Commit Graph

204 Commits

Author SHA1 Message Date
zeripath 0ac845042e
Move POST /{username}/action/{action} to simply POST /{username} (#18045)
The current code unfortunately requires that `action` be a reserved
repository name as it prevents posts to change the settings for
action repositories. However, we can simply change action handler
to work on POST /{username} instead.

Fix #18037

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 17:18:26 +00:00
zeripath bcc13f3889
Reset Session ID on login (#18018)
* Reset Session ID on login

When logging in the SessionID should be reset and the session cleaned up.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* with new session.RegenerateID function

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update go-chi/session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Ensure that session id is changed after oauth data is set and between account linking pages too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 22:12:26 +08:00
Gusted ff2fd08228
Simplify parameter types (#18006)
Remove repeated type declarations in function definitions.
2021-12-20 04:41:31 +00:00
zeripath e4e411821d
Abort merge if head has been updated before pressing merge (#18032)
* Abort merge if head has been updated before pressing merge

It is possible that a PR head may be pushed to between the merge page being shown
and the merge button being pressed. Pass the current expected head in as a parameter
and cancel the merge if it has changed.

Fix #18028

Signed-off-by: Andrew Thornton <art27@cantab.net>

* adjust swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 08:32:54 +08:00
zeripath 1c7db70835
Reset locale on login (#18023)
* Reset locale on login

Fix #18020

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update routers/web/user/auth.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2021-12-19 13:31:43 +00:00
Wim 6fe756dc93
Add support for ssh commit signing (#17743)
* Add support for ssh commit signing

* Split out ssh verification to separate file

* Show ssh key fingerprint on commit page

* Update sshsig lib

* Make sure we verify against correct namespace

* Add ssh public key verification via ssh signatures

When adding a public ssh key also validate that this user actually
owns the key by signing a token with the private key.

* Remove some gpg references and make verify key optional

* Fix spaces indentation

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update templates/user/settings/keys_ssh.tmpl

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update models/ssh_key_commit_verification.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Reword ssh/gpg_key_success message

* Change Badsignature to NoKeyFound

* Add sign/verify tests

* Fix upstream api changes to user_model User

* Match exact on SSH signature

* Fix code review remarks

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-19 00:37:18 -05:00
Lunny Xiao b300e3f485
Support open compare page directly (#17975)
* Support open compare page directly

* simple code

* Some improvements

Co-authored-by: 6543 <6543@obermui.de>
2021-12-17 22:20:27 +00:00
qwerty287 4cbc865d83
Add option to define refs in issue templates (#17842)
Adds a markdown header option `ref` that allows you to set the ref the issue should belong.
2021-12-17 21:29:09 +00:00
zeripath d29b689f81
Ensure complexity, minlength and ispwned are checked on password setting (#18005)
It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-17 10:03:39 +08:00
Gusted dab28c7049
Use JSON module instead of stdlib json (#18003) 2021-12-17 09:15:02 +08:00
zeripath 8354670708
Prevent hang in git cat-file if repository is not a valid repository and other fixes (#17991)
This PR contains multiple fixes. The most important of which is:

* Prevent hang in git cat-file if the repository is not a valid repository 
    
    Unfortunately it appears that if git cat-file is run in an invalid
    repository it will hang until stdin is closed. This will result in
    deadlocked /pulls pages and dangling git cat-file calls if a broken
    repository is tried to be reviewed or pulls exists for a broken
    repository.

    Fix #14734
    Fix #9271
    Fix #16113

Otherwise there are a few small other fixes included which this PR was initially intending to fix:

* Fix panic on partial compares due to missing PullRequestWorkInProgressPrefixes
* Fix links on pulls pages  due to regression from #17551 - by making most /issues routes match /pulls too - Fix #17983
* Fix links on feeds pages due to another regression from #17551 but also fix issue with syncing tags - Fix #17943
* Add missing locale entries for oauth group claims
* Prevent NPEs if ColorFormat is called on nil users, repos or teams.
2021-12-16 19:01:14 +00:00
zeripath e0e3ba6c12
Add Reindex buttons to repository settings page (#17494)
This PR adds reindexing request buttons to the repository settings page.

Fix #3796

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-16 23:55:12 +08:00
silverwind f58e687a83
Shorten page title in file view (#17987)
Move the more relevant sections of the page title earlier which make it
possible to distinguish multiple tabs from each other when tab width is
limited.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-15 15:50:11 +08:00
wxiaoguang 4da1d97810
Refactor HTTP request context (#17979) 2021-12-15 14:59:57 +08:00
qwerty287 9d943bf374
Add missing `X-Total-Count` and fix some related bugs (#17968)
* Add missing `X-Total-Count` and fix some related bugs

Adds `X-Total-Count` header to APIs that return a list but doesn't have it yet.
Fixed bugs:
* not returned after reporting error (39eb82446c/routers/api/v1/user/star.go (L70))
* crash with index out of bounds, API issue/issueSubscriptions

I also found various endpoints that return lists but do not apply/support pagination yet:
```
/repos/{owner}/{repo}/issues/{index}/labels
/repos/{owner}/{repo}/issues/comments/{id}/reactions
/repos/{owner}/{repo}/branch_protections
/repos/{owner}/{repo}/contents
/repos/{owner}/{repo}/hooks/git
/repos/{owner}/{repo}/issue_templates
/repos/{owner}/{repo}/releases/{id}/assets
/repos/{owner}/{repo}/reviewers
/repos/{owner}/{repo}/teams
/user/emails
/users/{username}/heatmap
```
If this is not expected, an new issue should be opened.

Closes #13043

* fmt

* Update routers/api/v1/repo/issue_subscription.go

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

* Use FindAndCount

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
2021-12-15 13:39:34 +08:00
zeripath 0981ec30c3
Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
* Add setting to OAuth handlers to override local 2FA settings

This PR adds a setting to OAuth and OpenID login sources to allow the source to
override local 2FA requirements.

Fix #13939

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix regression from #16544

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add scopes settings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix trace logging in auth_openid

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add required claim options

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move UpdateExternalUser to externalaccount

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Allow OAuth2/OIDC to set Admin/Restricted status

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Allow use of the same group claim name for the prohibit login value

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup! Move UpdateExternalUser to externalaccount

* as per wxiaoguang

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add label back in

Signed-off-by: Andrew Thornton <art27@cantab.net>

* adjust localisation

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-14 16:37:11 +08:00
zeripath b4782e24d2
Return nicer error for ForcePrivate (#17971) 2021-12-14 00:08:09 -05:00
Lunny Xiao 5723240490
Some repository refactors (#17950)
* some repository refactors

* remove unnecessary code

* Fix test

* Remove unnecessary banner
2021-12-12 23:48:20 +08:00
Lunny Xiao 3ca5dc7e32
Move keys to models/asymkey (#17917)
* Move keys to models/keys

* Rename models/keys -> models/asymkey

* change the missed package name

* Fix package alias

* Fix test

* Fix docs

* Fix test

* Fix test

* merge
2021-12-10 16:14:24 +08:00
wxiaoguang 0a9fcf63a4
Clean legacy SimpleMDE code (#17926)
Since we are using EasyMDE now, we do not need to keep the SimpleMDE code anymore.

This PR removes all legacy SimpleMDE code, and makes some related changes:
* `createCommentEasyMDE` can accept native DOM element, and it doesn't need `jQuery.data` to store EasyMDE editor object (as discussed about the frontend guideline).
* introduce `getAttachedEasyMDE` to get the attached EasyMDE editor object, it's easier to find all the usage of EasyMDE.
* rename variable names from `$simplemde` to `easyMDE`, the `$` was incorrect because it is a EasyMDE editor, not a jQuery object.

With this PR, it will be easier to do more refactoring or replacing EasyMDE with other editors.
2021-12-10 10:51:27 +08:00
Lunny Xiao 719bddcd76
Move repository model into models/repo (#17933)
* Some refactors related repository model

* Move more methods out of repository

* Move repository into models/repo

* Fix test

* Fix test

* some improvements

* Remove unnecessary function
2021-12-10 09:27:50 +08:00
zeripath 9e6e1dc950
Improve checkBranchName (#17901)
The current implementation of checkBranchName is highly inefficient
involving opening the repository, the listing all of the branch names
checking them individually before then using using opened repo to get
the tags.

This PR avoids this by simply walking the references from show-ref
instead of opening the repository (in the nogogit case).

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-08 19:08:16 +00:00
Anbraten 0ff18a808c
Support sorting for project board issuses (#17152)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-08 14:57:18 +08:00
John Olheiser eb69c7ec8c
Allow default branch to be inferred on compare page (#17908)
* Allow default branch to be inferred

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add test for inferred default branch

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-06 11:04:07 -06:00
Lunny Xiao dcdb4873c8
Move repo archiver to models/repo (#17913)
* Move repo archiver to models/repo

* Move archiver service into services/repository/

* Fix imports

* Fix test

* Fix test
2021-12-06 15:19:28 +08:00
wxiaoguang aa79738a66
Fix the bug: no wiki page can be created if the repo didn't have any page yet. (#17894) 2021-12-03 20:46:11 +01:00
n 6791aae8de
Add hints for special Wiki pages (#17283)
* Add UI hints to create a Wiki sidebar and footer
2021-12-03 15:28:54 +08:00
zeripath 957c3fcb59
Update chi/middleware to chi/v5/middleware (#17888)
Fix #17880


Co-authored-by: Lauris BH <lauris@nix.lv>
2021-12-02 21:58:08 +01:00
mscherer 34b5436ae1
Refactor various strings (#17784)
Fixes #16478

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-02 15:28:08 +08:00
a1012112796 ba57e30f13
fix 500 error while use a reserved name in org rename (#17878)
fix #17876

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-12-02 10:43:43 +08:00
zeripath 01087e9eef
Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125)
This PR registers requests with the process manager and manages hierarchy within the processes.

Git repos are then associated with a context, (usually the request's context) - with sub commands using this context as their base context.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-30 20:06:32 +00:00
Lunny Xiao 9defddb286
Move more model into models/user (#17826)
* Move more model into models/user

* Remove unnecessary comment

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-28 22:11:58 +08:00
Lunny Xiao 1fee11d69a
Move accessmode into models/perm (#17828) 2021-11-28 12:58:28 +01:00
qwerty287 24a8d54bfb
Disable ref selection dropdown if you don't have permissions to use it (#17837)
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-28 12:13:13 +08:00
Galen Suen fbadc1a198
Fix value of User.IsRestricted to default setting when oauth2 user auto registration; (#17839) 2021-11-28 11:27:48 +08:00
mscherer 1f0dab2116
Implement Well-Known URL for password change (#17777)
* Implement Well-Known URL for password change

Fixes #11804
2021-11-26 22:55:11 +08:00
Lunny Xiao 371ebce252
Fix database inconsistent when admin change user email (#17549) 2021-11-25 20:56:16 -05:00
Lunny Xiao 6c21961462
org settings -> webhook/labels/deletion should also active the menu (#17809) 2021-11-25 23:15:58 +08:00
wxiaoguang edd37e9d4a
Fix org webchatwork webhook (#17810) 2021-11-25 04:25:25 -05:00
qwerty287 e0f81b4ef4
Allow forks to org if you can create repos (#17783) 2021-11-25 13:03:03 +08:00
Lunny Xiao 49933c7fb0
Create menus for organization pages (#17802)
* Create menus for organization pages

* Fix frontend lint

* Fix frontend lint
2021-11-25 00:12:54 +08:00
Lunny Xiao a666829a37
Move user related model into models/user (#17781)
* Move user related model into models/user

* Fix lint for windows

* Fix windows lint

* Fix windows lint

* Move some tests in models

* Merge
2021-11-24 17:49:20 +08:00
Lunny Xiao c97d66d23c
Move repofiles from modules/repofiles to services/repository/files (#17774)
* Move repofiles from modules to services

* rename services/repository/repofiles -> services/repository/files

* Fix test

Co-authored-by: 6543 <6543@obermui.de>
2021-11-24 15:56:24 +08:00
Lunny Xiao baed01f247
Remove unnecessary attributes of User struct (#17745)
* Remove unnecessary functions of User struct

* Move more database methods out of user struct

* Move more database methods out of user struct

* Fix template failure

* Fix bug

* Remove finished FIXME

* remove unnecessary code
2021-11-22 23:21:55 +08:00
Lunny Xiao c2ab19888f
Support pagination of organizations on user settings pages (#16083)
* Add pagination for user setting orgs
* Use FindOrgs instead of GetOrgsByUserID
* Remove unnecessary functions and fix test
* remove unnecessary code
2021-11-22 21:51:45 +08:00
Gusted 8244cfb8eb
Fix navbar on project view (#17749)
- Shows that the project nav item is active when you're viewing a project.
2021-11-22 18:57:05 +08:00
zeripath 8511eec4d4
Allow Loading of Diffs that are too large (#17739)
* Allow Loading of Diffs that are too large

This PR allows the loading of diffs that are suppressed because the file
is too large. It does not handle diffs of files which have lines which
are too long.

Fix #17738

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-22 00:51:08 +08:00
zeripath 0fa41b6dc4
Reset locale on login (#17734)
When logging in reset the user's locale to ensure that it matches their
preferred locale.

Fix #15612

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 21:32:37 +00:00
wxiaoguang 013fb73068
Use `hostmatcher` to replace `matchlist`, improve security (#17605)
Use hostmacher to replace matchlist.

And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
2021-11-20 17:34:05 +08:00
Lunny Xiao fc3d082609
Move attachment into models/repo/ (#17650)
* Move attachment into models/repo/

* Fix test

* Fix bug
2021-11-19 21:39:57 +08:00