Commit graph

9650 commits

Author SHA1 Message Date
zeripath
1853131d42
Use keys.openpgp.org instead of pgp.mit.edu (#11249)
The SKS Keyserver network has been under attack with poisoned
certificates since at least 2019. Downloading a poisoned certificate has
the awful side-effect of completely breaking your keyring and most
software has now moved off the network and uses the keys.openpgp.org
which has a different protocol instead - in fact one whereby emails are
verified.

For more details regarding the attack see: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

See: https://keys.openpgp.org/about and https://keys.openpgp.org/about/faq

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-04-30 12:08:43 +03:00
mrsdizzie
a2683e5ddb
Allow emoji short code in labels (#11250)
* Allow emoji short code in labels

As title, turn :alias: type short code into emojis when rendering labels to match previous behavior

* Update models/issue_label.go

Co-Authored-By: John Olheiser <john.olheiser@gmail.com>

* render text in templates not code

* remove has-emoji class

🧙‍♀️

* fix new issue form

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-04-30 09:10:15 +01:00
silverwind
310699bca7
Patch fomantic-ui to workaround build issue (#11244)
* Patch fomantic-ui to workaround build issue

Better workaround than https://github.com/go-gitea/gitea/issues/10653
for https://github.com/fomantic/Fomantic-UI/issues/1356. It does not
seem like we're getting a new Fomantic-UI release anytime soon, so
this patches it after node_modules installation.

Fixes: https://github.com/go-gitea/gitea/issues/11243
Fixes: https://github.com/go-gitea/gitea/issues/10679

* copy instead of patch

* update package-lock.json

* Update Makefile

Co-Authored-By: Sorien <Sorien@users.noreply.github.com>

* Update web_src/fomantic/css.js

Co-Authored-By: zeripath <art27@cantab.net>

Co-authored-by: Sorien <Sorien@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-30 07:26:37 +01:00
6543
bfda0f3864
[API] ListIssues add filter for milestones (#10148)
* Refactor Issue Filter Func

* ListIssues add filter for milestones

* as per @lafriks

* documentation ...
2020-04-30 01:15:39 -03:00
zeripath
cbf5dffaf2
Fix submit review form (#11252)
* Fix submit review form

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try something different

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update web_src/less/_base.less

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-30 09:59:47 +08:00
n0emis
33738ff91b
Don't allow registration via the web form, when AllowOnlyExternalRegistration is True (#11248)
* Don't allow registration via the web form, when AllowOnlyExternalRegistration is True

* Show Disabled Registration message if DisableRegistration or AllowOnlyExternalRegistration options are true
2020-04-29 22:46:43 +01:00
Alexander Scheel
1bf9e44bda
Fix sanitizer config - multiple rules (#11133)
In #9888, it was reported that my earlier pull request #9075 didn't quite function as expected. I was quite hopeful the `ValuesWithShadow()` worked as expected (and, I thought my testing showed it did) but I guess not. @zeripath proposed an alternative syntax which I like:

```ini
[markup.sanitizer.1]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
[markup.sanitizer.2]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
```

This was quite easy to adopt into the existing code. I've done so in a semi-backwards-compatible manner:

 - The value from `.Value()` is used for each element.
 - We parse `[markup.sanitizer]` and all `[markup.sanitizer.*]` sections and add them as rules.

This means that existing configs will load one rule (not all rules). It also means people can use string identifiers (`[markup.sanitiser.KaTeX]`) if they prefer, instead of numbered ones.

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-29 12:34:59 +01:00
6543
6b6f20b6d4
BugFix: updateLabel can updated not allowed fields #11242 (#11242) 2020-04-28 19:28:56 -04:00
mrsdizzie
4563eb873d
Support unicode emojis and remove emojify.js (#11032)
* Support unicode emojis and remove emojify.js

This PR replaces all use of emojify.js and adds unicode emoji support to various areas of gitea.

This works in a few ways:

First it adds emoji parsing support into gitea itself. This allows us to

 * Render emojis from valid alias (😄)
 * Detect unicode emojis and let us put them in their own class with proper aria-labels and styling
 * Easily allow for custom "emoji"
 * Support all emoji rendering and features without javascript
 * Uses plain unicode and lets the system render in appropriate emoji font
 * Doesn't leave us relying on external sources for updates/fixes/features

That same list of emoji is also used to create a json file which replaces the part of emojify.js that populates the emoji search tribute. This file is about 35KB with GZIP turned on and I've set it to load after the page renders to not hinder page load time (and this removes loading emojify.js also)

For custom "emoji" it uses a pretty simple scheme of just looking for /emojis/img/name.png where name is something a user has put in the "allowed reactions" setting we already have. The gitea reaction that was previously hard coded into a forked copy of emojify.js is included and works as a custom reaction under this method.

The emoji data sourced here is from https://github.com/github/gemoji which is the gem library Github uses for their emoji rendering (and a data source for other sites). So we should be able to easily render any emoji and :alias: that Github can, removing any errors from migrated content. They also update it as well, so we can sync when there are new unicode emoji lists released.

I've included a slimmed down and slightly modified forked copy of https://github.com/knq/emoji to make up our own emoji module. The code is pretty straight forward and again allows us to have a lot of flexibility in what happens.

I had seen a few comments about performance in some of the other threads if we render this ourselves, but there doesn't seem to be any issue here. In a test it can parse, convert, and render 1,000 emojis inside of a large markdown table in about 100ms on my laptop (which is many more emojis than will ever be in any normal issue). This also prevents any flickering and other weirdness from using javascript to render some things while using go for others.

Not included here are image fall back URLS. I don't really think they are necessary for anything new being written in 2020. However, managing the emoji ourselves would allow us to add these as a feature later on if it seems necessary.

Fixes: https://github.com/go-gitea/gitea/issues/9182
Fixes: https://github.com/go-gitea/gitea/issues/8974
Fixes: https://github.com/go-gitea/gitea/issues/8953
Fixes: https://github.com/go-gitea/gitea/issues/6628
Fixes: https://github.com/go-gitea/gitea/issues/5130

* add new shared function emojiHTML

* don't increase emoji size in issue title

* Update templates/repo/issue/view_content/add_reaction.tmpl

Co-Authored-By: 6543 <6543@obermui.de>

* Support for emoji rendering in various templates

* Render code and review comments as they should be

* Better way to handle mail subjects

* insert unicode from tribute selection

* Add template helper for plain text when needed

* Use existing replace function I forgot about

* Don't include emoji greater than Unicode Version 12

Only include emoji and aliases in JSON

* Update build/generate-emoji.go

* Tweak regex slightly to really match everything including random invisible characters. Run tests for every emoji we have

* final updates

* code review

* code review

* hard code gitea custom emoji to match previous behavior

* Update .eslintrc

Co-Authored-By: silverwind <me@silverwind.io>

* disable preempt

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-28 15:05:39 -03:00
mrsdizzie
922a239079
Disable new signal-based asynchronous goroutine preemption from GO 1.14 in git env (#11237)
As seen in trouble shooting #11032 the new feature of Go 1.14 is causing several second delays in startup in certain situations. Debugging shows it spending several seconds handling SIGURG commands during init:

```
6922:04:51.984234 trace init() ./modules/queue/unique_queue_wrapped.go
remote: ) = 69 <0.000012>
remote: [pid 15984] 22:04:51 write(1, "\ttime taken: 236.761\302\265s\n\n", 25    time taken: 236.761µs
remote:
remote: ) = 25 <0.000011>
remote: [pid 15984] 22:04:51 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=15984, si_uid=0} ---
remote: [pid 15984] 22:04:52 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=15984, si_uid=0} ---
remote: [pid 15984] 22:04:52 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=15984, si_uid=0} ---
```

This causes up to 20 seconds added to a push in some cases as it happens for each call of the gitea hook command. This is likely the cause of #10661 as well and would start to effect users once we release 1.12 which would be the first release compiled with Go 1.14. I suspect this is just a slight issue with the upstream implementatation as there have been a few very similar bugs fixed and reported:

 https://github.com/golang/go/issues/37741
 https://github.com/golang/go/issues/37942

We should revisit this in the future and see if a newer version of Go has solved it, but for now disable this option in the environment that gitea hook runs in to avoid it.
2020-04-28 11:45:32 -04:00
zeripath
1f0b797ddc
Make the PushCreate test declarative (#11229)
Reduce the code duplication in the PushCreate test and switch
to a declarative format.

* Instead of explicitly creating the repository re-use functions from the other declarative tests and add comments
* Ensure that the test repository is deleted at the end of test
* Slightly reorder the sub-tests

Also reduce the code duplication in MergeFork and add some comments there too and make doGitCloneFail be self-contained.

Signed-off-by: Andrew Thornton art27@cantab.net
2020-04-28 09:32:23 +01:00
GiteaBot
b0849abf3d [skip ci] Updated translations via Crowdin 2020-04-27 23:43:08 +00:00
Bagas Sanjaya
b52ec4a19e
[Docs] Config Cheat Sheet - Task Edit (#9972)
* backwards compatibility typo

* Unlist description and separate from list by an empty line

* redis needs password edit

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-04-27 19:41:59 -04:00
6543
41cebeb8fa
Make error pages translatable (#11163)
* make error pages translatable

* dont translate ":"

* link need Safe
2020-04-27 18:03:15 -05:00
GiteaBot
6a3de9e25f [skip ci] Updated translations via Crowdin 2020-04-27 11:21:30 +00:00
zeripath
d26aee3830
Slight performance changes to integrations/git_test.go (#11227)
* switch to use pseudorandom generator and stop cloning in pushcreate

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add some logging of BranchProtectPRMerge

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Stop running prepareTestEnv so often for TestAPIGetBranch

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-04-27 14:20:09 +03:00
zeripath
0e799c26ba
Prevent panic during wrappedConn close at hammertime (#11219)
* Prevent panic during wrappedConn close at hammertime

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/graceful/server.go

* Fix extraneous debug in goldmark.go

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-04-26 21:01:06 -03:00
zeripath
9f959ac064
Make TaskCheckBox render correctly (#11214)
* Fix checkbox rendering

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Normalize checkbox rendering

Signed-off-by: Andrew Thornton <art27@cantab.net>

* set the checkboxes to readonly instead of disabled

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-26 02:09:08 -03:00
colorfulberry
f1f56da4d1
On logout redirect to start page and clear redirect cookie (#11202)
when one user logout should clear redirect to value, otherwise switch the account will occur error.

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-25 23:11:32 +01:00
silverwind
e008b68c9c
Update JS dependencies, highlight.js 10.0.0 (#11195)
Breaking changes in higlight.js do not affect us.

Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-24 21:13:01 +02:00
6543
4ddfe0d07a
Fix GetContents(): Dont't ignore Executables (#11192)
* Refactor: dont expose help functions

* repofiles GetContents: dont ignore executables

* CI.restart()
2020-04-24 19:20:22 +03:00
zeripath
812cfd0ad9
Use markdown frontmatter to provide Table of contents, language and frontmatter rendering (#11047)
* Add control for the rendering of the frontmatter
* Add control to include a TOC
* Add control to set language - allows control of ToC header and CJK glyph choice.

Signed-off-by: Andrew Thornton art27@cantab.net
2020-04-24 14:22:36 +01:00
赵智超
d3fc9c08c8
[ui] Change icon type for review action in action page (#11191)
* as title, do same changs on action view with #10737
* chage default icon from "invalid type" to "question" , because  "invalid type" is not a meaningfull icon type

Signed-off-by: a1012112796 <1012112796@qq.com>
2020-04-24 01:58:14 -03:00
zeripath
b10c416f9e
Use AJAX for notifications table (#10961)
* Use AJAX for notifications table

Signed-off-by: Andrew Thornton <art27@cantab.net>

* move to separate js

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate golangci-lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add autoupdating notification count

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix wipeall

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate tests

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Try hidden

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Try hide and hidden

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More auto-update improvements

Only run checker on pages that have a count
Change starting checker to 10s with a back-off to 60s if there is no change

Signed-off-by: Andrew Thornton <art27@cantab.net>

* string comparison!

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @silverwind

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add configurability as per @6543

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add documentation as per @6543

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use CSRF header not query

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Further JS improvements

Fix @etzelia update notification table request
Fix @silverwind comments

Co-Authored-By: silverwind <me@silverwind.io>
Signed-off-by: Andrew Thornton <art27@cantab.net>

* Simplify the notification count fns

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: silverwind <me@silverwind.io>
2020-04-24 00:57:38 -03:00
zeripath
e74c4e1be9
Add option to increase provided OAuth2 token maximum size (#11180)
Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.

Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.

Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.

Fix #9907

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-23 00:47:23 +02:00
zeripath
b51fd30522
Log the indexer path on failure (#11172)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-22 16:16:58 -04:00
Antoine GIRARD
316db0fe79
Add documentation to display STL preview (#11181)
* Update customizing-gitea.en-us.md

* Update customizing-gitea.en-us.md

* only load assets when needed

* remove useless var

* fix missing 'i' modifier
2020-04-22 20:02:54 +03:00
Lunny Xiao
fcc8cdd446
Improve config logging when WrappedQueue times out (#11174)
Before
```sh
Unable to set the internal queue for -wrapper Error: Timedout creating queue redis with cfg []byte{0x7b, 0x22, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x22, 0x3a, 0x22, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x3a, 0x36, 0x33, 0x37, 0x39, 0x22, 0x2c, 0x22, 0x42, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0x3a, 0x32, 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x3a, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2c, 0x22, 0x42, 0x6f, 0x6f, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x3a, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30
......
```

After
```sh
Unable to set the internal queue for -wrapper Error: Timedout creating queue redis with cfg "{\"Addresses\":\"127.0.0.1:6379\",\"BatchLength\":20,\"BlockTimeout\":1000000000,\"BoostTimeout\":300000000000,\"BoostWorkers\":5,\"DBIndex\":0,\"DataDir\":\".../data/queues/mail\",\"MaxWorkers\":10,\"Name\":\"mail\",\"Network\":\"\",\"Password\":\"\",\"QueueLength\":20,\"QueueName\":\"mail_queue\",\"SetName\":\"\",\"Workers\":1}" in
```
2020-04-22 13:38:40 +01:00
GiteaBot
c0d71f5e26 [skip ci] Updated translations via Crowdin 2020-04-22 10:36:05 +00:00
zeripath
4ee70a9ec9
Fix submodule paths when AppSubUrl is not root (#11098)
Fix submodule paths when AppSubUrl is not root

Fix #11002

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-04-22 11:34:50 +01:00
silverwind
7e20f1cb5b
enable ENABLE_HARD_LINE_BREAK by default (#11162)
enable ENABLE_HARD_LINE_BREAK by default

This matches GitHub's rendering.

Fix #11155
2020-04-21 23:13:56 +01:00
6543
49f8b20570
make pagination optional for notifications (#10714) 2020-04-21 22:21:46 +01:00
Johan Van de Wauw
dfca884b15
doc: Fix package name in external renderer example (#11170)
The py3-zmq package does not exist in alpine linux 3.11, used in both master and 1.11.4 . The py3-pyzmq package exists however:
https://pkgs.alpinelinux.org/packages?name=py3-pyzmq&branch=v3.11
2020-04-21 16:36:27 -04:00
Shashvat Kedia
74cc3c5e18
Allow list collaborators for users with Read access to repo (#9995)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-04-21 11:22:04 -04:00
6543
bb4261a5ed
Add issue subscription check to API (#10967)
close #10962

Adds `GET /api/v1​/repos​/{owner}​/{repo}​/issues​/{index}​/subscriptions​/check`
 -> return a `WachInfo`
2020-04-21 14:48:53 +01:00
Matthias Schoettle
33176e8d27
Improve representation of attachments in issues (#11141)
* Improves representation of attachments in issues to a list showing the file name and file size (see #6500 and #6089).

Signed-off-by: Matthias Schoettle <git@mattsch.com>

* Fixes indentation.

Co-authored-by: zeripath <art27@cantab.net>
2020-04-21 01:15:41 -03:00
silverwind
50475fff06
Skip frontend build where unnecessary (#11159)
The testing pipelines and build-backend steps do not depend on
frontend files, skip their build for them.
2020-04-20 15:13:38 -04:00
GiteaBot
cac69903ae [skip ci] Updated translations via Crowdin 2020-04-20 16:48:24 +00:00
6543
b9ed8d8497
make branch parameter optional for /api/v1/repos/{owner}/{repo}/contents/{filepath} (#11067) 2020-04-20 17:47:05 +01:00
GiteaBot
7179e49881 [skip ci] Updated translations via Crowdin 2020-04-20 13:11:58 +00:00
CirnoT
d2693f18de
Support organization labels for PRs in API (#11135)
Fix `/repos/{owner}/{repo}/pulls` and `/repos/{owner}/{repo}/pulls/{index}` to accept organization labels during PR creation and edition.
2020-04-20 14:10:45 +01:00
6543
5bfb9bc2b6
When migrating from Gitlab map Approvals to approving Reviews (#11147)
When migrating from Gitlab map Gitlab Approvals to approving Reviews

Co-Authored-By: zeripath <art27@cantab.net>
2020-04-20 13:30:46 +01:00
zeripath
067eff8eba
Ensure that relative paths in edit preview work (#11143)
Fix #10131

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-20 13:32:44 +03:00
GiteaBot
da3e85a502 [skip ci] Updated translations via Crowdin 2020-04-20 09:09:35 +00:00
silverwind
74c6414250
Update JS dependencies (#11146)
Result of `make npm-update`. Some minor updates to build tools, no
runtime dependencies affected.
2020-04-20 10:08:20 +01:00
6543
77171abcad
Prevent xorm nil insert in Review.Comments (#11150) 2020-04-20 04:04:08 +01:00
6543
e37e217602
[Fix] RetryDownloader (add GetReviews()) (#11093)
* add GetReviews() to RetryDownloader
2020-04-20 03:23:28 +01:00
silverwind
842bba94ac
Fix max-width of selection dropdowns (#11144)
Fix a regression added by
https://github.com/go-gitea/gitea/pull/10897/files.
2020-04-20 01:24:46 +03:00
GiteaBot
77fecec64f [skip ci] Updated translations via Crowdin 2020-04-19 20:24:31 +00:00
6543
82dbb34c9c
Vendor Update: go-gitlab v0.22.1 -> v0.31.0 (#11136)
* vendor update: go-gitlab to v0.31.0

* migrate client init to v0.31.0

* refactor
2020-04-19 21:23:05 +01:00