Commit Graph

2977 Commits

Author SHA1 Message Date
Lunny Xiao ab7e36e3a5
Fix branch pagination error (#16805) (#16816)
Backport #16805

Fix #16801

Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
2021-08-25 11:11:54 +01:00
zeripath 31e4e8205a
Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
Backport #16794

There is a missing return in handleSettingRemoteAddrError which means
that the error page for repo settings is duplicately rendered.

Fix #16771

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-23 18:09:28 -04:00
KN4CK3R 0840a508b4
Keep attachments on tasklist update (#16750) (#16757)
* Send attachments too.

* Use tasklist flag.

* use action="ignoreAttachments" instead of "tasklist"

* Use boolean parameter.

* when the update request doesn't intend to update attachments (eg: change checkbox state), ignore attachment updates (#16762)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-08-21 20:10:04 +01:00
KN4CK3R b6e4688874
Fix wrong user in OpenID response (#16736) (#16741)
* Fix wrong user in OpenID response (#16736)

* Fixed usage of wrong user.

* Added tests.

* Fixed wrong import.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-20 00:26:44 +03:00
zeripath 25437672bf
Restore functionality for pushing non-standard refs (Partial #16705) (#16706)
Partial Backport #16705

There was an inadvertent breaking change in #15629 meaning that notes refs and other
git extension refs will be automatically rejected.

This PR removes this incorrect forced rejection of non-standard refs.

Fix #16688

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-17 10:24:47 +02:00
zeripath c47065cc29
Set AllowedHeaders on API CORS handler (#16524) (#16618)
Backport #16524

Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers
to pull API.

Fix #16100

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-04 21:57:59 +02:00
zeripath 5fe7c0ed7b
Swagger AccessToken fixes (#16574) (#16597)
Backport #16574

There is a subtle problem with the Swagger definition for AccessTokens which causes
autogeneration of APIs for these endpoints to fail.

This PR corrects these errors.

Ref: https://github.com/zeripath/java-gitea-api/issues/4
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-02 20:24:47 +02:00
zeripath 693275455e
Handle too long PR titles correctly (#16517) (#16549)
Backport #16517

The CompareAndPullRequestPost handler for POST to /compare
incorrectly handles returning errors to the user. For a start
it does not set the necessary markers to switch SimpleMDE
but it also does not immediately return to the form.

This PR fixes this by setting the appropriate values, fixing
the templates and preventing the suggestion of a too long
title.

Fix #16507

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-26 17:49:48 +02:00
Lunny Xiao 89f680aa04
Fix issue pasted image missing if no release permission (#16520) (#16527)
* Fix issue pasted image missing if no release permission


Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-24 18:34:57 +02:00
zeripath 67942ac1a9
Switch to maintained jwt lib (#16532) (#16533)
Backport #16532

Co-authored-by: Matti R <matti@mdranta.net>
2021-07-24 11:13:50 -04:00
zeripath 1f5011dff7
Restore CORS on git smart http protocol (#16496) (#16506)
Backport #16496

Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix #16350
Close #16491

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-21 15:03:02 +01:00
6543 09a4364b21
Add TestPrepareWikiFileName (#16487) (#16498)
* Add TestPrepareWikiFileName

* use LsTree as LsFiles is index only

* ajust other tests

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-07-21 03:37:00 +01:00
zeripath 7f6019e492
Update notification table with only latest data (#16445) (#16469)
When marking notifications read the results may be returned out of order
or be delayed.  This PR sends a sequence number to gitea so that the
browser can ensure that only the results of the latest notification
change are shown.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-17 19:05:59 +02:00
Meano 423a0fccb6
Fix activation of primary email addresses (#16385)
* fix: primary email cannot be activated

* Primary email should be activated together with user account when
'RegisterEmailConfirm' is enabled.

* To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the
admin should have permission to modify the activations status of user email.
And the user should be allowed to send activation to primary email.

* Only judge whether email is primary from email_address table.

* Improve logging and refactor isEmailActive

Co-authored-by: zeripath <art27@cantab.net>
2021-07-13 22:59:27 +02:00
6543 56b7f53329
Return updated repository when changing repository using API (#16420) 2021-07-13 20:31:59 +01:00
zeripath b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00
6543 b81106be3f
Let branch/tag name be a valid ref to get CI status (#16400)
* fix #16384#

* refactor: move shared helper func to utils package

* extend Tests

* use ctx.Repo.GitRepo if not nil
2021-07-13 08:14:14 +01:00
Jimmy Praet 78118a3b02
Add checkbox to delete pull branch after successful merge (#16049)
* Add checkbox to delete pull branch after successful merge

* Omit DeleteBranchAfterMerge field in json

* Log a warning instead of error when PR head branch deleted

* Add DefaultDeleteBranchAfterMerge to PullRequestConfig

* Add support for delete_branch_after_merge via API

* Fix for API: the branch should be deleted from the HEAD repo

If head and base repo are the same, reuse the already opened ctx.Repo.GitRepo

* Don't delegate to CleanupBranch, only reuse branch deletion code

CleanupBranch contains too much logic that has already been performed by the Merge

* Reuse gitrepo in MergePullRequest

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-07-13 01:26:25 +02:00
6543 46a4c6835d
Fix external renderer (#16401)
* fix external renderer

* use GBackground context as fallback

* no fallback, return error

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-07-12 17:13:59 -04:00
zeripath 2f725cbc9e
Add LRU mem cache implementation (#16226)
The current default memory cache implementation is unbounded in size and number of
objects cached. This is hardly ideal.

This PR proposes creating a TwoQueue LRU cache as the underlying cache for Gitea.
The cache is limited by the number of objects stored in the cache (rather than size)
for simplicity. The default number of objects is 50000 - which is perhaps too small
as most of our objects cached are going to be much less than 1kB.

It may be worth considering using a different LRU implementation that actively limits
sizes or avoids GC - however, this is just a beginning implementation.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-10 23:54:15 +02:00
luzpaz fc1607b368
Fix source typos (#16374)
* Fix source typos

Follow up to e0296b6a6  
Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`

* rm "ignore destory on `make misspell-check`"

Co-authored-by: 6543 <6543@obermui.de>
2021-07-08 14:55:09 +02:00
luzpaz e0296b6a6d
Fix various documentation, user-facing, and source comment typos (#16367)
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
2021-07-08 13:38:13 +02:00
a1012112796 5bb97a12d7
Creating a repo from a template repo via API (#15958)
* Creating a repo from a template repo via API

fix #15934
ref:
https://docs.github.com/en/rest/reference/repos#create-a-repository-using-a-template

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-07-05 17:29:08 +02:00
sebastian-sauer 92328a3394
Add API to get commits of PR (#16300)
* Add API to get commits of PR

fixes #10918

Co-authored-by: Andrew Bezold <andrew.bezold@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-02 14:19:57 +02:00
Jimmy Praet ce286f9d9c
Support custom mime type mapping for text files (#16304)
* Support custom mime type mapping for text files

* Apply suggested change to routers/common/repo.go

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2021-06-30 17:31:54 -04:00
zeripath 365c4e9316
Add button to delete undeleted repositories from failed migrations (#16197)
This PR adds a button to delete failed repositories if there has been a
failure during migration and for whatever reason the repository doesn't
get deleted automatically.

Fix #16154

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-06-30 21:14:53 +02:00
6543 dea7a5c5b9
just add some unit tests (#16291)
* code.gitea.io/gitea/routers/utils coverage: 100.0%

* code.gitea.io/gitea/routers/install 0% -> 5.0%

* ConvertUtf8ToUtf8mb4: make sure DBType is mysql
2021-06-29 22:00:02 +01:00
6543 65548359cc
Add custom emoji support (#16004) 2021-06-29 16:28:38 +02:00
KN4CK3R aac663e0da
Implemented head_commit for webhooks (#16282)
* Removed Len field.

* Added head_commit webhook field.

* Added comment for returns.
2021-06-29 15:34:03 +02:00
Norwin 9c6aeb47f7
Link to previous blames in file blame page (#16259)
Adds a link to each blame hunk, to view the blame of an earlier version of the file, similar to GitHub. Also refactors the blame render from fmtstring based to template based.

* Fix blame bottom line and add blame prior button

* Jump to previous parent commit from the commit.

* Fix previous commit link

* Fix previous blame link

* Fix the given file not exist in the previous commit.

* Fix blameRow struct not export

* fix theming issues, rename template var

* remove unused LastCommit fetch

* fix location of blame-hunk divider

* rewrite previous commit checks

* remove duplicate commit lookup

its already resolved and stored in ctx.Repo.Commit!

* split out blamePart processing into function

Co-authored-by: rogerluo410 <rogerluo410@gmail.com>
2021-06-28 01:13:20 +02:00
KN4CK3R 9b1b4b5433
Refactor Webhook + Add X-Hub-Signature (#16176)
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`.

## ⚠️ BREAKING ⚠️ 

* The `Secret` field is no longer passed as part of the payload.
* "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129).

Close #16115
Fixes #7788
Fixes #11755

Co-authored-by: zeripath <art27@cantab.net>
2021-06-27 20:21:09 +01:00
6543 0b27b93728
Make allowed Visiblity modes configurable for Users (#16271)
Now that #16069 is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private.

This PR adds functionality and settings to constrain a user's ability to change their visibility.

Co-authored-by: zeripath <art27@cantab.net>
2021-06-27 19:47:35 +01:00
zeripath 35f37a3625
Add --quiet and --verbose to gitea web to control initial logging (#16260)
One of the repeatedly reported issues has been that gitea produces too much console
logging during set up even if the console logger is turned off.

Fundamentally this is due to some otherwise very helpful logging that has to occur
before logging is set up. This has come to a head with the merging of #16243 where
otherwise potentially helpful Trace logging in the git module now appears on the
console.

This PR proposes three things:

1. Change the initial default logger to Info not Trace.
2. Change the logging for the AppPath things to Info in recompense.
3. Add two new command line options to gitea web: --quiet and --verbose

`gitea web -q` or `gitea web --quiet` will only log Fatal level initially.
`gitea web -verbose` will log at Trace.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-26 20:56:58 -04:00
Sergey Dryabzhinsky 22a0636544
Add Visible modes function from Organisation to Users too (#16069)
You can limit or hide organisations. This pull make it also posible for users

- new strings to translte
- add checkbox to user profile form
- add checkbox to admin user.edit form
- filter explore page user search
- filter api admin and public user searches
- allow admins view "hidden" users
- add app option DEFAULT_USER_VISIBILITY
- rewrite many files to use Visibility field
- check for teams intersection
- fix context output
- right fake 404 if not visible

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-06-26 20:53:14 +01:00
Lunny Xiao e3c626834b
Let package git depend on setting but not opposite (#15241)
* Let package git depend on setting but not opposite

* private some package variables
2021-06-26 13:28:55 +02:00
John Olheiser 622f1e764c
Add better errors for disabled account recovery (#15117)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-06-25 23:16:36 -05:00
6543 3ef23d5411
Use gitea logging module for git module (#16243)
remove log() func from gogs times and switch to proper logging

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-06-25 17:54:08 +01:00
KN4CK3R 44b8b07631
Add tag protection (#15629)
* Added tag protection in hook.

* Prevent UI tag creation if protected.

* Added settings page.

* Added tests.

* Added suggestions.

* Moved tests.

* Use individual errors.

* Removed unneeded methods.

* Switched delete selector.

* Changed method names.

* No reason to be unique.

* Allow editing of protected tags.

* Removed unique key from migration.

* Added docs page.

* Changed date.

* Respond with 404 to not found tags.

* Replaced glob with regex pattern.

* Added support for glob and regex pattern.

* Updated documentation.

* Changed white* to allow*.

* Fixed edit button link.

* Added cancel button.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-06-25 16:28:55 +02:00
sebastian-sauer 6c3433151f
API: Allow COMMENT reviews to not specify a body (#16229)
* Allow COMMENT reviews to not specify a body

when using web ui there is no need to specify a body.
so we don't need to specify a body if adding a COMMENT-review
via our api.

* Ensure comments or Body is provided

and add some integration tests for reviewtype COMMENT.

Signed-off-by: Sebastian Sauer <sauer.sebastian@gmail.com>
2021-06-25 00:05:51 +02:00
KN4CK3R 4cc63e9919
Fix diff expansion is missing final line in a file (#16222)
* Fixed down offset.

* Fixed wrong line count result.
2021-06-24 17:47:46 +02:00
Lunny Xiao b223d36195
Rework repository archive (#14723)
* Use storage to store archive files

* Fix backend lint

* Add archiver table on database

* Finish archive download

* Fix test

* Add database migrations

* Add status for archiver

* Fix lint

* Add queue

* Add doctor to check and delete old archives

* Improve archive queue

* Fix tests

* improve archive storage

* Delete repo archives

* Add missing fixture

* fix fixture

* Fix fixture

* Fix test

* Fix archiver cleaning

* Fix bug

* Add docs for repository archive storage

* remove repo-archive configuration

* Fix test

* Fix test

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-23 17:12:38 -04:00
6543 eb324a9402
[API] Add repoGetTag (#16166)
* GetTag -> GetAnnotatedTag

* API: Add repoGetTag

* fix swagger docs

* support "/" as tag name char

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-23 17:08:47 -04:00
6543 58501a2682
[API] GET / SET User Settings (#16169)
* API: GET/SET User Settings

* linter

* Apply suggestions from code review

* Update modules/structs/user.go

* lint

* fix swagger

* move User2UserSettings to convert

* as per @zeripath "preferences" -> "settings"

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-23 15:58:44 -04:00
KN4CK3R 383ffcfa34
Small refactoring of modules/private (#15947)
* Use correct variable name.

* doer is never nil here.

* Use status code constants.

* Replaced generic map with concrete struct.

* Fixed windows lint.

* Removed unused method.

* Changed error codes.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-23 15:38:19 -04:00
zeripath 681e81babd
reqOrgMembership calls need to be preceded by reqToken (#16198)
ReqOrgMembership calls need to be preceded by reqToken

Fix #16192

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-06-21 14:01:44 +01:00
zeripath 196593e2e9
More efficiently parse shas for shaPostProcessor (#16101)
* More efficiently parse shas for shaPostProcessor

The shaPostProcessor currently repeatedly calls git rev-parse --verify on both backends
which is fine if there is only one thing that matches a sha - however if there are
multiple things then this becomes wildly inefficient.

This PR provides functions for both backends which are much faster to use.

Fix #16092

* Add ShaExistCache to RenderContext

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-06-21 00:39:12 +02:00
6543 75205b5669
Fix some API bugs (#16184)
* Repository object only count releases as releases (fix #16144)

* EditOrg respect RepoAdminChangeTeamAccess option (fix #16013)
2021-06-18 01:24:55 +02:00
KN4CK3R 29695cd6d5
Add asymmetric JWT signing (#16010)
* Added asymmetric token signing.

* Load signing key from settings.

* Added optional kid parameter.

* Updated documentation.

* Add "kid" to token header.
2021-06-17 23:56:46 +02:00
6543 f7cd394680
[API] Add repoCreateTag (#16165)
* Add API CreateTag

* Add Test

* API: expose Tag Message
2021-06-17 18:04:10 +02:00
6543 b3fbd37e99
[API] expose repo.GetReviewers() & repo.GetAssignees() (#16168)
* API: expose repo.GetReviewers() & repo.GetAssignees()

* Add tests

* fix unrelated swagger query type
2021-06-17 16:02:34 +02:00