Commit Graph

74 Commits

Author SHA1 Message Date
zeripath 9d9ad1b59f
Only view milestones from current repo (#18414) (#18418)
Backport #18414

The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-26 22:09:35 +00:00
Gusted f9bbed028c
Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
- Backport #18135
- Backport #18153
2022-01-02 02:39:23 +00:00
Lunny Xiao 7e084341fe
Fix wrong redirect on org labels (#18128) (#18134)
* Fix wrong redirect on org labels (#18128)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2021-12-30 17:08:42 +01:00
zeripath de3216ee55
Use common sessioner for API and web routes (#18114)
* Use common sessioner for API and web routes

Since the regenerate session ID PR some users of the memory session provider have been
reporting difficulties with getting API results.

I am uncertain as to why this is happening - but I think that the sessioner being
created twice may be a potential cause for this. Therefore this PR attempts to move
this out to a common sessioner as it is in 1.16.

Fix #18070

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update routers/init.go
2021-12-28 22:15:01 +00:00
zeripath 71e1ebfa60
Instead of using routerCtx just escape the url before routing (#18086) (#18098)
Backport #18086

A consequence of forcibly setting the RoutePath to the escaped url is that the
auto routing to endpoints without terminal slashes fails (Causing #18060.) This
failure raises the possibility that forcibly setting the RoutePath causes other
unexpected behaviors too.

Therefore, instead we should simply pre-escape the URL in the process registering
handler. Then the request URL will be properly escaped for all the following calls.

Fix #17938
Fix #18060
Replace #18062
Replace #17997

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-26 10:32:04 +00:00
zeripath 012e45a4c1
Correctly handle failed migrations (#17575) (#18099)
* Correctly handle failed migrations

There is a bug in handling failed migrations whereby the migration task gets decoupled
from the migration repository. This leads to a failure of the task to get deleted with
the repository and also leads to the migration failed page resulting in a ISE.

This PR removes the zeroing out of the task id from the migration but also makes
the migration handler tolerate missing tasks much nicer.

Fix #17571

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-25 15:45:51 +00:00
zeripath d25ff0d695
Reset locale on login (#17734) (#18100)
Backport #17734

When logging in reset the user's locale to ensure that it matches their
preferred locale.

Fix #15612

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-25 21:31:23 +08:00
zeripath 6100935a77
Add NotFound handler (#18062) (#18067)
Backport #18062

PR #17997 means that urls with terminal '/' are no longer immediately mapped
to the url without a terminal slash. However, it has revealed that the NotFound handler
appears to have been lost.

This PR adds back in a NotFound handler that simply redirects to a path without the
terminal slash or runs the NotFound handler.

Fix #18060

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-22 15:26:37 +00:00
zeripath 6de75224de
Ensure that git repository is closed before transfer (#18049) (#18057)
Backport #18049

Repository Transfer requires that the repository directory is renamed - which
is not possible on Windows if the git repository is open.

Fix #17885

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-21 18:27:46 +00:00
zeripath a818a48c76
Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
Backport #18045

The current code unfortunately requires that `action` be a reserved
repository name as it prevents posts to change the settings for
action repositories. However, we can simply change action handler
to work on POST /{username} instead.

Fix #18037

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 15:53:08 -05:00
zeripath 76e1c130fb
Reset Session ID on login (#18018) (#18041)
Backport #18018

When logging in the SessionID should be reset and the session cleaned up.

Also logs the user in on completion of linking account

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 20:06:54 +00:00
zeripath c69b3b65f3
Reset locale on login (#18023) (#18025)
Backport #18023

Although we reset the locale in a number of places there were several ways of logging in that were missing the same code.

Fix #18020

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2021-12-19 15:04:31 +00:00
zeripath 2051f850ef
Ensure complexity, minlength and ispwned are checked on password setting (#18005) (#18015)
Backport #18005

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-17 21:24:59 +00:00
a1012112796 9a8532d928
fix 500 error while use a reserved name in org rename (#17878) (#17881)
fix #17876

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-12-02 19:52:08 +08:00
Lunny Xiao d29a0fc3be
Fix user primary email changed (#17840) 2021-11-28 12:04:44 +01:00
KN4CK3R 3a222ee416
Fixed commit count (#17698) (#17790)
* Fixed commit count (#17698)

Added "Tag" label.
Unified branch, tag and commit name.

* Keep 1.15 behaviour.

* Removed locale change.
2021-11-26 00:21:56 +01:00
Lunny Xiao a08856606e
Return 400 but not 500 when request archive with wrong format (#17691) (#17700)
* Return 400 but not 500 when request archive with wrong format (#17691)
* Remove bundle because it's not in this version
2021-11-20 00:31:29 +08:00
Gusted ea0fe83888
Fix golangci-lint warnings (#17598 et al) (#17668)
Backport #17598 
Backport #17606 
Backport #17608 
Backport #17609

- Since https://gitea.com/gitea/test-env/pulls/10 the golangci-lint has been upgraded and is erroring about new warnings in the code, this PR fixes those warnings.
2021-11-16 20:38:49 +00:00
Lunny Xiao 1cec7f5ab5
Fix bug on detect issue/comment writer (#17592) 2021-11-09 16:00:40 +08:00
zeripath 9340269d84
Stop double encoding blame commit messages (#17498) (#17500)
Backport #17498

The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous
as the commit message is now rendered by the template. The template will correctly
escape strings - therefore we are currently double escaping.

This PR fixes this.

Fix #17492

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-31 17:46:51 +08:00
KN4CK3R 1fbdf96c34
Fix CSV render error (#17406) (#17431)
Backport #17406.

Closes #17378 

Both errors from #17378 were caused by  #15175.

Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.

Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.

Co-authored-by: zeripath <art27@cantab.net>
2021-10-25 18:31:15 +01:00
KN4CK3R 5159055278
Read expected buffer size (#17409) (#17430)
Backport of #17409

* Read expected buffer size.

* Changed name.
2021-10-25 17:46:56 +01:00
zeripath 79a3d277e5
Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
Backport #17304

Downgrade logging statement from Fatal to Error so that errors parsing
U2FRegistration data does not panic; instead, the invalid key will be
skipped and we will attempt to parse the next one, if available.

Signed-off-by: David Jimenez <dvejmz@sgfault.com>

Co-authored-by: David Jimenez <dvejmz@users.noreply.github.com>
2021-10-20 21:45:17 +02:00
Viktor Kuzmin fde6ff6a75
Backport of fix for auto registration - PR #17219 (#17292) 2021-10-12 00:02:47 -04:00
pricly-yellow 6995be66e7
Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
Fix GetPullRequestByIndex by validate index > 1

Signed-off-by: Danila Kryukov <pricly_yellow@dismail.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
2021-10-05 20:16:22 +02:00
Lunny Xiao 766272b154
Fix bug of get context user (#17169) (#17172)
Co-authored-by: 6543 <6543@obermui.de>
2021-09-28 15:42:43 +02:00
6543 122917f4d5
Fix wrong i18n keys (#17150) (#17153)
Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-09-26 08:25:12 +08:00
zeripath b673a24ee6
Render full plain readme. (#17083) (#17090)
Backport #17083

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2021-09-19 22:01:19 +08:00
zeripath 0e448fb96d
Decrement Fork Num when converting from Fork (#17035) (#17046)
Backport #17035

When converting repositories from forks to normal the root NumFork needs to be
decremented too.

Fix #17026

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-15 10:05:47 +08:00
zeripath e5ded0ee19
Ensure that rebase conflicts are handled in updates (#16952) (#16960)
Backport #16952

PR #16125 did not update the error handlers to handle conflict errors relating
to rebases. This PR adds them.

Fix #16922

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-05 18:54:13 +02:00
zeripath f949f9e9c5
Correctly return the number of Repositories for Organizations (#16807) (#16911)
Backport #16807

Calculate and return the number of Repositories on the dashboard
Organization list.

This PR restores some of the logic that was removed in #14032 to
calculate the number of repos on the dashboard orgs list.

Fix #16648
Replaces #16799

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-01 19:20:35 +02:00
6543 0274933c22
Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* make sure headGitRepo is closed on err too
* refactor
* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)

Co-authored-by: zeripath <art27@cantab.net>
2021-08-31 16:06:01 +08:00
6543 67776372d6
Fix wiki raw commit diff/patch view (#16891) (#16892) 2021-08-31 14:13:08 +08:00
6543 c54639b8ee
Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
fix pipe leak
2021-08-31 05:02:27 +02:00
6543 49a71a6461
Ensure wiki repos are all closed (#16886) (#16888)
There are multiple places where wiki git repositories are not properly closed.

This PR ensures they are closed.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-08-30 23:00:45 +02:00
6543 c5193a8481
In Render tolerate not being passed a context (#16842) (#16858)
* In Render tolerate not being passed a context

It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.

Fix #16835

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add Context to Repo calls for RenderString

All calls from routers can easily add the context - so add it.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-08-29 15:25:45 +01:00
Lunny Xiao ab7e36e3a5
Fix branch pagination error (#16805) (#16816)
Backport #16805

Fix #16801

Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
2021-08-25 11:11:54 +01:00
zeripath 31e4e8205a
Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
Backport #16794

There is a missing return in handleSettingRemoteAddrError which means
that the error page for repo settings is duplicately rendered.

Fix #16771

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-23 18:09:28 -04:00
KN4CK3R 0840a508b4
Keep attachments on tasklist update (#16750) (#16757)
* Send attachments too.

* Use tasklist flag.

* use action="ignoreAttachments" instead of "tasklist"

* Use boolean parameter.

* when the update request doesn't intend to update attachments (eg: change checkbox state), ignore attachment updates (#16762)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-08-21 20:10:04 +01:00
KN4CK3R b6e4688874
Fix wrong user in OpenID response (#16736) (#16741)
* Fix wrong user in OpenID response (#16736)

* Fixed usage of wrong user.

* Added tests.

* Fixed wrong import.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-20 00:26:44 +03:00
zeripath 693275455e
Handle too long PR titles correctly (#16517) (#16549)
Backport #16517

The CompareAndPullRequestPost handler for POST to /compare
incorrectly handles returning errors to the user. For a start
it does not set the necessary markers to switch SimpleMDE
but it also does not immediately return to the form.

This PR fixes this by setting the appropriate values, fixing
the templates and preventing the suggestion of a too long
title.

Fix #16507

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-26 17:49:48 +02:00
Lunny Xiao 89f680aa04
Fix issue pasted image missing if no release permission (#16520) (#16527)
* Fix issue pasted image missing if no release permission


Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-24 18:34:57 +02:00
zeripath 67942ac1a9
Switch to maintained jwt lib (#16532) (#16533)
Backport #16532

Co-authored-by: Matti R <matti@mdranta.net>
2021-07-24 11:13:50 -04:00
zeripath 1f5011dff7
Restore CORS on git smart http protocol (#16496) (#16506)
Backport #16496

Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix #16350
Close #16491

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-21 15:03:02 +01:00
6543 09a4364b21
Add TestPrepareWikiFileName (#16487) (#16498)
* Add TestPrepareWikiFileName

* use LsTree as LsFiles is index only

* ajust other tests

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-07-21 03:37:00 +01:00
zeripath 7f6019e492
Update notification table with only latest data (#16445) (#16469)
When marking notifications read the results may be returned out of order
or be delayed.  This PR sends a sequence number to gitea so that the
browser can ensure that only the results of the latest notification
change are shown.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-17 19:05:59 +02:00
Meano 423a0fccb6
Fix activation of primary email addresses (#16385)
* fix: primary email cannot be activated

* Primary email should be activated together with user account when
'RegisterEmailConfirm' is enabled.

* To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the
admin should have permission to modify the activations status of user email.
And the user should be allowed to send activation to primary email.

* Only judge whether email is primary from email_address table.

* Improve logging and refactor isEmailActive

Co-authored-by: zeripath <art27@cantab.net>
2021-07-13 22:59:27 +02:00
zeripath b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00
Jimmy Praet 78118a3b02
Add checkbox to delete pull branch after successful merge (#16049)
* Add checkbox to delete pull branch after successful merge

* Omit DeleteBranchAfterMerge field in json

* Log a warning instead of error when PR head branch deleted

* Add DefaultDeleteBranchAfterMerge to PullRequestConfig

* Add support for delete_branch_after_merge via API

* Fix for API: the branch should be deleted from the HEAD repo

If head and base repo are the same, reuse the already opened ctx.Repo.GitRepo

* Don't delegate to CleanupBranch, only reuse branch deletion code

CleanupBranch contains too much logic that has already been performed by the Merge

* Reuse gitrepo in MergePullRequest

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-07-13 01:26:25 +02:00
6543 46a4c6835d
Fix external renderer (#16401)
* fix external renderer

* use GBackground context as fallback

* no fallback, return error

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-07-12 17:13:59 -04:00