* Add setting to disable authorized_keys backup when rewriting public keys
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Update default value to comply with documentation
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Use tmp-file instead of bak-file for saving manually added keys.
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing and build bakpath with sprintf only
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Only close file once
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not modify calcFingerprint
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Fix casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change style from disable to enable
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change name, just SSH_BACKUP_AUTHORIZED_KEYS
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not check for directory existence if backup is disabled
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
The well commented conf/app.ini file that comes with the code shows the
ROOT_URL (i.e. setting.AppURL) as:
ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
However the installed custom/conf/app.ini file does not include this setting as
shown, and the default in the setting module was hard coded to
http://localhost:3000/ instead of what is shown above.
With this change the ROOT_URL will default to what is shown above if it is not
set in the custom/conf/app.ini.
Of course it is still possible to override the default by adding the ROOT_URL
setting to your custom/conf/app.ini file as usual.
Signed-off-by: Mike Fellows <mike.fellows@shaw.ca>
* Send mails as HTML as default. Setting for send as plain text.
* Add new option SendAsPlainText. remove EnableHTMLAlternative
* Send HTML mails as default
* Add html check if html2text should be performed
* Send only multipart or plain. Add deprication warning for ENABLE_HTML_ALTERNATIVE
* Still use ENABLE_HTML_ALTERNATIVE for backward compatibility
* Changed to not ignore html2text errors
* Include formatting check to the `make check` rule
... and give it its own standalone target too (make fmt-check)
Show diff on fmt-check failure
Do not allow running "fmt-check" with incompatible go version
Also simplify the `fmt` rule
* Forbid running "make fmt" with Go version != 1.7 or 1.8
* Ignore bindata.go for spelling and formatting checks
also remove duplicated variable assignment for GOFILES
* Run `make fmt`
* add internal routes for ssh hook comands
* fix lint
* add comment on why package named private not internal but the route name is internal
* add comment above package private why package named private not internal but the route name is internal
* remove exp time on internal access
* move routes from /internal to /api/internal
* add comment and defer on UpdatePublicKeyUpdated
* Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION
Omit the configuration variable (the default) to be dependent.
Fixes #1363
* Move OpenID settings under Service object
* Show OpenID SignUp and SignIn status in admin panel / configuration
* Fix for #828
Add build tags to ldflags and print in version output
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Reworked formatBuiltWith function
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Add tags to version information in admin panel
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Added new variable for use on admin page.
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Fixed incorrect indentation
* Allow using custom time format
I need to use custom time format in `conf/app.ini' like
FORMAT = 2006-01-02 15:04:05
so that Gitea will display '2017-01-30 08:41:49'
check this answer for more constants to format date <http://stackoverflow.com/a/20234207/2570425>
PS: First GO commit
* Refactor and validate TimeFormat (must have 2006, 01, 02, 15, 04 and 05)
This change corrects a few logging issues:
* Standardized formatting errors with '%v'.
* Standardized failure warning word usage.
* Corrected an instance of using the standard log library when
the gitea log library should be used instead.
* Remove the default console logger when it is not set in the configuration
* Added comment to new function (lint failure)
* update based on PR comments (code style)
* code style fix (thanks bkcsoft)
* check if logger exists based on the l.outputs (like in l.DelLogger) instead of adapter, otherwise panic when reinstalling gitea (since the output adapter still exist, without outputs)
* Moved attachaments POST url from /issues/attachments to /attachments
* Implemented attachment upload on release page
* Implemented downloading attachments on the release page
* Added zip and gzip files to default allowed attachments
* Implemented uploading attachments on edit release
* Renamed UploadIssueAttachment to UploadAttachment
- Add site-wide option DEFAULT_KEEP_EMAIL_PRIVATE.
- Add the new option to the install and admin/config pages.
- Add the new option to app.ini in the service section.
- Add the new option to the settings struct.
- Add English text strings to i18n.
- Add field KeepEmailPrivate to user struct.
- Add field KeepEmailPrivate to user form.
- Add option to UI.
- Add using noreply email address if user has "Keep Email Private".
An email address <LowerName>@<NO_REPLY_ADDRESS> is now used in commit
messages (and hopefully all other git log relevant places). The
change relies on the fact that git commands should use
user.NetGitSig().
- Add hiding of email address in UI, if user has set "Keep Email Private".
- Add condition to show email address only on explore/users and user
pages, if user has not set "Keep Email Private".
- Add noreply email in API if set "Keep Email Private".
- Add a new service setting NO_REPLY_ADDRESS. The value of this
setting is used as the domain part for the user's email address in
git log, iff he decides to keep his email address private.
If the user decides to keep his email address private and this
option is not set 'noreply.example.org' is used, which no MTA
should send email to.
Add NO_REPLY_ADDRESS to conf/app.ini.
* UI config to toggle whether user email shows up in Explore Users
* Recommendation made by @tboerger
66a1c59fe7 (r94122732)
* fixed typo, rename ShowUserEmailInExplore to ShowUserEmail
* Fixed typo merged conflict
* Hide email in the user profile page
if you are active ShowUserEmail
ref https://github.com/go-gitea/gitea/pull/336#issuecomment-269843725
* Please replace MustBool() with MustBool(true)
* Import github.com/git-lfs/lfs-test-server as lfs module base
Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198
Removed:
Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go
.dockerignore .gitignore README.md
* Remove config, add JWT support from github.com/mgit-at/lfs-test-server
Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83
* Add LFS settings
* Add LFS meta object model
* Add LFS routes and initialization
* Import github.com/dgrijalva/jwt-go into vendor/
* Adapt LFS module: handlers, routing, meta store
* Move LFS routes to /user/repo/info/lfs/*
* Add request header checks to LFS BatchHandler / PostHandler
* Implement LFS basic authentication
* Rework JWT secret generation / load
* Implement LFS SSH token authentication with JWT
Specification: https://github.com/github/git-lfs/tree/master/docs/api
* Integrate LFS settings into install process
* Remove LFS objects when repository is deleted
Only removes objects from content store when deleted repo is the only
referencing repository
* Make LFS module stateless
Fixes bug where LFS would not work after installation without
restarting Gitea
* Change 500 'Internal Server Error' to 400 'Bad Request'
* Change sql query to xorm call
* Remove unneeded type from LFS module
* Change internal imports to code.gitea.io/gitea/
* Add Gitea authors copyright
* Change basic auth realm to "gitea-lfs"
* Add unique indexes to LFS model
* Use xorm count function in LFS check on repository delete
* Return io.ReadCloser from content store and close after usage
* Add LFS info to runWeb()
* Export LFS content store base path
* LFS file download from UI
* Work around git-lfs client issue with unauthenticated requests
Returning a dummy Authorization header for unauthenticated requests
lets git-lfs client skip asking for auth credentials
See: https://github.com/github/git-lfs/issues/1088
* Fix unauthenticated UI downloads from public repositories
* Authentication check order, Finish LFS file view logic
* Ignore LFS hooks if installed for current OS user
Fixes Gitea UI actions for repositories tracking LFS files.
Checks for minimum needed git version by parsing the semantic version
string.
* Hide LFS metafile diff from commit view, marking as binary
* Show LFS notice if file in commit view is tracked
* Add notbefore/nbf JWT claim
* Correct lint suggestions - comments for structs and functions
- Add comments to LFS model
- Function comment for GetRandomBytesAsBase64
- LFS server function comments and lint variable suggestion
* Move secret generation code out of conditional
Ensures no LFS code may run with an empty secret
* Do not hand out JWT tokens if LFS server support is disabled
* Implemented sendmail. This piggybacks on existing configuration to keep the change simple
* Changed privicy of new sendSMTP and sendSendmail functions
* Fixed Lint errors
* Seperated SMTP and sendmail into their own senders
* Making new structs private as they should not be used externally now
* Added sendmail setting to ini file
* Minor code cleanup
* Enables mssql support
Port of dlobs work in gogs.
Enables options in index.js
Enables MSSQL as a database option in go.
Sets ID to 0 on initial migration. Required for
MSSQL insert statements.
Signed-off-by: Beau Trepp <beautrepp@gmail.com>
* Vendors in denisenkom/go-mssqldb
Includes golang.org/x/crypto/md4
as this is required by go-msssqldb
Signed-off-by: Beau Trepp <beautrepp@gmail.com>
* Moved conf assets into options folder
* Dropped old bindata
* Started to integrate options bindata and accessors
* Do not enforce a builtin app.ini
* Replaced bindata calls with options
* Dropped bindata task from makefile, it's the generate task now
* Always embedd app.ini to provide sane config defaults
* Use sane defaults for the configuration
* Defined default value for SSH_KEYGEN_PATH
* Dropped "NEVER EVER MODIFY THIS FILE" header from app.ini
* Fixed new paths in latest test additions
* Drop bindata with make clean task
* Set more proper default values
* Get rid of the bin folder within the build process
Signed-off-by: Thomas Boerger <thomas@webhippie.de>
* Dropped latest make task, it is unused
Signed-off-by: Thomas Boerger <thomas@webhippie.de>
* Added tidb tag to drone config
Signed-off-by: Thomas Boerger <thomas@webhippie.de>
* Dropped the cert build tag
Signed-off-by: Thomas Boerger <thomas@webhippie.de>
* Dropped useless minwinsvc build tag
Signed-off-by: Thomas Boerger <thomas@webhippie.de>
* Dropped the useless build tags from drone config
Signed-off-by: Thomas Boerger <thomas@webhippie.de>
Still use GOGS_WORK_DIR and GOGS_CUSTOM env variables
as a fallback if the equivalent GITEA_* are not set,
warning user about the need for change.
Does not change "gogs" to "gitea" in webhook type name
Because "gogs" hook type is part of the API (routes) and used
in templates...
Closes #87
* Add support for federated avatars
Fixes #3105
Removes avatar fetching duplication code
Adds an "Enable Federated Avatar" checkbox in user settings
(defaults to unchecked)
Moves avatar settings all in the same form, making
local and remote avatars mutually exclusive
Renames UploadAvatarForm to AvatarForm
as it's not anymore only for uploading
* Run gofmt on all modified files
* Move Avatar form in its own page
* Add go-libravatar dependency to vendor/ dir
Hopefully helps with accepting the contribution.
See also #3214
* Revert "Add go-libravatar dependency to vendor/ dir"
This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82.
* Make federated avatar setting a global configuration
Removes the per-user setting
* Move avatar handling back to base tool, disable federated avatar in offline mode
* Format, handle error
* Properly set fallback host
* Use unsupported github.com mirror for importing go-libravatar
* Remove comment showing life exists outside of github.com
... pity, but contribution would not be accepted otherwise
* Use Combo for Get and Post methods over /avatar
* FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR
* Fix persistance of federated avatar lookup checkbox at install time
* Federated Avatars -> Enable Federated Avatars
* Use len(string) == 0 instead of string == ""
* Move import line where it belong
See
https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md
Pity the import url is still the unofficial one, but oh well...
* Save a line (and waste much more expensive time)
* Remove redundant parens
* Remove an empty line
* Remove empty lines
* Reorder lines to make diff smaller
* Remove another newline
Unknwon review got me start a fight against newlines
* Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE
On re-reading the diff I figured what Unknwon meant here:
https://github.com/gogits/gogs/pull/3320/files#r73741106
* Remove newlines that weren't there before my intervention
- Try to reduce memory allocations
- Add possibility to disable diff highlight (can improve performance for large diffs)
- Tweaking with cost for prettier (cleaner) diffs
- Do not calculate diff when the number of removed lines in a block is not equal to the number of added lines (this usually resulted in ugly diffs)
Config option [server] SSH_LISTEN_PORT to the port the builtin SSH server will be listen.
It can be different from SSH_PORT which is supposed to be exposed in the clone URL.
This should solve the problem when user runs Gogs inside Docker container
and still want to use builtin SSH server.
This commit adds the possibibility to use either the native golang
libraries or ssh-keygen to check public keys. The check is adjusted
depending on the settings, so that only supported keys are let through.
This commit also brings back the blacklist feature, which was removed in
7ef9a05588. This allows to blacklist
algorythms or keys based on the key length. This works with the native
and the ssh-keygen way.
Because of #2179 it also includes a way to adjust the path to
ssh-keygen and the working directory for ssh-keygen. With this,
sysadmins should be able to adjust the settings in a way, that SELinux
is okay with it. In the worst case, they can switch to the native
implementation and only loose support for ed25519 keys at the moment.
There are some other places which need adjustment to utilize the
parameters and the native implementation, but this sets the ground work.
Local (DMZ) URL for gogs workers (such as ssh update) accessing web service. In
most cases you do not need to change default http://localhost:HTTP_PORT/. You
may need to alter it only if your ssh server node is not the same as http node,
eg. running behind proxy on different node than web server.
--- 80 public port -> 8080 -- web server node
/
public proxy --<
\
--- 22 public port -> 10022 -- ssh server node
This option is not intended to be accessible via web GUI settings, since it is
unlikely someone needs to change it to somethings else than default
http://localhost:HTTP_PORT/ which should work for most of the cases.
But this should land into the documentation somewhere.
fixup
The SendMail function is rewritten and has the following new functionality:
- It is optional to skip verification of keys. The config option SKIP_VERIFY is added
- If the port is 465, or ending on 465, the TLS(/SSL) connection is started first.