Commit graph

567 commits

Author SHA1 Message Date
Jonathan Herlin
fd3f149abd
Improve 2FA autofill (#16473)
This improves the autofill suggestion on mobile devices and some password managers
2021-07-18 02:06:22 +02:00
a1012112796
ec357833bc
show tag name on dashboard items list (#16466)
fix #16458

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-07-17 23:21:04 +02:00
zeripath
93f31e1897
Update notification table with only latest data (#16445)
When marking notifications read the results may be returned out of order
or be delayed.  This PR sends a sequence number to gitea so that the
browser can ensure that only the results of the latest notification
change are shown.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-07-17 17:18:10 +01:00
Meano
423a0fccb6
Fix activation of primary email addresses (#16385)
* fix: primary email cannot be activated

* Primary email should be activated together with user account when
'RegisterEmailConfirm' is enabled.

* To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the
admin should have permission to modify the activations status of user email.
And the user should be allowed to send activation to primary email.

* Only judge whether email is primary from email_address table.

* Improve logging and refactor isEmailActive

Co-authored-by: zeripath <art27@cantab.net>
2021-07-13 22:59:27 +02:00
zeripath
b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00
KN4CK3R
aac663e0da
Implemented head_commit for webhooks (#16282)
* Removed Len field.

* Added head_commit webhook field.

* Added comment for returns.
2021-06-29 15:34:03 +02:00
6543
0b27b93728
Make allowed Visiblity modes configurable for Users (#16271)
Now that #16069 is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private.

This PR adds functionality and settings to constrain a user's ability to change their visibility.

Co-authored-by: zeripath <art27@cantab.net>
2021-06-27 19:47:35 +01:00
Sergey Dryabzhinsky
22a0636544
Add Visible modes function from Organisation to Users too (#16069)
You can limit or hide organisations. This pull make it also posible for users

- new strings to translte
- add checkbox to user profile form
- add checkbox to admin user.edit form
- filter explore page user search
- filter api admin and public user searches
- allow admins view "hidden" users
- add app option DEFAULT_USER_VISIBILITY
- rewrite many files to use Visibility field
- check for teams intersection
- fix context output
- right fake 404 if not visible

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-06-26 20:53:14 +01:00
John Olheiser
622f1e764c
Add better errors for disabled account recovery (#15117)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-06-25 23:16:36 -05:00
6543
889dea8fc1
Remove User.GetOrganizations() (#14032)
as title
2021-06-18 19:00:53 +02:00
KN4CK3R
29695cd6d5
Add asymmetric JWT signing (#16010)
* Added asymmetric token signing.

* Load signing key from settings.

* Added optional kid parameter.

* Updated documentation.

* Add "kid" to token header.
2021-06-17 23:56:46 +02:00
KN4CK3R
1295e750b4
Add OpenID claims "profile" and "email". (#16141)
* Added OpenID claims "profile" and "email".

* Splitted error.

* Added scopes_supported and claims_supported.

* Added more metadata.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-06-14 13:33:16 +03:00
silverwind
308b562b3c
Remove remaining fontawesome usage in templates (#15952)
Can not remove the dependency yet because easymde depends on it.
2021-05-22 23:29:46 +02:00
silverwind
a32bfd867d
Issue sidebar and misc css fixes (#15524)
- Replace remaining font icons with SVG in issue sidebar
- Rework issue due date display
- Realign avatar in timeline
- Fix font size in repo search and code explore
- Consolidate active button styles
- Fix loading form on arc-green
- Align time tracker buttons vertically

Fixes: https://github.com/go-gitea/gitea/issues/15896
2021-05-16 22:18:18 +02:00
zeripath
f582ec4e53
Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (#15304)
* Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username

ReverseProxy users should generate a session on reverse proxy username change.

Also prevent ReverseProxy users from changing their username.

Fix #2407

* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-15 20:33:13 +02:00
6543
a229e34387
Allow only internal registration (#15795)
* Add ALLOW_ONLY_INTERNAL_REGISTRATION into settings

* OpenID respect setting too
2021-05-09 16:13:35 +02:00
6543
640066840e
Use a generic markup class to display externally rendered files and diffs (#15735)
* creates and implements generic markup less class

* How to give custom CSS to externally rendered html

* Clarifies sources of CSS styling of markup

* further clarification of sources of markup styling

* rename _markdown to _markup

* remove defunct import

* fix orphaned reference

* Update docs/content/doc/advanced/external-renderers.en-us.md

* more renames markdown -> markup

* do not suggest less customization

* add back tokens

* fix class whitespace, remove useless if-clause

* remove unused csv-data rules

* use named exports and rename functions

* sort imports

Co-authored-by: HarvsG <11440490+HarvsG@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
2021-05-07 10:43:41 +02:00
N. L. H
45970ae82e
Feature/oauth userinfo (#15721)
* Implemented userinfo #8534

* Make lint happy

* Add userinfo endpoint to openid-configuration

* Give an error when uid equals 0

* Implemented BearerTokenErrorCode handling

* instead of ctx.error use ctx.json so that clients
parse error and error_description correctly

* Removed unneeded if statement

* Use switch instead of subsequent if statements
Have a default for unknown errorcodes.

Co-authored-by: Nils Hillmann <hillmann@nlh-software.de>
Co-authored-by: nlhsoftware <nlhsoftware@noreply.localhost>
2021-05-06 01:30:15 -04:00
KN4CK3R
7670c1c99e
Fixed several activation bugs (#15473)
* Removed unneeded form tag.

* Fixed typo.

* Fixed NPE.

* Use better error page.

* Splitted GET and POST.
2021-04-30 22:21:33 +02:00
KN4CK3R
c80d7f33b6
Unified link creation. (#15619) 2021-04-30 19:25:13 +02:00
techknowlogick
024ef3940f
add well-known config for OIDC (#15355)
* add well-known config for OIDC

* spacing per feedback

* Update oidc_wellknown.tmpl

* add id_token

* Update oidc_wellknown.tmpl

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-04-15 22:32:00 -04:00
Kyle D
f44543a1bb
Disable Stars config option (#14653)
* Add config option to disable stars

* Replace "stars" with watched in user profile

* Add documentation
2021-04-15 18:53:57 +02:00
KN4CK3R
cf8f66e5dc
Use subdir for URL (#15446)
Fixes #15444
2021-04-14 20:43:17 +01:00
KN4CK3R
bf3e584de2
Fix repository search (#15428)
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-04-12 22:09:46 -04:00
silverwind
d848098f60
Enforce tab indentation in templates (#15289)
* Enforce tab indendation in templates

This adds editorconfig-checker [1] to lint the template files so they
conform the editorconfig files. I fixed all current identation issues
using the fix mode of eclint [2] and some manual corrections.

We can extend this linting to other files later, for now I'd like this
PR to focus on HTML template files only.

[1] https://github.com/editorconfig-checker/editorconfig-checker
[2] https://github.com/jedmao/eclint

* fix indendation

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-10 23:46:37 -04:00
silverwind
216976247c
Remove usage of JS globals (#15378)
Refactor the exported globals in index.js to JS-initialized event
handlers.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-09 19:42:38 -04:00
Roger Luo
fa06e98553
Add dashboard milestone search and repo milestone search by name (#14866)
Feature for issue #13845:
 - Add milestones search by name on dashboard milestones page.
 - Add milestones search by name on repo issue/milestones page.
2021-04-08 13:53:59 +02:00
Jimmy Praet
6b836ac5f7
fix org navbar (#15173) 2021-03-26 22:15:13 +01:00
silverwind
1a03fa7a4f
Update JS dependencies (#15033)
* Update JS dependencies

- Update all JS dependencies
- For octicons, rename trashcan to trash
- For svgo, migrate to v2 api, output seems to have slightly changed but icons look the same
- For stylelint, update config, fix custom property duplicates
- For monaco, drop legacy Edge support
- For eslint, enable new rules, fix new issues
- For less-loader, remove deprecated import syntax

* update svgo usage in generate-images and rebuild logo.svg with it
2021-03-22 05:04:19 +01:00
Norwin
598dd21cd4
org dashboard: move teamselector left (#14954)
Co-authored-by: zeripath <art27@cantab.net>
2021-03-17 18:45:16 -04:00
zeripath
20f13bfdfc
Fix a couple of issues with a feeds (#14897)
@CirnoT spotted a couple of issues with feeds on discord.

This PR fixes both of these.
2021-03-06 05:09:49 +01:00
6543
a4148c0f12
Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)
* make repo as "pending transfer" if on transfer start doer has no right to create repo in new destination

* if new pending transfer ocured, create UI & Mail notifications
2021-03-01 01:47:30 +01:00
Mike L
4172b1955f
Fix dashboard UI bugs and more (#14767)
This PR fixes a few UI bugs I spontaneously encountered:

- Fixes emojis in repo titles getting head-cut and tail-cut in dashboard feed due to introduction of 1.25 em emojis at 1 em line-height, by simply using the original 1 3/7 em value of `semantic.css`
- Fixes regression (too long repo names should be capped to 70%) in #13828 due to flex children not respecting properties like `overflow: hidden;`, and removes a block of dead style code
- Follow-up to #14761, removes extraneous code for top navbar and correct right margin for Font Awesome
- Fixes color emphasis inversion in arc-green theme for top right buttons (edit, delete) on commit view boxes
2021-02-25 13:35:43 +01:00
a1012112796
cd8b2f3273
Fix double alert in oauth2 application edit view (#14764)
Signed-off-by: a1012112796 <1012112796@qq.com>
2021-02-22 03:51:45 +01:00
a1012112796
1ecdc55aff
fix link account ui (#14763)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-02-21 20:14:27 -05:00
Kyle D
d475d53c41
Fix svg spacing (#14638)
* Add right margin to icons in menu items

* Reduce padding on user profile submenu to fit in one line by default (english)
2021-02-14 17:49:22 +01:00
vnkmpf
51fb0463a3
Fix truncated organization names (#14655)
* Fix truncated organization names

Previous ellipsis implementation hid vertical overflow - image + descent line of letters.
Organization visibility in select on dashboard was not always visible.
This commit extracts classes which don't make collisions with other items on page.
2021-02-12 03:29:07 +02:00
a1012112796
ac701637b4
Add dismiss review feature (#12674)
* Add dismiss review feature

refs:
    https://github.blog/2016-10-12-dismissing-reviews-on-pull-requests/
    https://developer.github.com/v3/pulls/reviews/#dismiss-a-review-for-a-pull-request

* change modal ui and error message

* Add unDismissReview api

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-02-11 18:32:25 +01:00
vnkmpf
3a4801d195
Truncated organisations name #14583 (#14615)
- truncate to max length 40
- add CSS ellipsis
2021-02-09 19:51:01 +00:00
Lunny Xiao
41c0776568
Fix captcha (#14488)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-27 22:56:54 +08:00
Andrew Bezold
bc05ddc0eb
Redirect on changed user and org name (#11649)
* Add redirect for user

* Add redirect for orgs

* Add user redirect test

* Appease linter

* Add comment to DeleteUserRedirect function

* Fix locale changes

* Fix GetUserByParams

* Fix orgAssignment

* Remove debug logging

* Add redirect prompt

* Dont Export DeleteUserRedirect & only use it within a session

* Unexport newUserRedirect

* cleanup

* Fix & Dedub API code

* Format Template

* Add Migration & rm dublicat

* Refactor: unexport newRepoRedirect() & rm dedub del exec

* if this fails we'll need to re-rename the user directory

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-24 16:23:05 +01:00
6543
a0e424da85
Enhance Ghost comment mitigation Settings (#14392)
* refactor models.DeleteComment and delete related reactions too

* use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser

* nits

* Use time.Duration as other time settings have

* docs

* Resolve Fixme & fix potential deadlock

* Disabled by Default

* Update Config Value Description

* switch args

* Update models/issue_comment.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-01-21 21:56:19 -05:00
zeripath
20f980dcc2
ensure timeout error is shown on u2f timeout (#14417)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-01-22 01:28:14 +01:00
6543
21da519c0c
Implement ghost comment mitigation (#14349)
* Implement ghost comment mitigation

Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue.

* cleanup

* use setting module correctly

* add to docs

Co-authored-by: Moritz Marquardt <git@momar.de>
2021-01-17 21:48:38 +01:00
Jimmy Praet
acb1ceb1f4
Add review requested filter on pull request overview (#13701)
* Add review requested filter on pull request overview #13682

fix formatting

* add review_requested filter to /repos/issues/search API endpoint

* only Approve and Reject status should supersede Request status

* add support for team reviews

* refactor: remove duplication of issue filtering conditions
2021-01-17 17:34:19 +01:00
Cirno the Strongest
8db0372a45
Handle NotifyCreateRef as create branch in feeds (#14245)
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-04 18:51:00 +02:00
Cirno the Strongest
21fbee1503
Various UI fixes (#14239)
* Fix #14238

* Fix #14235

* Fix #14237

* Fix #14234

* Use octicon to show private status of repo in admin dashboard

* Fix #14232

* Fix #14236
2021-01-04 13:18:12 +01:00
Jimmy Praet
9cc5a89b8c
Issue and pull request filters on organization dashboard #14052 (#14072) 2021-01-03 18:29:12 +01:00
Johnny Oskarsson
a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
Jimmy Praet
40274b4a93
Team dashboards (#14159) 2020-12-27 21:58:03 +02:00