Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.
Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.
Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.
Fix #9907
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Across several files, references to cron.update_migration_post_id are made, although the actual setting is called cron.update_migration_poster_id according to modules/setting/cron.go (10e2f29144/modules/setting/cron.go (L54)).
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Add IIS Reverse Proxy documentation
@mahdiit in #10748 described how to set up IIS as a reverse proxy. This
PR adds these to our documentation.
Close #10748
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update docs/content/doc/usage/reverse-proxies.en-us.md
Co-Authored-By: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Updated email setup documentation to include sendmail option
* Update docs/content/doc/usage/email-setup.en-us.md
full path to sendmail
Co-Authored-By: mrsdizzie <info@mrsdizzie.com>
* Update docs/content/doc/usage/email-setup.en-us.md
docker image does not have sendmail
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Update docs/content/doc/usage/email-setup.en-us.md
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Update docs/content/doc/usage/email-setup.en-us.md
Co-Authored-By: James Lakin <jamesorlakin@users.noreply.github.com>
* Update docs/content/doc/usage/email-setup.en-us.md
Co-Authored-By: James Lakin <jamesorlakin@users.noreply.github.com>
Co-authored-by: 8ctopus <hello@octopuslabs.io>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: James Lakin <jamesorlakin@users.noreply.github.com>
* Add more logging in the LFS server
Adds more logging in the LFS server and stops sending internal server
error information to the client
* Add LFS Lock cursor implementation
* Simplify Claims in LFS and remove the float64 casts
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Create system webhook column (and migration)
* Create system webhook DB methods
Based on the default webhook ones
* Modify router to handle system webhooks and default ones
* Remove old unused admin nav template
* Adjust orgRepoCtx to differentiate system and default webhook URLs
* Assign IsSystemWebhook when creating webhooks
* Correctly use booleans for IsSystemWebhook
* Use system webhooks when preparing webhooks for payload
* Add UI and locale changes
* Use router params to differentiate admin hook pages
* Fix deleting admin webhooks and rename method
* Add clarity to webhook docs
* Revert "Remove old unused admin nav template"
This reverts commit 191a20a7389fe5f6256b0ad6aafd04b9b0e295c5.
* Rename WebHooksNewPost to GiteaHooksNewPost for clarity
* Reintroduce blank line lost during merge conflict
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Also adjusted other version mentions so go version is always mentioned
as major.minor and node only as major.
Co-authored-by: silverwind <me@silverwind.io>
* Show Signer in commit lists and add basic trust
Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.
Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* ensure orange text and background is available
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update gpg_key.go
* Update models/gpg_key.go
* Apply suggestions from code review
* Require team collaborators to have access to UnitTypeCode
* as per @6543
* fix position of sha as per @silverwind
* as per @guillep2k
* Add frontend/backend make targets, fix source release
- Add 'make backend' and 'make frontend' make targets which are used to
build go and js/css/svg files respectively.
- The 'backend' target can be invoked without requiring Node.js to be
present on the system if pre-built frontend assets are present like
in the release source tarballs.
- Fix source releases missing 'dist' folders inside 'node_modules' which
were erronously excluded from tar.
- Store VERSION in file VERSION for the release tarballs and prefer that
file over git-derived version.
* fix release task
* fix typo
* fix another typo
Move langauge detection to separate module to be more reusable
Add option to disable vendored file exclusion from file search
Allways show all language stats for search
* Database Preparation
* Apply suggestions from @guillep2k
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Repeat strong password notice on PostgreSQL
* Add prerequisite note
* Use utf8mb4 instead of utf8
* Use utf8mb4 if complete character coverage wanted
* utf8mb4 recommended
* Reword utf8mb4 recommendation
* Set InnoDB global variables may be needed
* Reorder step number
* Whoops, bump year date
* Remove `SET GLOBAL`s and step number reorder
It is assumed that such global variables value are already as default on MySQL 5.7 and later, so those are redundant.
* Syntax edit on MySQL GRANT PRIVILEGEs
* DB engine uniformity intro edit
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Upgrade levelqueue to version 0.2.0
This adds functionality for Unique Queues
* Add UniqueQueue interface and functions to create them
* Add UniqueQueue implementations
* Move TestPullRequests over to use UniqueQueue
* Reduce code duplication
* Add bytefifos
* Ensure invalid types are logged
* Fix close race in PersistableChannelQueue Shutdown