Commit graph

1535 commits

Author SHA1 Message Date
Ethan Koenig 74bbec3bf9 Fix permission bugs in team API (#647) 2017-01-20 13:16:10 +08:00
Ethan Koenig fcf02e4961 API Endpoints for organization members (#645) 2017-01-20 10:31:46 +08:00
Matthias Loibl d1006150fb Refactor process package and introduce ProcessManager{} with tests (#75)
* Add a process.Manager singleton with process.GetManager()

* Use process.GetManager everywhere

* Fix godoc comments for process module

* Increment process counter id after locking the mutex
2017-01-17 13:58:58 +08:00
Andrew 6dd096b7f0 Two factor authentication support (#630)
* Initial commit for 2FA support

Signed-off-by: Andrew <write@imaginarycode.com>

* Add vendored files

* Add missing depends

* A few clean ups

* Added improvements, proper encryption

* Better encryption key

* Simplify "key" generation

* Make 2FA enrollment page more robust

* Fix typo

* Rename twofa/2FA to TwoFactor

* UNIQUE INDEX -> UNIQUE
2017-01-16 10:14:29 +08:00
Philip Couling 64375d875b Attach to release (#673)
* Moved attachaments POST url from /issues/attachments to /attachments

* Implemented attachment upload on release page

* Implemented downloading attachments on the release page

* Added zip and gzip files to default allowed attachments

* Implemented uploading attachments on edit release

* Renamed UploadIssueAttachment to UploadAttachment
2017-01-15 22:57:00 +08:00
btrepp 302fa42980 Removes reliance on server specific SQL (#393)
Breaks the retrieval of repositories into two queries
This fetches the paged ids in one go, then the
actual repository information in a second query

Some databases do not support SELECT with *
when group by is used.
2017-01-14 22:32:36 +08:00
Ethan Koenig a6f5efa0bb Fix ambiguity bug in getCommentsByRepoIDSince (#665) 2017-01-14 10:21:30 +08:00
Ethan Koenig 27fcf8d30a Bug fixes for webhook API (#650) 2017-01-14 10:14:48 +08:00
Lunny Xiao 87ad4961f6 bug fixed for update repository (#664) 2017-01-14 10:07:04 +08:00
Andrey Nering 769e0a3ea6 Notifications: mark as read/unread and pin (#629)
* Use relative URLs

* Notifications - Mark as read/unread

* Feature of pinning a notification

* On view issue, do not mark as read a pinned notification
2017-01-12 12:27:09 +08:00
Bo-Yi Wu cbf2a967c5 refactor: Add new deleteOrg func. (#633) 2017-01-11 21:10:43 +08:00
Ethan Koenig b316b2e740 Unit tests for models/admin 2017-01-09 21:49:51 +01:00
Ethan Koenig 973282dae2 Better coverage in pull_test (#615) 2017-01-09 11:15:07 +08:00
Ethan Koenig 862948ab88 Better coverage and TODOs for update_test (#616) 2017-01-09 11:14:57 +08:00
Ethan Koenig 4b23e6a694 Unit tests for models/action (#619) 2017-01-09 11:08:36 +08:00
derSuessmann 51d578ff33 Add Keep email private (see issue #571). (#571)
- Add site-wide option DEFAULT_KEEP_EMAIL_PRIVATE.
- Add the new option to the install and admin/config pages.
- Add the new option to app.ini in the service section.
- Add the new option to the settings struct.
- Add English text strings to i18n.
- Add field KeepEmailPrivate to user struct.
- Add field KeepEmailPrivate to user form.
- Add option to UI.
- Add using noreply email address if user has "Keep Email Private".
An email address <LowerName>@<NO_REPLY_ADDRESS> is now used in commit
messages (and hopefully all other git log relevant places). The
change relies on the fact that git commands should use
user.NetGitSig().
- Add hiding of email address in UI, if user has set "Keep Email Private".
- Add condition to show email address only on explore/users and user
pages, if user has not set "Keep Email Private".
- Add noreply email in API if set "Keep Email Private".
- Add a new service setting NO_REPLY_ADDRESS. The value of this
setting is used as the domain part for the user's email address in
git log, iff he decides to keep his email address private.
If the user decides to keep his email address private and this
option is not set 'noreply.example.org' is used, which no MTA
should send email to.

Add NO_REPLY_ADDRESS to conf/app.ini.
2017-01-08 11:12:03 +08:00
Ethan Koenig 6072b03291 Unit tests for models/access.go (#606) 2017-01-08 11:10:53 +08:00
Ethan Koenig 8422ab542c API endpoint for subscribers (#598) 2017-01-07 11:13:02 +08:00
Andrey Nering 03b45284e1 Merge pull request #555 from ethantkoenig/tests/pull
Unit tests for models/pull.go
2017-01-06 19:19:18 -02:00
Andrey Nering 84b7d29d34 Create missing database indexes (#596) 2017-01-06 23:14:33 +08:00
Ethan Koenig 72bfabfada Unit tests for models/pull.go 2017-01-06 10:08:23 -05:00
Ethan Koenig 1a7fc53c98 API endpoint for stargazers (#597) 2017-01-06 15:05:09 +08:00
Lunny Xiao 61306fa737 Make releases faster than before and resolved #490 (#588)
* make releases faster than before and resolved #490

* fix comment
2017-01-06 09:51:15 +08:00
Andrey Nering 79d527195d Merge pull request #539 from andreynering/notifications-step-2
Notifications - Step 2
2017-01-05 11:53:01 -02:00
Ethan Koenig c5f0d4b1a0 Fix SQL bug in models/access (#583)
Previously got a 'relation repo_access does not exist' error in User_GetRepositoryAccesses
2017-01-05 08:57:54 +08:00
Berk Demirkır bdad3b259a Check primary email address fields on CreateUser (#556)
* Check primary email address fields on CreateUser

As this check wasn't available, uid=1 (and possibly guests too, if registration is open) is able to register new users with existing email addresses. This leads to numerous 500 errors.

* Update user.go

* Lower the email first. Then check
2017-01-05 08:52:20 +08:00
Ethan Koenig 1207bda94b Fix typos in models/ (#576) 2017-01-05 08:50:34 +08:00
Andrey Nering b354cf362e Add pagination for notifications 2017-01-03 17:09:36 -02:00
Lunny Xiao 09dabe2ff2 fix bug #564 (#567) 2017-01-03 16:27:11 +08:00
Lunny Xiao 980dd0bf51 Update xorm and dependencies vendor for feature to dump to other database (#565)
* update xorm and dependencies vendor for feature to dump to other database

* fix golint
2017-01-03 16:20:28 +08:00
Kjell Kvinge 4b0974ec10 Fix benchmarktests (#557) 2017-01-03 10:52:09 +08:00
Lunny Xiao 3c7116382f change the default action when deleting a release to not delete tag 2017-01-03 02:27:38 +01:00
Ethan Koenig 0c301f7b5c Release API endpoints 2017-01-02 00:10:52 +01:00
Lunny Xiao 6e5fffbd3f resolved #485: when migrate empty wiki repo, then ignore (#541) 2016-12-31 17:34:34 +08:00
Ethan Koenig de8b73dd92 Unit tests for token and update models 2016-12-31 10:17:45 +01:00
Schwobaland c0904f1942 Restrict creating organisations by user (#193)
* restrict creating organizations based on right on user

* revert bindata.go

* reverse vendor lib

* revert goimports change

* set AllowCreateOrganization default value to true

* revert locale

* added default value for AllowCreateOrganization

* fix typo in migration-comment

* fix comment

* add coments in migration
2016-12-31 10:33:30 +08:00
Bo-Yi Wu 6510e57758 fix gofmt error
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2016-12-30 20:41:10 +01:00
Andrey Nering 42904cb98a Notification - Step 1 (#523)
* Notification - Step 1

* Add copyright headers

* Cache issue and repository on notification model
2016-12-31 00:44:54 +08:00
typeless 937b4b5aa1 Speed up conflict checking in pull request creation (#276)
* Speed up conflict checking in pull request creation

In order to check conflicts of a PR, we set up a working tree by
cloning the base branch, which is quite time-consuming when the repository is huge.
Instead, this PR uses `git read-tree` and `git apply --check --cached` to check conflicts.

For #258

* Use $GIT_INDEX_FILE instead of --index-output to avoid lockfile problem

The lockfile gets renamed to the final destination after the operation
finishes. But it must be located in the same filesystem, which prevents
us from using /tmp.

* Temporary file names should not prefixed with '-'
2016-12-29 22:59:52 +08:00
Andrey Nering b992858883 Tab on user profile to show starred repos (#519)
* Tab on user profile to show starred repos

* Make golint happy and use transactions on StarRepo function

* x -> sess

* Use sess.Close() instead of sess.Rollback()

* Add copyright

* Fix lint
2016-12-29 22:58:24 +08:00
Lunny Xiao 799d0c2030 slight optimization for GetUserRepositories (#498) 2016-12-29 02:53:33 -06:00
Kjell Kvinge 22e1bd31c6 commithgraph / timeline (#428)
* Add model and tests for graph

* Add route and router for graph

* Add assets for graph

* Add template for graph
2016-12-29 07:44:32 +08:00
Bwko 331316894e Replace Gogs with Gitea (#520) 2016-12-28 16:33:21 +08:00
Lunny Xiao c463b1b8cb Optimization for user.GetRepositoryAccesses to reduce db query times (#495)
* optimization for user.GetRepositoryAccesses to reduce db query times

* fix missing cache
2016-12-28 09:34:35 +08:00
Lunny Xiao ba134bd27a fix 500 when delete orgnization and resolved #486 2016-12-27 12:00:12 +01:00
Ethan Koenig 2342df183b API Endpoints for collaborators (#375) 2016-12-26 15:37:01 +08:00
Fabian Zaremba 2e7ccecfe6 Git LFS support v2 (#122)
* Import github.com/git-lfs/lfs-test-server as lfs module base

Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198

Removed:

Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go
.dockerignore .gitignore README.md

* Remove config, add JWT support from github.com/mgit-at/lfs-test-server

Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83

* Add LFS settings

* Add LFS meta object model

* Add LFS routes and initialization

* Import github.com/dgrijalva/jwt-go into vendor/

* Adapt LFS module: handlers, routing, meta store

* Move LFS routes to /user/repo/info/lfs/*

* Add request header checks to LFS BatchHandler / PostHandler

* Implement LFS basic authentication

* Rework JWT secret generation / load

* Implement LFS SSH token authentication with JWT

Specification: https://github.com/github/git-lfs/tree/master/docs/api

* Integrate LFS settings into install process

* Remove LFS objects when repository is deleted

Only removes objects from content store when deleted repo is the only
referencing repository

* Make LFS module stateless

Fixes bug where LFS would not work after installation without
restarting Gitea

* Change 500 'Internal Server Error' to 400 'Bad Request'

* Change sql query to xorm call

* Remove unneeded type from LFS module

* Change internal imports to code.gitea.io/gitea/

* Add Gitea authors copyright

* Change basic auth realm to "gitea-lfs"

* Add unique indexes to LFS model

* Use xorm count function in LFS check on repository delete

* Return io.ReadCloser from content store and close after usage

* Add LFS info to runWeb()

* Export LFS content store base path

* LFS file download from UI

* Work around git-lfs client issue with unauthenticated requests

Returning a dummy Authorization header for unauthenticated requests
lets git-lfs client skip asking for auth credentials
See: https://github.com/github/git-lfs/issues/1088

* Fix unauthenticated UI downloads from public repositories

* Authentication check order, Finish LFS file view logic

* Ignore LFS hooks if installed for current OS user

Fixes Gitea UI actions for repositories tracking LFS files.
Checks for minimum needed git version by parsing the semantic version
string.

* Hide LFS metafile diff from commit view, marking as binary

* Show LFS notice if file in commit view is tracked

* Add notbefore/nbf JWT claim

* Correct lint suggestions - comments for structs and functions

- Add comments to LFS model
- Function comment for GetRandomBytesAsBase64
- LFS server function comments and lint variable suggestion

* Move secret generation code out of conditional

Ensures no LFS code may run with an empty secret

* Do not hand out JWT tokens if LFS server support is disabled
2016-12-26 09:16:37 +08:00
Philip Couling d4924d45d6 Implement sendmail (#355)
* Implemented sendmail. This piggybacks on existing configuration to keep the change simple

* Changed privicy of new sendSMTP and sendSendmail functions

* Fixed Lint errors

* Seperated SMTP and sendmail into their own senders

* Making new structs private as they should not be used externally now

* Added sendmail setting to ini file

* Minor code cleanup
2016-12-25 14:55:22 +01:00
Bwko fa3abc22c0 Added sorting to organizations, repos & users page (#222) 2016-12-24 22:42:26 +08:00
Bwko a345a03d99 Added sorting to the labels & milestones page (#199) 2016-12-24 22:41:09 +08:00
Ethan Koenig d0932ef147 Bug fixes for Issues filters (#413)
Correctly handle simultaneous assignee/poster filters, and conflicting assignee filters
2016-12-24 18:33:21 +08:00
Ethan Koenig 8a4161c723 API Endpoint for watching (#191) 2016-12-24 09:53:11 +08:00
btrepp 25b5ffb6af Enables mssql support (#383)
* Enables mssql support

Port of dlobs work in gogs.
Enables options in index.js
Enables MSSQL as a database option in go.
Sets ID to 0 on initial migration. Required for
MSSQL insert statements.

Signed-off-by: Beau Trepp <beautrepp@gmail.com>

* Vendors in denisenkom/go-mssqldb

Includes golang.org/x/crypto/md4
as this is required by go-msssqldb

Signed-off-by: Beau Trepp <beautrepp@gmail.com>
2016-12-24 09:37:35 +08:00
Lunny Xiao a822bba3e1 Add default values for settings (#455)
* add default values for settings

* more default values

* more default settings and labels resource

* mv locale to options
2016-12-23 15:18:05 +08:00
Thomas Boerger b33078fa33 Bindata is optional and over-writable on restart (#354)
* Moved conf assets into options folder

* Dropped old bindata

* Started to integrate options bindata and accessors

* Do not enforce a builtin app.ini

* Replaced bindata calls with options

* Dropped bindata task from makefile, it's the generate task now

* Always embedd app.ini to provide sane config defaults

* Use sane defaults for the configuration

* Defined default value for SSH_KEYGEN_PATH

* Dropped "NEVER EVER MODIFY THIS FILE" header from app.ini

* Fixed new paths in latest test additions

* Drop bindata with make clean task

* Set more proper default values
2016-12-22 19:12:23 +01:00
Lunny Xiao c21e2c4151 fix tag webhook 404 error (#420) 2016-12-22 22:57:48 +08:00
Lunny Xiao 47a7529d96 update code.gitea.io/git (#450) 2016-12-22 10:30:52 +01:00
Lunny Xiao 0c5c34d7dd UpdateIssueUsersByMentions was calling database write operations while (#443)
a transaction session was in progress. MailParticipants was failing
silently because of the SQLITE_LOCKED error. Make sure failures in
MailParticipants enter the log, and pass on the transaction context.

issue: let caller pass in database context, and use it
issue_comment: obtain database context to pass to UpdateIssueMentions
issue_comment: log any error from call to MailParticipants
issue_mail: pass on database context to UpdateIssueMentions
2016-12-22 17:00:39 +08:00
Ethan Koenig 4c89a9c33c Bug fixes and tests for modules/base (#442)
Also address other TODOs
2016-12-22 16:58:04 +08:00
Kim "BKC" Carlbäcker df7fa4e995 issue comment api fix (#449)
* ListAllInRepo & Delete Issue-Comments

* Moar data in issue-comments
2016-12-22 16:29:26 +08:00
Alexander Lunegov d5d21b67d2 Fix string format verbs (#3637) 2016-12-22 08:18:41 +01:00
Denis Denisov 380e32e129 Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator

Fix random string generator

Random string generator should return error if it fails to read random data via crypto/rand

* Fixes variable (un)initialization mixed assign
Update test GetRandomString
2016-12-20 13:32:02 +01:00
Michael de Wit 1d30457a94 change test mail subject and body to 'Gitea Test Mail!'
Signed-off-by: Michael de Wit <mjwwit@gmail.com>
2016-12-20 09:34:50 +01:00
Lunny Xiao 7c46667e71 fixed vulnerabilities labels (#409) 2016-12-17 19:49:17 +08:00
Richie B2B 44428fdc38 Remove fixed FIXME (#408) 2016-12-16 17:00:30 +01:00
Richie B2B 0d6e88baef Fix typo (#407) 2016-12-16 17:00:15 +01:00
Lunny Xiao 15c3d14d55 fixed vulnerabilities on deleting release (#399) 2016-12-16 19:42:39 +08:00
Lunny Xiao b4c794058a fixed vulnerabilities (#392) 2016-12-15 16:49:06 +08:00
Lunny Xiao d771e978a1 Don't use custom PBKDF2 function (#382) 2016-12-15 09:24:27 +08:00
Lunny Xiao 73710c00a8 bug fixed branch name for pushupdate (#380) 2016-12-13 15:19:42 +08:00
Denis Denisov f0a989c1d0 Correction LDAP validation (#342)
* Correction LDAP username validation

As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it.

* Check for zero length passwords in LDAP module.

According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD.

* Clearing the login/email spaces at the [start/end]
2016-12-12 08:46:51 +08:00
Bwko abcd39f7d5 In the wiki title replace tab with a space (#371) 2016-12-11 11:01:26 +08:00
Bwko cbcb4361d5 Fixes issue #283
Delete old temp local copy before we create a new temp local copy
2016-12-09 20:13:48 +01:00
Ethan Koenig 401a8db0ed Remove stale comment in models/repo.go (#366) 2016-12-08 00:04:12 +01:00
Ethan Koenig 04b9a7e7a2 Bug fixes for repo permissions in API
Also move duplicated code into repo.APIFormat(..)
2016-12-07 12:55:24 +01:00
Thomas Boerger 83ed234472 Integrate templates into bindata optionally (#314)
Integrated optional bindata for the templates
2016-12-06 18:58:31 +01:00
Kim "BKC" Carlbäcker d07c955e2a Fix regression in PR-API #248 (#349)
* Fix #344 (regression in PR-API #248)
2016-12-05 12:17:39 +01:00
Bwko 0118b275b6 Fix for #320
Suppress the error when we're removing a file that may not exist
2016-12-03 22:31:54 +01:00
Denis Denisov c8f300b2cd Safe compare password (timing attack) (#338) 2016-12-03 13:49:17 +08:00
Kim "BKC" Carlbäcker 0f05470cb8 [API] Pull Requests (#248) 2016-12-02 12:10:39 +01:00
Kim "BKC" Carlbäcker e8e0539b45 Linting 2016-12-02 09:31:44 +01:00
Kim "BKC" Carlbäcker e6cfccdd40 GitHub API Compliance (& linting) 2016-12-02 09:18:15 +01:00
Bwko 4ff0db0246 Catch os... errors 2016-12-02 07:41:19 +01:00
Bwko 5ab85372da Added rel="noopener" to target="_blank" hrefs (#327)
* Added rel="noopener" to target="_blank" hrefs

* Replaced gogs.io/docs with docs.gitea.io
2016-12-02 09:12:16 +08:00
Lunny Xiao 646e02b521 typo 2016-12-01 09:05:32 +08:00
Thomas Boerger 6dd2c3b2db
Fixed linting errors for variable definitions 2016-11-29 14:05:26 +01:00
Kim "BKC" Carlbäcker 42ec5ce740 Fix breakage from vendor-update 2016-11-29 11:50:22 +01:00
Kim "BKC" Carlbäcker dad806d3ea CreateBranch-hook has shasum. Use the full ref for fetching shasum 2016-11-29 11:50:22 +01:00
Kim "BKC" Carlbäcker f364522468 Tag-webhooks are useless without shasums 2016-11-29 11:50:22 +01:00
Andrey Nering fd53028139 Merge pull request #294 from Bwko/Lint/user.go
Lint models/user.go
2016-11-28 20:30:02 -02:00
Bwko bad1bc6518 Lint models/repo.go 2016-11-28 18:27:55 +01:00
Bwko a5aae1c145 Lint models/repo_* 2016-11-28 17:58:59 +01:00
Bwko 9963d61233 Lint models/user.go 2016-11-28 17:47:46 +01:00
Lunny Xiao 27d66855eb golint fixed for models/migrations (#291) 2016-11-28 23:44:17 +08:00
Lunny Xiao 1d0f811399 golint fixed for models/pull.go (#292) 2016-11-28 23:31:06 +08:00
Lunny Xiao 9fc609ce17 golint fixed for models/issue_comment.go 2016-11-28 21:33:09 +08:00
Thomas Boerger 9948f0daaa Merge pull request #285 from lunny/lunny/golint_models_org_team
Golint for models/org_team.go
2016-11-28 09:42:53 +01:00
Lunny Xiao f215d78157 rename all uID -> userID on models/org_team.go 2016-11-28 16:33:08 +08:00
Lunny Xiao bf8d90c5cc golint fixed for models/models.go (#284) 2016-11-28 15:25:16 +08:00
Lunny Xiao 21846d16e5 golint for models/org_team.go 2016-11-28 09:30:08 +08:00