Commit graph

601 commits

Author SHA1 Message Date
singuliere cc643284de
Add Index to comment for migrations and mirroring (#18806)
Comments have an id (see Gitea[0], GitLab[1], GitHub[2], etc.), and the
comment migration format must represent it during migrations so that
it can be used during mirroring or incremental migrations.

[0] https://try.gitea.io/api/swagger#/issue/issueGetComment
[1] https://docs.gitlab.com/ee/api/discussions.html#get-single-issue-discussion-item
[2] https://docs.github.com/en/rest/reference/issues#get-an-issue-comment

Signed-off-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-03-06 20:00:41 +01:00
Jimmy Praet 5184c83f6b
Add config option to disable "Update branch by rebase" (#18745) 2022-03-04 03:30:49 -05:00
Gusted a14b6f3aae
Refactor mirror code & fix StartToMirror (#18904)
* Use MirrorID instead of RepoID

- Use the MirrorID as index(SQL uses `id` column not the `repo_id`).
Passes the Mirror ID's into the Sync functions.

* Check for MirrorID == 0

* Fix `StartToMirror` + refactor

* Update services/mirror/mirror.go

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-02 15:43:11 +08:00
Otto Richter (fnetX) 062fd4c217
[API] Allow removing issues (#18879)
Add new feature to delete issues and pulls via API

Co-authored-by: fnetx <git@fralix.ovh>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-01 01:20:15 +01:00
Lunny Xiao b75ad7b87f
Improve mirror iterator (#18928)
* Improve mirror iterator

* fix test
2022-02-28 20:41:06 +01:00
Lunny Xiao 59959ab222
Fix login with email panic when email is not exist (#18941) 2022-02-28 18:33:33 +01:00
KN4CK3R 5b0cdd6155
Set is_empty in fixtures (#18869) 2022-02-26 01:15:25 -05:00
singuliere 49cab2b01f
migrations: add test for importing pull requests in gitea uploader (#18752)
* logs: add the buffer logger to inspect logs during testing

Signed-off-by: Loïc Dachary <loic@dachary.org>

* migrations: add test for importing pull requests in gitea uploader

Signed-off-by: Loïc Dachary <loic@dachary.org>

* for each git.OpenRepositoryCtx, call Close

* Content is expected to return the content of the log

* test for errors before defer

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-25 17:20:50 +08:00
Lunny Xiao f1b1472632
Fix ldap user sync missed email in email_address table (#18786)
* Fix ldap user sync missed email in email_address table

* Fix test
2022-02-24 14:13:59 +08:00
silverwind 2b9df564b8
Lock gofumpt to v0.3.0 and run it (#18866)
We can't depend on `latest` version of gofumpt because the output will
not be stable across versions. Lock it down to the latest version
released yesterday and run it again.
2022-02-23 20:16:07 +00:00
singuliere 54dd0fc88b
migrations: remove dead code in gitea uploader (#18725)
When migrating, g.issues is a map with all issues created during the
migration. If an issue is not found in g.issues when inserting a
comment or a review, it cannot exist in the database and trying to get
it via GetIssueByIndex() will always fail and return an error.

Signed-off-by: singuliere <singuliere@autistici.org>
2022-02-21 14:00:05 +01:00
Lunny Xiao 00be0c1b21
Fix login with email for ldap users (#18800)
`authenticator.Authenticate` has assume the login name is not an email, but `username` maybe an email. So when we find the user via email address, we should use `user.LoginName` instead of `username` which is an email address.
2022-02-20 10:28:58 +00:00
Johan Van de Wauw 0cc2675c44
Fix ldap loginname (#18789)
* Use email_address table to check user's email when login with email adress

* Update services/auth/signin.go

* Fix test

* Fix test

* Fix logging in with ldap username != loginname

* Fix if user does not exist yet

* Make more clear this is loginName

* Fix formatting

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-02-18 17:33:00 +08:00
zeripath 4482f62a26
Prevent dangling GetAttribute calls (#18754)
It appears possible that there could be a hang due to unread data from the
repo-attribute command pipes. This PR simply closes these during the defer.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-14 18:03:56 +01:00
Lunny Xiao 91ac65db5e
Fix forked repositories missed tags (#18719)
* Fix forked repositories missed tags

* Add missed close

* Use ctx

Co-authored-by: 6543 <6543@obermui.de>
2022-02-12 11:18:06 +08:00
Sven Seeberg 832ce406ae
Add LDAP group sync to Teams, fixes #1395 (#16299)
* Add setting for a JSON that maps LDAP groups to Org Teams.
* Add log when removing or adding team members.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.
* Adding and removing team members.
* Sync not existing LDAP group.
* Login with broken group map JSON.
2022-02-11 22:24:58 +08:00
Martin Scholz 26718a785a
Change git.cmd to RunWithContext (#18693)
Change all `cmd...Pipeline` commands to `cmd.RunWithContext`.

#18553

Co-authored-by: Martin Scholz <martin.scholz@versasec.com>
2022-02-11 13:47:22 +01:00
zeripath eb748f5f3c
Add apply-patch, basic revert and cherry-pick functionality (#17902)
This code adds a simple endpoint to apply patches to repositories and
branches on gitea. This is then used along with the conflicting checking
code in #18004 to provide a basic implementation of cherry-pick revert.

Now because the buttons necessary for cherry-pick and revert have 
required us to create a dropdown next to the Browse Source button
I've also implemented Create Branch and Create Tag operations.

Fix #3880 
Fix #17986 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-09 20:28:55 +00:00
zeripath df44017328
Restart zero worker if there is still work to do (#18658)
* Restart zero worker if there is still work to do

It is possible for the zero worker to timeout before all the work is finished.
This may mean that work may take a long time to complete because a worker will only
be induced on repushing.

Also ensure that requested count is reset after pulls and push mirror sync requests and add some more trace logging to the queue push.

Fix #18607

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-08 14:02:32 +00:00
Viktor Suprun 4d939845d2
Added auto-save whitespace behavior if it changed manually (#15566) 2022-02-08 14:15:04 +08:00
Clar Fon 9911b66aea
Be more lenient with label colors (#17752)
Accept 12-bit color specifications.
2022-02-07 21:21:02 +00:00
wxiaoguang c2a3e38194
Fix the missing i18n key for update checker (#18646) 2022-02-07 15:43:53 +08:00
6543 3043eb36bf
Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552) 2022-02-06 20:01:47 +01:00
silverwind 37ead26e36
Fix make fmt and make fmt-check (#18633)
* Run 'make fmt'

'make fmt' currently produces this change, I'm not sure how CI did not
fail on it, I made sure I have `mvdan.cc/gofumpt@latest`.

* Fix 'make fmt-check'

`make fmt-check` did not run all commands that `make fmt` did, resulting
in missed diffs. Fix that by just depending on the `fmt` target.

Includes: https://github.com/go-gitea/gitea/pull/18633

* Make gitea-fmt work with -l and -d and integrate gofumpt

This implements -l, -w and -d with gitea-fmt and merges gofumpt.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per silverwind

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* use -l instead of -d for fmt-check

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-02-06 16:44:30 +01:00
singuliere 8bd89ca294
preserve users if restoring a repository on the same Gitea instance (#18604)
When calling DumpRepository and RestoreRepository on the same Gitea
instance, the users are preserved: all labels, issues etc. belong to
the external user who is, in this particular case, the local user.

Dead code verifying g.gitServiceType.Name() == "" (i.e. plain git) is
removed. The function is never called because the plain git downloader
does not migrate anything that is associated to a user, by definition.

Errors returned by GetUserIDByExternalUserID are no longer ignored.

The userMap is used when the external user is not kown, which is the
most common case. It was only used when the external user exists
which happens less often and, as a result, every occurence of an
unknown external user required a SQL query.

Signed-off-by: Loïc Dachary <loic@dachary.org>

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-06 17:05:29 +08:00
zeripath 1ab44cb01d
Prevent merge messages from being sorted to the top of email chains (#18566)
* Prevent merge messages from being sorted to the top of email chains

Gitea will currrently resend the same message-id for the closed/merged/reopened
messages for issues. This will cause the merged message to leap to the top of an
email chain and become out of sync.

This PR adds specific suffices for these actions.

Fix #18560

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-03 18:01:16 -05:00
Gusted cafd19c1a3
Replace sync.Map with normal maps (#18584)
* Replace `sync.Map` with normal maps

- These maps aren't being used in any kind of concurrent read/write and
thus don't need `sync.Map` and can instead use normal maps.
- Special thanks to dachary.
- Added in: https://github.com/go-gitea/gitea/pull/6290

* Remove unannounced feature
2022-02-03 21:18:18 +02:00
zeripath 92e81e97e8
Detect conflicts with 3way merge (#18536)
* Detect conflicts with 3way merge

Unforunately git apply --3way reports conflicts differently than standard patches
resulting in conflicts being missed.

Adjust the conflict detection code to account for this different error reporting.

Fix #18514

Signed-off-by: Andrew Thornton <art27@cantab.net>

* and three-way failed

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-02 12:46:10 +08:00
singuliere 367894adc8
add test coverage for original author conversion during migrations (#18506)
* add test coverage for original author conversion during migrations

And create a function to factorize a code snippet that is repeated
five times and would otherwise be more difficult to test and maintain
consistently.

Signed-off-by: Loïc Dachary <loic@dachary.org>

* fix variable scope and int64 formatting

* add missing calls to remapExternalUser and fix misplaced %d

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-02-01 13:20:28 -05:00
Gusted 22d266350d
Use ImagedProvider for gplus oauth2 provider (#18504)
Use `ImagedProvider` for gplus' oauthv2 provider, as the image isn't "gplus.png" but "google.png".

Resolves #18494
2022-02-01 01:02:56 +01:00
Aravinth Manivannan e19b9653ea
GitLab reviews may not have the updated_at field set (#18450)
* GitLab reviews may not have the updated_at field set

Fallback to created_at if that the case and to time.Now() if it is
also missing.

Fixes: 18434

* use assert.WithinDuration

Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-01-29 18:33:20 +01:00
Aravinth Manivannan 3bb028cc46
Validate migration files (#18203)
JSON Schema validation for data used by Gitea during migrations

Discussion at https://forum.forgefriends.org/t/common-json-schema-for-repository-information/563

Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-01-26 10:45:51 +01:00
Lunny Xiao a717265e47
Fix restore without topic failure (#18387)
Co-authored-by: zeripath <art27@cantab.net>
2022-01-25 10:44:12 +08:00
Gusted c2e13fb763
Fix partial cloning a repo (#18373)
- Pass the Global command args into serviceRPC.
- Fixes error with partial cloning.
- Add partial clone test
- Include diff

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-01-23 22:19:32 +01:00
Dr. Tobias Quathamer 3349fd8f79
Add packagist webhook (#18224)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-23 21:46:30 +08:00
Lunny Xiao 35fdefc1ff
Always use git command but not os.Command (#18363) 2022-01-23 00:57:52 -05:00
zeripath a82fd98d53
Pause queues (#15928)
* Start adding mechanism to return unhandled data

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Create pushback interface

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add Pausable interface to WorkerPool and Manager

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Implement Pausable and PushBack for the bytefifos

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Implement Pausable and Pushback for ChannelQueues and ChannelUniqueQueues

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Wire in UI for pausing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add testcases and fix a few issues

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix build

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prevent "race" in the test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix jsoniter mismerge

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix conflicts

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix format

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add warnings for no worker configurations and prevent data-loss with redis/levelqueue

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use StopTimer

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-22 21:22:14 +00:00
qwerty287 1f40933d38
Add config options to hide issue events (#17414)
* Add config option to hide issue events
Adds a config option `HIDE_ISSUE_EVENTS` to hide most issue events (changed labels, milestones, projects...) on the issue detail page.
If this is true, only the following events (comment types) are shown:
* plain comments
* closed/reopned/merged
* reviews

* Make configurable using a list

* Add docs

* Add missing newline

* Fix merge issues

* Allow changes per user settings

* Fix lint

* Rm old docs

* Apply suggestions from code review

* Use bitsets

* Rm comment

* fmt

* Fix lint

* Use variable/constant to provide key

* fmt

* fix lint

* refactor

* Add a prefix for user setting key

* Add license comment

* Add license comment

* Update services/forms/user_form_hidden_comments.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* check len == 0

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-01-21 18:59:26 +01:00
zeripath 44deae8f3d
Refactor jwt.StandardClaims to RegisteredClaims (#18344)
* Refactor jwt.StandardClaims to RegisteredClaims

go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims
instead. This PR migrates to use this new format.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2022-01-20 22:52:56 +01:00
6543 54e9ee37a7
format with gofumpt (#18184)
* gofumpt -w -l .

* gofumpt -w -l -extra .

* Add linter

* manual fix

* change make fmt
2022-01-20 18:46:10 +01:00
Jelle Hulter bbd30787d3
Updated Chroma to v0.10.0 (#18270) 2022-01-20 17:59:15 +08:00
zeripath 5cb0c9aa0d
Propagate context and ensure git commands run in request context (#17868)
This PR continues the work in #17125 by progressively ensuring that git
commands run within the request context.

This now means that the if there is a git repo already open in the context it will be used instead of reopening it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 23:26:57 +00:00
zeripath 6b0a71230d
Stop trimming preceding and suffixing spaces from editor filenames (#18334)
* Stop trimming preceding and suffixing spaces from editor filenames

In #5702 it was decided to trim preceding and suffixed spaces aswell as / from
editing file filenames. This was because at this point in time the url-safety of
Gitea was much poorer.

We can now drop this requirement and file editing should work correctly.

Fix #18176

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 21:03:15 +00:00
zeripath 4a20eadfd7
Restore propagation of ErrDependenciesLeft (#18325)
Unfortunately #17643 prevented all propagation of ErrDependenciesLeft meaning
that dependency errors that prevent closing of issues get swallowed.

This PR restores propagation of the error but instead swallows the error in the
places where it needs to be swallowed.

Fix #18223

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 00:26:42 +01:00
zeripath 089b4e6a45
Use indirect comparison when showing pull requests (#18313)
When generating the commits list and number of files changed for PRs and
compare we should use "..." always not "..".

Fix #18303

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-18 07:45:43 +00:00
zeripath 851b54ba9f
Correctly upload LFS files (#18316)
We need to use the cached .gitattributes file for checking if a file
should be stored in the lfs.

Fix #18297

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-18 07:44:30 +00:00
Aravinth Manivannan 076cead40d
Fix CheckRepoStats and reuse it during migration (#18264)
The CheckRepoStats function missed the following counters:

- label num_closed_issues & num_closed_pulls
- milestone num_closed_issues & num_closed_pulls

The update SQL statements for updating the repository
num_closed_issues & num_closed_pulls fields were repeated in three
functions (repo.CheckRepoStats, migrate.insertIssues and
models.Issue.updateClosedNum) and were moved to a single helper.

The UpdateRepoStats is implemented and called in the Finish migration method so that it happens immediately instead of wating for the
CheckRepoStats to run.

Signed-off-by: Loïc Dachary loic@dachary.org

---
[source](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/34)
2022-01-17 19:31:58 +01:00
Lunny Xiao 35c3553870
Support webauthn (#17957)
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-14 16:03:31 +01:00
6543 ff00b8688b
Fix NPE on try to get tag reference via API (#18245)
* fix npe

* rm gitRepo from Tag
2022-01-12 20:37:46 +00:00
luzpaz 8c647bf0f6
Fix various typos (#18219)
Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby,te,unknwon`

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-01-10 17:32:37 +08:00
zeripath 21ed4fd8da
Add warning for BIDI characters in page renders and in diffs (#17562)
Fix #17514

Given the comments I've adjusted this somewhat. The numbers of characters detected are increased and include things like the use of U+300 to make à instead of à and non-breaking spaces.

There is a button which can be used to escape the content to show it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Gwyneth Morgan <gwymor@tilde.club>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-07 02:18:52 +01:00
zeripath 1514e13bb8
Add option to convert CRLF to LF line endings for sendmail (#18075)
It appears that several versions of sendmail require that the mail is sent to them with
LF line endings instead of CRLF endings - which of course they will then convert back
to CRLF line endings to comply with the SMTP standard.

This PR adds another setting SENDMAIL_CONVERT_CRLF which will pass the message writer
through a filter. This will filter out and convert CRLFs to LFs before writing them
out to sendmail.

Fix #18024

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-06 01:43:45 +01:00
KN4CK3R bf7b083cfe
Add replay of webhooks. (#18191) 2022-01-05 15:00:20 -06:00
6543 0572c78938
refactoring nits (#18188)
* no octal for time values

* rm artifact from refactoring

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-01-05 07:27:53 +01:00
Lunny Xiao 8760af752a
Team permission allow different unit has different permission (#17811)
* Team permission allow different unit has different permission

* Finish the interface and the logic

* Fix lint

* Fix translation

* align center for table cell content

* Fix fixture

* merge

* Fix test

* Add deprecated

* Improve code

* Add tooltip

* Fix swagger

* Fix newline

* Fix tests

* Fix tests

* Fix test

* Fix test

* Max permission of external wiki and issues should be read

* Move team units with limited max level below units table

* Update label and column names

* Some improvements

* Fix lint

* Some improvements

* Fix template variables

* Add permission docs

* improve doc

* Fix fixture

* Fix bug

* Fix some bug

* fix

* gofumpt

* Integration test for migration (#18124)

integrations: basic test for Gitea {dump,restore}-repo
This is a first step for integration testing of DumpRepository and
RestoreRepository. It:

runs a Gitea server,
dumps a repo via DumpRepository to the filesystem,
restores the repo via RestoreRepository from the filesystem,
dumps the restored repository to the filesystem,
compares the first and second dump and expects them to be identical

The verification is trivial and the goal is to add more tests for each
topic of the dump.

Signed-off-by: Loïc Dachary <loic@dachary.org>

* Team permission allow different unit has different permission

* Finish the interface and the logic

* Fix lint

* Fix translation

* align center for table cell content

* Fix fixture

* merge

* Fix test

* Add deprecated

* Improve code

* Add tooltip

* Fix swagger

* Fix newline

* Fix tests

* Fix tests

* Fix test

* Fix test

* Max permission of external wiki and issues should be read

* Move team units with limited max level below units table

* Update label and column names

* Some improvements

* Fix lint

* Some improvements

* Fix template variables

* Add permission docs

* improve doc

* Fix fixture

* Fix bug

* Fix some bug

* Fix bug

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
2022-01-05 11:37:00 +08:00
Gusted 623c93ff46
Increase Salt randomness (#18179)
- The current implementation of `RandomString` doesn't give you a most-possible unique randomness. It gives you 6*`length` instead of the possible 8*`length` bits(or as `length`x bytes) randomness. This is because `RandomString` is being limited to a max value of 63, this in order to represent the random byte as a letter/digit.
- The recommendation of pbkdf2 is to use 64+ bit salt, which the `RandomString` doesn't give with a length of 10, instead of increasing 10 to a higher number, this patch adds a new function called `RandomBytes` which does give you the guarentee of 8*`length` randomness and thus corresponding of `length`x bytes randomness.
- Use hexadecimal to store the bytes value in the database, as mentioned, it doesn't play nice in order to convert it to a string. This will always be a length of 32(with `length` being 16).
- When we detect on `Authenticate`(source: db) that a user has the old format of salt, re-hash the password such that the user will have it's password hashed with increased salt.

Thanks to @zeripath for working out the rouge edges from my first commit 😄.

Co-authored-by: lafriks <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
2022-01-04 15:13:52 +00:00
Lunny Xiao de8e3948a5
Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
wxiaoguang e61b390d54
Unify and simplify TrN for i18n (#18141)
Refer: https://github.com/go-gitea/gitea/pull/18135#issuecomment-1003246099

Now we have a unique and simple `TrN`, and make the fix of PR #18135 also use the better `TrN` logic.
2022-01-02 04:33:57 +01:00
singuliere fb2dc95623
services/repository: fix ListUnadoptedRepositories incorrect total count (#17865)
The total count returned by ListUnadoptedRepositories is incorrectly
calculated.

The code snippet within ListUnadoptedRepositories used to verify
unadopted repositories is repeated three times in the function. It is
moved in the checkUnadoptedRepositories function and a unit test is
added to verify it works as expected.

A unit test is added to verify the total count returned by
ListUnadoptedRepositories is as expected.

Signed-off-by: singuliere <singuliere@autistici.org>
2022-01-01 10:52:00 +08:00
zeripath 431e482e3f
Reset the conflicted files list in testpatch (#18139)
Although #18004 will seriously reduce the likelihood of finding
conflicts in the first place - one bug was introduced whereby the
conflicted files status was not being reset properly. This leads to
conflicted PRs remaining conflicted when the conflict has been resolved.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-31 20:33:55 +08:00
KN4CK3R 8fa97a25f0
Set HeadCommit when creating tags. (#18116)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-29 19:40:57 +08:00
zjjhot e34632bb53
Add issue hyperlinks in the webhook of wechatwork (#18102)
Co-authored-by: zjj <2031381130@qq.com>
2021-12-25 21:30:09 +08:00
zeripath ffc08c1914
Do not read or write git reference files directly (#18079)
Git will and can pack references into packfiles and therefore if you write/read the
files directly you will get false results. Instead you should use update-ref and
show-ref. To that end I have created three new functions in git/repo_commit.go that
will do this correctly.

Related #17191

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-23 21:44:00 +08:00
mscherer cb05d3a23a
Add List-Unsubscribe header (#17804)
Fixes #13283

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-21 22:53:03 +00:00
zeripath bcc13f3889
Reset Session ID on login (#18018)
* Reset Session ID on login

When logging in the SessionID should be reset and the session cleaned up.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* with new session.RegenerateID function

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update go-chi/session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Ensure that session id is changed after oauth data is set and between account linking pages too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 22:12:26 +08:00
Gusted ff2fd08228
Simplify parameter types (#18006)
Remove repeated type declarations in function definitions.
2021-12-20 04:41:31 +00:00
zeripath e4e411821d
Abort merge if head has been updated before pressing merge (#18032)
* Abort merge if head has been updated before pressing merge

It is possible that a PR head may be pushed to between the merge page being shown
and the merge button being pressed. Pass the current expected head in as a parameter
and cancel the merge if it has changed.

Fix #18028

Signed-off-by: Andrew Thornton <art27@cantab.net>

* adjust swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 08:32:54 +08:00
Wim 6fe756dc93
Add support for ssh commit signing (#17743)
* Add support for ssh commit signing

* Split out ssh verification to separate file

* Show ssh key fingerprint on commit page

* Update sshsig lib

* Make sure we verify against correct namespace

* Add ssh public key verification via ssh signatures

When adding a public ssh key also validate that this user actually
owns the key by signing a token with the private key.

* Remove some gpg references and make verify key optional

* Fix spaces indentation

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update templates/user/settings/keys_ssh.tmpl

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update models/ssh_key_commit_verification.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Reword ssh/gpg_key_success message

* Change Badsignature to NoKeyFound

* Add sign/verify tests

* Fix upstream api changes to user_model User

* Match exact on SSH signature

* Fix code review remarks

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-19 00:37:18 -05:00
zeripath f1e85622da
Improve TestPatch to use git read-tree -m and implement git-merge-one-file functionality (#18004)
The current TestPatch conflict code uses a plain git apply which does not properly
account for 3-way merging. However, we can improve things using `git read-tree -m` to
do a three-way merge then follow the algorithm used in merge-one-file. We can also use 
`--patience` and/or `--histogram` to generate a nicer diff for applying patches too.

Fix #13679
Fix #6417

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-19 05:19:25 +01:00
Lunny Xiao a6d4a8546a
Fix rename notification bug (#18008) 2021-12-17 14:24:47 +08:00
zeripath 8354670708
Prevent hang in git cat-file if repository is not a valid repository and other fixes (#17991)
This PR contains multiple fixes. The most important of which is:

* Prevent hang in git cat-file if the repository is not a valid repository 
    
    Unfortunately it appears that if git cat-file is run in an invalid
    repository it will hang until stdin is closed. This will result in
    deadlocked /pulls pages and dangling git cat-file calls if a broken
    repository is tried to be reviewed or pulls exists for a broken
    repository.

    Fix #14734
    Fix #9271
    Fix #16113

Otherwise there are a few small other fixes included which this PR was initially intending to fix:

* Fix panic on partial compares due to missing PullRequestWorkInProgressPrefixes
* Fix links on pulls pages  due to regression from #17551 - by making most /issues routes match /pulls too - Fix #17983
* Fix links on feeds pages due to another regression from #17551 but also fix issue with syncing tags - Fix #17943
* Add missing locale entries for oauth group claims
* Prevent NPEs if ColorFormat is called on nil users, repos or teams.
2021-12-16 19:01:14 +00:00
zeripath e0e3ba6c12
Add Reindex buttons to repository settings page (#17494)
This PR adds reindexing request buttons to the repository settings page.

Fix #3796

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-16 23:55:12 +08:00
wxiaoguang 4da1d97810
Refactor HTTP request context (#17979) 2021-12-15 14:59:57 +08:00
qwerty287 9d943bf374
Add missing X-Total-Count and fix some related bugs (#17968)
* Add missing `X-Total-Count` and fix some related bugs

Adds `X-Total-Count` header to APIs that return a list but doesn't have it yet.
Fixed bugs:
* not returned after reporting error (39eb82446c/routers/api/v1/user/star.go (L70))
* crash with index out of bounds, API issue/issueSubscriptions

I also found various endpoints that return lists but do not apply/support pagination yet:
```
/repos/{owner}/{repo}/issues/{index}/labels
/repos/{owner}/{repo}/issues/comments/{id}/reactions
/repos/{owner}/{repo}/branch_protections
/repos/{owner}/{repo}/contents
/repos/{owner}/{repo}/hooks/git
/repos/{owner}/{repo}/issue_templates
/repos/{owner}/{repo}/releases/{id}/assets
/repos/{owner}/{repo}/reviewers
/repos/{owner}/{repo}/teams
/user/emails
/users/{username}/heatmap
```
If this is not expected, an new issue should be opened.

Closes #13043

* fmt

* Update routers/api/v1/repo/issue_subscription.go

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

* Use FindAndCount

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
2021-12-15 13:39:34 +08:00
zeripath 0981ec30c3
Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
* Add setting to OAuth handlers to override local 2FA settings

This PR adds a setting to OAuth and OpenID login sources to allow the source to
override local 2FA requirements.

Fix #13939

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix regression from #16544

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add scopes settings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix trace logging in auth_openid

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add required claim options

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move UpdateExternalUser to externalaccount

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Allow OAuth2/OIDC to set Admin/Restricted status

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Allow use of the same group claim name for the prohibit login value

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup! Move UpdateExternalUser to externalaccount

* as per wxiaoguang

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add label back in

Signed-off-by: Andrew Thornton <art27@cantab.net>

* adjust localisation

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-14 16:37:11 +08:00
Lunny Xiao 5723240490
Some repository refactors (#17950)
* some repository refactors

* remove unnecessary code

* Fix test

* Remove unnecessary banner
2021-12-12 23:48:20 +08:00
zeripath f550e356d6
Prevent services/mailer/mailer_test.go tests from deleteing data directory (#17941)
Running `make test-backend` will delete `data/` due to reloading the configuration and resetting the appdatapath.

This PR removes this unnecessary config reload but also adds extra code in to the unittest main to prevent its cleanup from deleting the wrong directory.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-10 19:43:28 +00:00
Lunny Xiao 3ca5dc7e32
Move keys to models/asymkey (#17917)
* Move keys to models/keys

* Rename models/keys -> models/asymkey

* change the missed package name

* Fix package alias

* Fix test

* Fix docs

* Fix test

* Fix test

* merge
2021-12-10 16:14:24 +08:00
Lunny Xiao 719bddcd76
Move repository model into models/repo (#17933)
* Some refactors related repository model

* Move more methods out of repository

* Move repository into models/repo

* Fix test

* Fix test

* some improvements

* Remove unnecessary function
2021-12-10 09:27:50 +08:00
zeripath 9e6e1dc950
Improve checkBranchName (#17901)
The current implementation of checkBranchName is highly inefficient
involving opening the repository, the listing all of the branch names
checking them individually before then using using opened repo to get
the tags.

This PR avoids this by simply walking the references from show-ref
instead of opening the repository (in the nogogit case).

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-08 19:08:16 +00:00
Garionion b59875aa12
allways set a message-id on mails (#17900)
* allways set a message-id on mails
* Add unit tests for mailer & Message-ID

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-08 15:34:23 +08:00
Lunny Xiao dcdb4873c8
Move repo archiver to models/repo (#17913)
* Move repo archiver to models/repo

* Move archiver service into services/repository/

* Fix imports

* Fix test

* Fix test
2021-12-06 15:19:28 +08:00
KN4CK3R 87be76213a
Add migrate from Codebase (#16768)
This PR adds [Codebase](https://www.codebasehq.com/) as migration source.

Supported:
- Milestones
- Issues
- Pull Requests
- Comments
- Labels
2021-12-02 23:24:02 +01:00
mscherer 34b5436ae1
Refactor various strings (#17784)
Fixes #16478

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-02 15:28:08 +08:00
wxiaoguang 042cac5fed
Improve install code to avoid low-level mistakes. (#17779)
* Improve install code to avoid low-level mistakes.

If a user tries to do a re-install in a Gitea database, they gets a warning and double check.
When Gitea runs, it never create empty app.ini automatically.

Also some small (related) refactoring:

* Refactor db.InitEngine related logic make it more clean (especially for the install code)
* Move some i18n strings out from setting.go to make the setting.go can be easily maintained.
* Show errors in CLI code if an incorrect app.ini is used.
* APP_DATA_PATH is created when installing, and checked when starting (no empty directory is created any more).
2021-12-01 15:50:01 +08:00
zeripath 01087e9eef
Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125)
This PR registers requests with the process manager and manages hierarchy within the processes.

Git repos are then associated with a context, (usually the request's context) - with sub commands using this context as their base context.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-30 20:06:32 +00:00
zeripath b5a9ee94fd
Make Co-committed-by and co-authored-by trailers optional (#17848)
This PR adds another option to app.ini make co-committed-by and co-authored-by trailers
optional on a per server basis.

Fix #17194

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-29 07:09:55 +00:00
Lunny Xiao 9defddb286
Move more model into models/user (#17826)
* Move more model into models/user

* Remove unnecessary comment

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-28 22:11:58 +08:00
Lunny Xiao 1fee11d69a
Move accessmode into models/perm (#17828) 2021-11-28 12:58:28 +01:00
mscherer 04c55e97a2
Fix code formating (#17830)
* fix formatter, format imports first, then go fmt
2021-11-27 19:59:51 +08:00
Lunny Xiao a666829a37
Move user related model into models/user (#17781)
* Move user related model into models/user

* Fix lint for windows

* Fix windows lint

* Fix windows lint

* Move some tests in models

* Merge
2021-11-24 17:49:20 +08:00
Lunny Xiao c97d66d23c
Move repofiles from modules/repofiles to services/repository/files (#17774)
* Move repofiles from modules to services

* rename services/repository/repofiles -> services/repository/files

* Fix test

Co-authored-by: 6543 <6543@obermui.de>
2021-11-24 15:56:24 +08:00
KN4CK3R 429ef43793
Use new OneDev /milestones endpoint (#17782)
OneDev changed the API which fails every build at the moment.
2021-11-23 20:28:06 +01:00
zeripath 188fd2dd1a
Add PULL_LIMIT and PUSH_LIMIT to cron.update_mirror task (#17568) 2021-11-22 22:09:35 -05:00
Lunny Xiao baed01f247
Remove unnecessary attributes of User struct (#17745)
* Remove unnecessary functions of User struct

* Move more database methods out of user struct

* Move more database methods out of user struct

* Fix template failure

* Fix bug

* Remove finished FIXME

* remove unnecessary code
2021-11-22 23:21:55 +08:00
Jimmy Praet a3efd048a7
Improvements to content history (#17746)
* Improvements to content history

* initialize content history when making an edit to an old item created before the introduction of content history
* show edit history for code comments on pull request files tab

* Fix a flaw in keepLimitedContentHistory
Fix a flaw in keepLimitedContentHistory, the first and the last should never be deleted

* Remove obsolete eager initialization of content history
2021-11-22 20:20:16 +08:00
zeripath 8511eec4d4
Allow Loading of Diffs that are too large (#17739)
* Allow Loading of Diffs that are too large

This PR allows the loading of diffs that are suppressed because the file
is too large. It does not handle diffs of files which have lines which
are too long.

Fix #17738

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-22 00:51:08 +08:00
Lunny Xiao 0add627182
Fix close issue but time watcher still running (#17643)
* Fix close issue but time watcher still running

* refactor stopwatch codes

* Fix test

* Fix test

* Fix typo

* Fix test
2021-11-21 17:11:48 +08:00
zeripath f8ec43dbc7
Extract constant names out for the ReverseProxy and Basic authentication methods (#17735)
In order to reduce load on the GC extract out the constant names of the Basic and ReverseProxy methods.

As mentioned in https://github.com/go-gitea/gitea/pull/15119#discussion_r730352176

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 23:33:18 +08:00
zeripath 931d0cf854
Enable show more files in diff for git <2.31 (#17733)
Unfortunately due to a misread on my behalf I missed that git diff only learned
--skip-to in version 2.31.0. Thus this functionality was not working on older versions
of git.

This PR adds a handler that simply allows for us to skip reading the diffs until
we find the correct file to skip to.

Fix #17731

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 13:50:00 +00:00
wxiaoguang 013fb73068
Use hostmatcher to replace matchlist, improve security (#17605)
Use hostmacher to replace matchlist.

And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
2021-11-20 17:34:05 +08:00
zeripath 38347aa16f
Add settings to allow different SMTP envelope from address (#17479)
* Add settings to allow different SMTP envelope from address

Sometimes it may be advisable to hide or alias the from address on an SMTP mail
envelope. This PR adds two new options to the mailer to allow setting of an overriding
from address.

Fix #17477

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-19 23:35:20 +08:00
Lunny Xiao fc3d082609
Move attachment into models/repo/ (#17650)
* Move attachment into models/repo/

* Fix test

* Fix bug
2021-11-19 21:39:57 +08:00
Lunny Xiao 7a03473159
Use a standalone struct name for Organization (#17632)
* Use a standalone struct name for Organization

* recover unnecessary change

* make the code readable

* Fix template failure

* Fix template failure

* Move HasMemberWithUserID to org

* Fix test

* Remove unnecessary user type check

* Fix test

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-19 19:41:40 +08:00
KN4CK3R f34151bdb2
Move user/org deletion to services (#17673) 2021-11-19 01:42:27 +08:00
99rgosse e1d655991b
Fix Migrate Description (#17692)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-18 23:28:10 +08:00
Lunny Xiao 1f1ae57139
Move task from modules to services (#17680) 2021-11-18 14:47:57 +08:00
Lunny Xiao 3c3855a05c
Move user functions into user.go (#17659)
* Move user functions into user.go

* Fix test
2021-11-18 13:58:42 +08:00
zeripath 3c4724d70e
Add .gitattribute assisted language detection to blame, diff and render (#17590)
Use check attribute code to check the assigned language of a file and send that in to
chroma as a hint for the language of the file.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-17 20:37:00 +00:00
Lunny Xiao 81a4fc7528
Return 400 but not 500 when request archive with wrong format (#17691) 2021-11-17 14:47:35 -05:00
Lunny Xiao 5233051e64
Move some functions into services/repository (#17677) 2021-11-17 23:17:31 +08:00
wxiaoguang 750a8465f5
A better go code formatter, and now make fmt can run in Windows (#17684)
* go build / format tools
* re-format imports
2021-11-17 20:34:35 +08:00
zeripath bbffcc3aec
Multiple Escaping Improvements (#17551)
There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this.
    
This is an extensive PR attempting to fix these issues.

1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping.
2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand.
3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 
4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.)
5. The title generation in feeds is now properly escaped.
6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-16 18:18:25 +00:00
Lunny Xiao 7e1ae38097
Move migrations into services and base into modules/migration (#17663)
* Move migrtions into services and base into modules/migration

* Fix imports

* Fix lint
2021-11-16 23:25:33 +08:00
Lunny Xiao 48ccd325a1
Move some functions into services/repository (#17660) 2021-11-16 21:30:11 +08:00
wxiaoguang 81926d61db
Decouple unit test, remove intermediate unittestbridge package (#17662)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-16 16:53:21 +08:00
Gusted 253d9e4158
Remove unnecassary calls to filepath.Join (#17608)
- Partialy resolvess #17596
- Resolves `badCall` errors from go-critic `badCall: suspicious Join on
1 argument`
- When only 1 argument is passed into `filepath.Join`, it won't do
anything special other than `filepath.Clean(...)` will be applied over
it.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2021-11-15 14:02:53 +08:00
Michael Grigoryan 47448083a1
Minor readability patch. (#17627) 2021-11-12 18:27:18 -05:00
wxiaoguang df64fa4865
Decouple unit test code from business code (#17623) 2021-11-12 22:36:47 +08:00
Lunny Xiao 90eb9fb889
Move EmailAddress & UserRedirect into models/user/ (#17607)
* Move EmailAddress into models/user/

* Fix test

* rename user_mail to user_email

* Fix test

* Move UserRedirect into models/user/

* Fix lint & test

* Fix lint

* Fix lint

* remove nolint comment

* Fix lint
2021-11-11 15:03:30 +08:00
Lunny Xiao 0e189eecaa
Move oauth2 error to oauth2 service package (#17603) 2021-11-11 01:51:09 +08:00
Lunny Xiao 33fca2b537
Move webhook into models/webhook/ (#17579) 2021-11-10 13:13:16 +08:00
Lunny Xiao 99b2858e62
Move unit into models/unit/ (#17576)
* Move unit into models/unit/

* Rename unit.UnitType as unit.Type
2021-11-09 20:57:58 +01:00
Gusted 30515f2df3
Make ParsePatch more robust (#17573) 2021-11-07 12:52:50 -05:00
zeripath 9d855bd6a1
Simplify Gothic to use our session store instead of creating a different store (#17507)
* Simplify Gothic to use our session store instead of creating a different store

We have been using xormstore to provide a separate session store for our OAuth2 logins
however, this relies on using gorilla context and some doubling of our session storing.
We can however, simplify and simply use our own chi-based session store. Thus removing
a cookie and some of the weirdness with missing contexts.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle MaxTokenLength

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-11-03 08:33:54 +08:00
wxiaoguang 599ff1c054
Only allow webhook to send requests to allowed hosts (#17482) 2021-11-01 16:39:52 +08:00
Richard Mahn 40c8451b7d
Properly determine CSV delimiter (#17459)
* Fixes #16558 CSV delimiter determiner

* Fixes #16558 - properly determine CSV delmiiter

* Moves quoteString to a new function

* Adds big test with lots of commas for tab delimited csv

* Adds comments

* Shortens the text of the test

* Removes single quotes from regexp as only double quotes need to be searched

* Fixes spelling

* Fixes check of length as it probalby will only be 1e4, not greater

* Makes sample size a const, properly removes truncated line

* Makes sample size a const, properly removes truncated line

* Fixes comment

* Fixes comment

* tests for FormatError() function

* Adds logic to find the limiter before or after a quoted value

* Simplifies regex

* Error tests

* Error tests

* Update modules/csv/csv.go

Co-authored-by: delvh <dev.lh@web.de>

* Update modules/csv/csv.go

Co-authored-by: delvh <dev.lh@web.de>

* Adds comments

* Update modules/csv/csv.go

Co-authored-by: delvh <dev.lh@web.de>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2021-10-30 23:50:40 +08:00
qwerty287 01fc24c78c
Add appearance section in settings (#17433)
* Add appearance section in settings

* Fix lint

* Fix lint

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-10-27 23:40:08 +08:00
KN4CK3R f99d50fc9f
Read expected buffer size (#17409)
* Read expected buffer size.

* Changed name.
2021-10-24 22:12:43 +01:00
Nico Schieder 870f5fbc41
Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
* Add groups scope/claim to OICD/OAuth2

Add support for groups claim as part of the OIDC/OAuth2 flow.
Groups is a list of "org" and "org:team" strings to allow clients to
authorize based on the groups a user is part of.

Signed-off-by: Nico Schieder <code@nico-schieder.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-22 17:19:24 +08:00
zeripath 053b2f4dce
Handle broken references in mirror sync (#17013)
* Handle broken references in mirror sync

If there are broken references during a mirror attempt to fix using `git remote prune`.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-10-21 16:45:25 +08:00
Richard Mahn 98f7013756
Prevent NPE in CSV diff rendering when column removed (#17018)
Fixes #16837 if a column is deleted.

We were clobbering the columns that were added by looping through the aline (base) and then when bline (head) was looped through, it clobbered what was in the "cells" array that is show in the diff, and then left a nil cell because nothing was shifted.

This fix properly shifts the cells, and properly puts the b cell either at its location or after, according to what the aline placed in the cells.

This includes test, adding a new test function since adding/removing cells works best with three columns, not two, which results in 4 columns of the resulting cells because it has a deleted column and an added column. If you try this locally, you can try those cases and others, such as adding a column.

There was no need to do anything special for the rows when `aline == 0 || bline == 0` so that was removed. This allows the same code to be used for removed or added lines, with the bcell text always being the RightCell, acell text being the LeftCell.

I still added the patch zeripath gave at https://github.com/go-gitea/gitea/issues/16837#issuecomment-913007382 so that just in case for some reason a cell is nil (which shouldn't happen now) it doesn't throw a 500 error, so the user can at least view the raw diff.

Also fixes in the [view.go](https://github.com/go-gitea/gitea/pull/17018/files#diff-43a7f4747c7ba8bff888c9be11affaafd595fd55d27f3333840eb19df9fad393L521) file how if a CSV file is empty (either created empty or if you edit it and remove all contents) it throws a huge 500 error when you then save it (when you view the file). Since we allow creating, saving and pushing empty files, we shouldn't throw an error on an empty CSV file, but just show its empty contents. This doesn't happen if it is a Markdown file or other type of file that is empty.
EDIT: Now handled in the markup/csv renderer code
2021-10-20 20:10:03 +01:00
Lunny Xiao f494776931
Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
Lunny Xiao 4a57c9ea17
Fix some lints (#17337)
Fix some linting problems.
2021-10-17 20:47:12 +01:00
zeripath 7117c7774a
Make the Mirror Queue a queue (#17326)
Convert the old mirror syncing queue to the more modern queue format.

Fix a bug in the from the repo-archive queue PR - the assumption was made that uniqueness could be enforced with by checking equality in a map in channel unique queues - however this only works for primitive types - which was the initial intention but is an imperfect. This is fixed by marshalling the data and placing the martialled data in the unique map instead.

The documentation is also updated to add information about the deprecated configuration values.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-17 12:43:25 +01:00
zeripath a889d0cc8c
Add buttons to allow loading of incomplete diffs (#16829)
This PR adds two buttons to the stats and the end of the diffs list to load the (some of) the remaining incomplete diff sections.

Contains #16775
    
Signed-off-by: Andrew Thornton <art27@cantab.net>


## Screenshots

### Show more button at the end of the diff
![Screenshot from 2021-09-04 11-12-37](https://user-images.githubusercontent.com/1824502/132091009-b1f6113e-2c04-4be5-8a04-b8ecea56887b.png)

### Show more button at the end of the diff stats box
![Screenshot from 2021-09-04 11-14-54](https://user-images.githubusercontent.com/1824502/132091063-86da5a6d-6628-4b82-bea9-3655cd9f40f6.png)
2021-10-15 17:05:33 +01:00
Lunny Xiao d47798ccc7
Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
wxiaoguang c5c88f2f18
Save and view issue/comment content history (#16909)
* issue content history

* Use timeutil.TimeStampNow() for content history time instead of issue/comment.UpdatedUnix (which are not updated in time)

* i18n for frontend

* refactor

* clean up

* fix refactor

* re-format

* temp refactor

* follow db refactor

* rename IssueContentHistory to ContentHistory, remove empty model tags

* fix html

* use avatar refactor to generate avatar url

* add unit test, keep at most 20 history revisions.

* re-format

* syntax nit

* Add issue content history table

* Update models/migrations/v197.go

Co-authored-by: 6543 <6543@obermui.de>

* fix merge

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-10-10 18:40:03 -04:00
a1012112796 bb39359668
Add a simple way to rename branch like gh (#15870)
- Update default branch if needed
- Update protected branch if needed
- Update all not merged pull request base branch name
- Rename git branch
- Record this rename work and auto redirect for old branch on ui

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: delvh <dev.lh@web.de>
2021-10-08 19:03:04 +02:00
wxiaoguang f0ba87fda8
Avatar refactor, move avatar code from models to models.avatars, remove duplicated code (#17123)
Why this refactor

The goal is to move most files from `models` package to `models.xxx` package. Many models depend on avatar model, so just move this first.

And the existing logic is not clear, there are too many function like `AvatarLink`, `RelAvatarLink`, `SizedRelAvatarLink`, `SizedAvatarLink`, `MakeFinalAvatarURL`, `HashedAvatarLink`, etc. This refactor make everything clear:

* user.AvatarLink()
* user.AvatarLinkWithSize(size)
* avatars.GenerateEmailAvatarFastLink(email, size)
* avatars.GenerateEmailAvatarFinalLink(email, size)

And many duplicated code are deleted in route handler, the handler and the model share the same avatar logic now.
2021-10-06 01:25:46 +02:00
John Olheiser 760d61b411
Add specific event type to header (#17222)
* Add specific event type to header

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Change single to type
2021-10-05 12:12:17 -05:00
KN4CK3R 3b06675811
Always set a unique Message-ID header. (#17206) 2021-10-01 11:24:43 -04:00
zeripath ddd3586c06
Fix missing repo link in issue/pull assigned emails (#17183)
There was a mistake in the template file: `templates/mail/issue/assigned.tmpl`
where the repourl was generated from a non-existent release instead of the issue.

This PR changes this to use the issue but also ensure that the issue repo is loaded.

It also slightly improves the English locale string.

Fix #17160

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2021-09-30 01:20:18 +02:00
Romain ecfac78f6e
Kanban colored boards (#16647)
Add a column Color in ProjectBoard and color picker in new / edit project board form.
2021-09-29 22:53:12 +02:00
Norwin f48dce3176
Don't return binary file changes in raw PR diffs by default (#17158)
* return diffs without binary file content change

* ?binary=true option to restore old behaviour

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
2021-09-27 17:09:49 -04:00
zeripath 920608e592
Support direct comparison (git diff a..b) as well merge comparison (a...b) (#16635)
This PR changes the compare page to make the "..." in the between branches a clickable
link. This changes the comparison type from "..." to "..". Similarly it makes the
initial compare icon clickable to switch the head and base branches.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-09-27 13:19:34 +01:00
zeripath 123f0aea00
Allow LDAP Sources to provide Avatars (#16851)
* Allow LDAP Sources to provide Avatars

Add setting to LDAP source to allow it to provide an Avatar.

Currently this is required to point to the image bytes.

Fix #4144

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Rename as Avatar Attribute (drop JPEG)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Always synchronize avatar if there is change

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Actually get the avatar from the ldap

Signed-off-by: Andrew Thornton <art27@cantab.net>

* clean-up

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use len()>0 rather than != ""

Signed-off-by: Andrew Thornton <art27@cantab.net>

* slight shortcut in IsUploadAvatarChanged

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-26 22:39:36 -04:00
zeripath 7e98cd58dd
Add SkipLocal2FA option to pam and smtp sources (#17078)
* Add SkipLocal2FA option to other pam and smtp sources

Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources

Signed-off-by: Andrew Thornton <art27@cantab.net>

* make SkipLocal2FA omitempty

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-09-26 21:02:01 -04:00
Alexey 〒erentyev 7e9bd206fd
Fix bundle creation (#17079)
Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gwyneth Morgan <87623694+gwymor@users.noreply.github.com>
Co-authored-by: Gwyneth Morgan <gwymor@tilde.club>
2021-09-26 00:29:25 +03:00
Lunny Xiao 5842a55b31
Move login related structs and functions to models/login (#17093)
* Move login related structs and functions to models/login

* Fix test

* Fix lint

* Fix lint

* Fix lint of windows

* Fix lint

* Fix test

* Fix test

* Only load necessary fixtures when preparing unit tests envs

* Fix lint

* Fix test

* Fix test

* Fix error log

* Fix error log

* Fix error log

* remove unnecessary change

* fix error log

* merge main branch
2021-09-24 19:32:56 +08:00