Commit graph

12471 commits

Author SHA1 Message Date
qwerty287 54243eed8d
Fix login redirection links (#17451)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-10-28 18:09:25 +08:00
zeripath 141d1a2aa5
Changelog 1.15.6 (#17457) (#17468)
Frontport #17457

 ## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-28

* BUGFIXES
  * Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
  * Fix CSV render error (#17406) (#17431)
  * Read expected buffer size (#17409) (#17430)
  * Ensure that restricted users can access repos for which they are members (#17460) (#17464)
  * Make commit-statuses popup show correctly (#17447) (#17466)
* TESTING
  * Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)
2021-10-28 10:22:27 +01:00
zeripath 3fc465ba5e
Fix mispelling of starred as stared (#17465)
There was a recent spelling mistake added to the locale file where stared was used
instead of starred.

This PR changes this to starred.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-28 15:05:00 +08:00
zeripath 0b4a8be26b
Ensure that restricted users can access repos for which they are members (#17460)
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 10:54:40 +08:00
wxiaoguang 2b2eb5d0ad
make commit-statuses popup can be shown correctly. (#17447)
Close #17443

Maybe we do not need to backport this PR, the bug doesn't break daily usage.

After the fix, the commit statuses popup can show a lot of lines with scroll bars:

![image](https://user-images.githubusercontent.com/2114189/139026160-f01b484c-6207-494a-a190-a6dd184ceb2b.png)
2021-10-28 02:34:18 +01:00
zeripath 4f00de1458
Add integration tests for private.NoServCommand and private.ServCommand (#17456)
modules/private/serv.go has two major functions that are missing testcases to ensure
that Deploy and normal SSH keys work correctly.

This PR adds some basic integration tests for these.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 08:32:59 +08:00
qwerty287 01fc24c78c
Add appearance section in settings (#17433)
* Add appearance section in settings

* Fix lint

* Fix lint

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-10-27 23:40:08 +08:00
wxiaoguang 89beceeb9a
Fix a UI error when folding a file content in a commit view (#17446) 2021-10-27 19:11:56 +08:00
David Jimenez a462fcaac8
Show client-side error if wiki page is empty (#17415)
* fix: show client-side error if wiki page is empty

Implement a JS, client-side validation workaround for a bug in the upstream
editor library SimpleMDE which breaks HTML5 client-side validation when
a wiki page is submitted.

This allows native, client-side errors to appear if
the text editor contents are empty.

See upstream bugfix report: https://github.com/sparksuite/simplemde-markdown-editor/issues/324

Signed-off-by: David Jimenez <dvejmz@sgfault.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-10-27 12:33:22 +08:00
Richard Mahn 8f9ac439ca
Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)
* Fixes #16559 - Do not trim leading spaces for tab delimited

* Adds back semicolon delimited test

* Fixes linting

* Adds nolint directive to test because uses strings starting with spaces

Co-authored-by: zeripath <art27@cantab.net>
2021-10-26 16:46:56 -05:00
wxiaoguang 6e2c64f27a
Fix docker rootless build (#17441) 2021-10-26 17:21:01 +01:00
wxiaoguang b428b0f0ed
Tune UI alignment for nav bar notification icon, avatar image, issue label (#17438) 2021-10-26 15:29:48 +03:00
Lunny Xiao 812a9daab9
Upgrade go-github to v39 (#17437) 2021-10-26 08:19:21 +01:00
zeripath 849356deaf
Prevent panic in serv.go with Deploy Keys (#17434)
Unfortunately there was a regression in #17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix #17412

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-26 01:24:19 +02:00
zeripath 0277603878
chmod executables when copying to the docker (#17423)
Run chmod on the executables and the entrypoint when copying them to the
docker in dockerfile.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: delvh <dev.lh@web.de>
2021-10-25 20:32:03 +02:00
wxiaoguang 649e1d0dc2
Upgrade webpack to 5.59.1 to resolve the waitFor bug with watch-frontend (#17428)
Webpack < 5.59 has a bug, which makes watch-frontend fail when editing .less files.
2021-10-25 19:54:25 +08:00
wxiaoguang a961666c38
fix markdown checkbox rendering (#17425) 2021-10-25 09:40:38 +02:00
wxiaoguang 7c951fdd4a
In many cases user avatar link should be an absolute URL with http host (#17420) 2021-10-25 13:01:16 +08:00
qwerty287 3676fafdac
Add API to get/edit wiki (#17278)
* Add API to get/edit wiki

* Add swagger docs, various improvements

* fmt

* Fix lint and rm comment

* Add page parameter

* Add pagination to pages

* Add tests

* fmt

* Update func names

* Update error handling

* Update type name

* Fix lint

* Don't delete Home

* Update func name

* Update routers/api/v1/repo/wiki.go

Co-authored-by: delvh <dev.lh@web.de>

* Remove unnecessary check

* Fix lint

* Use English strings

* Update integrations/api_wiki_test.go

Co-authored-by: delvh <dev.lh@web.de>

* Update func and test names

* Remove unsed check and avoid duplicated error reports

* Improve error handling

* Return after error

* Document 404 error

* Update swagger

* Fix lint

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Document file encoding

* fmt

* Apply suggestions

* Use convert

* Fix integration test

* simplify permissions

* unify duplicate key Title/Name

* improve types & return UTC timestamps

* improve types pt.2

- add WikiPageMetaData.LastCommit
- add WikiPageMetaData.HTMLURL
- replace WikiPageMetaData.Updated with .LastCommit.Committer.Created

also delete convert.ToWikiPage(), as it received too many arguments and
only had one callsite anyway. sorry for bad advice earlier 🙃

* WikiPage.Content is base64 encoded

* simplify error handling in wikiContentsByName()

* update swagger

* fix & DRY findWikiRepoCommit() error handling

ListWikiPages() previously wrote error twice when repo wiki didn't exist

* rename Content -> ContentBase64

* Fix test

* Fix tests

* Update var name

* suburl -> sub_url

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Norwin <git@nroo.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-25 11:43:40 +08:00
GiteaBot 843bc9deeb [skip ci] Updated translations via Crowdin 2021-10-25 00:25:06 +00:00
KN4CK3R 44f2c27d28
Fix CSV render error (#17406)
closed #17378 

Both errors from #17378 were caused by  #15175.

Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.

Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.
2021-10-25 00:42:32 +02:00
KN4CK3R f99d50fc9f
Read expected buffer size (#17409)
* Read expected buffer size.

* Changed name.
2021-10-24 22:12:43 +01:00
Kane 932780c2bb
Add HAProxy Config to reverse-proxies.en-us.md (#17407)
* Update reverse-proxies.en-us.md

Addition of HAProxy

* Update reverse-proxies.en-us.md
2021-10-24 17:48:26 +02:00
GiteaBot 07c7100c60 [skip ci] Updated translations via Crowdin 2021-10-24 00:25:14 +00:00
wxiaoguang ff9638839d
Fix issue content history problems, improve UI (#17404)
* Improve: make diff result better, make the HTML element fit the full height in the content history diff dialog
* Bug fix: when edit the main issue, the poster is wrongly set to the issue poster
2021-10-23 22:48:16 +08:00
wxiaoguang 943dc08722
Fix issue content history problems, improve UI (#17404)
* Improve: make diff result better, make the HTML element fit the full height in the content history diff dialog
* Bug fix: when edit the main issue, the poster is wrongly set to the issue poster
2021-10-23 22:47:38 +08:00
wxiaoguang 6c49517cbd
Fix issue markdown bugs (#17411)
* Bug fix: render Markdown http://AppURL/org/repo/issues/4?a=1&b=2#comment-123 test to HTML correctly, close #17394
* Bug fix: fix the positions of checkboxes in rendered HTML, close #17395
2021-10-23 21:38:12 +08:00
GiteaBot 2a9aefdabb [skip ci] Updated translations via Crowdin 2021-10-23 00:28:47 +00:00
Mashiro 82bf564168
Remove deprecated extendDefaultPlugins method of svgo (#17399) 2021-10-22 22:05:53 +02:00
zeripath d1a056fe52
Frontport Changelog 1.15.5 (#17392) (#17401) 2021-10-22 12:32:08 -04:00
wxiaoguang 406bd3780e
Fix context popup error (#17398)
* Fix context popup error
2021-10-22 22:34:01 +08:00
Nico Schieder 870f5fbc41
Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
* Add groups scope/claim to OICD/OAuth2

Add support for groups claim as part of the OIDC/OAuth2 flow.
Groups is a list of "org" and "org:team" strings to allow clients to
authorize based on the groups a user is part of.

Signed-off-by: Nico Schieder <code@nico-schieder.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-22 17:19:24 +08:00
zeripath af96286f22
Stop sanitizing full name in API (#17396)
The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-10-22 15:17:35 +08:00
GiteaBot 23d36929bc [skip ci] Updated translations via Crowdin 2021-10-22 00:25:10 +00:00
zeripath 09938ccd99
Re-separate the color translation strings (#17390)
Fix #17384

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-21 23:51:03 +02:00
wxiaoguang a115309f4f
Fix the click behavior for <tr> and <td> with [data-href] (#17388) 2021-10-21 19:19:32 +01:00
wxiaoguang 960c322586
Refactor update checker to use AppState (#17387)
We have the `AppState` module now, it can store app related data easily. We do not need to create separate tables for each feature.

So the update checker can use `AppState` instead of a one-row dedicate table.

And the code of update checker is moved from `models` to `modules`.
2021-10-21 17:10:49 +01:00
Mario Lubenka 67561e79f1
Fix SVG side by side comparison link (#17375)
* Remove swipe-bar z-index

Fixes position of swipe-bar so it does not overlay other UI components when scrolling.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Unique names for image tabs in pull request

Define unique names for image tabs in pull requests, in order to toggle tabs correctly when multiple are displayed on one page.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-21 18:43:26 +08:00
Lunny Xiao f3c7f10c9f
Fix history count failure (#17351)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-21 18:06:19 +08:00
wxiaoguang 83df0caf15
Sync gitea app path for git hooks and authorized keys when starting (#17335)
Gitea writes its own AppPath into git hook scripts. If Gitea's AppPath changes, then the git push will fail.

This PR:

* Introduce an AppState module, it can persist app states into database
* During GlobalInit, Gitea will check if the current AppPath is the same as last one. If they don't match, Gitea will sync git hooks.
* Refactor some code to make them more clear.
* Also, "Detect if gitea binary's name changed" #11341 is related, we call models.RewriteAllPublicKeys to update ssh authorized_keys file
2021-10-21 17:22:43 +08:00
zeripath 053b2f4dce
Handle broken references in mirror sync (#17013)
* Handle broken references in mirror sync

If there are broken references during a mirror attempt to fix using `git remote prune`.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-10-21 16:45:25 +08:00
wxiaoguang 2add8fe9be
Frontend refactor, PascalCase to camelCase, remove unused code (#17365)
* Frontend refactor, PascalCase to camelCase, remove unused code

* fix
2021-10-21 15:37:43 +08:00
Lunny Xiao 5879ab83b5
Fix heatmap test (#17381) 2021-10-21 14:37:40 +08:00
GiteaBot 9046c022d2 [skip ci] Updated translations via Crowdin 2021-10-21 00:25:11 +00:00
zeripath c1110b8671
Ensure correct SSH permissions check for private and restricted users (#17370)
Repositories owned by private users and organisations and pulls by restricted users
need to have permissions checked. Previously Serv would simply assumed that if the
user could log in and the repository was not private then it would be visible.

Fix #17364

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-10-20 16:59:05 -04:00
zeripath c5a408df05
Upgrade Bluemonday to v1.0.16 (#17372)
Upgrade Bluemonday to latest version

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-10-20 16:58:39 -04:00
zeripath 35b918f574
Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281)
* Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH

There is a subtle bug in the SSH library x/crypto/ssh which makes the incorrect
assumption that the public key type is the same as the signature algorithm type.

This means that only ssh-rsa signatures are offered by default.

This PR adds a workaround around this problem.

Fix #17175

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-20 15:55:33 -04:00
Richard Mahn 98f7013756
Prevent NPE in CSV diff rendering when column removed (#17018)
Fixes #16837 if a column is deleted.

We were clobbering the columns that were added by looping through the aline (base) and then when bline (head) was looped through, it clobbered what was in the "cells" array that is show in the diff, and then left a nil cell because nothing was shifted.

This fix properly shifts the cells, and properly puts the b cell either at its location or after, according to what the aline placed in the cells.

This includes test, adding a new test function since adding/removing cells works best with three columns, not two, which results in 4 columns of the resulting cells because it has a deleted column and an added column. If you try this locally, you can try those cases and others, such as adding a column.

There was no need to do anything special for the rows when `aline == 0 || bline == 0` so that was removed. This allows the same code to be used for removed or added lines, with the bcell text always being the RightCell, acell text being the LeftCell.

I still added the patch zeripath gave at https://github.com/go-gitea/gitea/issues/16837#issuecomment-913007382 so that just in case for some reason a cell is nil (which shouldn't happen now) it doesn't throw a 500 error, so the user can at least view the raw diff.

Also fixes in the [view.go](https://github.com/go-gitea/gitea/pull/17018/files#diff-43a7f4747c7ba8bff888c9be11affaafd595fd55d27f3333840eb19df9fad393L521) file how if a CSV file is empty (either created empty or if you edit it and remove all contents) it throws a huge 500 error when you then save it (when you view the file). Since we allow creating, saving and pushing empty files, we shouldn't throw an error on an empty CSV file, but just show its empty contents. This doesn't happen if it is a Markdown file or other type of file that is empty.
EDIT: Now handled in the markup/csv renderer code
2021-10-20 20:10:03 +01:00
Lunny Xiao f494776931
Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
Mario Lubenka 0208ea0248
"Copy branch name" button in pull request (#17323)
* Drop data-original from clipboard

data-original attribute was removed. Instead, the original value from
data-content is set after success/fail message was displayed.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* "Copy branch name" button in pull request

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Update templates/repo/issue/view_title.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
2021-10-19 13:32:11 -04:00