Commit graph

486 commits

Author SHA1 Message Date
jpicht
8cd4c2242c Fix default for allowing new organization creation for new users (#7017)
Fixed #6542

When creating users DefaultAllowCreateOrganization was ignored.

Signed-off-by: Julian Picht <julian.picht@gmail.com>

* fix TestCreateUser_Issue5882

Signed-off-by: Julian Picht <julian.picht@gmail.com>
2019-05-24 19:40:45 +03:00
zeripath
ce8de35334 Remove local clones & make hooks run on merge/edit/upload (#6672)
* Add options to git.Clone to make it more capable

* Begin the process of removing the local copy and tidy up

* Remove Wiki LocalCopy Checkouts

* Remove the last LocalRepo helpers

* Remove WithTemporaryFile

* Enable push-hooks for these routes

* Ensure tests cope with hooks

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove Repository.LocalCopyPath()

* Move temporary repo to use the standard temporary path

* Fix the tests

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove LocalWikiPath

* Fix missing remove

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use AppURL for Oauth user link (#6894)

* Use AppURL for Oauth user link

Fix #6843

* Update oauth.go

* Update oauth.go

* internal/ssh: ignore env command totally (#6825)

* ssh: ignore env command totally

* Remove commented code 

Needed fix described in issue #6889

* Escape the commit message on issues update and title in telegram hook (#6901)

* update sdk to latest (#6903)

* improve description of branch protection (fix #6886) (#6906)

The branch protection description text were not quite accurate.

* Fix logging documentation (#6904)

* ENABLE_MACARON_REDIRECT should be REDIRECT_MACARON_LOG

* Allow DISABLE_ROUTER_LOG to be set in the [log] section

* [skip ci] Updated translations via Crowdin

* Move sdk structs to modules/structs (#6905)

* move sdk structs to moduels/structs

* fix tests

* fix fmt

* fix swagger

* fix vendor
2019-05-11 11:29:17 -04:00
Lunny Xiao
34eee25bd4
Move sdk structs to modules/structs (#6905)
* move sdk structs to moduels/structs

* fix tests

* fix fmt

* fix swagger

* fix vendor
2019-05-11 18:21:34 +08:00
Wim
4508380cf7 Show full name if DefaultShowFullName setting activated (#6710)
Adds a new key DEFAULT_SHOW_FULL_NAME (default false) to the [ui] section.
If enabled the full name will be shown (unless it's empty, then
the default username will be used)
2019-05-08 11:41:35 +03:00
Lukas Prettenthaler
81059a2567 LDAP: ignore already existing public keys after ldap sync (#6766)
* fix type in public key exist error, only log trace for ldap public key import if existing

Signed-off-by: Lukas Prettenthaler <lukas@noenv.com>

* cleanup switch statement

Signed-off-by: Lukas Prettenthaler <lukas@noenv.com>

* replace switch with if, fix log formatting

Signed-off-by: Lukas Prettenthaler <lukas@noenv.com>

* fix formatting

Signed-off-by: Lukas Prettenthaler <lukas@noenv.com>
2019-04-26 18:01:54 +03:00
Lunny Xiao
199faadea3 Fix org visibility bug when git cloning (#6743)
* fix org visibility bug

* fix permission check

* add integration tests

* fix tests

* change test user name for easier maintainance and fix test

* fix test git repo name
2019-04-25 21:59:10 +03:00
zeripath
be666b03ee Trace Logging on Permission Denied & ColorFormat (#6618)
* Add log.ColorFormat and log.ColorFormatted

Structs can now implement log.ColorFormatted to provide their own
colored format when logged with `%-v` or additional flags.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add basic ColorFormat to repository and user

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add basic ColorFormat to access and unit

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add ColorFormat to permission and on trace log it

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add log.NewColoredIDValue to make ID value coloring consistent

Signed-off-by: Andrew Thornton <art27@cantab.net>

* formatting changes

* Add some better tracing to permission denied for read issues/pulls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add Trace logging on permission denied

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove isTrace() check from deferred func

* Adjust repo and allow logging of team

* use FormatInt instead of Itoa

* Add blank line

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update access.go
2019-04-22 23:40:51 +03:00
Antoine GIRARD
d699de32f2 add .gpg url (match github behaviour) (#6610)
* add .gpg url (match github behaviour)

* wildcard

* test to export maximum data

* working POC

* add comment for old imported keys

* cleaning

* Update routers/user/profile.go

Co-Authored-By: sapk <sapk@users.noreply.github.com>

* add migration script

* add integration tests
2019-04-14 12:43:56 -04:00
zeripath
704da08fdc
Better logging (#6038) (#6095)
* Panic don't fatal on create new logger

Fixes #5854

Signed-off-by: Andrew Thornton <art27@cantab.net>

* partial broken

* Update the logging infrastrcture

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reset the skip levels for Fatal and Error

Signed-off-by: Andrew Thornton <art27@cantab.net>

* broken ncsa

* More log.Error fixes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove nal

* set log-levels to lowercase

* Make console_test test all levels

* switch to lowercased levels

* OK now working

* Fix vetting issues

* Fix lint

* Fix tests

* change default logging to match current gitea

* Improve log testing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* reset error skip levels to 0

* Update documentation and access logger configuration

* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE

* Fix broken level caching

* Refactor the router log

* Add Router logger

* Add colorizing options

* Adjust router colors

* Only create logger if they will be used

* update app.ini.sample

* rename Attribute ColorAttribute

* Change from white to green for function

* Set fatal/error levels

* Restore initial trace logger

* Fix Trace arguments in modules/auth/auth.go

* Properly handle XORMLogger

* Improve admin/config page

* fix fmt

* Add auto-compression of old logs

* Update error log levels

* Remove the unnecessary skip argument from Error, Fatal and Critical

* Add stacktrace support

* Fix tests

* Remove x/sync from vendors?

* Add stderr option to console logger

* Use filepath.ToSlash to protect against Windows in tests

* Remove prefixed underscores from names in colors.go

* Remove not implemented database logger

This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.

* Ensure that log paths are relative to ROOT_PATH

* use path.Join

* rename jsonConfig to logConfig

* Rename "config" to "jsonConfig" to make it clearer

* Requested changes

* Requested changes: XormLogger

* Try to color the windows terminal

If successful default to colorizing the console logs

* fixup

* Colorize initially too

* update vendor

* Colorize logs on default and remove if this is not a colorizing logger

* Fix documentation

* fix test

* Use go-isatty to detect if on windows we are on msys or cygwin

* Fix spelling mistake

* Add missing vendors

* More changes

* Rationalise the ANSI writer protection

* Adjust colors on advice from @0x5c

* Make Flags a comma separated list

* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING

* Ensure matching is done on the non-colored message - to simpify EXPRESSION
2019-04-02 08:48:31 +01:00
Lunny Xiao
d578b71d61
move code.gitea.io/git to code.gitea.io/gitea/modules/git (#6364)
* move code.gitea.io/git to code.gitea.io/gitea/modules/git

* fix imports

* fix fmt

* fix misspell

* remove wrong tests data

* fix unit tests

* fix tests

* fix tests

* fix tests

* fix tests

* fix tests

* enable Debug to trace the failure tests

* fix tests

* fix tests

* fix tests

* fix tests

* fix tests

* comment commit count tests since git clone depth is 50

* fix tests

* update from code.gitea.io/git

* revert change to makefile
2019-03-27 17:33:00 +08:00
techknowlogick
d1c982cb73
Add bio field for user (#6113)
Fix #4339
2019-03-18 22:28:10 -04:00
Jonas Franz
e777c6bdc6 Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
techknowlogick
9fd8b2621f
Add robots.txt as reserved username (#6272)
Fix #6271
2019-03-07 16:30:25 -05:00
Lanre Adelowo
141c58f5a6 add isAdmin to user model (#6231)
update vendor and add tests

fix swagger
2019-03-03 17:57:24 -05:00
tklein23
525f03306f Add "ghost" and "notifications" to list of reserved user names. (#6208) 2019-02-27 19:04:44 -05:00
John Olheiser
994b1be9d1 Admins can now do unlimited page size user search (listAllUsers & listAllOrgs) (#6143)
Non-admins will default to 10 page size
2019-02-21 15:42:54 -05:00
Rémy Boulanouar
64ce159a6e Allow to set organization visibility (public, internal, private) (#1763) 2019-02-18 18:00:27 +02:00
zeripath
cc48c12d8f Fix empty ssh key importing in ldap (#5984) 2019-02-06 21:38:28 -05:00
Lanre Adelowo
6dc2f401c9 Don't discard the value of DISABLE_REGULAR_ORG_CREATION (#5886)
* Consider the configuration value of DISABLE_REGULAR_ORG_CREATION when
creating a user
2019-01-30 12:04:14 -05:00
zeripath
44371b96f5 Ensure valid git author names passed in signatures (#5774)
* Ensure valid git author names passed in signatures

Fix #5772 - Git author names are not allowed to include `\n` `<` or `>` and
must not be empty. Ensure that the name passed in a signature is valid.

* Account for pathologically named external users

LDAP and the like usernames are not checked in the same way that users who signup are.
Therefore just ensure that user names are also git safe and if totally pathological -
Set them to "user-$UID"

* Add Tests and adjust test users

Make our testcases a little more pathological so that we be sure that integration
tests have a chance to spot these cases.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-24 16:12:17 +02:00
Shashvat Kedia
1b90692844 New API routes added (#5594)
* New API routes added

* Comments added

* Build fix

* swagger_v1_json.tmpl without new line character

* Typo fix

* Code review changes

* Code review changes

* Add copyright

* Add copyright

* Add copyright

* Update per @lafriks feedback

* Update org.go

* Update user.go

* Update user.go

* make fmt
2019-01-23 17:30:19 -05:00
Lanre Adelowo
8d2c24f7f9 Allow for user specific themes (#5668)
* add migration and basic UI for changing a user's theme

* update user themem

* use right text on button

* load theme based on users' selection

* load theme based on users' selection in pwa too

* update sample config

* delete older theme loading

* implement AfterLoad to set users' theme properly

* set up default theme when creating a user. This uses the installation wide theme

* use flash messages for error

* set default theme when creating a user from the cli

* fix @lunny review
2019-01-09 12:22:57 -05:00
zeripath
8bb0a6f425 Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
* Synchronize SSH keys on login with LDAP

* BUG: Fix hang on sqlite during LDAP key deletion
2018-12-27 12:28:48 -05:00
Lunny Xiao
fe55ab2a68 fix forgot removed records when deleting user (#5429)
* fix forgot removed records when deleting user

* fix migration

* fix rewritekey lock on sqlite

* remove unused codes
2018-12-18 11:26:26 -05:00
Lunny Xiao
eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
Stanislav
078c404c3b Prometheus endpoint (#5256)
* Add prometheus collector and route

* dep ensure -add github.com/prometheus/client_golang/prometheus

* dep ensure -update github.com/golang/protobuf

* add metrics to reserved usernames

* add comment head in metrics package

* fix style imports

* add metrics settings

* add bearer token check

* mapping metrics configs

* fix lint

* update config cheat sheet

* update conf sample, typo fix
2018-11-04 22:20:00 -05:00
Jerry Jacobs
22ad514297 Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094)
* Fix issue where ecdsa and other key types are not synced from LDAP authentication provider fixes #5092

* integrations/auth_ldap_test.go: Add Hermes Conrad new ecdsa-sha2-nistp256 publickey fingerprint

* integrations/auth_ldap_test.go: Use ssh-keygen -lf <filename> -E sha256
2018-10-30 20:08:30 -04:00
Oleg Kovalov
cabdf84f1f Use named const instead of a raw string (#5115) 2018-10-20 10:25:38 +08:00
Oleg Kovalov
a908b29a74 Remove duplicated if bodies (#5121) 2018-10-19 12:49:36 -04:00
zeripath
dd62ca7ba9 Add support for search by uid (#4876)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2018-10-18 16:44:51 +08:00
Lanre Adelowo
126ba796dc Force user to change password (#4489)
* redirect to login page after successfully activating account

* force users to change password if account was created by an admin

* force users to change password if account was created by an admin

* fixed build

* fixed build

* fix pending issues with translation and wrong routes

* make sure path check is safe

* remove unneccessary newline

* make sure users that don't have to view the form get redirected

* move route to use /settings prefix so as to make sure unauthenticated users can't view the page

* update as per @lafriks review

* add necessary comment

* remove unrelated changes

* support redirecting to location the user actually want to go to before being forced to change his/her password

* run make fmt

* added tests

* improve assertions

* add assertion

* fix copyright year

Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
2018-09-13 15:04:25 +03:00
SagePtr
303d7f7e9c Do not autocreate directory for new user/orgs (#4828) (#4849) 2018-09-06 20:40:58 -04:00
Lunny Xiao
52c2cb15db add vendor to user reserved words and format words list according alphabet (#4685) 2018-08-13 08:02:18 +03:00
Lauris BH
0c59edaafa Update xorm to latest version and fix correct user table referencing in sql (#4473) 2018-07-20 10:10:17 +08:00
Lunny Xiao
b46066f17c fix repository last updated time update when delete a user who watched the repo (#4363) 2018-07-05 00:47:05 +03:00
Kim "BKC" Carlbäcker
cbee921c28 Limit uploaded avatar image-size to 4096x3072 by default (#4353) 2018-07-03 06:56:32 +03:00
David Schneiderbauer
0b3ea42847 hide issues from org private repos w/o team assignment (#4034) 2018-06-21 12:00:13 -04:00
Magnus Lindvall
cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Alexey Terentyev
b908ac9fab Added repository search ordered by stars or forks. Forks column in admin repo list. (#3969)
* Added repository search order by stars or forks.
Added Forks column to admin repository list.

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed search repo template

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-24 09:03:42 +08:00
kolaente
95f2e2b57b Multiple assignees (#3705) 2018-05-09 19:29:04 +03:00
kolaente
1fdf560678 Added user language setting (#3875)
* Added user language setting

* Added translation string for setting

* Fixed import order + typo

* improved checking if the user has a language saved in the db

* The current saved language is now set a default inside the dropdown

* fmt

* When a user signs in and doesn't have a language saved, the current browser language is saved

* updated gitea-sdk

* Merge branch 'master' of https://github.com/go-gitea/gitea into save-user-language

# Conflicts:
#	models/migrations/migrations.go
#	models/migrations/v62.go

* Made tests work again

* trigger CI

* trigger CI

* fmt

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* When loggin in, only the language col gets updated instead of everything
2018-05-05 08:28:30 +08:00
Lauris BH
9495429982
Add "error" as reserved username (#3882) 2018-05-02 11:06:31 +03:00
Michael Kuhn
f321980a32 Fix typo in deleteUser (#3781)
num_watches was used where num_stars should have been used.
2018-04-10 20:39:01 +08:00
Codruț Constantin Gușoi
96c268c0fc Implements generator cli for secrets (#3531)
Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>
2018-02-18 20:14:37 +02:00
Codruț Constantin Gușoi
011f128c89 Fixes missing avatars in offline mode (#3471)
Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>
2018-02-08 16:43:08 +01:00
Morgan Bazalgette
17655cdf1b Enable caching on assets and avatars (#3376)
* Enable caching on assets and avatars

Fixes #3323

* Only set avatar in user BeforeUpdate when there is no avatar set

* add error checking after stat

* gofmt

* Change cache time for avatars to an hour
2018-02-04 00:37:05 +02:00
Lauris BH
a68bf746a4
Change reserved avatar name to correct - avatars (#3375) 2018-01-16 00:45:13 +02:00
Bo-Yi Wu
7a2a3fbafc refactor(model): update user method. (#3360) 2018-01-13 11:45:16 +02:00
Kim "BKC" Carlbäcker
e5b8b4b5ec Cleanup models.User.HashPassword (#3334) 2018-01-12 00:19:38 +02:00
Morgan Bazalgette
674cfb7cac Change EncodePasswd to HashPassword (#3329)
* Change EncodePasswd to HashPassword

* Create test+benchmark for HashPassword
2018-01-08 23:28:18 +01:00
Ethan Koenig
515cdaa85d Fix ignored errors when checking if organization, team member (#3177) 2017-12-21 09:43:26 +02:00
Lunny Xiao
f94c1b3943
Improvements for supporting UI Location (#3146)
* improvements for supporting UI Location

* improved the comment
2017-12-14 07:45:31 +08:00
Lunny Xiao
f2e20c81b6 Refactor struct's time to remove unnecessary memory usage (#3142)
* refactor struct's time to remove unnecessary memory usage

* use AsTimePtr simple code

* fix tests

* fix time compare

* fix template on gpg

* use AddDuration instead of Add
2017-12-11 06:37:04 +02:00
Lauris BH
5dc37b187c
Add reactions to issues/PR and comments (#2856) 2017-12-04 01:14:26 +02:00
Ethan Koenig
ab62da283a Fix avatar URLs (#3069)
* Fix avatar URLs

* import order
2017-12-03 19:55:13 +08:00
Ethan Koenig
716ac1214f Enable admin to search by email (#2888) 2017-11-26 16:40:38 +08:00
Lauris BH
6a107e57f6 Add checks for commits with missing author and time (#2771)
* Add checks for commits with missing author and time

* Fix validate commits with emails if it has no Author
2017-10-26 15:45:14 +08:00
Lunny Xiao
6eeadb2082 Hide unactive on explore users and some refactors (#2741)
* hide unactive on explore users and some refactors

* fix test for removed Organizations

* fix test for removed Organizations

* fix imports

* fix logic bug

* refactor the toConds

* Rename TestOrganizations to TestSearchUsers and add tests for users

* fix other tests

* fix other tests

* fix watchers tests

* fix comments and remove unused code
2017-10-24 20:36:19 +03:00
Lunny Xiao
985a39590b Use buffersize to reduce database connection when iterate (#2724)
* use buffersize to reduce database connection when iterate

* fix typo

* add default value on app.ini comment
2017-10-21 14:26:23 +08:00
Ethan Koenig
aa962deec0 Replace deprecated Id method with ID (#2655) 2017-10-05 07:43:04 +03:00
Ethan Koenig
4b2c8ca533 Use session when creating user (#2638) 2017-10-03 09:29:26 +03:00
Lunny Xiao
a8717e5e3a Use AfterLoad instead of AfterSet on Structs (#2628)
* use AfterLoad instead of AfterSet on Structs

* fix the comments on AfterLoad

* fix the comments on action AfterLoad
2017-10-01 19:52:35 +03:00
Lunny Xiao
dd55534b82 Reduce usage of allcols on update (#2596)
* reduce usage of allcols on update

* fix bug and tests
2017-09-25 12:59:27 +08:00
David Schneiderbauer
d766d0c4e0 Prevent sending emails and notifications to inactive users (#2384)
* Filter inactive users before sending emails or creating browser notifications

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>

* fix formatting issues

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>

* included requested changes

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>

* optimized database queries

* rebasing new master and add tablenames for clarification in xorm queries

* remove escaped quotationmarks using backticks

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
2017-09-16 08:18:25 +08:00
Lunny Xiao
005900baea Use created & updated instead BeforeInsert & BeforeUpdate (#2482)
* use created & updated instead BeforeInsert & BeforeUpdate

* fix vendor checksum

* only show generated SQL when development mode

* remove extra update column updated_unix

* remove trace config
2017-09-13 08:18:22 +03:00
techknowlogick
9bdbfbf6f3 Disable custom Git Hooks globally via configuration file (#2450)
* Create option to disable githooks globally via configuration file

* Update comment in app.ini to align with @ethantkoenig's suggestion

Signed-off-by: Matti Ranta <matti@mdranta.net>
2017-09-12 12:25:42 +03:00
Lunny Xiao
5de94a67cf some refactors for issue and comments (#2419) 2017-08-30 07:31:33 +03:00
Lunny Xiao
f960e19c59 Only update needed columns when update user (#2296)
* only update needed columns when update user

* fix missing update_unix column
2017-08-12 22:18:44 +08:00
Ethan Koenig
858324c21a Fix username rendering bug (#2122)
* Fix username rendering bug

* XSS integration test

* Migration to unescape user full names
2017-07-12 17:58:52 +03:00
Ethan Koenig
05e3726415 Use default avatar on error 2017-06-29 12:10:33 -04:00
Lauris BH
6db387a21e Refactor session close as xorm already does everything needed internally (#2020) 2017-06-21 08:57:05 +08:00
Ethan Koenig
bfb44f8854 Fix status table race condition (#1835) 2017-05-31 16:57:17 +08:00
Jonas Östanbäck
7b907ed348 Rename RepoCreationNum -> MaxCreationLimit (#1766) 2017-05-24 08:27:08 +08:00
Ethan Koenig
cf02cd7ba0 Fix and test for delete user (#1713)
* Fix and test for delete user

* Run updates in batches

* Unit test
2017-05-20 16:48:22 +08:00
Jonas Östanbäck
80cea8747f Admin should always be allowed to create repos even if hit limit (#1765) 2017-05-20 11:51:19 +08:00
Lauris BH
524885dd65 LDAP user synchronization (#1478) 2017-05-10 15:10:18 +02:00
Lauris BH
51d0becb42 Add configuration option for default permission to create Organizations (#1686) 2017-05-08 21:51:53 +02:00
Kim "BKC" Carlbäcker
d409d3ab57 Sanitation fix from Gogs (#1461)
* Santiation fix from Gogs

* Linting

* Fix build-errors

* still not working

* Fix all the things!

* gofmt

* Add code-injection checks
2017-04-13 10:52:24 +08:00
Lunny Xiao
888dee3b5f fix delete user failed on sqlite (#1321) 2017-03-20 22:13:52 +08:00
Sandro Santilli
71d16f69ff Login via OpenID-2.0 (#618) 2017-03-17 15:16:08 +01:00
Ethan Koenig
021904e4e6 Fix typos in models/ and modules/ (#1248) 2017-03-15 08:52:01 +08:00
Ethan Koenig
ec0ae5d50c Refactor and fix incorrect comment (#1247) 2017-03-15 08:51:46 +08:00
Sandro Santilli
0475e7351f Reserve the "explore" user/org name (#1222) 2017-03-12 09:39:38 +08:00
Ethan Koenig
3803f257fb Move user_follow to separate file (#1210)
Also add unit tests
2017-03-11 16:46:53 +08:00
Lunny Xiao
5d40db629c fix random avatars (#1147) 2017-03-08 23:05:15 +08:00
Lunny Xiao
2215840363 fix avatar bug #1114 (#1122)
This PR fix the avatar bug described in #1114. This will fix random avatar is blank problem and potential delete avatars dir problem.
2017-03-06 16:15:40 +08:00
Lunny Xiao
522f194983 Bug fixed for org avatar caused by #1049 (#1070)
* bug fixed for org avatar caused by #1049

* use isfile only
2017-02-27 08:42:22 +08:00
Lunny Xiao
80f900ebae Fix avatar enumable (#1049)
* fix avatar enumable

* fix import style
2017-02-25 22:58:57 +08:00
Lunny Xiao
e8e56da9ac fix #13 (#1042) 2017-02-25 22:53:57 +08:00
Lunny Xiao
fc4f7e82f9 refactor for searching user (#1038)
* refactor for searching user

* fix like bug

* better format for builder cond
2017-02-25 21:42:20 +08:00
Willem van Dreumel
01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Lunny Xiao
847527fd6d Fix all the bugs in issues and pulls on dashboard (#943)
* fix all the bugs in issues and pulls on dashboard

* small fix and refactor

* add method getRepoIDs for IssueList
2017-02-17 08:58:19 +08:00
Bo-Yi Wu
d67b278a0d feat: Able to disable non-admin to create new organization (#927) 2017-02-14 20:16:00 +08:00
Andrew
3f67676059 Implement basic Open Graph support. (#901) 2017-02-11 20:57:33 +08:00
Bo-Yi Wu
a90a215662 feat: Add search bar on user profile page. (#787) 2017-02-04 20:20:20 +08:00
Gabriel Jackson
bf6f61cc69 Cleanup log messaging
This change corrects a few logging issues:

 * Standardized formatting errors with '%v'.
 * Standardized failure warning word usage.
 * Corrected an instance of using the standard log library when
   the gitea log library should be used instead.
2017-02-02 15:24:18 +01:00
Bo-Yi Wu
d7d094bd8a fix: ignore email notifications if user is not active. (#820) 2017-02-02 20:33:36 +08:00
Bwko
74ed6dc3ad Add option to app.ini to enable local import paths (#724) 2017-01-23 09:19:50 +08:00
Ethan Koenig
74bbec3bf9 Fix permission bugs in team API (#647) 2017-01-20 13:16:10 +08:00
Ethan Koenig
fcf02e4961 API Endpoints for organization members (#645) 2017-01-20 10:31:46 +08:00
derSuessmann
51d578ff33 Add Keep email private (see issue #571). (#571)
- Add site-wide option DEFAULT_KEEP_EMAIL_PRIVATE.
- Add the new option to the install and admin/config pages.
- Add the new option to app.ini in the service section.
- Add the new option to the settings struct.
- Add English text strings to i18n.
- Add field KeepEmailPrivate to user struct.
- Add field KeepEmailPrivate to user form.
- Add option to UI.
- Add using noreply email address if user has "Keep Email Private".
An email address <LowerName>@<NO_REPLY_ADDRESS> is now used in commit
messages (and hopefully all other git log relevant places). The
change relies on the fact that git commands should use
user.NetGitSig().
- Add hiding of email address in UI, if user has set "Keep Email Private".
- Add condition to show email address only on explore/users and user
pages, if user has not set "Keep Email Private".
- Add noreply email in API if set "Keep Email Private".
- Add a new service setting NO_REPLY_ADDRESS. The value of this
setting is used as the domain part for the user's email address in
git log, iff he decides to keep his email address private.
If the user decides to keep his email address private and this
option is not set 'noreply.example.org' is used, which no MTA
should send email to.

Add NO_REPLY_ADDRESS to conf/app.ini.
2017-01-08 11:12:03 +08:00
Andrey Nering
84b7d29d34 Create missing database indexes (#596) 2017-01-06 23:14:33 +08:00
Berk Demirkır
bdad3b259a Check primary email address fields on CreateUser (#556)
* Check primary email address fields on CreateUser

As this check wasn't available, uid=1 (and possibly guests too, if registration is open) is able to register new users with existing email addresses. This leads to numerous 500 errors.

* Update user.go

* Lower the email first. Then check
2017-01-05 08:52:20 +08:00
Ethan Koenig
1207bda94b Fix typos in models/ (#576) 2017-01-05 08:50:34 +08:00
Schwobaland
c0904f1942 Restrict creating organisations by user (#193)
* restrict creating organizations based on right on user

* revert bindata.go

* reverse vendor lib

* revert goimports change

* set AllowCreateOrganization default value to true

* revert locale

* added default value for AllowCreateOrganization

* fix typo in migration-comment

* fix comment

* add coments in migration
2016-12-31 10:33:30 +08:00
Lunny Xiao
ba134bd27a fix 500 when delete orgnization and resolved #486 2016-12-27 12:00:12 +01:00
Bwko
fa3abc22c0 Added sorting to organizations, repos & users page (#222) 2016-12-24 22:42:26 +08:00
Ethan Koenig
8a4161c723 API Endpoint for watching (#191) 2016-12-24 09:53:11 +08:00
Denis Denisov
380e32e129 Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator

Fix random string generator

Random string generator should return error if it fails to read random data via crypto/rand

* Fixes variable (un)initialization mixed assign
Update test GetRandomString
2016-12-20 13:32:02 +01:00
Lunny Xiao
d771e978a1 Don't use custom PBKDF2 function (#382) 2016-12-15 09:24:27 +08:00
Denis Denisov
c8f300b2cd Safe compare password (timing attack) (#338) 2016-12-03 13:49:17 +08:00
Bwko
4ff0db0246 Catch os... errors 2016-12-02 07:41:19 +01:00
Kim "BKC" Carlbäcker
42ec5ce740 Fix breakage from vendor-update 2016-11-29 11:50:22 +01:00
Bwko
9963d61233 Lint models/user.go 2016-11-28 17:47:46 +01:00
Bwko
a4ece1f223 Fixes typos 2016-11-27 12:59:12 +01:00
Lunny Xiao
94da472717 Golint fixed for modules/setting (#262)
* golint fixed for modules/setting

* typo fixed and renamed UNIXSOCKET to UnixSocket
2016-11-27 18:14:25 +08:00
Lunny Xiao
3c87c57d96 golint fixed for modules/avatar 2016-11-25 16:37:04 +08:00
Ethan Koenig
0834e492c0 API endpoints for stars 2016-11-16 22:51:54 -05:00
Andrey Nering
739f07c98e Remember diff view style (#163) 2016-11-13 10:54:04 +08:00
LefsFlare
3ef022b071 Fixes possible vulnerabilities with keyword hijacking (#20)
- Added public entries to reserved keywords list
- Rename variables
- Derped comment
2016-11-12 13:26:45 +01:00
Lunny Xiao
0baaa7728a bug fixed caused by #153 (#154) 2016-11-12 09:30:46 +01:00
Lunny Xiao
555d8b16cb fixed bug #151 caused Find should be Get (#153) 2016-11-12 00:01:09 +01:00
Sandro Santilli
a1c5f02444 Fix import path of go-sdk (#141)
From code.gitea.io/go-sdk/gitea
  To code.gitea.io/sdk/gitea
2016-11-11 17:39:44 +08:00
Thibault Meyer
b0ddced2b5
Merge remote-tracking branch 'upstream/master' into feature/rewrite-xorm-queries
# Conflicts:
#	models/git_diff.go
#	models/issue.go
#	models/org.go
#	models/pull.go
#	models/repo.go
2016-11-10 21:05:52 +01:00
Thibault Meyer
a4454f5d0f
Rewrite XORM queries 2016-11-10 20:59:51 +01:00
Sandro Santilli
4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
Lunny Xiao
1b238fe4d5 Merge pull request #121 from joubertredrat/feature-last-login
Last Login for admin manage your users
2016-11-10 17:20:55 +08:00
Lunny Xiao
c6c840faf7 Merge pull request #129 from lunny/lunny/SQL_instead_Sql
use x.SQL instead of x.Sql
2016-11-10 17:12:14 +08:00
Thibault Meyer
3a10a0c1ca
Ordering organizations and users by name 2016-11-10 09:18:54 +01:00
Lunny Xiao
7dcc3bc3d7 use x.SQL instead of x.Sql 2016-11-10 15:20:48 +08:00
Joubert RedRat
f91cbf0fed Support to last login feature 2016-11-09 08:53:45 -02:00
Sandro Santilli
aadd7dcdc3 And others 2016-11-07 17:53:22 +01:00
Sandro Santilli
60c82a8780 More... 2016-11-07 17:30:04 +01:00
Sandro Santilli
f388661bda ACCESS_MODE_* -> AccessMode* 2016-11-07 17:20:37 +01:00
Thomas Boerger
4c6c16f358
Replaced go-gogs-client with go-sdk imports 2016-11-07 16:10:32 +01:00
Sandro Santilli
6e4252dad4 Replace gogits/git-module dependency with go-gitea/git (#94)
* Replace gogits/git-module dependency with go-gitea/git

Fixes #92

* Remove git alias for git module import (not needed)
2016-11-06 11:18:34 -02:00
Rémy Boulanouar
2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
Unknwon
c50d59874d
#3577 incorrect URL produced by AvatarLink 2016-09-01 12:36:26 -04:00
Unknwon
99c2ae7b35 #3515 use alert instead 500 for duplicated login source name 2016-08-31 00:56:10 -07:00
Unknwon
c30b856d14 #3505 use user’s info for committer and author 2016-08-27 13:37:55 -07:00
Unknwon
3f7f4852ef #2246 fully support of webhooks for pull request 2016-08-14 03:32:24 -07:00
Sandro Santilli
90dd0657b5 Add support for federated avatars (#3320)
* Add support for federated avatars

Fixes #3105

Removes avatar fetching duplication code
Adds an "Enable Federated Avatar" checkbox in user settings
(defaults to unchecked)

Moves avatar settings all in the same form, making
local and remote avatars mutually exclusive

Renames UploadAvatarForm to AvatarForm
as it's not anymore only for uploading

* Run gofmt on all modified files

* Move Avatar form in its own page

* Add go-libravatar dependency to vendor/ dir

Hopefully helps with accepting the contribution.
See also #3214

* Revert "Add go-libravatar dependency to vendor/ dir"

This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82.

* Make federated avatar setting a global configuration

Removes the per-user setting

* Move avatar handling back to base tool, disable federated avatar in offline mode

* Format, handle error

* Properly set fallback host

* Use unsupported github.com mirror for importing go-libravatar

* Remove comment showing life exists outside of github.com

... pity, but contribution would not be accepted otherwise

* Use Combo for Get and Post methods over /avatar

* FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR

* Fix persistance of federated avatar lookup checkbox at install time

* Federated Avatars -> Enable Federated Avatars

* Use len(string) == 0 instead of string == ""

* Move import line where it belong

See
https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md

Pity the import url is still the unofficial one, but oh well...

* Save a line (and waste much more expensive time)

* Remove redundant parens

* Remove an empty line

* Remove empty lines

* Reorder lines to make diff smaller

* Remove another newline

Unknwon review got me start a fight against newlines

* Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE

On re-reading the diff I figured what Unknwon meant here:
https://github.com/gogits/gogs/pull/3320/files#r73741106

* Remove newlines that weren't there before my intervention
2016-08-07 10:27:38 -07:00
Unknwon
ec92565f23 #3393 fix missing sub-url prefix in relative avatar link 2016-08-07 10:13:05 -07:00
Unknwon
50422f1fc2 #3348 always use relative avatar link in the template 2016-08-05 12:12:54 -07:00
Unknwon
2d76de2574 #3281 fix x.Iterate returns nothing inside session scope with SQLite3 2016-07-26 17:26:48 +08:00
Unknwon
e74630ae3b #1384 add pagination for repositories 2016-07-24 14:32:46 +08:00
Unknwon
1f2e173a74 Refactor User.Id to User.ID 2016-07-24 01:08:22 +08:00
Unknwon
46e96c008c Use struct for UI settings 2016-07-24 00:23:54 +08:00
Unknwon
250be011c7 Remove redundant Unix timestamp method call
Unix() already uses UTC as timezone
2016-07-23 20:24:44 +08:00
Unknwon
69f5308761 #2903 use different reversed words and patterns for repository and user 2016-07-23 18:58:18 +08:00