Commit graph

6878 commits

Author SHA1 Message Date
Aleksandr Bulyshchenko ee878e3951 Support secure cookie for csrf-token (#3839)
* dep: Update github.com/go-macaron/csrf

Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.

This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>

* routers: set csrf-token security depending on COOKIE_SECURE

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
2018-05-22 02:09:48 +03:00
David Schneiderbauer 31067c0a89 remove collaborative repositories from search on user profiles (#3996)
* remove collaborative repositories from search on user profiles

* rename 'My Repositories' to 'Repositories'
2018-05-21 23:07:34 +03:00
Antoine GIRARD 08c9617caa Provide compressed releases (#3991)
* Add release-compress to provide compressed releases

* check after compress
2018-05-21 14:50:39 -04:00
Antoine GIRARD 75982127c8 [doc] Update vendor tool section to dep (#4008) 2018-05-21 14:10:35 -04:00
GiteaBot b2bf1c9422 [skip ci] Updated translations via Crowdin 2018-05-21 17:24:25 +00:00
Fluf 74e05e60ca Fix typo in U2F description (#4007) 2018-05-21 13:15:25 -04:00
奶爸 d94472e89b fix #4003 (#4004)
Webhook and hook_task not cleaned up when delete repository
2018-05-21 21:30:30 +08:00
GiteaBot 2690542adb [skip ci] Updated translations via Crowdin 2018-05-21 12:35:56 +00:00
Antoine GIRARD 3f3383dc0a Migrate to dep (#3972)
* Update makefile to use dep

* Migrate to dep

* Fix some deps

* Try to find a better version for golang.org/x/net

* Try to find a better version for golang.org/x/oauth2
2018-05-21 15:34:20 +03:00
GiteaBot d7fd9bf7bb [skip ci] Updated translations via Crowdin 2018-05-21 02:29:30 +00:00
Lunny Xiao 6bdc556b7f
Fix some webhooks bugs (#3981)
* fix some webhooks bugs

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* fix test

* fix clearlabels

* fix pullrequest webhook bug fix #3492

* update release webhook description

* remove unused code

* fix push webhook in pull request

* small changes
2018-05-21 10:28:29 +08:00
GiteaBot dc0ef38950 [skip ci] Updated translations via Crowdin 2018-05-21 01:06:08 +00:00
Dominik Rimpf 1ef98a6eaa Added doc for 'IMPORT_LOCAL_PATHS' (#3997) 2018-05-21 09:04:41 +08:00
GiteaBot d7cf7393d4 [skip ci] Updated translations via Crowdin 2018-05-20 10:10:05 +00:00
Antoine GIRARD edc78b9633 Update to last common x/text (#3994) 2018-05-20 18:09:00 +08:00
GiteaBot 000b2d33a9 [skip ci] Updated translations via Crowdin 2018-05-20 06:10:47 +00:00
Antoine GIRARD 8dca5ad526 Fetch missing file in github.com/davecgh/go-spew/spew (#3995) 2018-05-20 09:09:35 +03:00
GiteaBot 81b4d38f01 [skip ci] Updated translations via Crowdin 2018-05-19 14:58:24 +00:00
Anderi Azuki c7a4317231 Update TRANSLATORS (#3933)
* Update TRANSLATORS

* Update TRANSLATORS

* Update TRANSLATORS

* Move to correct position so that list stays in alphabetical order
2018-05-19 22:57:32 +08:00
GiteaBot 01835a4206 [skip ci] Updated translations via Crowdin 2018-05-19 14:13:44 +00:00
Jonas Franz 951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00
GiteaBot f933bcdfee [skip ci] Updated translations via Crowdin 2018-05-19 13:23:21 +00:00
David Schneiderbauer 44754774f1 Re-enable random avatar feature (#3988)
* reenable random avatar feature

* replace Size check by Filename check
2018-05-19 21:22:09 +08:00
Antoine GIRARD 917b9641ec Update to last common bleve (#3986) 2018-05-19 20:49:46 +08:00
GiteaBot 1b7cd3d0b0 [skip ci] Updated translations via Crowdin 2018-05-19 01:03:22 +00:00
David Schneiderbauer 0857e289d5 fix links to prevent 404 after e.g. submitting a faulty form (#3982) 2018-05-18 21:02:04 -04:00
GiteaBot b574af27b8 [skip ci] Updated translations via Crowdin 2018-05-18 09:18:02 +00:00
kolaente 0fa07ccf99 Added docs for configuring fail2ban (#3949) 2018-05-18 17:16:30 +08:00
David Schneiderbauer 2aabfc1afa Splitted the user settings code into several files to be more maintainable (#3968)
* refactor setting router code

splitted up one huge router settings file into the smaller files
representing the actual page structure

* move code to subfolder

* rename functions

* renamed files

* add copyright information
2018-05-17 12:05:00 +08:00
GiteaBot 8f4d11af0b [skip ci] Updated translations via Crowdin 2018-05-17 01:36:23 +00:00
techknowlogick 8176345c0e Add cli commands to regen hooks & keys (#3979)
* Add cli commands to regen hooks & keys

* make fmt

* Allow passing path to config as an option

* add docs
2018-05-17 09:35:07 +08:00
techknowlogick ecfc401eaa Allow Gitea to run as different USER in Docker (#3961)
* If using a different $USER then rename git user

* Chown based on $USER env

* Target only one part of passwd

* su-exec based on $USER

not a hardcoded value
2018-05-16 23:58:44 +08:00
GiteaBot 4ceb92f311 [skip ci] Updated translations via Crowdin 2018-05-16 14:26:58 +00:00
David Schneiderbauer 80d1998981 add missing token validation and fix missing alert on application settings page (#3976) 2018-05-16 22:18:13 +08:00
GiteaBot d79829fc47 [skip ci] Updated translations via Crowdin 2018-05-16 14:03:37 +00:00
Lunny Xiao 24941a1046
Add more webhooks support and refactor webhook templates directory (#3929)
* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* load attributes when created release

* update comparsion doc
2018-05-16 22:01:55 +08:00
GiteaBot 188fe6c301 [skip ci] Updated translations via Crowdin 2018-05-15 14:16:11 +00:00
David Schneiderbauer e45331d6d2 add user language value to hidden input to enable saving of profile without changing language (#3967) 2018-05-15 17:14:40 +03:00
GiteaBot d3dce01cf7 [skip ci] Updated translations via Crowdin 2018-05-15 10:08:59 +00:00
David Schneiderbauer 099372d76c Refactor User Settings (#3900)
* moved avatar to profile page

* combined password change, email and account deletion into account settings page

* combined totp, access tokens, linked accounts and openid into security settings page

* move access tokens to applications settings page

* small change to restart drone build

* fix change avatar url on profile page

* redirect old settings urls to new ones

* enforce only one autofocus attribute on settings pages

* set correct redirect status code

* fmt fix
2018-05-15 13:07:32 +03:00
FabioFortini 1546458f7d issue-2768: added new option allow_only_external_registration (#3910) 2018-05-13 15:51:16 +08:00
Lauris BH e74055878f Update xormstore dependency to fix OAuth2 support for MySQL (#3955) 2018-05-13 13:10:50 +08:00
GiteaBot 2c34ef5d97 [skip ci] Updated translations via Crowdin 2018-05-13 01:51:56 +00:00
techknowlogick f6828e0b66 Fix blank topic on explore repo list (#3956) 2018-05-13 09:50:39 +08:00
Lunny Xiao c14870c5ac
fix blank topic (#3948) 2018-05-11 16:15:18 +08:00
GiteaBot bc8400747a [skip ci] Updated translations via Crowdin 2018-05-11 07:56:33 +00:00
Lauris BH ff3971b830 Add LDAP integration tests (#3897)
* Add LDAP service for tests

* Add LDAP login source and test user sign-in

* Add checks to test if user data is correct

* Add LDAP user sync test

* Add failed user sign-in test
2018-05-11 15:55:32 +08:00
jess aafb0ea1c6 Activating Open Collective (#3821)
* Added backers and sponsors on the README

* Added call to donate after npm install (optional)

* Remove npm changes

* Update readme to leave only needed sections
2018-05-11 13:53:23 +08:00
techknowlogick 20acbdfe03 Remove another mention of matrix (#3947) 2018-05-11 13:18:34 +08:00
David Schneiderbauer 91b3615219 Adjust z-index for floating labels (#3939) 2018-05-11 11:28:26 +08:00