Commit graph

11863 commits

Author SHA1 Message Date
zeripath
b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00
Lunny Xiao
67f135ca5d
Fix archive error when rename repo or user (#16399)
Use repo id instead of full name to generate archive path
2021-07-13 14:16:31 +02:00
6543
b81106be3f
Let branch/tag name be a valid ref to get CI status (#16400)
* fix #16384#

* refactor: move shared helper func to utils package

* extend Tests

* use ctx.Repo.GitRepo if not nil
2021-07-13 08:14:14 +01:00
Jimmy Praet
4ce32c9e93
Detect encoding changes while parsing diff (#16330)
* Detect encoding changes while parsing diff
2021-07-13 03:13:52 +02:00
GiteaBot
2614309a58 [skip ci] Updated translations via Crowdin 2021-07-13 00:07:51 +00:00
Jimmy Praet
78118a3b02
Add checkbox to delete pull branch after successful merge (#16049)
* Add checkbox to delete pull branch after successful merge

* Omit DeleteBranchAfterMerge field in json

* Log a warning instead of error when PR head branch deleted

* Add DefaultDeleteBranchAfterMerge to PullRequestConfig

* Add support for delete_branch_after_merge via API

* Fix for API: the branch should be deleted from the HEAD repo

If head and base repo are the same, reuse the already opened ctx.Repo.GitRepo

* Don't delegate to CleanupBranch, only reuse branch deletion code

CleanupBranch contains too much logic that has already been performed by the Merge

* Reuse gitrepo in MergePullRequest

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-07-13 01:26:25 +02:00
6543
46a4c6835d
Fix external renderer (#16401)
* fix external renderer

* use GBackground context as fallback

* no fallback, return error

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-07-12 17:13:59 -04:00
Norwin
fb04cc7dbd
Validate Issue Index before querying DB (#16406) 2021-07-12 16:22:27 -04:00
Bagas Sanjaya
18c18bb196
docs: rewrite email setup (#16404)
* Add intro for both the docs page and mailer methods
  * Fix numbering level in SMTP section
  * Recommends implicit TLS

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
2021-07-12 22:05:40 +02:00
6543
5b1d0a7701
Replace plugins/docker with techknowlogick/drone-dockerin ci (#16407)
* plugins/docker -> techknowlogick/drone-docker

* It is multi-arch
2021-07-12 15:20:44 -04:00
GiteaBot
522b720954 [skip ci] Updated translations via Crowdin 2021-07-12 00:24:54 +00:00
zeripath
2f725cbc9e
Add LRU mem cache implementation (#16226)
The current default memory cache implementation is unbounded in size and number of
objects cached. This is hardly ideal.

This PR proposes creating a TwoQueue LRU cache as the underlying cache for Gitea.
The cache is limited by the number of objects stored in the cache (rather than size)
for simplicity. The default number of objects is 50000 - which is perhaps too small
as most of our objects cached are going to be much less than 1kB.

It may be worth considering using a different LRU implementation that actively limits
sizes or avoids GC - however, this is just a beginning implementation.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-10 23:54:15 +02:00
Meano
07284792d4
Fix invalid params and typo of email templates (#16394)
Signed-off-by: Meano <meanocat@gmail.com>
2021-07-10 19:40:14 +02:00
GiteaBot
7a402067ce [skip ci] Updated translations via Crowdin 2021-07-10 00:24:52 +00:00
Avahe Kellenberger
8cbb38f546
Added documentation about 413 errors with an nginx solution (#15313)
* Added documentation about 413 errors with an nginx solution.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-07-10 02:16:07 +02:00
Jonathan Hult
615444dcbd
Fix #16387 - rootless Docker user (#16388)
Move comment to top of USER instruction
2021-07-09 10:08:22 -04:00
6543
91162bbaea
Update bluemonday to v1.0.15 (#16379)
* update github.com/microcosm-cc/bluemonday

* add exec flag to contrib/update_dependencies.sh

* Fix TESTS
2021-07-09 03:30:31 +02:00
GiteaBot
6c6938e2ed [skip ci] Updated translations via Crowdin 2021-07-09 00:25:09 +00:00
Tobias Florek
5e819ee1de
specify user in rootless container numerically (#16361)
* specify user in rootless container numerically

With kubernetes' PodSecurityPolicy set to runAsNonRoot it will not allow starting the container.  The error message is
```
Error: container has runAsNonRoot and image has non-numeric user (git), cannot verify user is non-root
```
The `USER` directive has to be numerical for that to work.

* mention the name of the uid/gid

Co-authored-by: 6543 <6543@obermui.de>
2021-07-08 15:30:09 -04:00
zeripath
d06f9ce274
Redirect on bad CSRF instead of presenting bad page (#14937)
The current CSRF handler is a bit harsh with bad CSRF tokens on webpages
I think we can be a little kinder and redirect to base page with a flash error

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-08 15:57:24 +02:00
luzpaz
fc1607b368
Fix source typos (#16374)
* Fix source typos

Follow up to e0296b6a6  
Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`

* rm "ignore destory on `make misspell-check`"

Co-authored-by: 6543 <6543@obermui.de>
2021-07-08 14:55:09 +02:00
luzpaz
e0296b6a6d
Fix various documentation, user-facing, and source comment typos (#16367)
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
2021-07-08 13:38:13 +02:00
GiteaBot
bc6f060b8c [skip ci] Updated translations via Crowdin 2021-07-08 00:24:51 +00:00
Gary Wang
b06342f29c
fix: not able to update local created non-urlencoded wiki pages (#16139)
* fix: not able to update local created non-urlencoded wiki pages

* tidy code

* as per suggestion

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Don't replace space to dash for unescaped wiki filename

Co-authored-by: zeripath <art27@cantab.net>

* Remove incorrect comment

* Remove NameToUnescapedFilename()

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-07-07 19:23:09 -04:00
techknowlogick
061a8e7bb9
Alpine 3.14 released (#16170)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-07-07 15:43:00 -04:00
techknowlogick
7613f31c6b
Update vendor 20210707 (#16366)
* update gitea.com/go-chi/binding

* update github.com/blevesearch/bleve/v2

* update github.com/caddyserver/certmagic

* update github.com/go-git/go-git/v5

* update github.com/lafriks/xormstore

* update github.com/yuin/goldmark

* Revert "update gitea.com/go-chi/binding"

This reverts commit dea2f292b116114f9316fab95c5fd124174da404.
2021-07-07 15:41:05 -04:00
冯天书
9543e068e9
Fix typo in customizing-gitea.en-us.md (#16362)
Fixed a type in a URL in PlantUML code example in `customizing-gitea.en-us.md`.
2021-07-07 17:25:42 +02:00
GiteaBot
4fa791c47b [skip ci] Updated translations via Crowdin 2021-07-07 00:14:50 +00:00
6543
1b29747f0f
Changelog for v1.14.4 (#16348) (#16351)
* Changelog for v1.14.4 (#16348)

* docs: bump version

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-07-06 23:41:07 +08:00
GiteaBot
27c1578235 [skip ci] Updated translations via Crowdin 2021-07-06 00:14:50 +00:00
a1012112796
5bb97a12d7
Creating a repo from a template repo via API (#15958)
* Creating a repo from a template repo via API

fix #15934
ref:
https://docs.github.com/en/rest/reference/repos#create-a-repository-using-a-template

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-07-05 17:29:08 +02:00
Lunny Xiao
64122fe105
Fix docs assets link (#16337) 2021-07-04 15:56:40 +02:00
Lunny Xiao
760af187ba
Upgrade xorm to v1.1.1 (#16339) 2021-07-04 15:10:46 +02:00
zeripath
32fd11395b
Fix relative links in postprocessed images (#16334)
If a pre-post-processed file contains relative img tags these need to be updated
and joined correctly with the prefix. Finally, the node attributes need to be updated.

Fix #16308

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-04 10:26:04 +01:00
6543
fae07cbc8f
Update Vendor (#16325)
* Add Dependencie Update Script

* update gitea.com/lunny/levelqueue

* update github.com/PuerkitoBio/goquery

* update github.com/alecthomas/chroma

* update github.com/blevesearch/bleve/v2

* update github.com/caddyserver/certmagic

* update github.com/go-enry/go-enry/v2

* update github.com/go-redis/redis/v8

* update github.com/hashicorp/golang-lru

* update github.com/klauspost/compress

* update github.com/markbates/goth

* update github.com/mholt/archiver/v3

* update github.com/microcosm-cc/bluemonday

* update github.com/minio/minio-go/v7

* update github.com/olivere/elastic/v7

* update github.com/xanzy/go-gitlab

* update github.com/yuin/goldmark
2021-07-04 04:06:10 +02:00
GiteaBot
65ae46bc20 [skip ci] Updated licenses and gitignores 2021-07-04 00:14:37 +00:00
Val Lorentz
2e40ff38d1
docs: Fix broken anchors in links to awesome-gitea (#16331) 2021-07-03 21:42:33 +01:00
Stephen Holdaway
f166f9b2e1
Fix U2F error reasons always hidden (#16327)
This strict equality check in `u2fError` was causing the error
description to hide immediately after showing. `Object.keys`
always returns strings, but `errorType` argument is usually a
number type.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
2021-07-03 09:19:38 +01:00
GiteaBot
a9ba29b1cd [skip ci] Updated translations via Crowdin 2021-07-03 00:14:49 +00:00
zeripath
62c278e4ab
Fix modified files list in webhooks when there is a space (#16288)
* Fix modified files list in webhooks when there is a space

There is an unfortunate bug with GetCommitFileStatus where files with
spaces are misparsed and split at the space.

There is a second bug because modern gits detect renames meaning that
this function no longer works correctly.

There is a third bug in that merge commits don't have their modified
files detected correctly.

Fix #15865


Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-02 21:23:37 +02:00
6543
836884429a
Add forge emojies (#16296)
* codeberg :codeberg:
* gitlab :gitlab:
* git :git:
* github :github:
* gogs :gogs:
2021-07-02 16:04:57 +02:00
sebastian-sauer
92328a3394
Add API to get commits of PR (#16300)
* Add API to get commits of PR

fixes #10918

Co-authored-by: Andrew Bezold <andrew.bezold@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-02 14:19:57 +02:00
Jimmy Praet
a3476e5ad5
Wrap around for previous/next buttons (#16319)
Fixes #16317

Wrap around from last to first comment when clicking "Next" on last comment.
Wrap around from first to last comment when clicking "Previous" on first comment.
2021-07-02 00:02:48 +02:00
6543
290f458d46
Reserve user/repo pattern for rss feature (#16323) 2021-07-01 23:13:20 +08:00
Norwin
fc1d9629c6
Clarify GPG binary check (#14832)
fixes #14817

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-07-01 16:14:09 +02:00
6543
dfa18a8b1c
Introduce NotifySubjectType (#16320)
* Introduce NotifySubjectType

* update swagger docs
2021-07-01 12:51:24 +02:00
Jimmy Praet
ce286f9d9c
Support custom mime type mapping for text files (#16304)
* Support custom mime type mapping for text files

* Apply suggested change to routers/common/repo.go

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2021-06-30 17:31:54 -04:00
zeripath
9979983283
Update Go-Git to take advantage of LargeObjectThreshold (#16316)
Following the merging of https://github.com/go-git/go-git/pull/330 we
can now add a setting to avoid go-git reading and caching large objects.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-06-30 22:58:45 +02:00
techknowlogick
4f26e0ac0e
up current stable version in docs (#16318) 2021-06-30 16:27:09 -04:00
zeripath
302e8b6d02
Prevent zombie processes (#16314)
Unfortunately go doesn't always ensure that execd processes are completely
waited for. On linux this means that zombie processes can occur.

This PR ensures that these are waited for by using signal notifier in serv and
passing a context elsewhere.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-06-30 22:07:23 +02:00