Commit graph

2689 commits

Author SHA1 Message Date
zeripath
172229966c
Prevent panic on fuzzer provided string (#14405)
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-01-20 23:10:50 +08:00
Lunny Xiao
135b0e502d
Fix log http status is always zero (#14400)
* Fix log http status is always zero

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
2021-01-19 20:47:43 -05:00
Chester Liu
0c0445c97a
Add pager to the branches page (#14202)
* Add pager to the branches page

* override pageSize if bigger than max

* Make branches commit range configurable

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
2021-01-19 05:07:38 +01:00
6543
2686e6bbbe
Check if label template exist first (#14384)
* add check

* refactor

* rollback repo on error after session closed
2021-01-18 21:00:50 +01:00
Lauris BH
f5abe2f563
Upgrade blevesearch dependency to v2.0.1 (#14346)
* Upgrade blevesearch dependency to v2.0.1

* Update rupture to v1.0.0

* Fix test
2021-01-17 20:21:14 -05:00
6543
21da519c0c
Implement ghost comment mitigation (#14349)
* Implement ghost comment mitigation

Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue.

* cleanup

* use setting module correctly

* add to docs

Co-authored-by: Moritz Marquardt <git@momar.de>
2021-01-17 21:48:38 +01:00
Lauris BH
0a3c3357f3
Sort issue search results by revelance (#14353) 2021-01-16 12:55:17 +08:00
Kyle D
bfd0c47ef6
Kd/fix allow svg doctype (#14344)
* make svg regex case-insensitive & use strict word boundary

* allow doctype svg

* add doctype tests

* allow <!DOCTYPE svg> and <svg/>
2021-01-15 17:38:41 +08:00
Lunny Xiao
84b147c7f0
Use IsProd instead of testing if it's equal. (#14336)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-14 23:17:03 +02:00
Lunny Xiao
f76c30094f
Fix typo (#14332) 2021-01-14 23:35:10 +08:00
Jonathan Tran
81467e6f35
Display SVG files as images instead of text (#14101)
* Change to display SVG files as images

* Remove unsafe styles from SVG CSP

* Add integration test to test SVG headers

* Add config setting to disable SVG rendering

* Add test for img tag when loading SVG image

* Remove the Raw view button for svg files since we don't fully support this

* Fix copyright year

* Rename and move config setting

* Add setting to cheat sheet in docs

* Fix so that comment matches cheat sheet

* Add allowing styles in CSP based on pull request feedback

* Re-enable raw button since we show SVG styles now

* Change so that SVG files are editable

* Add UI to toggle between source and rendered image for SVGs

* Change to show blame button for SVG images

* Fix to update ctx data

* Add test for DetectContentType when file is longer than sniffLen

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
2021-01-12 22:45:19 -05:00
6543
6b3b6f1833
Add option to change username to the admin panel (#14229)
Co-authored-by: Bwko <bouwko@gmail.com>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-10 14:14:02 +02:00
Jimmy Praet
bcb7f35221
Do not reload page after adding comments in Pull Request reviews (#13877)
Fixed #8861 
* use ajax on PR review page

* handle review comments

* extract duplicate code

FetchCodeCommentsByLine was initially more or less copied from fetchCodeCommentsByReview. Now they both use a common findCodeComments function instead

* use the Engine that was passed into the method

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-08 23:49:55 +02:00
Lunny Xiao
3c96a37162
Some code improvements (#14266) 2021-01-06 19:23:57 +00:00
Lunny Xiao
a1c9e8f266
Fix windows build error (#14263)
* fix build

* take flash error message back and fix more windows lint error

* performance optimization

* own step to check lint for windows

Co-authored-by: 6543 <6543@obermui.de>
2021-01-06 09:38:00 +08:00
6543
325add71cf
Add option for administrator to reset user 2FA (#14243)
* Frontend

* Backend

* only show 2FA-Reset option if posible
2021-01-05 14:54:48 +01:00
Lunny Xiao
15a475b7db
Fix recovery middleware to render gitea style page. (#13857)
* Some changes to fix recovery

* Move Recovery to middlewares

* Remove trace code

* Fix lint

* add session middleware and remove dependent on macaron for sso

* Fix panic 500 page rendering

* Fix bugs

* Fix fmt

* Fix vendor

* recover unnecessary change

* Fix lint and addd some comments about the copied codes.

* Use util.StatDir instead of com.StatDir

Co-authored-by: 6543 <6543@obermui.de>
2021-01-05 21:05:40 +08:00
Nuno Silva
44ff1d6a1e
Render links for commit hashes followed by comma (#14224)
Regex test cases: https://regex101.com/r/mVbPxM/2/

fixes #14223
2021-01-03 23:11:10 +08:00
Paul Barton
7576e37a65
Add MirrorInterval to the API (#14163)
* Added MirrorInterval to the API

* Remove MirrorInterval from CreateRepository

* Removed Duplicate UpdateMirror Function

* Updated Error Logging

* Update Log Message for is not Mirror

Co-authored-by: 6543 <6543@obermui.de>

* Delete Debug Statement that snuck in

Co-authored-by: zeripath <art27@cantab.net>

* Add Check for If Interval is too small

* Output to API Call

* Add Error Object when time is Less than Min Interval

* Frequency Error Message

Co-authored-by: zeripath <art27@cantab.net>

* Allow Zero Mirror Interval

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 18:47:47 -05:00
Jimmy Praet
e6acce649b
Send notifications for mentions in pulls, issues, (code-)comments (#14218)
Fixes #14187: mention handling extracted from email notification code
Fixes #14013: add notification for mentions in pull request code comments
Fixes #13450: Not receiving any emails with setting "Only Email on Mention"
2021-01-02 18:04:02 +01:00
Lunny Xiao
d44f192d3e
When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-01 17:05:45 -05:00
silverwind
1bf7d71a0a
Consolidate Logos and update README header (#14136)
* Consolidate Logos and update README header

- Remove unused `logo-lg.png`, `logo-sm.png` and `logo-192.png`.
- Consolidate `favicon.svg` and `logo.svg` to just `logo.svg`.
- Remove Safari Mask icon, it seems to work fine with just `favicon.png` (no SVG support).
- Remove Fluid Icon. It only served Firefox and SVG works just fine there.
- Update customization instructions.
- Update README.md to use SVG icon, increase logo size and center it and badges.

* Update README_ZH.md

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

* Update README_ZH.md

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-01 14:04:35 -05:00
Johnny Oskarsson
a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
Chester Liu
632800eda7
Check for 'main' as potential default branch name (#14193) 2020-12-30 15:46:26 +00:00
silverwind
8e5aea88c7
Improve label and text wrapping (#14113)
* Improve label wrapping

- Adjust issue list styles so labels can wrap on the same line as the
  text. This relies on `display: inline` with the HTML whitespace being
  used as the separator.
- Add global word-break: break-word. This should generally avoid text
  overflows in various places.

* add whitespace to history labels

* use overflow-wrap

* restore word-break rules

* use correct pre

* use better selector for middle align

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-29 18:48:28 -05:00
Lunny Xiao
11555d850b
Fix bug of link query order on markdown render (#14156)
* Fix bug of link query order on markdown render

* Fix bluemonday bug and fix one wrong test

Co-authored-by: 6543 <6543@obermui.de>
2020-12-29 00:28:27 +08:00
Timo Ley
2b2a4a53bf
Custom icons for OAuth sources (#14161)
* Add Icon URL to Backend

* Template for Icon URL

* Localization & Edit Icon URL

* Improve Custom Icon URL

* Removed not working else

Co-authored-by: 6543 <6543@obermui.de>
2020-12-28 03:35:55 +01:00
Lunny Xiao
dd08853b10
Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244)
* Dump github/gitlab repository data to a local directory

* Fix lint

* Adjust directory structure

* Allow migration special units

* Allow migration ignore release assets

* Fix lint

* Add restore repository

* stage the changes

* Merge

* Fix lint

* Update the interface

* Add some restore methods

* Finish restore

* Add comments

* Fix restore

* Add a token flag

* Fix bug

* Fix test

* Fix test

* Fix bug

* Fix bug

* Fix lint

* Fix restore

* refactor downloader

* fmt

* Fix bug isEnd detection on getIssues

* Refactor maxPerPage

* Remove unused codes

* Remove unused codes

* Fix bug

* Fix restore

* Fix dump

* Uploader should not depend downloader

* use release attachment name but not id

* Fix restore bug

* Fix lint

* Fix restore bug

* Add a method of DownloadFunc for base.Release to make uploader not depend on downloader

* fix Release yml marshal

* Fix trace information

* Fix bug when dump & restore

* Save relative path on yml file

* Fix bug

* Use relative path

* Update docs

* Use git service string but not int

* Recognize clone addr to service type
2020-12-27 11:34:19 +08:00
6543
212fa340cf
Migration: drop to long repo topics (#14152) 2020-12-27 09:23:57 +08:00
6543
a19447aed1
migrate from com.* to alternatives (#14103)
* remove github.com/unknwon/com from models

* dont use "com.ToStr()"

* replace "com.ToStr" with "fmt.Sprint" where its easy to do

* more refactor

* fix test

* just "proxy" Copy func for now

* as per @lunny
2020-12-25 11:59:32 +02:00
Daniil Pankratov
5a94db37ed
Fix creating OAuth2 auth source from CLI (#14116)
Fix creation OAuth2 auth source from CLI.

Fix #8356

Co-authored-by: Daniil Pankratov <daniil.pankratov@t-systems.com>
2020-12-24 19:47:17 +00:00
Lunny Xiao
19ae6439b0
Improve vfsgen to not unzip bindata files but send to browser directly (#7109)
* Don't unzip files from bindata but send to browser directly

* remove dependent for httpgzip

* Add tests for parseAcceptEncoding

* Update docs for ENABLE_GZIP

* Fix bug

* Fix bug

Co-authored-by: zeripath <art27@cantab.net>
2020-12-24 12:25:17 +08:00
6543
5b958315c1
API: Make BasicAuth Prefix case insensitive (#14106) 2020-12-23 20:52:46 +01:00
silverwind
cd5278a44c
Fix manifest encoding (#14114)
The previous URL encoding would encode spaces to '+' for the app name
which is incorrect. Use base64 encoding instead which does not have such
issues.
2020-12-23 19:09:54 +00:00
6543
27fa4814b8
Fix git.parseTagData (#14105)
* Fix git.parseTagData()
close #14092

* Add Test

* add message to test

* limit readers

* git tag -m trims and terminates with a newline

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-22 21:44:25 +01:00
silverwind
3a21f8a986
Inline manifest.json (#14038)
* Inline manifest.json

Improve performance by eliminating this separate request and just inline
this small JSON in HTML directly as a data uri.

Also update previously static app name scripts to use AppName.

I've confirmed this as working via "Add to Homescreen" feature which
offered to save the shortcut under the new app name.

* prerender manifest data on startup

* move to settings

* restore setting.AppStartTime and use it on admin page

* use double quotes because template.URL escapes everything

* fix lint

* move variable to global context variable

* delete template file

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-22 19:13:50 +08:00
Cirno the Strongest
2c9dd71140
Standardize Co-Authored-By / Reviewed-By strings (#14097)
* Standardize Co-Authored-By / Reviewed-By strings

* Use lowercase variant

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-21 21:19:33 -05:00
Lunny Xiao
acd5e5a868
Add StatDir and replace com.StatDir (#14099)
* Add StatDir and replace com.StatDir

* a nit

* Remove wrong file

Co-authored-by: 6543 <6543@obermui.de>
2020-12-22 07:40:57 +08:00
胡玮文
c21a399646
more test case for STORAGE_TYPE overrides (and fixes) (#14096)
Signed-off-by: 胡玮文 <huww98@outlook.com>
2020-12-22 01:03:18 +02:00
胡玮文
addd4248da
Fix storage config implementation (#14091)
The design is very flexible, but not implemented correctly.
This commit fixes several issues:
* Costom storage type stated in https://docs.gitea.io/en-us/config-cheat-sheet/#storage-storage
  not working
* [storage.attachments], [storage.minio] section not respected

Signed-off-by: 胡玮文 <huww98@outlook.com>
2020-12-21 18:59:18 +01:00
6543
9271040c21
Add Test for Fix #14040 (#14045)
Add Test for Fix #14040
2020-12-21 18:27:23 +01:00
a1012112796
34df4e5df5
Add mentionable teams to tributeValues and change team mention rules to gh's style (#13198)
* Add mentionable teams to tributeValues

Signed-off-by: a1012112796 <1012112796@qq.com>

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Change team mention rules to gh's style

* use org's avator as team avator in ui

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update modules/markup/html.go

* Update models/issue.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Update models/issue.go

* fix a small nit and update test code

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-21 16:39:28 +01:00
Paweł Bogusławski
839daa85aa
Added option to disable migrations (#13114)
* Added option to disable migrations

This patch introduces DISABLE_MIGRATIONS parameter in [repository]
section of app.ini (by default set to false). If set to true
it blocks access to repository migration feature.

This mod hides also local repo import option in user editor if
local repo importing or migrations is disabled.

* Alter Example config

DISABLE_MIGRATIONS set to false in example config to
match its default value.

* HTTP error 403 instead of 500 on denied access to migration

* Parameter DISABLE_MIGRATIONS exposed via API

Fixes: 04b04cf854
Author-Change-Id: IB#1105130
2020-12-21 15:39:41 +01:00
Jiri Vlasak
d7c67a9fb2
Manually approve new registration (#13083)
* Add register manual confirm settings option

The new settings option is used when manually approving new
registrations.

* Enable manual confirmation of new registered user

When manual registration confirmation is desired (by default `false`)
create new user in the database that is *not active*. The user must then
be activated manually.

This change speeds up the process of adding new confirmed users for
Gitea instances without external auth mechanism. (Currently the option
is to manually create new user by admin.)

* Update docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-19 20:31:06 -05:00
Lunny Xiao
1d3a580a3e
Refactor get tag to remove unnecessary steps (#14058)
* Fix tag cache bug
2020-12-20 00:30:39 +02:00
6543
e483220ea3
[Refactor] CombinedStatus and CommitStatus related functions & structs (#14026)
* RM unused struct

* rename (*CommitStatus) loadRepo() -> loadAttributes()

* move ToCommitStatus into its own file

* use CommitStatusState instead of StatusState

* move CombinedStatus convertion into convert package

* let models.GetLatestCommitStatus use repoID direct and accept ListOptions

* update swagger docs

* fix tests

* Fix swagger docs

* rm page

* fix swagger docs!!!

* return json null

* always return json

* rename api.Status to api.CommitStatus

* fix swagger docs

* sec swagger fix
2020-12-18 11:33:32 +08:00
silverwind
27edc1aa19
Fix panic in BasicAuthDecode (#14046)
* Fix panic in BasicAuthDecode

If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.

* Update BasicAuthDecode()

Co-authored-by: 6543 <6543@obermui.de>
2020-12-17 20:51:28 -05:00
zeripath
e4567d4285
Fix bug in commit verification introduced in #13673 (#14040)
There is a slight bug in the commit_reader introduced in #13673 whereby
commit messages which have a final unterminated line miss their final line.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-17 21:42:33 +01:00
zeripath
511f6138d4
Use native git variants by default with go-git variants as build tag (#13673)
* Move last commit cache back into modules/git

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove go-git from the interface for last commit cache

Signed-off-by: Andrew Thornton <art27@cantab.net>

* move cacheref to last_commit_cache

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove go-git from routers/private/hook

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move FindLFSFiles to pipeline

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make no-go-git variants

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Submodule RefID

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix issue with GetCommitsInfo

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix GetLastCommitForPaths

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Improve efficiency

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More efficiency

Signed-off-by: Andrew Thornton <art27@cantab.net>

* even faster

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reduce duplication

* As per @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* attempt to fix drone

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test-tags

Signed-off-by: Andrew Thornton <art27@cantab.net>

* default to use no-go-git variants and add gogit build tag

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @6543

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-17 22:00:47 +08:00
zeripath
0851a89581
Cause NotifyMigrateRepository to emit a repo create webhook (#14004)
* Cause NotifyMigrateRepository to emit a repo create webhook

This PR simply makes NotifyMigrateRepository emit a Create Repo webhook.
The reason for no new payload is that the information sent to
NotifyMigrateRepository is only essentially the same as
NotifyCreateRepository

Fix #13996

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-17 13:26:22 +01:00