribed issues/PRs
This is my second try to fix this, but it is better than the first since
it doesn't uses a filter option which could be slow when accessing
`/issues` or `/pulls` and it shows both pulls and issues (the first try
is #17053).

Closes #16111 
Replaces and closes #17053


![Screenshot](https://user-images.githubusercontent.com/80460567/134782937-3112f7da-425a-45b6-9511-5c9695aee896.png)

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 22:09:14 +03:00
neon 0bd59381ad
Center-aligning content of WebAuthN page (#21127)
<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->

This attempts to correct #21126 , where the content of the page is not
center-aligned.

(Note: I think this contains the right commits - but, those other
commits seem superfluous. I'm not sure I've made the pull request
correctly. I don't often use the pull request pattern when working,
opting to use the merge-request pattern instead for my workplace. If
there are any issues, please let me know and I will try to correct
them.)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-09 16:18:54 -04:00
silverwind 647b2649b1
Make sure fmt catches all templates (#20979)
* Make sure fmt catches all templates

Make's `wildcard` is not recursive so it missed many template files, fix
that by using `find`.

* Update Makefile
2022-08-31 23:58:54 +08:00
silverwind c80ca94ab1
Remove black labels and CSS cleanup (#21003)
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-31 17:04:41 +08:00
silverwind 6c4688e1b1
Add whitespace removal inside template curly brackes (#20853) 2022-08-25 17:55:52 -04:00
CodeDoctor aedfc923ad
Improve single repo action for issue and pull requests (#20730)
Related to #20650.

This will fix the behavior of the single repo action for pull requests and disables the button for other screens that don't have a single repo action currently.
2022-08-22 13:51:48 +01:00
zeripath 11bae50484
Pad GPG Key ID with preceding zeroes (#20878) 2022-08-21 02:50:15 -04:00
Gusted fad0e7a497
Fix create repository page's help text (#20810) 2022-08-18 22:13:08 -04:00
techknowlogick d8e6c99125
Add badge capabilities to users (#20607)
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-08-18 02:25:25 +03:00
silverwind 802c5313e1
Replace some icons with SVG (#20741)
- Replace some icons with SVG
- Create teams help page
- Application and SSH keys icons
- Add new icon for app token
- Use fontawesom-send
2022-08-10 18:30:40 +02:00
Gusted 58de07e5fd
Add support mCaptcha as captcha provider (#20458)
https://mcaptcha.org/

Co-authored-by: Felipe Leopoldo Sologuren Gutiérrez <fsologureng@users.noreply.github.com>
2022-08-10 15:20:10 +02:00
silverwind 1b2cd4c4e1
Replace fomantic popup module with tippy.js (#20428)
- replace fomantic popup module with tippy.js
- fix chaining and add comment
- add 100ms delay to tooltips
- stopwatch improvments, raise default maxWidth
- update web_src/js/features/common-global.js
- use type=submit instead of js
2022-08-09 14:37:34 +02:00
CodeDoctor 36f9ee5813
Add an option to create new issues from "/issues" page (#20650) 2022-08-09 19:30:09 +08:00
6543 0b12abcfb5
Add missing Tabs on organisation/package view (Frontport #20539) (#20540)
hotfix #20106
2022-07-31 14:32:51 +02:00
wxiaoguang 2c108d20ba
Fix i18n for email notifications (#20518) 2022-07-28 17:28:46 +02:00
Tyrone Yeh 3bd8f50af8
Added email notification option to receive all own messages (#20179)
Sometimes users want to receive email notifications of messages they create or reply to,
Added an option to personal preferences to allow users to choose

Closes #20149
2022-07-28 16:30:12 +08:00
Baoshuo Ren 175705356c
Fix icon margin in user/settings/repos (#20281) 2022-07-14 11:03:31 +08:00
Gusted d55a0b7238
Refactor i18n to locale (#20153)
* Refactor `i18n` to `locale`

- Currently we're using the `i18n` variable naming for the `locale`
struct. This contains locale's specific information and cannot be used
for general i18n purpose, therefore refactoring it to `locale` makes
more sense.
- Ref: https://github.com/go-gitea/gitea/pull/20096#discussion_r906699200

* Update routers/install/install.go
2022-06-27 15:58:46 -05:00
Lunny Xiao 85d960d2a1
Hide notify mail setting ui if not enabled (#20138) 2022-06-28 00:59:47 +08:00
Gusted 5d3f99c7c6
Make better use of i18n (#20096)
* Prototyping

* Start work on creating offsets

* Modify tests

* Start prototyping with actual MPH

* Twiddle around

* Twiddle around comments

* Convert templates

* Fix external languages

* Fix latest translation

* Fix some test

* Tidy up code

* Use simple map

* go mod tidy

* Move back to data structure

- Uses less memory by creating for each language a map.

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Add some comments

* Fix tests

* Try to fix tests

* Use en-US as defacto fallback

* Use correct slices

* refactor (#4)

* Remove TryTr, add log for missing translation key

* Refactor i18n

- Separate dev and production locale stores.
- Allow for live-reloading in dev mode.

Co-authored-by: zeripath <art27@cantab.net>

* Fix live-reloading & check for errors

* Make linter happy

* live-reload with periodic check (#5)

* Fix tests

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-06-26 22:19:22 +08:00
Robert Lützner afea63f4e5
Replace pubkey with privkey in keys_ssh.tmpl (#20112)
If a user wants to verify an SSH public key from their account they have
to sign the randomly generated token with their private key.

Prior to this change the example command prompted to sign the token with
their public key instead.

Signed-off-by: Robert Lützner <robert.luetzner@pm.me>
2022-06-24 12:11:13 +02:00
Lunny Xiao fd97c4e0ae
Use correct variable for issue count (#20085) 2022-06-22 11:26:32 -05:00
Gusted 796c4eca0b
Prettify number of issues (#17760)
* Prettify number of issues

- Use the PrettyNumber function to add commas in large amount of issues.

* Use client-side formatting

* prettify on both server and client

* remove unused i18n entries

* handle more cases, support other int types in PrettyNumber

* specify locale to avoid issues with node default locale

* remove superfluos argument

* introduce template helper, octicon tweaks, js refactor

* Update modules/templates/helper.go

* Apply some suggestions.

* Add comment

* Update templates/user/dashboard/issues.tmpl

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-12 20:08:23 +08:00
Eekle 4f1fb0f697
Make user profile image show full image on mobile (#19840)
* Make user profile image show full image on mobile
2022-06-10 19:06:34 +08:00
wxiaoguang cdb81f32ac
Remove out-dated comments (#19921) 2022-06-08 18:17:44 +01:00
André Jaenisch c1c07e533c
Improve wording on delete access token modal (#19909)
This PR highlights the nature of the destructive action.
It also rewords the action buttons to remove ambiguity.

Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de>

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-06-07 20:28:10 -04:00
André Jaenisch 81cf006863
Improve UX on modal for deleting an access token (#19894)
* Improve UX on modal for deleting an access token

Before, both action buttons where coloured on hover. Otherwise they
appeared as ghost buttons. UX tells us, that call to action must not
be displayed as ghost button.

Using red is perceived as warning colour in Western cultures. It was
used for the non-destructive action before. This PR swaps the colour
and turns the cancel button into a filled one, so it is saver to do
nothing then to accidentally delete an access button. We want the
person to do this consciously.

In another iteration the wording here could be improved. See the
associated issue for further details.

Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de>

* Use tabs instead of spaces.

Linter does not complain anymore. I was expecting the formatter to pick
this up but it didn't.

Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-06-07 12:25:40 -04:00
Paweł Bogusławski 14d96ff7ac
Disable unnecessary mirroring elements (#18527)
* Disable unnecessary mirroring elements

This mod fixes disabling unnecessary mirroring elements.

Related: https://github.com/go-gitea/gitea/pull/16957
Related: https://github.com/go-gitea/gitea/pull/13084
Author-Change-Id: IB#1105104

* Checkbox rendering disabled instead of hiding it

Fixes: 02b45051503d4330da9757ff084c9cc5e6e60d84
Related: https://github.com/go-gitea/gitea/pull/18527#pullrequestreview-878061913
Author-Change-Id: IB#1105104

* Update custom/conf/app.example.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: silverwind <me@silverwind.io>

* Mirror filter removed only when whole mirroring feature is disabled

Fixes: 02b45051503d4330da9757ff084c9cc5e6e60d84
Related: https://github.com/go-gitea/gitea/pull/18527#discussion_r883268890
Author-Change-Id: IB#1105104

Co-authored-by: silverwind <me@silverwind.io>
2022-06-04 19:42:17 +08:00
wxiaoguang e0273bad72
Fix i18n for Link Account button, re-format tmpl (#19835) 2022-05-29 16:19:56 +08:00
Mai-Lapyst 4698a1ec47
Adding button to link accounts from user settings (#19792)
* Adding button to link accounts from user settings

* Only display button to link user accounts when at least one OAuth2 provider is active
2022-05-29 02:03:17 +02:00
silverwind 9574626a23
Fix follower display on user page (#19805) 2022-05-26 00:29:40 +08:00
istiak101 35d0358c2a
Github style following followers (#19482)
Removed tabbed following and followers from user page and added Github style following followers.
2022-05-25 19:45:45 +08:00
silverwind ac8bee6aeb
Remove fomantic progress module (#19760)
Replace it with HTML `<progress>` element. The bar won't go green at
100% anymore but I think it's not something that fits stylistically anyways.
2022-05-20 05:04:45 +02:00
wxiaoguang cc7236e852
Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729)
* Make Ctrl+Enter (quick submit) work for issue comment and wiki editor

* Remove the required `SubmitReviewForm.Type`, empty type (triggered by quick submit) means "comment"

* Merge duplicate code
2022-05-20 04:26:04 +02:00
silverwind 9da3d78e74
Replace blue button and label classes with primary (#19763)
* make blue really blue

* replace blue button and label classes with primary

* add --color-blue-dark

* add light color variants, tweak a few colors

* fix colors

* add comment

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-05-20 00:08:08 +02:00
Jimmy Praet 38d72d40f1
Only show accessible teams in dashboard dropdown list (#19642)
Fixes #19637
2022-05-07 17:49:43 +02:00
ktprograms ef164d33c2
Add RSS Feed buttons to Repo, User and Org pages (#19370) 2022-04-24 22:03:39 +02:00
原俊杰 184302665f
Show ssh command directly in template instead of i18n translation (#19335)
* add missing space for generate ssh token command

Signed-off-by: Junjie Yuan <yuan@junjie.pro>

* Do not use i18n for ssh command

* Remove unnecessary settings.ssh_token_code

* Revert locale_zh-CN.ini

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-04-06 19:35:04 +08:00
silverwind 1eb0da58c3
Update JS dependencies (#19281)
- Upgrade all JS dependencies minus vue and vue-loader
- Adapt to breaking change of octicons
- Update eslint rules
- Tested Swagger UI, sortablejs and prod build
2022-04-01 02:15:46 +02:00
Lunny Xiao 420851ca1f
Fix global packages enabled avaiable (#19276)
Fix #19275
2022-03-31 19:31:53 +02:00
KN4CK3R 1d332342db
Add Package Registry (#16510)
* Added package store settings.

* Added models.

* Added generic package registry.

* Added tests.

* Added NuGet package registry.

* Moved service index to api file.

* Added NPM package registry.

* Added Maven package registry.

* Added PyPI package registry.

* Summary is deprecated.

* Changed npm name.

* Sanitize project url.

* Allow only scoped packages.

* Added user interface.

* Changed method name.

* Added missing migration file.

* Set page info.

* Added documentation.

* Added documentation links.

* Fixed wrong error message.

* Lint template files.

* Fixed merge errors.

* Fixed unit test storage path.

* Switch to json module.

* Added suggestions.

* Added package webhook.

* Add package api.

* Fixed swagger file.

* Fixed enum and comments.

* Fixed NuGet pagination.

* Print test names.

* Added api tests.

* Fixed access level.

* Fix User unmarshal.

* Added RubyGems package registry.

* Fix lint.

* Implemented io.Writer.

* Added support for sha256/sha512 checksum files.

* Improved maven-metadata.xml support.

* Added support for symbol package uploads.

* Added tests.

* Added overview docs.

* Added npm dependencies and keywords.

* Added no-packages information.

* Display file size.

* Display asset count.

* Fixed filter alignment.

* Added package icons.

* Formatted instructions.

* Allow anonymous package downloads.

* Fixed comments.

* Fixed postgres test.

* Moved file.

* Moved models to models/packages.

* Use correct error response format per client.

* Use simpler search form.

* Fixed IsProd.

* Restructured data model.

* Prevent empty filename.

* Fix swagger.

* Implemented user/org registry.

* Implemented UI.

* Use GetUserByIDCtx.

* Use table for dependencies.

* make svg

* Added support for unscoped npm packages.

* Add support for npm dist tags.

* Added tests for npm tags.

* Unlink packages if repository gets deleted.

* Prevent user/org delete if a packages exist.

* Use package unlink in repository service.

* Added support for composer packages.

* Restructured package docs.

* Added missing tests.

* Fixed generic content page.

* Fixed docs.

* Fixed swagger.

* Added missing type.

* Fixed ambiguous column.

* Organize content store by sha256 hash.

* Added admin package management.

* Added support for sorting.

* Add support for multiple identical versions/files.

* Added missing repository unlink.

* Added file properties.

* make fmt

* lint

* Added Conan package registry.

* Updated docs.

* Unify package names.

* Added swagger enum.

* Use longer TEXT column type.

* Removed version composite key.

* Merged package and container registry.

* Removed index.

* Use dedicated package router.

* Moved files to new location.

* Updated docs.

* Fixed JOIN order.

* Fixed GROUP BY statement.

* Fixed GROUP BY #2.

* Added symbol server support.

* Added more tests.

* Set NOT NULL.

* Added setting to disable package registries.

* Moved auth into service.

* refactor

* Use ctx everywhere.

* Added package cleanup task.

* Changed packages path.

* Added container registry.

* Refactoring

* Updated comparison.

* Fix swagger.

* Fixed table order.

* Use token auth for npm routes.

* Enabled ReverseProxy auth.

* Added packages link for orgs.

* Fixed anonymous org access.

* Enable copy button for setup instructions.

* Merge error

* Added suggestions.

* Fixed merge.

* Handle "generic".

* Added link for TODO.

* Added suggestions.

* Changed temporary buffer filename.

* Added suggestions.

* Apply suggestions from code review

Co-authored-by: Thomas Boerger <thomas@webhippie.de>

* Update docs/content/doc/packages/nuget.en-us.md

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
2022-03-30 16:42:47 +08:00