* Add support for federated avatars
Fixes#3105
Removes avatar fetching duplication code
Adds an "Enable Federated Avatar" checkbox in user settings
(defaults to unchecked)
Moves avatar settings all in the same form, making
local and remote avatars mutually exclusive
Renames UploadAvatarForm to AvatarForm
as it's not anymore only for uploading
* Run gofmt on all modified files
* Move Avatar form in its own page
* Add go-libravatar dependency to vendor/ dir
Hopefully helps with accepting the contribution.
See also #3214
* Revert "Add go-libravatar dependency to vendor/ dir"
This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82.
* Make federated avatar setting a global configuration
Removes the per-user setting
* Move avatar handling back to base tool, disable federated avatar in offline mode
* Format, handle error
* Properly set fallback host
* Use unsupported github.com mirror for importing go-libravatar
* Remove comment showing life exists outside of github.com
... pity, but contribution would not be accepted otherwise
* Use Combo for Get and Post methods over /avatar
* FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR
* Fix persistance of federated avatar lookup checkbox at install time
* Federated Avatars -> Enable Federated Avatars
* Use len(string) == 0 instead of string == ""
* Move import line where it belong
See
https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md
Pity the import url is still the unofficial one, but oh well...
* Save a line (and waste much more expensive time)
* Remove redundant parens
* Remove an empty line
* Remove empty lines
* Reorder lines to make diff smaller
* Remove another newline
Unknwon review got me start a fight against newlines
* Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE
On re-reading the diff I figured what Unknwon meant here:
https://github.com/gogits/gogs/pull/3320/files#r73741106
* Remove newlines that weren't there before my intervention
- Try to reduce memory allocations
- Add possibility to disable diff highlight (can improve performance for large diffs)
- Tweaking with cost for prettier (cleaner) diffs
- Do not calculate diff when the number of removed lines in a block is not equal to the number of added lines (this usually resulted in ugly diffs)
Executed go fmt
getEngine() not handles DB parameters (#2972) (#2974)
Uses .AllCols() for Update in updateMirror()
Spanish traslation removed
Fixed a wrong way to ommit the --prune option in process.ExecDir() for MirrorUpdate function
Re: issues gogits/gogs#2863 and gogits/gogs#3231
As a result of modifications to the contents of the conf folder, `make bindata`
was run, causing an update to bindata.go.
Meta
-----
This commit will be rebased onto the 'develop' branch.
Also changes the avatar from a jpeg to a png, to allow for
transparent background. The indexed png is also smaller in size.
Note that at the moment the default avatar is only used when
the user requested a custom avatar and the custom avatar file
is not found (should never happen).
In the future the default avatar could be used as a default
return when by-mail avatar lookups fail too (both gravatar
and libravatar support passing a default)
From https://godoc.org/crypto/tls#Config
ServerName is used to verify the hostname on the returned
certificates unless InsecureSkipVerify is given. It is also included
in the client's handshake to support virtual hosting unless it is
an IP address.
This is needed for certificate validation without InsecureSkipVerify.
* Do not write HTML in text/plain mail part
Fixes#2928
* Pass text/plain first, text/html second
* Do not send plain/text email if html2text failed (untested)
When use builtin SSH server with concurrent operations, there are probabilities
One connection could use the command from another connections.
Fix this by set SSH_ORIGINAL_COMMAND for each command, not set in global scope.
Replace spaces with "%20" in "urlPrefix", before markdon processing.
The spaces were causing blackfriday (markdown processor) to behave
strange. This fixes#2545.
Config option [server] SSH_LISTEN_PORT to the port the builtin SSH server will be listen.
It can be different from SSH_PORT which is supposed to be exposed in the clone URL.
This should solve the problem when user runs Gogs inside Docker container
and still want to use builtin SSH server.
This is feature is workaround for #2628 (JumpCloud) and some other services
that allow LDAP search only under BindDN user account, but not allow any LDAP
search query in logged user DN context.
Such approach is an alternative to minimal permissions security pattern for
BindDN user.
According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send
multiple Bind requests to change the authentication and/or security
associations or to complete a multi-stage Bind process. Authentication from
earlier binds is subsequently ignored."
Therefore we should not use 2 connections, but single one just sending two bind
requests.
When <code> is nested inside <pre>, the next end tag token would not able to be the same
as outer-most start tag. So we only check outer-most start and end tag token to be the same.
Remove the possibility of using email as user name when user actually push
through combination of email and password with HTTP.
Also refactor update action function to replcae tons of arguments with
single PushUpdateOptions struct.
And define the user who pushes code as pusher, therefore variable names shouldn't
be confusing any more.
This commit adds the possibibility to use either the native golang
libraries or ssh-keygen to check public keys. The check is adjusted
depending on the settings, so that only supported keys are let through.
This commit also brings back the blacklist feature, which was removed in
7ef9a05588. This allows to blacklist
algorythms or keys based on the key length. This works with the native
and the ssh-keygen way.
Because of #2179 it also includes a way to adjust the path to
ssh-keygen and the working directory for ssh-keygen. With this,
sysadmins should be able to adjust the settings in a way, that SELinux
is okay with it. In the worst case, they can switch to the native
implementation and only loose support for ed25519 keys at the moment.
There are some other places which need adjustment to utilize the
parameters and the native implementation, but this sets the ground work.
When repository contains a Slack type hook,
it changes original payload content.
This patch fixes it by using a local object to store
newly created Slack payload instead of assigning
back to the same variable.
According to the docs [1], the Reply method must be called for all
requests where WantReply is true. This fixes a hanging java ssh
implementation (jsch) which sets WantReply flag and waits for reply from
the server.
[1] https://godoc.org/golang.org/x/crypto/ssh#Request.Reply
Local (DMZ) URL for gogs workers (such as ssh update) accessing web service. In
most cases you do not need to change default http://localhost:HTTP_PORT/. You
may need to alter it only if your ssh server node is not the same as http node,
eg. running behind proxy on different node than web server.
--- 80 public port -> 8080 -- web server node
/
public proxy --<
\
--- 22 public port -> 10022 -- ssh server node
This option is not intended to be accessible via web GUI settings, since it is
unlikely someone needs to change it to somethings else than default
http://localhost:HTTP_PORT/ which should work for most of the cases.
But this should land into the documentation somewhere.
fixup
We can look at the PushCommits object to see how many commits were
included in a commit, and add some template logic to only show the
comparison link when there are at least 2 commits in a push. We also
correct the link to display the number of commits.
Most commit in Git are expected to follow standard of single header line,
followed by description paragraphs, separated by empty line from previous block.
Previously Gogs were treating everything as single header. Now we are trying to
render only first line as header, but following lines (description chunks) as a
verbatim.
Consider following LDAP search query example:
(&(objectClass=Person)(|(uid=%s)(mail=%s)))
Right now on first login attempt Gogs will use the text supplied on login form
as the newly created user name. In example query above the text matches against
both e-mail or user name. So if user puts the e-mail then the new Gogs user
name will be e-mail which may be undesired.
Using optional user name attribute setting we can explicitly say we want Gogs
user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail
to login 1st time, the new account will receive correct user name.