Commit graph

11870 commits

Author SHA1 Message Date
zeripath 59e6db0b65
Changelog for 1.15.0-rc3 (#16621) (#16645)
Frontport #16621

 ## [1.15.0-rc3](https://github.com/go-gitea/gitea/releases/tag/v1.15.0-rc3) - 2021-08-06

* BREAKING
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* SECURITY
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
  * Correctly create of git-daemon-export-ok files (#16508) (#16514)
  * Don't show private user's repo in explore view (#16550) (#16554)
  * Update node tar dependency to 6.1.6 (#16622) (#16623)
* API
  * Swagger AccessToken fixes (#16574) (#16597)
  * Set AllowedHeaders on API CORS handler (#16524) (#16618)
* BUGFIXES
  * Restore Accessibility for Dropdown (#16576) (#16617)
  * Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
  * Fix table alignment in markdown (#16596) (#16602)
  * Fix 500 on first wiki page (#16586) (#16598)
  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
  * Upgrade levelqueue to v0.4.0 (#16560) (#16561)
  * Handle too long PR titles correctly (#16517) (#16549)
  * Fix data race in bleve indexer (#16474) (#16509)
  * Restore CORS on git smart http protocol (#16496) (#16506)
  * Fix race in log (#16490) (#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
  * Update notification table with only latest data (#16445) (#16469)
  * Revert to use alpine 3.13 (#16451) (#16452)
  * Fix crash following ldap authentication update (#16447) (#16448)
  * Fix direct creation of external users on admin page (partial #16612) (#16613)
  * Prevent 500 on draft releases without tag (#16634) (#16636)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-08-07 20:27:49 +03:00
Romain 14762abf0b
Separate open and closed issue in metrics (#16637)
* Get the issue counts in one query

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-08-07 12:43:50 +03:00
techknowlogick 620c5690ea
Add note about build-time flags for PAM support (#16641)
Fix #16639
2021-08-07 01:22:30 -04:00
GiteaBot 2bbf1313b4 [skip ci] Updated translations via Crowdin 2021-08-07 00:07:42 +00:00
zeripath afd88a2418
Allow setting X-FRAME-OPTIONS (#16643)
* Allow setting X-FRAME-OPTIONS

This PR provides a mechanism to set the X-FRAME-OPTIONS header.

Fix #7951

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2021-08-06 16:47:10 -04:00
zeripath 067d82b5a6
Prevent 500 on draft releases without tag (#16634)
It is possible to create draft releases prior to creating a tag. This will cause a
500 on the releases page due to compare page failing.

This PR only shows the compare button if there is a SHA1 present.

Fix #16610

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-05 21:13:16 -04:00
zeripath ab9bb54144
Add microsoft oauth2 providers (#16544)
* Clean up oauth2 providers

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* remove unused Scopes

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-05 21:11:08 -04:00
GiteaBot 7e7006e00d [skip ci] Updated translations via Crowdin 2021-08-06 00:08:10 +00:00
zeripath 9430bb7f40
Frontport changelog for v1.14.6 (#16632)
* Frontport changelog for v1.14.6

Changelog frontported to below v1.15.0-rc1.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update config.yaml

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-05 20:05:20 -04:00
zeripath 6e6f23b315
Restore Accessibility for Dropdown (#16576)
* Restore #10096/#8638 and re-fix #15172

This PR restores the vendored and patched dropdow from #8638. It
however, abandons the calls to `click()` using instead the default
dropdown click calls instead. This prevents the issue of the dropdown
grabbing focus permanently however, this may have negative effects on
the effect of focus on the dropdowns.

Of note, the behaviour of the template selector dropdown on the repo
creation page is slightly odd - I don't believe that this odd behaviour
is caused by this PR but rather by the feed source for this. I suspect
that the dropdown should be adding a delete button to its selection.

Fix #15172
References: #7057

Signed-off-by: Andrew Thornton <art27@cantab.net>

* leverage fomantic-build instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per jookia

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-06 01:16:24 +03:00
Richard Mahn fd39e6dc6a
Fixes #16557 - duplicate csv import (#16631)
Remove the unnecessary duplicate package import for `encoding/csv` in `modules/csv/csv.go`

Fix #16557
2021-08-05 17:56:11 +01:00
zeripath 3a1332c326
Update node tar dependency to 6.1.6 (#16622)
Forcibly update dev dependency on tar to 6.1.6

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2021-08-05 00:14:27 -04:00
zeripath 806aa870cb
Switch back to node 16 (#16624)
Now that node 16.6.1 is out we can (if desired) switch back to node 16.

This PR proposes changing drone to run node:16

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-08-05 01:46:19 +02:00
zeripath 19e2c6a302
Set AllowedHeaders on API CORS handler (#16524)
Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers
to pull API.

Fix #16100

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-04 21:56:49 +02:00
zeripath 7c4172ef71
Pass down SignedUserName down to AccessLogger context (#16605)
* Pass down SignedUserName down to AccessLogger context

Unfortunately when the AccessLogger was moved back before the contexters the
SignedUserName reporting was lost. This is due to Request.WithContext leading to a
shallow copy of the Request and the modules/context/Context being within that request.

This PR adds a new context variable of a string pointer which is set and handled
in the contexters.

Fix #16600

Signed-off-by: Andrew Thornton <art27@cantab.net>

* handle nil ptr issue

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-04 13:26:30 -04:00
GiteaBot f03abe8fb1 [skip ci] Updated translations via Crowdin 2021-08-04 00:07:39 +00:00
zeripath 35735bbef9
Upgrade to golang-jwt 3.2.2 (#16590)
* Upgrade to golang-jwt 3.2.2

Upgrade to the latest version of golang-jwt

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version

Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2.

Further given golang-jwt/jwts stated policy of only supporting supported go versions
we should just raise our minimal version of go to 1.16 for 1.16 as by time of release
1.15 will be out of support.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update minimal go required

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update config.yaml

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-08-03 14:32:01 -04:00
Clar Fon 80b7889fee
Clarify where server.LFS_CONTENT_PATH was moved to (#16601)
Signed-off-by: ltdk <usr@ltdk.xyz>
2021-08-03 09:03:04 +01:00
Albert ARIBAUD a51cb3d4cb
Make PR merge options more intuitive (#5863) (#16582)
Reword options making clear whether the PRed branch is rebased or not, and which type of commit will be created if any.
2021-08-02 20:23:57 +01:00
zeripath 1fc7d6d6ad
Fix table alignment in markdown (#16596)
Set the TableOptions in markdown to allow alignment of the tables to work correctly

Fix #15959

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-02 17:11:18 +01:00
6543 24366eddec
[CI] Use node v14 instead of node v16 untill it will pass again (#16595)
* for CI release: use node 14 (lts) to build until 16 do fail

* all in for node v14.x
2021-08-02 03:47:29 +02:00
GiteaBot 3375e7658e [skip ci] Updated translations via Crowdin 2021-08-02 00:07:40 +00:00
zeripath 48c7c880b8
Swagger AccessToken fixes (#16574)
There is a subtle problem with the Swagger definition for AccessTokens which causes
autogeneration of APIs for these endpoints to fail.

This PR corrects these errors.

Ref: https://github.com/zeripath/java-gitea-api/issues/4
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-01 16:44:15 -04:00
zeripath e51c73ae5c
Fix 500 on first wiki page (#16586)
* Fix 500 on first wiki page

There is a mistake in #16319 and #16487 which means that the first time
a wiki page is created a 500 is reported because the `master` branch is
not in existence in that wiki yet.

This PR simply checks for this error and returns not found.

Fix #16584

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-01 19:04:32 +02:00
Lars Hvam d686d7b052
Fix swagger doc by rename repoAddTopíc to repoAddTopic (#16580)
* Swagger API: rename repoAddTopíc to repoAddTopic

This changes the operationId to only contain 7 bit ascii, note "í" instead of "i"
2021-08-01 18:28:05 +02:00
zeripath e3b6526922
Use node:16.5 for frontend instead of node:16 (#16591)
* Disable frontend testing

Jest does not appear to work on the latest node 16.6.0 and fails with an inscrutable
message.

I have been unable to work out what the problem is. This PR simply disables the
test-frontend part in the makefile.

Another alternative would be to drop node to node 14 - which is the LTS for node.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* actually just tell on 16.5 instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use node 16.5 instead of 16

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-01 17:33:02 +03:00
GiteaBot b73e421646 [skip ci] Updated translations via Crowdin 2021-08-01 00:07:51 +00:00
GiteaBot e8306505f2 [skip ci] Updated translations via Crowdin 2021-07-31 00:07:42 +00:00
zeripath 72738f0cb5
Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564)
This PR has two parts:

* Add locking to goth and gothic calls with a RWMutex

The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races

* Reattempt OAuth2 registration on login if registration failed

If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt.
    
Fix #16096

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-29 18:53:18 +01:00
AJ ONeal b9a0e33238
Pre-fill suggested New File 'name' and 'content' with Query Params (#16556)
* feature: add (GitHub-style) querystrings for pre-filling new file content

* docs: add query parameters for new files
2021-07-29 05:39:46 +02:00
Marty 4e68d6f41d
Show correct text when comparing commits on empty pull request (#16569)
* fix

* use own text

* Update templates/repo/commits_table.tmpl

Co-authored-by: marty <m.karkossa@ultraware.nl>
Co-authored-by: zeripath <art27@cantab.net>
2021-07-29 03:32:48 +01:00
Lunny Xiao 33e0b38287
Rename context.Query to context.Form (#16562) 2021-07-29 03:42:15 +02:00
a1012112796 3705168837
Add agit flow support in gitea (#14295)
* feature: add agit flow support

ref: https://git-repo.info/en/2020/03/agit-flow-and-git-repo/

example:

```Bash
git checkout -b test
echo "test" >> README.md
git commit -m "test"
git push origin HEAD:refs/for/master -o topic=test
```

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix lint

* simplify code add fix some nits

* update merge help message

* Apply suggestions from code review. Thanks @jiangxin

* add forced-update message

* fix lint

* splite writePktLine

* add refs/for/<target-branch>/<topic-branch> support also

* Add test code add fix api

* fix lint

* fix test

* skip test if git version < 2.29

* try test with git 2.30.1

* fix permission check bug

* fix some nit

* logic implify and test code update

* fix bug

* apply suggestions from code review

* prepare for merge

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix permission check bug

- test code update
- apply suggestions from code review @zeripath

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix bug when target branch isn't exist

* prevent some special push and fix some nits

* fix lint

* try splite

* Apply suggestions from code review

- fix permission check
- handle user rename

* fix version negotiation

* remane

* fix template

* handle empty repo

* ui: fix  branch link under the title

* fix nits

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-07-28 17:42:56 +08:00
Lunny Xiao 5b2e2d29ca
Upgrade levelqueue to v0.4.0 (#16560)
Fix #16546
2021-07-27 16:55:48 +01:00
GiteaBot 4b6370c46d [skip ci] Updated translations via Crowdin 2021-07-27 00:07:52 +00:00
a1012112796 9102738797
not show private user's repo in explore view (#16550)
after #16069, visibility is also usefull for user,
so this limit is not usefull.

fix #16545
2021-07-27 00:02:35 +02:00
6543 7c7771e42b
Fix session bugs (#16552)
* fix deadlog bug

* Fix models/issue_stopwatch.go

* Update models/issue_stopwatch.go

Co-authored-by: zeripath <art27@cantab.net>
2021-07-26 23:46:06 +03:00
GiteaBot e76f8cac9a [skip ci] Updated translations via Crowdin 2021-07-26 00:07:41 +00:00
zeripath 6a33b290a0
Fix add authentication page (#16543)
* Fix add authentication page

There is a regression in #16199 whereby the add authentication page
fails to react to the change in selected type.

This is due to the String() method on the LoginSourceType which is ameliorated
with an Int() function being added.

Following on from this there are a few other related bugs.

Fix #16541

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-25 08:09:52 +01:00
zeripath fd15fd4c67
Handle too long PR titles correctly (#16517)
The CompareAndPullRequestPost handler for POST to /compare
incorrectly handles returning errors to the user. For a start
it does not set the necessary markers to switch SimpleMDE
but it also does not immediately return to the form.

This PR fixes this by setting the appropriate values, fixing
the templates and preventing the suggestion of a too long
title.

Fix #16507

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-25 03:59:27 +01:00
GiteaBot 4f23624b16 [skip ci] Updated licenses and gitignores 2021-07-25 00:07:38 +00:00
6543 d717c692fa
bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) 2021-07-24 18:17:02 +01:00
Lunny Xiao 9f31f3aa8a
Add an abstract json layout to make it's easier to change json library (#16528)
* Add an abstract json layout to make it's easier to change json library

* Fix import

* Fix import sequence

* Fix blank lines

* Fix blank lines
2021-07-24 18:03:58 +02:00
techknowlogick e0f9635c06
Add Linode as an installation option in docs (#16529)
Add Linode as an installation option in docs

Co-authored-by: zeripath <art27@cantab.net>
2021-07-24 15:08:23 +01:00
techknowlogick 5a84908d42
Add snap to docs (#16530) 2021-07-24 14:06:38 +01:00
techknowlogick 29a22ade82
switch to maintained lib (#16532)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-07-24 13:00:41 +02:00
zeripath 5d2e11eedb
Refactor: Move login out of models (#16199)
`models` does far too much. In particular it handles all `UserSignin`.

It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in.

Therefore we should move this code out of `models`.

This code has to depend on `models` - therefore it belongs in `services`.

There is a package in `services` called `auth` and clearly this functionality belongs in there.

Plan:

- [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication.
- [x] Move `models.UserSignIn` into `auth`
- [x] Move `models.ExternalUserLogin`
- [x] Move most of the `LoginVia*` methods to `auth` or subpackages
- [x] Move Resynchronize functionality to `auth`
  - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files.
- [x] Move the rest of the LDAP functionality in to the ldap subpackage
- [x] Re-factor the login sources to express an interfaces `auth.Source`?
  - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future
- [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable
- [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2
  - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models.
  - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 
- [x] More simplifications of login_source.go may need to be done
- Allow wiring in of notify registration -  *this can now easily be done - but I think we should do it in another PR*  - see #16178 
- More refactors...?
  - OpenID should probably become an auth Method but I think that can be left for another PR
  - Methods should also probably be cleaned up  - again another PR I think.
  - SSPI still needs more refactors.* Rename auth.Auth auth.Method
* Restructure ssh_key.go

- move functions from models/user.go that relate to ssh_key to ssh_key
- split ssh_key.go to try create clearer function domains for allow for
future refactors here.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-24 11:16:34 +01:00
zeripath f135a818f5
Make Mermaid.js limit configurable (#16519)
* Make Mermaid.js limit configurable

Add `MERMAID_MAX_SOURCE_CHARACTERS` to `[markup]` settings
to make the maximum size of a mermaid render configurable.

Fix #16513

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup! Make Mermaid.js limit configurable

* Update custom/conf/app.example.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-07-24 00:21:51 -04:00
GiteaBot 342f338bda [skip ci] Updated translations via Crowdin 2021-07-24 00:07:49 +00:00
Lunny Xiao 9421bfedb3
Fix issue pasted image missing if no release permission (#16520)
* Fix issue pasted image missing if no release permission

* Update routers/web/web.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-23 14:08:04 -04:00