Commit Graph

2737 Commits

Author SHA1 Message Date
Lunny Xiao 21adeaad70
Fix dashboard issues labels filter bug (#14210)
Co-authored-by: zeripath <art27@cantab.net>
2021-01-01 12:49:42 -05:00
Johnny Oskarsson a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
zeripath ef825bd242
Check for notExist on profile repository page (#14197)
Fix #14189
2020-12-31 15:45:54 +08:00
Chester Liu 632800eda7
Check for 'main' as potential default branch name (#14193) 2020-12-30 15:46:26 +00:00
Timo Ley 2b2a4a53bf
Custom icons for OAuth sources (#14161)
* Add Icon URL to Backend

* Template for Icon URL

* Localization & Edit Icon URL

* Improve Custom Icon URL

* Removed not working else

Co-authored-by: 6543 <6543@obermui.de>
2020-12-28 03:35:55 +01:00
Jimmy Praet 40274b4a93
Team dashboards (#14159) 2020-12-27 21:58:03 +02:00
Lunny Xiao dd08853b10
Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244)
* Dump github/gitlab repository data to a local directory

* Fix lint

* Adjust directory structure

* Allow migration special units

* Allow migration ignore release assets

* Fix lint

* Add restore repository

* stage the changes

* Merge

* Fix lint

* Update the interface

* Add some restore methods

* Finish restore

* Add comments

* Fix restore

* Add a token flag

* Fix bug

* Fix test

* Fix test

* Fix bug

* Fix bug

* Fix lint

* Fix restore

* refactor downloader

* fmt

* Fix bug isEnd detection on getIssues

* Refactor maxPerPage

* Remove unused codes

* Remove unused codes

* Fix bug

* Fix restore

* Fix dump

* Uploader should not depend downloader

* use release attachment name but not id

* Fix restore bug

* Fix lint

* Fix restore bug

* Add a method of DownloadFunc for base.Release to make uploader not depend on downloader

* fix Release yml marshal

* Fix trace information

* Fix bug when dump & restore

* Save relative path on yml file

* Fix bug

* Use relative path

* Update docs

* Use git service string but not int

* Recognize clone addr to service type
2020-12-27 11:34:19 +08:00
zeripath ad1164f73b
Disable SSH key deletion of externally managed Keys (#13985)
* Disable SSH key addition and deletion when externally managed

When a user has a login source which has SSH key management
key addition and deletion using the UI should be disabled.

Fix #13983

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make only externally managed keys disabled

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-25 23:24:47 -05:00
6543 a19447aed1
migrate from com.* to alternatives (#14103)
* remove github.com/unknwon/com from models

* dont use "com.ToStr()"

* replace "com.ToStr" with "fmt.Sprint" where its easy to do

* more refactor

* fix test

* just "proxy" Copy func for now

* as per @lunny
2020-12-25 11:59:32 +02:00
Daniil Pankratov 5a94db37ed
Fix creating OAuth2 auth source from CLI (#14116)
Fix creation OAuth2 auth source from CLI.

Fix #8356

Co-authored-by: Daniil Pankratov <daniil.pankratov@t-systems.com>
2020-12-24 19:47:17 +00:00
Norwin bdeccc3688
Fix api doc response code (#14123)
Fixes #14120
2020-12-24 18:14:01 +00:00
zeripath fa2e34928d
Ensure that search term and page are not lost on adoption page-turn (#14133)
Fix #14111

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-24 23:26:19 +08:00
Jimmy Praet e0c753e770
Fix spelling avator -> avatar (#14115) 2020-12-22 22:28:03 +01:00
silverwind 3a21f8a986
Inline manifest.json (#14038)
* Inline manifest.json

Improve performance by eliminating this separate request and just inline
this small JSON in HTML directly as a data uri.

Also update previously static app name scripts to use AppName.

I've confirmed this as working via "Add to Homescreen" feature which
offered to save the shortcut under the new app name.

* prerender manifest data on startup

* move to settings

* restore setting.AppStartTime and use it on admin page

* use double quotes because template.URL escapes everything

* fix lint

* move variable to global context variable

* delete template file

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-22 19:13:50 +08:00
Norwin c2ae432489
Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
* add user filter to issueTrackedTimes

fixes #14024

* update swagger

* allow user filter for issue writers

* improve swagger doc

* return 404 on invalid user
2020-12-22 04:47:17 +01:00
Norwin f6bec85296
rework heatmap permissions (#14080)
* now uses the same permission model as for the activity feed:
  only include activities in repos, that the doer has access to.
  this might be somewhat slower.

* also improves handling of user.KeepActivityPrivate (still shows
  the heatmap to self & admins)

* extend tests

* adjust integration test to new behaviour

* add access to actions for admins

* extend heatmap unit tests
2020-12-22 03:53:37 +01:00
Mura Li 09304db9a5
Use the text of pull-request as the squash commit's message (#13071)
Originally, it was filled by the commit messages of the involved
commits. In this change, we use the headline comment of the pull
request as the commit message when it is a squash merge.

Thanks to @zeripath for suggesting the idea.

Fixes #12365

Co-authored-by: Mura Li <typeless@users.noreply.github.com>
2020-12-21 17:46:14 +01:00
a1012112796 34df4e5df5
Add mentionable teams to tributeValues and change team mention rules to gh's style (#13198)
* Add mentionable teams to tributeValues

Signed-off-by: a1012112796 <1012112796@qq.com>

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Change team mention rules to gh's style

* use org's avator as team avator in ui

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update modules/markup/html.go

* Update models/issue.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Update models/issue.go

* fix a small nit and update test code

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-21 16:39:28 +01:00
Paweł Bogusławski 839daa85aa
Added option to disable migrations (#13114)
* Added option to disable migrations

This patch introduces DISABLE_MIGRATIONS parameter in [repository]
section of app.ini (by default set to false). If set to true
it blocks access to repository migration feature.

This mod hides also local repo import option in user editor if
local repo importing or migrations is disabled.

* Alter Example config

DISABLE_MIGRATIONS set to false in example config to
match its default value.

* HTTP error 403 instead of 500 on denied access to migration

* Parameter DISABLE_MIGRATIONS exposed via API

Fixes: 04b04cf854bcb3ed7659442bcf79822bdebe29e9
Author-Change-Id: IB#1105130
2020-12-21 15:39:41 +01:00
Cirno the Strongest f3c4baa84b
Show dropdown with all statuses for commit (#13977)
* Show dropdown with all statuses for commit

* Use popups

* Remove unnecessary change

* Style popup

* Use divided list

* As per @silverwind

* Refactor GetLastCommitStatus

* Missing dropdown on repo home and commit page

* Fix tests

* Make status icon be a part of a link on PR list

* Fix missing translation call

* Indent fix

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-20 11:13:12 +08:00
Jiri Vlasak d7c67a9fb2
Manually approve new registration (#13083)
* Add register manual confirm settings option

The new settings option is used when manually approving new
registrations.

* Enable manual confirmation of new registered user

When manual registration confirmation is desired (by default `false`)
create new user in the database that is *not active*. The user must then
be activated manually.

This change speeds up the process of adding new confirmed users for
Gitea instances without external auth mechanism. (Currently the option
is to manually create new user by admin.)

* Update docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-19 20:31:06 -05:00
Cirno the Strongest efa9a8a6e3
Show status check for merged PRs (#13975)
* Show status check for merged PRs

* Handle PRs with no commits

* Styling

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-18 13:37:55 +01:00
6543 e483220ea3
[Refactor] CombinedStatus and CommitStatus related functions & structs (#14026)
* RM unused struct

* rename (*CommitStatus) loadRepo() -> loadAttributes()

* move ToCommitStatus into its own file

* use CommitStatusState instead of StatusState

* move CombinedStatus convertion into convert package

* let models.GetLatestCommitStatus use repoID direct and accept ListOptions

* update swagger docs

* fix tests

* Fix swagger docs

* rm page

* fix swagger docs!!!

* return json null

* always return json

* rename api.Status to api.CommitStatus

* fix swagger docs

* sec swagger fix
2020-12-18 11:33:32 +08:00
zeripath 511f6138d4
Use native git variants by default with go-git variants as build tag (#13673)
* Move last commit cache back into modules/git

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove go-git from the interface for last commit cache

Signed-off-by: Andrew Thornton <art27@cantab.net>

* move cacheref to last_commit_cache

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove go-git from routers/private/hook

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move FindLFSFiles to pipeline

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make no-go-git variants

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Submodule RefID

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix issue with GetCommitsInfo

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix GetLastCommitForPaths

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Improve efficiency

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More efficiency

Signed-off-by: Andrew Thornton <art27@cantab.net>

* even faster

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reduce duplication

* As per @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* attempt to fix drone

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test-tags

Signed-off-by: Andrew Thornton <art27@cantab.net>

* default to use no-go-git variants and add gogit build tag

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @6543

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-17 22:00:47 +08:00
6543 9e456b5a56
HotFix: Hide private partisipation in Orgs (#13994)
* HotFix: Hide private partisipation in Orgs

* refactor & add node to fuc GetOrganizations
2020-12-17 00:39:12 +01:00
6543 e2aa701812
[API] Add ref to create/edit issue options & deprecated assignee (#13992)
* API: Add ref to create/edit issue options

* deprecate Assignee in favour of Assignees
2020-12-15 19:38:10 +01:00
bobemoe b35c1b5784
add thumbnail preview section to issue attachments (#13826)
* add thumbnail preview section to attachments

* dont show thumbnail if the image is already shown inline

* update router to pass the `content` to the attachemnts template

* limit attachment preview height to 150px (same as width)

* remove unused css (referance removed in https://github.com/go-gitea/gitea/pull/11141/files#diff-9faae32445ed9673de2830c9fc35e93f44487f0a0068202988adaf00a5bac850L66 )

* dont show divider after edit if no attachemnts

Co-authored-by: James <inbox.dev@jhodges.co.uk>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-13 21:12:27 +02:00
zeripath 287b594803
Whenever the password is updated ensure that the hash algorithm is too (#13966)
`user.HashPassword` may potentially - and in fact now likely does - change
the `passwd_hash_algo` therefore whenever the `passwd` is updated, this
also needs to be updated.

Fix #13832

Thanks @fblaese for the hint

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-12 19:59:49 +01:00
Lunny Xiao 9f100a45c6
Possible fix the webhook API creation (#13960)
* Possible fix the webhook API creation

* Fix api create webhook bug
2020-12-12 16:33:19 +01:00
Lunny Xiao 6edfa6bc88
Fix broken migration on webhook (#13911)
* Fix broken migration on webhook

* Fix lint

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-12-09 17:20:13 +00:00
Lunny Xiao 6a370363d4
log error when login failed (#13903)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-08 21:37:47 +01:00
Eric Lesiuta abb9cffe4a
Log IP on SSH authentication failure for Built-in SSH server (#13150)
* Log IP on SSH authentication failure

fixes https://github.com/go-gitea/gitea/issues/13094

* include string 'Failed authentication attempt' in error

* update fail2ban docs

also match failed authentication over command line

* better logging of authentication errors with IP addresses

* format ...

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-08 18:54:33 +01:00
Lunny Xiao 42354dfe45
Move webhook type from int to string (#13664)
* Move webhook type from int to string

* rename webhook_services

* finish refactor

* Fix merge

* Ignore unnecessary ci

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-08 11:41:14 +01:00
6543 48a3bb7a32
User Settings: Ignore empty language codes & validate (#13755) 2020-12-04 08:20:30 +02:00
silverwind 9269a038a4
Direct avatar rendering (#13649)
* Direct avatar rendering

This adds new template helpers for avatar rendering which output image
elements with direct links to avatars which makes them cacheable by the
browsers.

This should be a major performance improvment for pages with many avatars.

* fix avatars of other user's profile pages

* fix top border on user avatar name

* uncircle avatars

* remove old incomplete avatar selector

* use title attribute for name and add it back on blame

* minor refactor

* tweak comments

* fix url path join and adjust test to new result

* dedupe functions
2020-12-03 19:46:11 +01:00
John Olheiser e306c292ac
Expose default theme in meta and API (#13809)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: 6543 <6543@obermui.de>
2020-12-03 13:53:21 +01:00
6543 7ac8a770e1
Move Repo APIFormat to convert package (#13787)
* Move Repo APIFormat to convert package

* tweek
2020-12-02 16:38:30 -05:00
6543 4f5ff1ef08
move notification APIFormat (#13783) 2020-12-02 09:24:35 +00:00
silverwind 14e8ef9ecb
Flip RUN_MODE detection in router (#13768)
Missed that part in https://github.com/go-gitea/gitea/pull/13765. It's
already in the 1.13 backport so this forward-ports that change again.
2020-12-01 09:54:44 +08:00
6543 b2435af9be
Add Allow-/Block-List for Migrate & Mirrors (#13610)
* add black list and white list support for migrating repositories

* fix fmt

* fix lint

* fix vendor

* fix modules.txt

* clean diff

* specify log message

* use blocklist/allowlist

* allways use lowercase to match url

* Apply allow/block

* Settings: use existing "migrations" section

* convert domains lower case

* dont store unused value

* Block private addresses for migration by default

* fix lint

* use proposed-upstream func to detect private IP addr

* a nit

* add own error for blocked migration, add tests, imprufe api

* fix test

* fix-if-localhost-is-ipv4

* rename error & error message

* rename setting options

* Apply suggestions from code review

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-28 19:37:58 -05:00
6543 0f14f69e60
Verify password for local-account activation (#13631)
* Verify passwords for activation

This is to prevent 3rd party activation

* Fix function comment

* only veify password on local-account aktivation

* fix lint

* Update templates/user/auth/activate.tmpl

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: Andreas Shimokawa <shimokawa@fsfe.org>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-28 17:41:06 -05:00
a1012112796 9c26dc1f3a
Add block on official review requests branch protection (#13705)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-28 21:30:46 +02:00
Simon 8c996c6505
Fix missing stylesheets on installation page (#13736)
When running gitea for the first time, the stylesheets for the
installation page are broken since the middleware that statically serves
stylesheets does not get executed by chi. This is because if no handlers
are registered in chi, it will drop all middleware.

This commit introduces a "dummy" handler to deal with that quirk.

Closes #13725

Thanks: Lunny Xiao <xiaolunwen@gmail.com> for finding the quirk

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-11-28 19:52:30 +02:00
a1012112796 1e5247d424
ui: show 'owner' tag for real owner (#13689)
* ui: show 'owner' tag for real owner

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update custom/conf/app.example.ini

* simplify logic

fix logic
fix a small bug about original author

* remove system manager tag

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-28 17:52:29 +02:00
zeripath 742e21aeba
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186)
* Ensure errors from IsDir propagate

* Handle errors when checking IsFile

* Handle and propagate errors from IsExist

* Update modules/templates/static.go

* Update modules/templates/static.go

* Return after ctx.ServerError

* Apply suggestions from code review

* Fix tests

The previous merge managed to break repo_form.go

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-27 21:42:08 -05:00
6543 f88a2eae97
[API] Add more filters to issues search (#13514)
* Add time filter for issue search

* Add limit option for paggination

* Add Filter for: Created by User, Assigned to User, Mentioning User

* update swagger

* Add Tests for limit, before & since
2020-11-23 20:49:36 +00:00
Lunny Xiao c5f6f8f2f1
Refactor combine label comments with tests (#13619)
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-20 17:29:09 -05:00
6543 1bb5c09b5d
API: Admin EditUser: Make FullName, Email, Website & Location optional (#13562)
* API: Admin EditUser: Make FullName, Email, Website & Location optional

* update swagger docs

* add Tests

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-19 20:56:42 -05:00
Karl Heinz Marbaise 702e82d162
Fix issue/pull request list assignee filter (#13647)
* Fixes #13641 - Filtering in Pull Request kept all the time.
 - The URL contains all the time the assignee in cases
   where once a type has been selected.

Signed-off-by: Karl Heinz Marbaise <kama@soebes.de>

* Followup Fixes #13641 - Filtering in Pull Request kept all the time.
 - The URL contains all the time the assignee in cases
   where once a type has been selected.
 - The same behaviour was observed issues viewed via milestones.

Signed-off-by: Karl Heinz Marbaise <kama@soebes.de>
2020-11-19 15:39:55 -06:00
silverwind 12c2efb45c
Remove fetch request from heatmap (#13623)
* Remove fetch request from heatmap

Render heatmap data directly to HTML, eliminating one HTTP request on
frontpage and user profile. Also added min-height to the container so
the page content will no longer move after loading.

* rename and error display

* also log the js error

* add error handler

* remove useless inline style and hide divider on small screens

* Update routers/user/home.go

* Update routers/user/profile.go
2020-11-18 16:00:16 -06:00