* Markdown: enable some more extensions
Improve Markdown-rendering by enabling some extensions:
- enable definitions lists
- enable footnotes
- enable header-ids and automatically generate header-ids (for linking to README-sections or creating table-of-contents for larger READMEs)
* Markdown: update and exted tests
Update and add tests for additionally enabled Markdown-extensions.
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.
Fixes #4475
Include the current CustomPath location in the admin section and also
display GITEA_WORK_DIR and/or GITEA_CUSTOM env var if they are set.
Right now there is no easy way to see this information, and if you try
and help most users they won't be able to tell you anything about these
values -- just that their custom template isn't working, files aren't in
the right place, etc... Now you can see all paths and if they were set
by ENV or not.
Partially implement #770.
Add "Default Webhooks" page in site admin UI.
Persist to the existing webhooks table, but store with RepoID=0 and OrgID=0.
Upon repo creation, copy the set of default webhooks into the new repo.
* Use PathUnescape instead of QueryUnescape when working with branch names
Currently branch names with a '+' fail in certain situations because
QueryUnescape replaces the + character with a blank space.
Using PathUnescape should be better since it is defined as:
// PathUnescape is identical to QueryUnescape except that it does not
// unescape '+' to ' ' (space).
Fixes #6333
* Change error to match new function name
* Add new util function PathEscapeSegments
This function simply runs PathEscape on each segment of a path without
touching the forward slash itself. We want to use this instead of
PathEscape/QueryEscape in most cases because a forward slash is a valid name for a
branch etc... and we don't want that escaped in a URL.
Putting this in new file url.go and also moving a couple similar
functions into that file as well.
* Use EscapePathSegments where appropriate
Replace various uses of EscapePath/EscapeQuery with new
EscapePathSegments. Also remove uncessary uses of various
escape/unescape functions when the text had already been escaped or was
not escaped.
* Reformat comment to make drone build happy
* Remove no longer used url library
* Requested code changes
When transferring ownership of a repo to a different user/org,
create a repo redirect that points to the new location in the same
way that is done when a repo is renamed.
Signed-off-by: James E. Blair <jeblair@redhat.com>
* Remove all CommitStatus when a repo is deleted
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* More UI tweaks
More info in PR
* Generate stylesheet for arc-green
* Make gofmt work
* Change PR integration since the button is changed
* Rebase
* Generate stylesheet
* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed
* Commit to reference related issues
Resolves #5782
Resolves #5861
Addresses original question in #5993
* Change the comment wording since PR button is no longer little and green.
* Revert changes that made Windows work
* Regenerate stylesheet
* Regenerate stylesheets
* make generate-stylesheets
* Update integration again, changed button style
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future
* Added missing semi-colons
* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns
* Remove extra tab formatting in list.tmpl
* Remove more formatting from GoLand
* Replace hardcoded "No License" with i18n license helper.
* Show email if the authenticated user owns the profile page being
requested for.
Also removed `setting.UI.ShowUserEmail` as it's documentation says it
only controls the email setting on the explore page
* fix current user check... This prevents a panic as a user must be signed in before ctx.User is called
* fix panic in tests
* try to fix tests
* Update year
* Test CI fail
* Revert change
* User 3 is not allowed to authorize
* Set user2 email to be private
* Change to user4 in explore page as user2 now has private email option set
* Add emoji to labels
Minor cleanup of tribute code in footer.tmpl
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Quick find/replace in other i18n files containing label translations
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Revert "Quick find/replace in other i18n files containing label translations"
This reverts commit ec3e1a3a1775989301bb2c1cd08e8871b317688d.
* Add style to overwrite emoji height in labels
* Revert Makefile change that makes Windows work
This PR makes it possible for the markdown renderer to render images and media straight from the LFS.
Fix #5746
Signed-off-by: Andrew Thornton [art27@cantab.net](mailto:art27@cantab.net)
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview
* Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles
* Move branch checkout functions out of repo_editor.go as they are no longer used there
* BUGFIX: The default permissions should be 100644
This is a change from the previous code but is more in keeping
with the default behaviour of git.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Standardise cleanUploadFilename to more closely match git
See verify_path in: 7f4e641693/read-cache.c (L951)
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Redirect on bad paths
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor to move the uploading functions out to a module
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add LFS support
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update upload.go attribution header
Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution.
* Delete upload files after session committed
* Ensure that GIT_AUTHOR_NAME etc. are valid for git
see #5774
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add in test cases per @lafriks comment
* Add space between gitea and github imports
Signed-off-by: Andrew Thornton <art27@cantab.net>
* more examples in TestCleanUploadName
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix formatting
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Set the SSH_ORIGINAL_COMMAND to ensure hooks are run
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch off SSH_ORIGINAL_COMMAND
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixes #5957
* add tests to make sure config option is respected
* use already defined struct
* - use migration to make the flag repo wide not for the entire gitea instance
Also note that the config value can still be set so as to be able to control the value for new repositories that are to be created
- fix copy/paste error in copyright header year and rearrange import
- use repo config instead of server config value to determine if a commit should close an issue
- update testsuite
* use global config only when creating a new repository
* allow repo admin toggle feature via UI
* fix typo and improve testcase
* fix fixtures
* add DEFAULT prefix to config value
* fix test
* Feature - Pagination for git tree API
* Handles case when page is negative
* Does a for loop over the start and end rather than all entries
* Removed redundent logic
* Adds per_page as a query parameter
* Adds DEFAULT_GIT_TREES_PER_PAGE for settings, ran make fmt
* Fix typo in cheat-sheet en
* Makes page start at 1, generated swagger
* Use updates to SDK
* Updates to use latest sdk
* Updates swagger for tree api
* Adds test for GetTreeBySHA
* Updates per PR reviews
* Updates per PR reviews
* Remove file
* Formatting
* Fix to swagger file
* Fix to swagger
* Update v1_json.tmpl
* Fix to swagger file
* Fix serving of raw wiki files other than .md
Closes #4690.
Closes #4395.
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Simplify code at routers/repo/wiki.go
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add more files to user2/repo1.wiki for testing
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Update macaron to v1.3.2
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add tests for WikiRaw
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Fix NewResponseWriter usage due to macaron update
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add raw to reserved wiki names
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Don't display buttons if there are no notices
* clear stopwatch on merging a PR
* remove redundant gt check
* use ctx.Flash as per @bkcsoft comment
* stop timer on closing issues/PRs too
* updated translation as per review
* redirect to login page after successfully activating account
* remove unrelated changes
* stop timer for issues that are closed via commits too..Not just the 'close' UI button
* Revert #5877
This unfortunately was not the solution.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change permission check to create pull requests to CanReadIssuesOrPulls
Signed-off-by: Andrew Thornton <art27@cantab.net>
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix #1357
This PR gitea'ises the macaron.Recovery() handler meaning that in
the event of panic we get proper gitea 500 pages and the stacktrace
is logged with the gitea logger.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived
* Refuse creating an issue/PR via API calls too
* Pooled and buffered gzip implementation
* Add test for gzip
* Add integration test
* Ensure lfs check within transaction
The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.
* Try to avoid primary key problem in postgres
The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
* add util method and tests
* make sure the title of an issue cannot be empty
* wiki title cannot be empty
* pull request title cannot be empty
* update to make use of the new util methof
Unfortunately a scoping problem was missed on the previous PR which meant that the only nil error was logged on failure to connect to the db. This pr fixes this.
* api: Add an endpoint to list a particular member of team.
* models: Rename `GetUserTeams()` to `GetUserOrgTeams()` in `org_team` model.
`GetUserTeams()` sounds a bit misnomer since it actually returns
the teams that user belongs to in a given organization rather than
all the teams across all the organization that the user has joined.
* models: Add `GetUserTeams()`.
Returns all the teams that a user belongs to.
* api: Add an endpoint for GET '/user/teams'.
A GET request to this endpoint lists all the teams that a user
belongs to.
* add default PR title
Set default PR title to commit summary if there's a single commit on the head branch, else set it to the head branch name
* set default PR description
If there's a single commit on the head branch, and it's multiline, then set it as the default PR description
* Do not display the raw OpenID error in the UI
If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.
Fix #4973
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update auth_openid.go
Place error log within the `err != nil` branch.
* add migration and basic UI for changing a user's theme
* update user themem
* use right text on button
* load theme based on users' selection
* load theme based on users' selection in pwa too
* update sample config
* delete older theme loading
* implement AfterLoad to set users' theme properly
* set up default theme when creating a user. This uses the installation wide theme
* use flash messages for error
* set default theme when creating a user from the cli
* fix @lunny review
* Add branch protection for approvals
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add required approvals
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing comments and fmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add type = approval and group by reviewer_id to review
* Prevent users from adding negative review limits
* Add migration for approval whitelists
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* improve team members and repositories settings UI
* use tab on team pages
* add default description on team members and repos
* add blank on numbers and texts
* improve translation
* added the ability to provide an empty array at the EditPullRequests API to remove all labels
Signed-off-by: Lucien Kerl <lucien.kerl@wuerth-it.com>
* Update pull.go
* add milestone issues and pulls page instead of redirecting issues page
* add milestone when creating issue from milestone page
* refactor to merge similiar codes as a new function issues
* remove milestone info on milestone issues list
* fix missing params
* Inital routes to git refs api
* Git refs API implementation
* Update swagger
* Fix copyright
* Make swagger happy add basic test
* Fix test
* Fix test again :)
* Create manifest and serviceworker
* Create templates and add AppSubUrl
* Add JSRenderer
* fix ctx type
* Add JSRenderer to static.go
* Complete adding {{AppSubUrl}}
* Add more fonts to urlsToCache
* Add 512px and 192px icons
* Hardcode font MD5
* Default theme doesn't have a specific CSS file
* show only opened milestones on issues page milestone filter
* update Godoc
* update Godoc everywhere
* update swagger
* use false instead of 0
* Add seccond ordering by ID for milestones where no deadline is set
* add api for user to create org
* remove unused blank line on the swagger file end
* fix create and add test
* fix tests
* fix routes of create org API
* fix bug
* add copyright heads
* Add raw blob endpoint
This should make it possible to download raw blobs directly from
/:repo/:username/raw/blob/:sha1 URLs.
* fix: Make it work
* As an SHA-ID is no path getRefNameFromPath can't be used to verify
file specifying parameter
* added relevant change in go-gitea/git #132
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* Update Gopkg.lock
Can't update all vendors due to errors
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* style: Add Gitea copyright header
* feat: Added integration test for /repo/u/r/raw/blob
* fix: correct year in copyright header
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation
Fixes #5226, #5249
* /api/v1/admin/users routes should have reqToken middleware
* Add private information to the deploy keys api
This commit adds more information to the deploy keys to allow for back
reference in to the main keys list. It also adds information about the
repository that the key is referring to.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add private information to the user keys API
This adjusts the keys API to give out private information to user keys if
the current user is the owner or an admin.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ability to search keys by fingerprint
This commit adds the functionality to search ssh-keys by fingerprint of
the ssh-key. Deploy keys per repository can also be searched. There is
no current clear API point to allow search of all deploy keys by
fingerprint or keyID.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add integration test
* Show either sign up OR sign in
* disambiguate fresh start from adding recovery options
* use tabs to switch between account link flows
* add active to tab body as well
* changes as per discussion
* handle specific error; fix missing err typo
* Added basic heatmap data
* Added extra case for sqlite
* Built basic heatmap into user profile
* Get contribution data from api & styling
* Fixed lint & added extra group by statements for all database types
* generated swagger spec
* generated swagger spec
* generated swagger spec
* fixed swagger spec
* fmt
* Added tests
* Added setting to enable/disable user heatmap
* Added locale for loading text
* Removed UseTiDB
* Updated librejs & moment.js
* Fixed import order
* Fixed heatmap in postgresql
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: kolaente <konrad@kola-entertainments.de>
* Added copyright header
* Fixed a bug to show the heatmap for the actual user instead of the currently logged in
* Added integration test for heatmaps
* Added a heatmap on the dashboard
* Fixed timestamp parsing
* Hide heatmap on mobile
* optimized postgresql group by query
* Improved sqlite group by statement
* Fix Swagger JSON.
Remove unnecessary schema references for the forbidden and empty responses
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix swagger API for CreateAccessToken
* Fix admin create org swagger
* Fix swagger for adminCreateRepo
* More swagger fixes
Set int64 format for those which are int64
Some more form fixes
* Fix swagger description of GET /repos/{owner}/{repo}/pulls
* add notification interface and refactor UI notifications
* add missing methods on notification interface and notifiy only issue status really changed
* implement NotifyPullRequestReview for ui notification
* Detect charset and convert non UTF-8 files for display
* Refactor and move function to correct module
* Revert unrelated changes
* More unrelated changes
* Duplicate content for small text to have better encoding detection
* Check if original content is valid before duplicating it
* Code review UI improvements
* More fixes to dark theme
* Style fix
* Fix to allow add code review comments only on review files tab
* More readability dark style fixes
* Fix commenting on deleted files. Fixes #4752
* Fix line blame getting for multiple corner cases
* redirect to login page after successfully activating account
* force users to change password if account was created by an admin
* force users to change password if account was created by an admin
* fixed build
* fixed build
* fix pending issues with translation and wrong routes
* make sure path check is safe
* remove unneccessary newline
* make sure users that don't have to view the form get redirected
* move route to use /settings prefix so as to make sure unauthenticated users can't view the page
* update as per @lafriks review
* add necessary comment
* remove unrelated changes
* support redirecting to location the user actually want to go to before being forced to change his/her password
* run make fmt
* added tests
* improve assertions
* add assertion
* fix copyright year
Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
