* Cleaning up public/ and documenting js/css libs.
This commit mostly addresses #1484 by moving vendor'ed plugins into a
vendor/ directory and documenting their upstream source and license in
vendor/librejs.html.
This also proves gitea is using only open source js/css libraries which
helps toward reaching #1524.
* Removing unused css file.
The version of this file in use is located at:
vendor/plugins/highlight/github.css
* Cleaned up librejs.html and added javascript header
A SafeJS function was added to templates/helper.go to allow keeping
comments inside of javascript.
A javascript comment was added in the header of templates/base/head.tmpl
to mark all non-inline source as free.
The librejs.html file was updated to meet the current librejs spec. I
have now verified that the librejs plugin detects most of the scripts
included in gitea and suspect the non-free detections are the result of
a bug in the plugin. I believe this commit is enough to meet the C0.0
requirement of #1534.
* Updating SafeJS function per lint suggestion
* Added VERSIONS file, per request
* Remove unit types commits and settings
* Can not limit units in administrator teams
* Limit changing units only to teams with read and write access mode
* Small code optimization
* Add configuration flag SSH_EXPOSE_ANONYMOUS
If this flag (default True) is set to false, the SSH clone URL will only be exposed if the current user is signed in.
* Default SSH exposure set to false
To match GitHub and for security reasons, SSH URL exposure is disabled by default.
In addition to that. minor code changes have been applied.
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
* Add integration tests
* Hide clone button neither HTTP and SSH is enabled
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
This changes the regex to look for a hash from 7 to 40 characters,
to match the use of abbreviated hash lookups in both git and github.
The restriction of not being a pure number is also removed because
1234567 is now considered a valid abbreviated hash, as is deadbeef.
A note has been added to the top of the code to state that the
literal regex match is fine, but no extra validation is currently
performed so some false positives are expected.
A future change could ensure that the hash exists in the repository
before rendering it as a link, although this might incur a slight
performance penalty.
Reverts part of commit 4a46613 and fixes#2053.
* Add setting to disable authorized_keys backup when rewriting public keys
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Update default value to comply with documentation
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Use tmp-file instead of bak-file for saving manually added keys.
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing and build bakpath with sprintf only
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Only close file once
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not modify calcFingerprint
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Fix casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change style from disable to enable
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change name, just SSH_BACKUP_AUTHORIZED_KEYS
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not check for directory existence if backup is disabled
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
The well commented conf/app.ini file that comes with the code shows the
ROOT_URL (i.e. setting.AppURL) as:
ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
However the installed custom/conf/app.ini file does not include this setting as
shown, and the default in the setting module was hard coded to
http://localhost:3000/ instead of what is shown above.
With this change the ROOT_URL will default to what is shown above if it is not
set in the custom/conf/app.ini.
Of course it is still possible to override the default by adding the ROOT_URL
setting to your custom/conf/app.ini file as usual.
Signed-off-by: Mike Fellows <mike.fellows@shaw.ca>
* Send mails as HTML as default. Setting for send as plain text.
* Add new option SendAsPlainText. remove EnableHTMLAlternative
* Send HTML mails as default
* Add html check if html2text should be performed
* Send only multipart or plain. Add deprication warning for ENABLE_HTML_ALTERNATIVE
* Still use ENABLE_HTML_ALTERNATIVE for backward compatibility
* Changed to not ignore html2text errors
* Include formatting check to the `make check` rule
... and give it its own standalone target too (make fmt-check)
Show diff on fmt-check failure
Do not allow running "fmt-check" with incompatible go version
Also simplify the `fmt` rule
* Forbid running "make fmt" with Go version != 1.7 or 1.8
* Ignore bindata.go for spelling and formatting checks
also remove duplicated variable assignment for GOFILES
* Run `make fmt`
* add units to team
* fix lint
* finish team setting backend
* finished permission controll on routes
* fix import blank line
* add unit check on ssh/http pull and push and fix test failed
* fix fixtures data
* remove unused code
* markup: microoptimise for many short filenames in directory
Move strings.ToLower() after the early-return length check. This is a safe operation in all cases and should slightly improve directory listing performance when a directory contains many thousands of files with short filenames.
* markup: expand test cases for IsReadmeFile()
* Fix commit sha1 URL rendering in markdown
* Add unit test for commit sha1 markdown rendering when sha1 has space before it
* Change to better variable name
* move all database operations from hook command to web command and instead of internal routes
* bug fixed
* adjust the import path sequences
* remove unused return value on hookSetup
- Generate swagger.json into public/
- Add swagger-ui auto-installation
- Add footer link to local swagger-ui
- Add /swagger url for using app url.
- Fix Swagger-UI version via git tag
* Do not allow commiting to protected branch from online editor
* Add editor integration tests for adding new file and not allowing to add new file to protected branch
* add google+
* sort signin oauth2 providers based on the name so order is always the same
* update auth tip for google+
* add gitlab provider
* add bitbucket provider (and some go fmt)
* add twitter provider
* add facebook provider
* add dropbox provider
* add openid connect provider incl. new format of tips section in "Add New Source"
* lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow)
* imports according to goimport and code style
* make it possible to set custom urls to gitlab and github provider (only these could have a different host)
* split up oauth2 into multiple files
* small typo in comment
* fix indention
* fix indentation
* fix new line before external import
* fix layout of signin part
* update "broken" dependency
* add internal routes for ssh hook comands
* fix lint
* add comment on why package named private not internal but the route name is internal
* add comment above package private why package named private not internal but the route name is internal
* remove exp time on internal access
* move routes from /internal to /api/internal
* add comment and defer on UpdatePublicKeyUpdated
* Add correct git branch name validation
* Change git refname validation error constant name
* Implement URL validation based on GoLang url.Parse method
* Backward compatibility with older Go compiler
* Add git reference name validation unit tests
* Remove unused variable in unit test
* Implement URL validation based on GoLang url.Parse method
* Backward compatibility with older Go compiler
* Add url validation unit tests
* Implementation of the feature to view repository size in admin panel
* Move GetRepoSize to git module
* Repository.RepoSize -> Repository.Size
* RepoSize -> Size in template
* Redo a few bits and pieces
* Update size when syncing mirror or forking
* Remove GetRepoSize
* Changed fatal errors to error message
* Copy migration code from Gogs
* make fmt
* Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION
Omit the configuration variable (the default) to be dependent.
Fixes#1363
* Move OpenID settings under Service object
* Show OpenID SignUp and SignIn status in admin panel / configuration
* Fix for #828
Add build tags to ldflags and print in version output
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Reworked formatBuiltWith function
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Add tags to version information in admin panel
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Added new variable for use on admin page.
Signed-off-by: Jonas Östanbäck <jonas.ostanback@gmail.com>
* Fixed incorrect indentation
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)
* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)
* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)