* Prevent creating empty sessions
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update modules/setting/session.go
* Remove unnecessary option
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add destory to list of ignored misspellings
* rename cookie.go -> virtual.go
* Delete old file
* Add test to ensure that sessions are not created without being logged in
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix tests
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update integrations/create_no_session_test.go
* Use go-git for tree reading and commit info lookup.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use TreeEntry.IsRegular() instead of ObjectType that was removed.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use the treePath to optimize commit info search.
Signed-off-by: Filip Navara <navara@emclient.com>
* Extract the latest commit at treePath along with the other commits.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix listing commit info for a directory that was created in one commit and never modified after.
Signed-off-by: Filip Navara <navara@emclient.com>
* Avoid nearly all external 'git' invocations when doing directory listing (.editorconfig code path is still hit).
Signed-off-by: Filip Navara <navara@emclient.com>
* Use go-git for reading blobs.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make SHA1 type alias for plumbing.Hash in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make Signature type alias for object.Signature in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix GetCommitsInfo for repository with only one commit.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix PGP signature verification.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix issues with walking commit graph across merges.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix typo in condition.
Signed-off-by: Filip Navara <navara@emclient.com>
* Speed up loading branch list by keeping the repository reference (and thus all the loaded packfile indexes).
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix lising submodules.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix build
Signed-off-by: Filip Navara <navara@emclient.com>
* Add back commit cache because of name-rev
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix tests
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix code style
* Fix spelling
* Address PR feedback
Signed-off-by: Filip Navara <navara@emclient.com>
* Update vendor module list
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix getting trees by commit id
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix remaining unit test failures
* Fix GetTreeBySHA
* Avoid running `git name-rev` if not necessary
Signed-off-by: Filip Navara <navara@emclient.com>
* Move Branch code to git module
* Clean up GPG signature verification and fix it for tagged commits
* Address PR feedback (import formatting, copyright headers)
* Make blob lookup by SHA working
* Update tests to use public API
* Allow getting content from any type of object through the blob interface
* Change test to actually expect the object content that is in the GIT repository
* Change one more test to actually expect the object content that is in the GIT repository
* Add comments
* Add API for manipulating Git hooks
Signed-off-by: Segev Finer <segev@codeocean.com>
* Replace code.gitea.io/sdk with PR branch temporarily for CI
* Switch back to code.gitea.io/sdk@master
* Return 403 instead of 404 on no permission to edit hooks in API
* Add tests for Git hooks API
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* empty line
* Add option to disable refresh token invalidation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add integration tests and remove wrong todos
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix typo
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix tests and add documentation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Support searching commits with prefix syntax
For now, support auther: committer:
When more than one prefix is supplied is presented, the result is the union.
When different prefixes are supplied, the result is the intersection.
For example,
"author:alice author:bob"
=> the result is all commits authored by Alice OR Bob
"hello committer:alice"
=> the result is all commits committed by Alice AND has the keyword
'hello' in the message.
Note that there should NOT have any space after the colon(:) of the prefix.
For example,
"author:bill" => correct
"author: bill" => wrong
* Remove unneeded logging
* Add missing files of test repository
* Add missing repo_unit entries to test fixtures
* Update test cases
* Add tooltip for commits search button
* Update tooltip text
I have no idea about how to format it with line breaks.
* Make the usage example more real
* Add a test case
* Add new options struct for SearchCommits
* Prefer len(s) > 0 over s != ""
* Add NewSearchCommitsOptions
* Rename BaseLogger to WriterLogger to help the creation of other providers
* Don't export ColorBytes and ResetBytes from ColoredValues
* Make integration tests only print logs if they fail
* check can color before coloring
* I always forget about MSSQL
* Oh and use LEVEL in sqlite.ini
* Make the test logger log at info - as it means you see the router
* Remove empty expected changes
* Make the migrations quieter too
* Don't display SQL on error - it can be looked at in the file logs if necessary
* Fix skip when using onGiteaRun
* Clean up ref name rules
Clean up checks on reference names to better conform to the guideline
here: https://git-scm.com/docs/git-check-ref-format
This fixes half of #6321
* Update branch create integration test
According to: https://git-scm.com/docs/git-check-ref-format
And: git check-ref-format "master/feature=test1"
This is a valid branch name and we should not be testing for it to fail.
* Use PathUnescape instead of QueryUnescape when working with branch names
Currently branch names with a '+' fail in certain situations because
QueryUnescape replaces the + character with a blank space.
Using PathUnescape should be better since it is defined as:
// PathUnescape is identical to QueryUnescape except that it does not
// unescape '+' to ' ' (space).
Fixes #6333
* Change error to match new function name
* Add new util function PathEscapeSegments
This function simply runs PathEscape on each segment of a path without
touching the forward slash itself. We want to use this instead of
PathEscape/QueryEscape in most cases because a forward slash is a valid name for a
branch etc... and we don't want that escaped in a URL.
Putting this in new file url.go and also moving a couple similar
functions into that file as well.
* Use EscapePathSegments where appropriate
Replace various uses of EscapePath/EscapeQuery with new
EscapePathSegments. Also remove uncessary uses of various
escape/unescape functions when the text had already been escaped or was
not escaped.
* Reformat comment to make drone build happy
* Remove no longer used url library
* Requested code changes
* Remove all CommitStatus when a repo is deleted
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* More UI tweaks
More info in PR
* Generate stylesheet for arc-green
* Make gofmt work
* Change PR integration since the button is changed
* Rebase
* Generate stylesheet
* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed
* Commit to reference related issues
Resolves #5782
Resolves #5861
Addresses original question in #5993
* Change the comment wording since PR button is no longer little and green.
* Revert changes that made Windows work
* Regenerate stylesheet
* Regenerate stylesheets
* make generate-stylesheets
* Update integration again, changed button style
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future
* Added missing semi-colons
* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns
* Remove extra tab formatting in list.tmpl
* Remove more formatting from GoLand
* Replace hardcoded "No License" with i18n license helper.
* Show email if the authenticated user owns the profile page being
requested for.
Also removed `setting.UI.ShowUserEmail` as it's documentation says it
only controls the email setting on the explore page
* fix current user check... This prevents a panic as a user must be signed in before ctx.User is called
* fix panic in tests
* try to fix tests
* Update year
* Test CI fail
* Revert change
* User 3 is not allowed to authorize
* Set user2 email to be private
* Change to user4 in explore page as user2 now has private email option set
This PR makes it possible for the markdown renderer to render images and media straight from the LFS.
Fix #5746
Signed-off-by: Andrew Thornton [art27@cantab.net](mailto:art27@cantab.net)
* use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines
* fix tests and add comment head
* Fix serving of raw wiki files other than .md
Closes #4690.
Closes #4395.
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Simplify code at routers/repo/wiki.go
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add more files to user2/repo1.wiki for testing
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Update macaron to v1.3.2
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add tests for WikiRaw
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Fix NewResponseWriter usage due to macaron update
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add raw to reserved wiki names
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix #1357
The gitea prerecieve and postrecieve hooks and the gitea PushUpdate function require that the PusherID and PusherName are real users. Previously, these environment variables were not being set when using a deploy key - the main result being that pushing to empty repositories meant that is_empty status was not changed.
I've also added an integration test to ensure that the is_empty status is updated on pushing with a deploy key.
There is a slight issue in that the deploy key is now considered a proxy for the owner - we don't have a way of separating out the deploy key from the owner at present. This can be fixed in another PR.
Fix #3795
Signed-off-by: Andrew Thornton art27@cantab.net
* Create log mailer for testing email settings
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch on the log mailer for the integration tests
This ensures that the sending mail process works
Signed-off-by: Andrew Thornton <art27@cantab.net>
* rename the from user for mysql/mssql
* rename log sender to dummy sender
* update the integration tests
* Add migration test
This commit adds a simple migration test for v1.5.3, v1.6.4 and v1.7.0-rc3
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Automigrate based on available dbs
* remove old ini file
* Standardise the dialect names
* Ensure valid git author names passed in signatures
Fix #5772 - Git author names are not allowed to include `\n` `<` or `>` and
must not be empty. Ensure that the name passed in a signature is valid.
* Account for pathologically named external users
LDAP and the like usernames are not checked in the same way that users who signup are.
Therefore just ensure that user names are also git safe and if totally pathological -
Set them to "user-$UID"
* Add Tests and adjust test users
Make our testcases a little more pathological so that we be sure that integration
tests have a chance to spot these cases.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Pooled and buffered gzip implementation
* Add test for gzip
* Add integration test
* Ensure lfs check within transaction
The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.
* Try to avoid primary key problem in postgres
The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
* Added test environment for m$sql
* Added template for test environment for m$sql
* Fix password
* Fix password (again)
* Fix password (again again)
* Fix db
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Create master database for mssql integration tests
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Create database only if master do not exist
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix mssql integration tests by using custom database "gitea"
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Moved defer
* bump xorm
* updated xorm
* Fixed build
* Inital routes to git refs api
* Git refs API implementation
* Update swagger
* Fix copyright
* Make swagger happy add basic test
* Fix test
* Fix test again :)
* add api for user to create org
* remove unused blank line on the swagger file end
* fix create and add test
* fix tests
* fix routes of create org API
* fix bug
* add copyright heads
* Add raw blob endpoint
This should make it possible to download raw blobs directly from
/:repo/:username/raw/blob/:sha1 URLs.
* fix: Make it work
* As an SHA-ID is no path getRefNameFromPath can't be used to verify
file specifying parameter
* added relevant change in go-gitea/git #132
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* Update Gopkg.lock
Can't update all vendors due to errors
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* style: Add Gitea copyright header
* feat: Added integration test for /repo/u/r/raw/blob
* fix: correct year in copyright header
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation
Fixes #5226, #5249
* /api/v1/admin/users routes should have reqToken middleware
* Add private information to the deploy keys api
This commit adds more information to the deploy keys to allow for back
reference in to the main keys list. It also adds information about the
repository that the key is referring to.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add private information to the user keys API
This adjusts the keys API to give out private information to user keys if
the current user is the owner or an admin.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ability to search keys by fingerprint
This commit adds the functionality to search ssh-keys by fingerprint of
the ssh-key. Deploy keys per repository can also be searched. There is
no current clear API point to allow search of all deploy keys by
fingerprint or keyID.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add integration test
* Fix issue where ecdsa and other key types are not synced from LDAP authentication provider fixes #5092
* integrations/auth_ldap_test.go: Add Hermes Conrad new ecdsa-sha2-nistp256 publickey fingerprint
* integrations/auth_ldap_test.go: Use ssh-keygen -lf <filename> -E sha256
* Added basic heatmap data
* Added extra case for sqlite
* Built basic heatmap into user profile
* Get contribution data from api & styling
* Fixed lint & added extra group by statements for all database types
* generated swagger spec
* generated swagger spec
* generated swagger spec
* fixed swagger spec
* fmt
* Added tests
* Added setting to enable/disable user heatmap
* Added locale for loading text
* Removed UseTiDB
* Updated librejs & moment.js
* Fixed import order
* Fixed heatmap in postgresql
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: kolaente <konrad@kola-entertainments.de>
* Added copyright header
* Fixed a bug to show the heatmap for the actual user instead of the currently logged in
* Added integration test for heatmaps
* Added a heatmap on the dashboard
* Fixed timestamp parsing
* Hide heatmap on mobile
* optimized postgresql group by query
* Improved sqlite group by statement
* prevent pull request to be merged when PR is a WIP
* add tests
* add helper to prepend WIP: in PR title
* move default wip prefixes into settings
* use configurable WIP prefixes in javascript and default to first one in templates
* add documentation
* add unit test on pull model
Signed-off-by: Julien Tant <julien@craftyx.fr>
* Repositories can only migrated to own user or organizations
* Add check for organization that user does not belong to
* Allow admin to migrate repositories for other users
* Add LDAP Key Synchronization feature
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Add migration: add login source id column for public_key table
* Only update keys if needed
* Add function to only list pubkey synchronized from ldap
* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.
* Only get keys belonging to current login source id
* Set default login source id to 0
* Some minor cleanup. Add integration tests (updete dep testify)
* moved avatar to profile page
* combined password change, email and account deletion into account settings page
* combined totp, access tokens, linked accounts and openid into security settings page
* move access tokens to applications settings page
* small change to restart drone build
* fix change avatar url on profile page
* redirect old settings urls to new ones
* enforce only one autofocus attribute on settings pages
* set correct redirect status code
* fmt fix
* Add LDAP service for tests
* Add LDAP login source and test user sign-in
* Add checks to test if user data is correct
* Add LDAP user sync test
* Add failed user sign-in test
* Added user language setting
* Added translation string for setting
* Fixed import order + typo
* improved checking if the user has a language saved in the db
* The current saved language is now set a default inside the dropdown
* fmt
* When a user signs in and doesn't have a language saved, the current browser language is saved
* updated gitea-sdk
* Merge branch 'master' of https://github.com/go-gitea/gitea into save-user-language
# Conflicts:
# models/migrations/migrations.go
# models/migrations/v62.go
* Made tests work again
* trigger CI
* trigger CI
* fmt
* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO
* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO
* When loggin in, only the language col gets updated instead of everything
* test: integration add git cli tests
Extracted form for easing review process and debug #3152
* test: integration add git cli big file commit
* fix: Don't rewrite key if internal server
* Pull request options migration and UI in settings
* Add ignore whitespace functionality
* Fix settings if pull requests are disabled
* Fix migration transaction
* Merge with Rebase functionality
* UI changes and related functionality for pull request merging button
* Implement squash functionality
* Fix rebase merging
* Fix pull request merge tests
* Add squash and rebase tests
* Fix API method to reuse default message functions
* Some refactoring and small fixes
* Remove more hardcoded values from tests
* Remove unneeded check from API method
* Fix variable name and comment typo
* Fix reset commit count after PR merge
* Serve pull request .diff files
Closes #3259
* Add test for pull request redirection and .diff access
* Typo
* There's no need to test for pr.BaseRepo being nil after calling GetBaseRepo
* Viewport meta tag
* responsive: dashboard
* responsive: issues page
* responsive: Explore page
* responsive: navbar, and some navbar css refactoring
* responsive: button for collapsing navbar in mobile view
* Mark the hamburger button as active when pressed
* better homepage for responsive views
* Bring back jump class in navbar
The class was necessary, because this way the
dropdown doesn't assume the contents of the
selected item.
* make repository homes responsive
* Make file view page responsive
* Make forms look good on responsive views
* make commits and commit diff view responsive
* issues and PRs
* responsive wiki
* Don't place auto-init far off the page
* Minor changes to amend broken stuff
minor improvements
- make login/sign up in navbar stackable
- make navbar in explore and sign in not stackable
Change selected class in TestPullCompare
Fix typo that happened when rebasing
fix dashboard on org view
improve profile UI
Use clearing on file diff to fix broken UI caused by floating elements
remove unresolved merge conflict, and | Sanitize
Fix repo home not loading
* Add failing test
* Fix urls
* Improve url in tests
* improve testing
* Remove debug code
* Add deps
* LFS corner-case : Search on lower but store with case
* Temporary comment of blocking action
* fix hooks
* Use temporary repo for git client test
* Use userPassword in place of hard-coded password
* Delete a user's public key via admin api
* Test admin ssh endpoint for creating a new ssh key
* Adapt public ssh key test to also test the delete operation
* Test that deleting a missing key will result in a 404
* Test that a normal user can't delete another user's ssh key
* Make DeletePublicKey return err
* Update swagger doc
* Implement routes
* move to api/sdk and create model
* Implement add + list
* List return 200 empty list no 404
* Add verify lfs lock api
* Add delete and start implementing auth control
* Revert to code.gitea.io/sdk/gitea vendor
* Apply needed check for all lfs locks route
* Add simple tests
* fix lint
* Improve tests
* Add delete test + fix
* Add lfs ascii header
* Various fixes from review + remove useless code + add more corner case testing
* Remove repo link since only id is needed.
Save a little of memory and cpu time.
* Improve tests
* Use TEXT column format for path + test
* fix mispell
* Use NewRequestWithJSON for POST tests
* Clean path
* Improve DB format
* Revert uniquess repoid+path
* (Re)-setup uniqueness + max path length
* Fixed TEXT in place of VARCHAR
* Settle back to maximum VARCHAR(3072)
* Let place for repoid in key
* Let place for repoid in key
* Let place for repoid in key
* Revert back