Commit Graph

2683 Commits

Author SHA1 Message Date
6543
7e85cba3e5
Print usefull error if SQLite is used in settings but not supported (#14476) (#14874)
* move log output to points where they are relefant

* check explicit of sqlite3 in settings
2021-03-03 21:54:32 +00:00
zeripath
4558eeb21a
Set HCaptchaSiteKey on Link Account pages (#14834) (#14839)
Backport #14834

When using HCaptcha on link account pages the site key needs to be passed
in. This PR ensures that HCaptchaSiteKey is set in the data.

Fix #14766

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-01 16:12:48 +01:00
6543
edef62e69e
Backport: Repo Transfer permission checks (#14792) (#14794)
* Backport: Repo Transfer permission checks (#14792)

* update tests
2021-02-25 15:49:27 +08:00
zeripath
a1b74c5509
Allow org labels to be set with issue templates (#14593) (#14647)
Backport #14593

Fix #13688

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-02-13 19:34:47 +01:00
6543
d0174d45ed
Fix bug about ListOptions and stars/watchers pagnation (#14556) (#14573)
* Fix bug about ListOptions and stars/watchers pagnation

* fix unit test
2021-02-05 21:11:15 +00:00
6543
dd827d6f2f
Fix lfs preview bug (#14428) (#14433)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-23 03:55:52 +01:00
6543
0c3f95034a
Use path not filepath in routers/editor (#14390) (#14396)
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-19 17:00:13 +08:00
Kyungmin Bae
e846b712fc
Use Request.URL.RequestURI() for fcgi (#14312) (#14347)
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-15 20:26:45 +08:00
Lunny Xiao
49d113945f
Use ServerError provided by Context (#14333) (#14345)
... instead of InternalServerError by macaron
2021-01-15 17:36:30 +08:00
6543
fb656b5124
Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
* Add secure/httpOnly attributes to the lang cookie (#9690) (#14279)

* apply to InitLocales() too

Co-authored-by: Timo Gurr <timo.gurr@gmail.com>
2021-01-07 15:35:02 +01:00
Lunny Xiao
7a0a133d7c
Fix dashboard issues labels filter bug (#14210) (#14214) 2021-01-02 18:08:04 +01:00
zeripath
58c105d4bf
Check for notExist on profile repository page (#14197) (#14203)
Backport #14197

Fix #14189
2020-12-31 21:03:56 +08:00
Daniil Pankratov
205be63bc1
Fix creation OAuth2 auth source from CLI. (#14146)
Fix #8356
2020-12-25 20:02:52 +08:00
zeripath
bf1441b1e1
Ensure that search term and page are not lost on adoption page-turn (#14133) (#14143)
Backport #14133

Fix #14111

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-24 21:54:15 +00:00
6543
96d41287e5
[API] GetCombinedCommitStatusByRef always return json & swagger doc fixes (#14047)
* Fix swagger docs

* always return json
2020-12-18 13:38:47 +00:00
6543
df11075389
HotFix: Hide private partisipation in Orgs (#13994) (#14031)
* HotFix: Hide private partisipation in Orgs

Co-authored-by: zeripath <art27@cantab.net>
2020-12-17 22:32:24 +01:00
zeripath
d2b308ae35
Ensure template renderer is available before storage handler (#13982)
`ctx.Error` requires that templates are available for this to
render the error page otherwise there will be a panic at this
time.

This was fixed in #13164 but was not completely backported.

Fix #13971

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-14 20:45:33 +08:00
zeripath
8e8e8ee150
Whenever the password is updated ensure that the hash algorithm is too (#13966) (#13967)
Backport #13966

`user.HashPassword` may potentially - and in fact now likely does - change
the `passwd_hash_algo` therefore whenever the `passwd` is updated, this
also needs to be updated.

Fix #13832

Thanks @fblaese for the hint

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-13 01:01:44 +01:00
Lunny Xiao
5cdffc2b0c
log error when login failed (#13903) (#13913)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-09 10:37:15 -05:00
6543
07629bd55c
Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
* add black list and white list support for migrating repositories

* specify log message

* use blocklist/allowlist

* allways use lowercase to match url

* Apply allow/block

* Settings: use existing "migrations" section

* convert domains lower case

* dont store unused value

* Block private addresses for migration by default

* use proposed-upstream func to detect private IP addr

* add own error for blocked migration, add tests, imprufe api

* fix test

* fix-if-localhost-is-ipv4

* rename error & error message

* rename setting options

* Apply suggestions from code review

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-01 19:28:34 -05:00
silverwind
d475b656b1
Set RUN_MODE prod by default (#13765) (#13767)
* Set RUN_MODE prod by default (#13765)

I think it's a bad default to have "dev" as the default run mode which
enables debugging and now also disables HTTP caching. It's better to
just default to a value suitable for general deployments.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* flip default in checkRunMode

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-01 09:55:38 +08:00
a1012112796
25421f08c0
ui: show 'owner' tag for real owner (#13689) (#13743)
* ui: show 'owner' tag for real owner

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update custom/conf/app.example.ini

* simplify logic

fix logic
fix a small bug about original author

* remove system manager tag

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-29 14:50:58 +02:00
6543
33431fcbd3
Validate email before inserting/updating (#13475) (#13666)
* Add email validity check (#13475)

* Improve error feedback for duplicate deploy keys

Instead of a generic HTTP 500 error page, a flash message is rendered
with the deploy key page template so inform the user that a key with the
intended title already exists.

* API returns 422 error when key with name exists

* Add email validity checking

Add email validity checking for the following routes:
[Web interface]
1. User registration
2. User creation by admin
3. Adding an email through user settings
[API]
1. POST /admin/users
2. PATCH /admin/users/:username
3. POST /user/emails

* Add further tests

* Add signup email tests

* Add email validity check for linking existing account

* Address PR comments

* Remove unneeded DB session

* Move email check to updateUser

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* skip email validation on empty string (#13627)

- move validation into its own function
- use a session for UpdateUserSetting

* rm TODO for backport

Co-authored-by: Chris Shyi <chrisshyi13@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-22 12:31:35 -05:00
Karl Heinz Marbaise
ef7a52826d
Fix issue/pull request list assignee filter (#13647) (#13651)
* Fixes #13641 - Filtering in Pull Request kept all the time.
 - The URL contains all the time the assignee in cases
   where once a type has been selected.

Signed-off-by: Karl Heinz Marbaise <kama@soebes.de>

* Followup Fixes #13641 - Filtering in Pull Request kept all the time.
 - The URL contains all the time the assignee in cases
   where once a type has been selected.
 - The same behaviour was observed issues viewed via milestones.

Signed-off-by: Karl Heinz Marbaise <kama@soebes.de>
2020-11-19 16:58:35 -06:00
6543
2f6dad2e34
API: Fix GetQueryBeforeSince (#13561) 2020-11-19 02:21:21 +00:00
Lunny Xiao
bcde51f4c2
Fix a bug when check if owner is active (#13613) 2020-11-18 11:59:24 +02:00
6543
48fca01b0d
[API] Only Return Json (#13511) (#13565)
Backport #13511 

Co-authored-by: zeripath <art27@cantab.net>
2020-11-15 16:29:16 +00:00
Lunny Xiao
ee0097f97d
Prevent git operations for inactive users (#13527) (#13536)
* prevent git operations for inactive users

* Some fixes

* Deny push to the repositories which's owner is inactive

* deny operations also when user is ProhibitLogin

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-11-13 09:28:32 +08:00
zeripath
f825e2a568
And there is another one ... (#13350)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-29 20:48:58 +08:00
techknowlogick
8e38bd154f
Remove obsolete change of email on profile page (#13341) (#13347)
* Remove obsolete change of email on profile page

The change email on the account profile page is out-of-date
and unnecessary.

Changing email should be done using the account page.

Fix #13336

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-29 02:44:45 -04:00
techknowlogick
0b0456310f
Migration failure during reaction migration from gitea (#13344) (#13345)
* Migrating reactions is just not that important

A failure during migrating reactions should not cause failure of
migration.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* When checking issue reactions check the correct permission

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: zeripath <art27@cantab.net>
2020-10-28 23:57:15 -04:00
M4RKUS-11111
47cb9b3de2
Deny wrong pull (#13308) (#13326)
* Deny wrong pull (#13308)

* Deny wrong pull

* Update routers/api/v1/repo/pull.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: Markus <git+markus@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>

* CI.restart()

Co-authored-by: Markus <git+markus@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2020-10-27 16:26:07 -04:00
Paweł Bogusławski
28133a801a
Avatar autogeneration fixed (#13282)
This mod fixes problem with initial avatar autogeneration and
avatar autogneration after deleting previous avatar.

Related: https://github.com/go-gitea/gitea/issues/13159
Fixes: 80a6b0f5bc
Author-Change-Id: IB#1105243
2020-10-26 15:56:14 +02:00
zeripath
d795bfc964
When the git ref is unable to be found return broken pr (#13218) (#13303)
Backport #13218

Fix #13216

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-25 19:10:09 -04:00
techknowlogick
e177728a82
Store task errors following migrations and display them (#13246) (#13287)
* Store task errors following migrations and display them

When migrate tasks fail store the error in the task table
and ensure that they show on the status page.

Fix #13242

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update web_src/js/index.js

* Hide the failed first

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: zeripath <art27@cantab.net>
2020-10-24 13:02:36 +08:00
John Olheiser
074f7abd95
Remove PAM from auth dropdown when unavailable (#13276) (#13281)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-10-23 12:00:20 -04:00
zeripath
198e57bc37
Return the full rejection message and errors in flash errors (#13221) (#13237)
* Return the full rejection message and errors in flash errors (#13221)


Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update routers/repo/pull.go

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-10-21 14:54:19 -04:00
techknowlogick
aca13f941c
When handling errors in storageHandler check underlying error (#13178) (#13193)
Unfortunately there was a mistake in #13164 which fails to handle
os.PathError wrapping an os.ErrNotExist

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
2020-10-18 15:52:03 +01:00
Lunny Xiao
80a6b0f5bc
Avatars and Repo avatars support storing in minio (#12516)
* Avatar support minio

* Support repo avatar minio storage

* Add missing migration

* Fix bug

* Fix test

* Add test for minio store type on avatars and repo avatars; Add documents

* Fix bug

* Fix bug

* Add back missed avatar link method

* refactor codes

* Simplify the codes

* Code improvements

* Fix lint

* Fix test mysql

* Fix test mysql

* Fix test mysql

* Fix settings

* Fix test

* fix test

* Fix bug
2020-10-14 21:07:51 +08:00
赵智超
97980146c5
Show original author's reviews on pull summary box (#13127)
follow #12039, show original author's reviews by other way.
fix #11705.

Signed-off-by: a1012112796 <1012112796@qq.com>
2020-10-14 13:11:11 +01:00
赵智超
dfa7291f8f
[Enhancement] Allow admin to merge pr with protected file changes (#12078)
* [Enhancement] Allow admin to merge pr with protected file changes

As tilte, show protected message in diff page and merge box.

Signed-off-by: a1012112796 <1012112796@qq.com>

* remove unused ver

* Update options/locale/locale_en-US.ini

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>

* Add TrN

* Apply suggestions from code review

* fix lint

* Update options/locale/locale_en-US.ini

Co-authored-by: zeripath <art27@cantab.net>

* Apply suggestions from code review

* move pr proteced files check to TestPatch
* Call TestPatch when protected branches settings changed

* Apply review suggestion @CirnoT

* move to service @lunny

* slightly restructure routers/private/hook.go

Adds a lot of comments and simplifies the logic

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* skip duplicate protected files check

* fix check logic

* slight refactor of TestPatch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* When checking for protected files changes in TestPatch use the temporary repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix introduced issue with hook

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove the check on PR index being greater than 0 as it unnecessary

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-13 14:50:57 -04:00
zeripath
f2858600af
Return 404 not 500 from API if team does not exist (#13118)
If team does not exist expect ErrTeamNotExist not ErrUserNotEXist

Fix #11336

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-12 17:09:21 -04:00
赵智超
8be3e439c2
Add team support for review request (#12039)
Add team support for review request

Block #11355

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-12 20:55:13 +01:00
Chris Shyi
c752ccee64
Improve error feedback for duplicate deploy keys (#13112)
Instead of a generic HTTP 500 error page, a flash message is rendered with the deploy key page template to inform the user that a key with the intended title already exists. 

Fixes #13110
2020-10-12 14:44:56 +01:00
kolaente
64133126cd
Update golangci-lint to version 1.31.0 (#13102)
This PR updates golangci-lint to the latest version 1.31.0.

The upgrade introduced a new check for which I've fixed or disabled most cases.

Signed-off-by: kolaente <k@knt.li>
2020-10-11 21:27:20 +01:00
Wim
9066d09c57
Add ssh certificate support (#12281)
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Fix linting issue

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-10 20:38:09 -04:00
zeripath
d65cd5677a
Change default log configuration (#13088)
* Change default log configuration

This PR changes the install page and the docker default
logging configuration to match the suggested configuration
that I repeatedly end up suggesting on issues.

It further improves the logging configuration docs to
recommend specific instructions for how to configure logs
for posting to issues.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update docs/content/doc/advanced/logging-documentation.en-us.md
2020-10-10 18:19:50 +03:00
zeripath
ea69ec6f0f
Disable DSA ssh keys by default (#13056)
* Disable DSA ssh keys by default

OpenSSH has disabled DSA keys since version 7.0

As the docker runs openssh > v7.0 we should just disable
DSA keys by default.

Refers to #11417

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Just disable DSA keys by default

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove DSA type

* Fix Tests

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-09 09:52:57 +03:00
Lunny Xiao
f06ee37e24
Hide sync ssh keys button on admin dashboard if ssh disabled or builtin-ssh enabled (#13072)
Co-authored-by: zeripath <art27@cantab.net>
2020-10-08 12:43:15 -04:00
Rongjian Zhang
77f360b1b8
fix: case typo (#13049)
* Update settings.go

* Run swagger generate
2020-10-06 12:16:16 -04:00