* Fix delete nonexist oauth application 500
* Fix test
* Close the session
* Fix more missed sess.Close
* Remove unnecessary blank line
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
* API: fix set milestone on PR creation
pr creation via API failed with 404, because we searched
for milestoneID 0, due to uninitialized var usage D:
* add tests
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
When editing forked repos using the API the BaseRepository needs to loaded
in order to check its visibility otherwise there will be NPE panic.
Fix#14956
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Backport #14834
When using HCaptcha on link account pages the site key needs to be passed
in. This PR ensures that HCaptchaSiteKey is set in the data.
Fix#14766
Signed-off-by: Andrew Thornton <art27@cantab.net>
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
`ctx.Error` requires that templates are available for this to
render the error page otherwise there will be a panic at this
time.
This was fixed in #13164 but was not completely backported.
Fix#13971
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #13966
`user.HashPassword` may potentially - and in fact now likely does - change
the `passwd_hash_algo` therefore whenever the `passwd` is updated, this
also needs to be updated.
Fix#13832
Thanks @fblaese for the hint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add black list and white list support for migrating repositories
* specify log message
* use blocklist/allowlist
* allways use lowercase to match url
* Apply allow/block
* Settings: use existing "migrations" section
* convert domains lower case
* dont store unused value
* Block private addresses for migration by default
* use proposed-upstream func to detect private IP addr
* add own error for blocked migration, add tests, imprufe api
* fix test
* fix-if-localhost-is-ipv4
* rename error & error message
* rename setting options
* Apply suggestions from code review
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Set RUN_MODE prod by default (#13765)
I think it's a bad default to have "dev" as the default run mode which
enables debugging and now also disables HTTP caching. It's better to
just default to a value suitable for general deployments.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* flip default in checkRunMode
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* ui: show 'owner' tag for real owner
Signed-off-by: a1012112796 <1012112796@qq.com>
* Update custom/conf/app.example.ini
* simplify logic
fix logic
fix a small bug about original author
* remove system manager tag
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Add email validity check (#13475)
* Improve error feedback for duplicate deploy keys
Instead of a generic HTTP 500 error page, a flash message is rendered
with the deploy key page template so inform the user that a key with the
intended title already exists.
* API returns 422 error when key with name exists
* Add email validity checking
Add email validity checking for the following routes:
[Web interface]
1. User registration
2. User creation by admin
3. Adding an email through user settings
[API]
1. POST /admin/users
2. PATCH /admin/users/:username
3. POST /user/emails
* Add further tests
* Add signup email tests
* Add email validity check for linking existing account
* Address PR comments
* Remove unneeded DB session
* Move email check to updateUser
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* skip email validation on empty string (#13627)
- move validation into its own function
- use a session for UpdateUserSetting
* rm TODO for backport
Co-authored-by: Chris Shyi <chrisshyi13@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fixes#13641 - Filtering in Pull Request kept all the time.
- The URL contains all the time the assignee in cases
where once a type has been selected.
Signed-off-by: Karl Heinz Marbaise <kama@soebes.de>
* Followup Fixes#13641 - Filtering in Pull Request kept all the time.
- The URL contains all the time the assignee in cases
where once a type has been selected.
- The same behaviour was observed issues viewed via milestones.
Signed-off-by: Karl Heinz Marbaise <kama@soebes.de>
* prevent git operations for inactive users
* Some fixes
* Deny push to the repositories which's owner is inactive
* deny operations also when user is ProhibitLogin
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
* Remove obsolete change of email on profile page
The change email on the account profile page is out-of-date
and unnecessary.
Changing email should be done using the account page.
Fix#13336
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Migrating reactions is just not that important
A failure during migrating reactions should not cause failure of
migration.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* When checking issue reactions check the correct permission
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
* Store task errors following migrations and display them
When migrate tasks fail store the error in the task table
and ensure that they show on the status page.
Fix#13242
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update web_src/js/index.js
* Hide the failed first
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
* Return the full rejection message and errors in flash errors (#13221)
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update routers/repo/pull.go
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Unfortunately there was a mistake in #13164 which fails to handle
os.PathError wrapping an os.ErrNotExist
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
* Avatar support minio
* Support repo avatar minio storage
* Add missing migration
* Fix bug
* Fix test
* Add test for minio store type on avatars and repo avatars; Add documents
* Fix bug
* Fix bug
* Add back missed avatar link method
* refactor codes
* Simplify the codes
* Code improvements
* Fix lint
* Fix test mysql
* Fix test mysql
* Fix test mysql
* Fix settings
* Fix test
* fix test
* Fix bug
* [Enhancement] Allow admin to merge pr with protected file changes
As tilte, show protected message in diff page and merge box.
Signed-off-by: a1012112796 <1012112796@qq.com>
* remove unused ver
* Update options/locale/locale_en-US.ini
Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
* Add TrN
* Apply suggestions from code review
* fix lint
* Update options/locale/locale_en-US.ini
Co-authored-by: zeripath <art27@cantab.net>
* Apply suggestions from code review
* move pr proteced files check to TestPatch
* Call TestPatch when protected branches settings changed
* Apply review suggestion @CirnoT
* move to service @lunny
* slightly restructure routers/private/hook.go
Adds a lot of comments and simplifies the logic
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* skip duplicate protected files check
* fix check logic
* slight refactor of TestPatch
Signed-off-by: Andrew Thornton <art27@cantab.net>
* When checking for protected files changes in TestPatch use the temporary repository
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix introduced issue with hook
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove the check on PR index being greater than 0 as it unnecessary
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
If team does not exist expect ErrTeamNotExist not ErrUserNotEXist
Fix#11336
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Add team support for review request
Block #11355
Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Instead of a generic HTTP 500 error page, a flash message is rendered with the deploy key page template to inform the user that a key with the intended title already exists.
Fixes#13110
This PR updates golangci-lint to the latest version 1.31.0.
The upgrade introduced a new check for which I've fixed or disabled most cases.
Signed-off-by: kolaente <k@knt.li>
Lunny Xiao