Commit Graph

1325 Commits

Author SHA1 Message Date
6543 33431fcbd3
Validate email before inserting/updating (#13475) (#13666)
* Add email validity check (#13475)

* Improve error feedback for duplicate deploy keys

Instead of a generic HTTP 500 error page, a flash message is rendered
with the deploy key page template so inform the user that a key with the
intended title already exists.

* API returns 422 error when key with name exists

* Add email validity checking

Add email validity checking for the following routes:
[Web interface]
1. User registration
2. User creation by admin
3. Adding an email through user settings
[API]
1. POST /admin/users
2. PATCH /admin/users/:username
3. POST /user/emails

* Add further tests

* Add signup email tests

* Add email validity check for linking existing account

* Address PR comments

* Remove unneeded DB session

* Move email check to updateUser

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* skip email validation on empty string (#13627)

- move validation into its own function
- use a session for UpdateUserSetting

* rm TODO for backport

Co-authored-by: Chris Shyi <chrisshyi13@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-22 12:31:35 -05:00
zeripath 198e57bc37
Return the full rejection message and errors in flash errors (#13221) (#13237)
* Return the full rejection message and errors in flash errors (#13221)


Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update routers/repo/pull.go

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-10-21 14:54:19 -04:00
6543 2ec50b9514
Show outdated comments in pull request (#13148) (#13162)
Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: Iván Valdés <iv@a.ki>
Co-authored-by: zeripath <art27@cantab.net>
2020-10-15 21:46:56 -04:00
Lauris BH f587dc69bb
Fix Italian language file parsing error (#13156) 2020-10-15 19:57:17 +08:00
Lauris BH 89b1b662b3
Add back only missing translation for Latvian language (#13144)
* Add back only missing translation for Latvian language

* Backport German translations
2020-10-14 16:54:56 -04:00
GiteaBot 8fa74045c4 [skip ci] Updated translations via Crowdin 2020-10-14 17:02:15 +00:00
GiteaBot 36e41d4764 [skip ci] Updated translations via Crowdin 2020-10-14 13:09:05 +00:00
GiteaBot 93f7525061 [skip ci] Updated translations via Crowdin 2020-10-14 12:12:40 +00:00
GiteaBot e70df67d47 [skip ci] Updated translations via Crowdin 2020-10-14 11:18:41 +00:00
Lauris BH a2a05d164b
Fix punctuation in trust model description (#13140) 2020-10-14 14:17:40 +03:00
GiteaBot aa73b7b7e5 [skip ci] Updated translations via Crowdin 2020-10-14 04:07:05 +00:00
6543 49b1948cb1
Gitea 2 Gitea migration (#12657)
* first draft

* update gitea sdk to 9e280adb4da

* adapt feat of updated sdk

* releases now works

* break the Reactions loop

* use convertGiteaLabel

* fix endless loop because paggination is not supported there !!!

* rename gitea local uploader files

* pagination can bite you in the ass

* Version Checks

* lint

* docs

* rename gitea sdk import to miss future conficts

* go-swagger: dont scan the sdk structs

* make sure gitea can shutdown gracefully

* make GetPullRequests and GetIssues similar

* rm useles

* Add Test: started ...

* ... add tests ...

* Add tests and Fixing things

* Workaround missing SHA

* Adapt: Ensure that all migration requests are cancellable
(714ab71ddc)

* LINT: fix misspells in test set

* adapt ListMergeRequestAwardEmoji

* update sdk

* Return error when creating giteadownloader failed

* update sdk

* adapt new sdk

* adopt new features

* check version before err

* adapt: 'migrate service type switch page'

* optimize

* Fix DefaultBranch

* impruve

* handle subPath

* fix test

* Fix ReviewCommentPosition

* test GetReviews

* add DefaultBranch int test set

* rm unused

* Update SDK to v0.13.0

* addopt sdk changes

* found better link

* format template

* Update Docs

* Update Gitea SDK (v0.13.1)
2020-10-14 07:06:00 +03:00
赵智超 dfa7291f8f
[Enhancement] Allow admin to merge pr with protected file changes (#12078)
* [Enhancement] Allow admin to merge pr with protected file changes

As tilte, show protected message in diff page and merge box.

Signed-off-by: a1012112796 <1012112796@qq.com>

* remove unused ver

* Update options/locale/locale_en-US.ini

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>

* Add TrN

* Apply suggestions from code review

* fix lint

* Update options/locale/locale_en-US.ini

Co-authored-by: zeripath <art27@cantab.net>

* Apply suggestions from code review

* move pr proteced files check to TestPatch
* Call TestPatch when protected branches settings changed

* Apply review suggestion @CirnoT

* move to service @lunny

* slightly restructure routers/private/hook.go

Adds a lot of comments and simplifies the logic

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* skip duplicate protected files check

* fix check logic

* slight refactor of TestPatch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* When checking for protected files changes in TestPatch use the temporary repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix introduced issue with hook

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove the check on PR index being greater than 0 as it unnecessary

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-13 14:50:57 -04:00
GiteaBot da32d0e72a [skip ci] Updated translations via Crowdin 2020-10-13 16:25:13 +00:00
GiteaBot b546eda7a8 [skip ci] Updated translations via Crowdin 2020-10-12 18:45:03 +00:00
GiteaBot e35f7e81ae [skip ci] Updated translations via Crowdin 2020-10-11 18:52:13 +00:00
Wim 9066d09c57
Add ssh certificate support (#12281)
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Fix linting issue

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-10 20:38:09 -04:00
GiteaBot 529c5ffe12 [skip ci] Updated translations via Crowdin 2020-10-08 15:51:23 +00:00
GiteaBot 4df6807b81 [skip ci] Updated translations via Crowdin 2020-10-07 18:25:19 +00:00
GiteaBot e0b7727804 [skip ci] Updated translations via Crowdin 2020-10-07 09:56:17 +00:00
Niklas Goerke 8fe8ab5cbf
Mitigate Security vulnerability in the git hook feature (#13058)
* Extend git hook warning in the UI.

Git hooks are a dangerous feature, administrators should be warned before giving
the git hook privilege to users.

* Disable Git hooks by default and add warning.

Git hooks are a dangerous features (see warning text) that should only
be enabled if the administrator was informed about the risk involved.

Co-authored-by: Niklas Goerke <goerke@fzi.de>
2020-10-07 12:55:13 +03:00
GiteaBot f5436b4a67 [skip ci] Updated translations via Crowdin 2020-10-06 16:17:17 +00:00
GiteaBot a23c128ba6 [skip ci] Updated translations via Crowdin 2020-10-06 07:24:15 +00:00
Spencer Taylor 6eea301829
Adding visual cue for "Limited" & "Private" organizations. (#13040)
* Adding visual cue for "Limited" & "Private" organizations.

* Moving org visibility CSS styles to .less files.

Co-authored-by: Gitea <gitea@fake.local>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-06 02:25:43 -04:00
GiteaBot 91118bc73d [skip ci] Updated translations via Crowdin 2020-10-05 22:47:15 +00:00
GiteaBot 10e04da28c [skip ci] Updated translations via Crowdin 2020-10-04 17:13:45 +00:00
GiteaBot 86b8c81240 [skip ci] Updated translations via Crowdin 2020-10-02 09:38:47 +00:00
GiteaBot 1d2553abbf [skip ci] Updated translations via Crowdin 2020-10-01 12:50:55 +00:00
zeripath c6da033656
Copy missing things from app.example.ini to Cheat Sheet (#12988)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-01 07:57:57 +01:00
GiteaBot 992f387139 [skip ci] Updated translations via Crowdin 2020-10-01 05:55:40 +00:00
GiteaBot 551473b294 [skip ci] Updated translations via Crowdin 2020-09-30 21:00:33 +00:00
GiteaBot 7670a9db10 [skip ci] Updated translations via Crowdin 2020-09-30 16:17:15 +00:00
GiteaBot 615e784150 [skip ci] Updated translations via Crowdin 2020-09-30 12:28:46 +00:00
GiteaBot 9b6361f8a0 [skip ci] Updated translations via Crowdin 2020-09-29 19:27:47 +00:00
GiteaBot b606f13365 [skip ci] Updated translations via Crowdin 2020-09-28 19:01:59 +00:00
GiteaBot f404bdde9b [skip ci] Updated translations via Crowdin 2020-09-27 19:21:50 +00:00
GiteaBot 82179a6e81 [skip ci] Updated translations via Crowdin 2020-09-27 02:11:47 +00:00
GiteaBot b49ebc2ba8 [skip ci] Updated translations via Crowdin 2020-09-26 17:57:16 +00:00
GiteaBot 274430f40b [skip ci] Updated translations via Crowdin 2020-09-25 08:59:15 +00:00
zeripath 7a7f56044a
Adopt repositories (#12920)
* Don't automatically delete repository files if they are present

Prior to this PR Gitea would delete any repository files if they are
present during creation or migration. This can in certain circumstances
lead to data-loss and is slightly unpleasant.

This PR provides a mechanism for Gitea to adopt repositories on creation
and otherwise requires an explicit flag for deletion.

PushCreate is slightly different - the create will cause adoption if
that is allowed otherwise it will delete the data if that is allowed.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix tests and migrate overwrite

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @lunny

Only offer to adopt or overwrite if the user can do that.

Allow the site administrator to adopt or overwrite in all
circumstances

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use setting.Repository.DefaultBranch for the default branch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Always set setting.Repository.DefaultBranch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update templates

Signed-off-by: Andrew Thornton <art27@cantab.net>

* ensure repo closed

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Rewrite of adoption as per @6543 and @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missing not

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add modals and flash reporting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make the unadopted page searchable

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add API

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle empty and non-master branched repositories

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove commented out code

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-25 07:09:23 +03:00
GiteaBot b5109272db [skip ci] Updated translations via Crowdin 2020-09-24 22:38:04 +00:00
GiteaBot 01ad714715 [skip ci] Updated translations via Crowdin 2020-09-23 20:26:51 +00:00
GiteaBot f215e015df [skip ci] Updated translations via Crowdin 2020-09-22 17:03:23 +00:00
GiteaBot 060d46dd25 [skip ci] Updated translations via Crowdin 2020-09-21 14:37:57 +00:00
GiteaBot 3f9eb93cc6 [skip ci] Updated translations via Crowdin 2020-09-20 21:56:51 +00:00
GiteaBot 23f064e813 [skip ci] Updated translations via Crowdin 2020-09-20 20:21:12 +00:00
GiteaBot e7ffc67ad5 [skip ci] Updated translations via Crowdin 2020-09-20 17:56:20 +00:00
GiteaBot 7e5499575b [skip ci] Updated translations via Crowdin 2020-09-19 23:22:29 +00:00
GiteaBot 355788db46 [skip ci] Updated translations via Crowdin 2020-09-19 16:45:53 +00:00
zeripath 4979f15c3f
Add configurable Trust Models (#11712)
* Add configurable Trust Models

Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.

The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.

The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Adjust locale strings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @6543

Co-authored-by: 6543 <6543@obermui.de>

* Update models/gpg_key.go

* Add migration for repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-20 00:44:55 +08:00