Commit graph

2765 commits

Author SHA1 Message Date
zeripath
b59ed41e81
Use path not filepath in routers/editor (#14390)
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-01-19 00:20:10 +01:00
Ash McKenzie
6ff63c8202
Display error if twofaSecret cannot be retrieved (#14372) 2021-01-18 21:38:41 +01:00
Ash McKenzie
127907c5e6
Allow passcode invalid error to appear (#14371)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-18 03:51:32 -05:00
6543
21da519c0c
Implement ghost comment mitigation (#14349)
* Implement ghost comment mitigation

Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue.

* cleanup

* use setting module correctly

* add to docs

Co-authored-by: Moritz Marquardt <git@momar.de>
2021-01-17 21:48:38 +01:00
Lauris BH
ca63a9d3f1
Add edit, delete and reaction support to code review comments on issue page (#14339) 2021-01-17 19:29:10 +02:00
Jimmy Praet
acb1ceb1f4
Add review requested filter on pull request overview (#13701)
* Add review requested filter on pull request overview #13682

fix formatting

* add review_requested filter to /repos/issues/search API endpoint

* only Approve and Reject status should supersede Request status

* add support for team reviews

* refactor: remove duplication of issue filtering conditions
2021-01-17 17:34:19 +01:00
Jimmy Praet
872d308892
escape branch names in compare url (#14364) 2021-01-17 15:57:42 +01:00
Lunny Xiao
dc66e4740f
Fix middlewares sequences (#14354)
Co-authored-by: 6543 <6543@obermui.de>
2021-01-16 12:23:02 +01:00
6543
3091600cc8
KanBan: be able to set default board (#14147)
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-15 22:29:32 +02:00
Lauris BH
6eee9f0f4e
Merge default and system webhooks under one menu (#14244) 2021-01-15 01:24:03 +02:00
Lunny Xiao
84b147c7f0
Use IsProd instead of testing if it's equal. (#14336)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-14 23:17:03 +02:00
Lunny Xiao
60a3297a33
Use ServerError provided by Context (#14333)
... instead of InternalServerError by macaron
2021-01-14 21:27:22 +01:00
Lunny Xiao
f76c30094f
Fix typo (#14332) 2021-01-14 23:35:10 +08:00
Kyungmin Bae
edbc5c86df
Use Request.URL.RequestURI() for fcgi (#14312) (#14314) 2021-01-13 20:30:46 +00:00
Elena Neuschild
564030336d
Issues overview should not show issues from archived repos (#13220)
* Add lots of comments to user.Issues()

* Answered some questions from comments

* fix typo in comment

* Refac user.Issues(): add func repoIDs

* Refac user.Issues(): add func userRepoIDs

* Refac user.Issues(): add func issueIDsFromSearch

* Refac user.Issues(): improve error handling

* Refac user.Issues(): add inline documentation and move variable declarations closer to their usages

* Refac user.Issues(): add func repoIDMap

* Refac user.Issues(): cleanup

* Refac: Separate Issues from Pulls during routing

* fix typo in comment

* Adapt Unittests to Refactoring

* Issue13171: Issue and PR Overviews now ignore archived Repositories

* changed some verbatim SQL conditions to builder.Eq

* models/issue.go: use OptionalBool properly

Co-authored-by: 6543 <6543@obermui.de>

* Use IsArchived rather than ExcludeArchivedRepos

* fixed broken test after merge

* added nil check

* Added Unit Test securing Issue 13171 fix

* Improved IsArchived filtering in issue.GetUserIssueStats

* Removed unused func

* Added grouping to avoid returning duplicate repo IDs

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gitea <gitea@fake.local>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-12 23:19:17 -05:00
Jonathan Tran
81467e6f35
Display SVG files as images instead of text (#14101)
* Change to display SVG files as images

* Remove unsafe styles from SVG CSP

* Add integration test to test SVG headers

* Add config setting to disable SVG rendering

* Add test for img tag when loading SVG image

* Remove the Raw view button for svg files since we don't fully support this

* Fix copyright year

* Rename and move config setting

* Add setting to cheat sheet in docs

* Fix so that comment matches cheat sheet

* Add allowing styles in CSP based on pull request feedback

* Re-enable raw button since we show SVG styles now

* Change so that SVG files are editable

* Add UI to toggle between source and rendered image for SVGs

* Change to show blame button for SVG images

* Fix to update ctx data

* Add test for DetectContentType when file is longer than sniffLen

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
2021-01-12 22:45:19 -05:00
6543
74a0481586
[Refactor] Passwort Hash/Set (#14282)
* move SaltGeneration into HashPasswort and rename it to what it does

* Migration: Where Password is Valid with Empty String delete it

* prohibit empty password hash

* let SetPassword("") unset pwd stuff
2021-01-10 20:05:18 +02:00
6543
6b3b6f1833
Add option to change username to the admin panel (#14229)
Co-authored-by: Bwko <bouwko@gmail.com>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-10 14:14:02 +02:00
Jimmy Praet
bcb7f35221
Do not reload page after adding comments in Pull Request reviews (#13877)
Fixed #8861 
* use ajax on PR review page

* handle review comments

* extract duplicate code

FetchCodeCommentsByLine was initially more or less copied from fetchCodeCommentsByReview. Now they both use a common findCodeComments function instead

* use the Engine that was passed into the method

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-08 23:49:55 +02:00
Lunny Xiao
ce43d38b4f
Fix session bug when introduce chi (#14287)
* Update go-chi session
2021-01-08 14:15:06 +02:00
Timo Gurr
c1e30c9a84
Add secure/httpOnly attributes to the lang cookie (#9690) (#14279) 2021-01-07 14:40:24 +01:00
Lunny Xiao
3c96a37162
Some code improvements (#14266) 2021-01-06 19:23:57 +00:00
Jimmy Praet
8224f03a23
Check permission for the appropriate unit type (#14261)
* Check permission for the appropriate unit type

Fixes false positives for "User created Issues in Repository which they no longer have access to" errors

* change log level to Debug

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-06 07:07:58 +02:00
Lunny Xiao
a1c9e8f266
Fix windows build error (#14263)
* fix build

* take flash error message back and fix more windows lint error

* performance optimization

* own step to check lint for windows

Co-authored-by: 6543 <6543@obermui.de>
2021-01-06 09:38:00 +08:00
6543
325add71cf
Add option for administrator to reset user 2FA (#14243)
* Frontend

* Backend

* only show 2FA-Reset option if posible
2021-01-05 14:54:48 +01:00
Lunny Xiao
15a475b7db
Fix recovery middleware to render gitea style page. (#13857)
* Some changes to fix recovery

* Move Recovery to middlewares

* Remove trace code

* Fix lint

* add session middleware and remove dependent on macaron for sso

* Fix panic 500 page rendering

* Fix bugs

* Fix fmt

* Fix vendor

* recover unnecessary change

* Fix lint and addd some comments about the copied codes.

* Use util.StatDir instead of com.StatDir

Co-authored-by: 6543 <6543@obermui.de>
2021-01-05 21:05:40 +08:00
Jimmy Praet
9cc5a89b8c
Issue and pull request filters on organization dashboard #14052 (#14072) 2021-01-03 18:29:12 +01:00
Paul Barton
7576e37a65
Add MirrorInterval to the API (#14163)
* Added MirrorInterval to the API

* Remove MirrorInterval from CreateRepository

* Removed Duplicate UpdateMirror Function

* Updated Error Logging

* Update Log Message for is not Mirror

Co-authored-by: 6543 <6543@obermui.de>

* Delete Debug Statement that snuck in

Co-authored-by: zeripath <art27@cantab.net>

* Add Check for If Interval is too small

* Output to API Call

* Add Error Object when time is Less than Min Interval

* Frequency Error Message

Co-authored-by: zeripath <art27@cantab.net>

* Allow Zero Mirror Interval

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 18:47:47 -05:00
Lunny Xiao
21adeaad70
Fix dashboard issues labels filter bug (#14210)
Co-authored-by: zeripath <art27@cantab.net>
2021-01-01 12:49:42 -05:00
Johnny Oskarsson
a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
zeripath
ef825bd242
Check for notExist on profile repository page (#14197)
Fix #14189
2020-12-31 15:45:54 +08:00
Chester Liu
632800eda7
Check for 'main' as potential default branch name (#14193) 2020-12-30 15:46:26 +00:00
Timo Ley
2b2a4a53bf
Custom icons for OAuth sources (#14161)
* Add Icon URL to Backend

* Template for Icon URL

* Localization & Edit Icon URL

* Improve Custom Icon URL

* Removed not working else

Co-authored-by: 6543 <6543@obermui.de>
2020-12-28 03:35:55 +01:00
Jimmy Praet
40274b4a93
Team dashboards (#14159) 2020-12-27 21:58:03 +02:00
Lunny Xiao
dd08853b10
Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244)
* Dump github/gitlab repository data to a local directory

* Fix lint

* Adjust directory structure

* Allow migration special units

* Allow migration ignore release assets

* Fix lint

* Add restore repository

* stage the changes

* Merge

* Fix lint

* Update the interface

* Add some restore methods

* Finish restore

* Add comments

* Fix restore

* Add a token flag

* Fix bug

* Fix test

* Fix test

* Fix bug

* Fix bug

* Fix lint

* Fix restore

* refactor downloader

* fmt

* Fix bug isEnd detection on getIssues

* Refactor maxPerPage

* Remove unused codes

* Remove unused codes

* Fix bug

* Fix restore

* Fix dump

* Uploader should not depend downloader

* use release attachment name but not id

* Fix restore bug

* Fix lint

* Fix restore bug

* Add a method of DownloadFunc for base.Release to make uploader not depend on downloader

* fix Release yml marshal

* Fix trace information

* Fix bug when dump & restore

* Save relative path on yml file

* Fix bug

* Use relative path

* Update docs

* Use git service string but not int

* Recognize clone addr to service type
2020-12-27 11:34:19 +08:00
zeripath
ad1164f73b
Disable SSH key deletion of externally managed Keys (#13985)
* Disable SSH key addition and deletion when externally managed

When a user has a login source which has SSH key management
key addition and deletion using the UI should be disabled.

Fix #13983

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make only externally managed keys disabled

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-25 23:24:47 -05:00
6543
a19447aed1
migrate from com.* to alternatives (#14103)
* remove github.com/unknwon/com from models

* dont use "com.ToStr()"

* replace "com.ToStr" with "fmt.Sprint" where its easy to do

* more refactor

* fix test

* just "proxy" Copy func for now

* as per @lunny
2020-12-25 11:59:32 +02:00
Daniil Pankratov
5a94db37ed
Fix creating OAuth2 auth source from CLI (#14116)
Fix creation OAuth2 auth source from CLI.

Fix #8356

Co-authored-by: Daniil Pankratov <daniil.pankratov@t-systems.com>
2020-12-24 19:47:17 +00:00
Norwin
bdeccc3688
Fix api doc response code (#14123)
Fixes #14120
2020-12-24 18:14:01 +00:00
zeripath
fa2e34928d
Ensure that search term and page are not lost on adoption page-turn (#14133)
Fix #14111

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-24 23:26:19 +08:00
Jimmy Praet
e0c753e770
Fix spelling avator -> avatar (#14115) 2020-12-22 22:28:03 +01:00
silverwind
3a21f8a986
Inline manifest.json (#14038)
* Inline manifest.json

Improve performance by eliminating this separate request and just inline
this small JSON in HTML directly as a data uri.

Also update previously static app name scripts to use AppName.

I've confirmed this as working via "Add to Homescreen" feature which
offered to save the shortcut under the new app name.

* prerender manifest data on startup

* move to settings

* restore setting.AppStartTime and use it on admin page

* use double quotes because template.URL escapes everything

* fix lint

* move variable to global context variable

* delete template file

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-22 19:13:50 +08:00
Norwin
c2ae432489
Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
* add user filter to issueTrackedTimes

fixes #14024

* update swagger

* allow user filter for issue writers

* improve swagger doc

* return 404 on invalid user
2020-12-22 04:47:17 +01:00
Norwin
f6bec85296
rework heatmap permissions (#14080)
* now uses the same permission model as for the activity feed:
  only include activities in repos, that the doer has access to.
  this might be somewhat slower.

* also improves handling of user.KeepActivityPrivate (still shows
  the heatmap to self & admins)

* extend tests

* adjust integration test to new behaviour

* add access to actions for admins

* extend heatmap unit tests
2020-12-22 03:53:37 +01:00
Mura Li
09304db9a5
Use the text of pull-request as the squash commit's message (#13071)
Originally, it was filled by the commit messages of the involved
commits. In this change, we use the headline comment of the pull
request as the commit message when it is a squash merge.

Thanks to @zeripath for suggesting the idea.

Fixes #12365

Co-authored-by: Mura Li <typeless@users.noreply.github.com>
2020-12-21 17:46:14 +01:00
a1012112796
34df4e5df5
Add mentionable teams to tributeValues and change team mention rules to gh's style (#13198)
* Add mentionable teams to tributeValues

Signed-off-by: a1012112796 <1012112796@qq.com>

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Change team mention rules to gh's style

* use org's avator as team avator in ui

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update modules/markup/html.go

* Update models/issue.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Update models/issue.go

* fix a small nit and update test code

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-21 16:39:28 +01:00
Paweł Bogusławski
839daa85aa
Added option to disable migrations (#13114)
* Added option to disable migrations

This patch introduces DISABLE_MIGRATIONS parameter in [repository]
section of app.ini (by default set to false). If set to true
it blocks access to repository migration feature.

This mod hides also local repo import option in user editor if
local repo importing or migrations is disabled.

* Alter Example config

DISABLE_MIGRATIONS set to false in example config to
match its default value.

* HTTP error 403 instead of 500 on denied access to migration

* Parameter DISABLE_MIGRATIONS exposed via API

Fixes: 04b04cf854bcb3ed7659442bcf79822bdebe29e9
Author-Change-Id: IB#1105130
2020-12-21 15:39:41 +01:00
Cirno the Strongest
f3c4baa84b
Show dropdown with all statuses for commit (#13977)
* Show dropdown with all statuses for commit

* Use popups

* Remove unnecessary change

* Style popup

* Use divided list

* As per @silverwind

* Refactor GetLastCommitStatus

* Missing dropdown on repo home and commit page

* Fix tests

* Make status icon be a part of a link on PR list

* Fix missing translation call

* Indent fix

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-20 11:13:12 +08:00
Jiri Vlasak
d7c67a9fb2
Manually approve new registration (#13083)
* Add register manual confirm settings option

The new settings option is used when manually approving new
registrations.

* Enable manual confirmation of new registered user

When manual registration confirmation is desired (by default `false`)
create new user in the database that is *not active*. The user must then
be activated manually.

This change speeds up the process of adding new confirmed users for
Gitea instances without external auth mechanism. (Currently the option
is to manually create new user by admin.)

* Update docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-19 20:31:06 -05:00
Cirno the Strongest
efa9a8a6e3
Show status check for merged PRs (#13975)
* Show status check for merged PRs

* Handle PRs with no commits

* Styling

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-18 13:37:55 +01:00