forked from gitea/gitea
1
0
Fork 0
Commit Graph

2900 Commits

Author SHA1 Message Date
Norwin e542b416a7
api: fix overly strict edit pr permissions (#15900)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-05-19 10:48:48 -04:00
zeripath 0e56e9c9d9
Restore token authentication for git http when 2FA active (#15915)
There was a small regression in #15303 whereby token auth
with 2FA active would be disallowed.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-05-18 22:30:33 -04:00
zeripath 17c5c654a5
Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Prevent double-login for Git HTTP and LFS and simplify login

There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.

This duplicated code had individual inconsistencies that were not
helpful and caused confusion.

This PR does the following:

* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-05-15 17:32:09 +02:00
zeripath d0ea10b21f
Close the gitrepo when deleting the repository (#15876)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-14 21:19:38 +01:00
zeripath d234d37aa8
Restore PAM user autocreation functionality (#15825)
* Restore PAM user autocreation functionality

PAM autoregistration of users currently fails due to email invalidity.
This PR adds a new setting to PAM to allow an email domain to be set
or just sets the email to the noreply address and if that fails falls
back to uuid@localhost

Fix #15702

Signed-off-by: Andrew Thornton <art27@cantab.net>

* As per KN4CKER

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-13 23:11:47 +01:00
Adam Szatyin d86d123322
Add mimetype mapping settings (#15133)
* Fix APK's Content-Type header

* Fix case sensitive comparison

* Add custom mime type mapping for downloadable files

* Add documentation for MIME type mapping

* Rename download.mimetype.mapping configuration to repository.mimetype_mapping

Co-authored-by: zeripath <art27@cantab.net>
2021-05-10 16:38:08 -04:00
Lunny Xiao d37a89ed05
don't record error when request a non-exist user (#15819)
* don't record error when request a non-exist user

* Update routers/repo/http.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-10 13:43:55 -04:00
Lunny Xiao 3656a2a672
Fix goth user infer bug (#15821) 2021-05-10 16:31:32 +01:00
Lunny Xiao e5723d6556
Move restore repo to internal router and invoke from command to avoid open the same db file or queues files (#15790)
* Move restore repo to internal router and invoke from command to avoid open the same db file or queues files

* Follow @zeripath's review

* set no timeout for resotre repo private request

* make restore repo cancelable
2021-05-10 15:57:45 +08:00
silverwind 1e6fa57acb
Use single shared random string generation function (#15741)
* Use single shared random string generation function

- Replace 3 functions that do the same with 1 shared one
- Use crypto/rand over math/rand for a stronger RNG
- Output only alphanumerical for URL compatibilty

Fixes: #15536

* use const string method

* Update modules/avatar/avatar.go

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: a1012112796 <1012112796@qq.com>
2021-05-10 07:45:17 +01:00
zeripath 270aab429e
On open repository open common cat file batch and batch-check (#15667)
Use common git cat-file --batch and git cat-file --batch-check to
significantly reduce calls to git.
    
Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-10 03:27:03 +02:00
zeripath 038e1db4df
Return go-get info on subdirs (#15642)
This PR is an alternative to #15628 and makes the go get handler a
handler.

Fix #15625

Close #15628

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-09 22:50:06 +01:00
silverwind 17a7797cdd
Fix incorrect asset URL (#15805)
Fixes another regression from https://github.com/go-gitea/gitea/pull/15219.
2021-05-09 21:03:09 +01:00
6543 a229e34387
Allow only internal registration (#15795)
* Add ALLOW_ONLY_INTERNAL_REGISTRATION into settings

* OpenID respect setting too
2021-05-09 16:13:35 +02:00
zeripath a69fb523a7
Ensure that ctx.Written is checked after issues(...) calls (#15797)
Fix issue noted in #15783

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-09 10:33:49 +08:00
6543 e278614753
[API] make change repo settings work on empty repos (#15778)
* API: Fix #15602

* Add TEST
2021-05-08 14:11:36 +02:00
Jonathan Tran 9557b8603a
Add selecting tags on the compare page (#15723)
* Add selecting tags on the compare page

* Remove unused condition and change indentation

* Fix tag tab in dropdown to be black

* Add compare tag integration test

Co-authored-by: Jonathan Tran <jon@allspice.io>
2021-05-07 23:10:05 +02:00
N. L. H 45970ae82e
Feature/oauth userinfo (#15721)
* Implemented userinfo #8534

* Make lint happy

* Add userinfo endpoint to openid-configuration

* Give an error when uid equals 0

* Implemented BearerTokenErrorCode handling

* instead of ctx.error use ctx.json so that clients
parse error and error_description correctly

* Removed unneeded if statement

* Use switch instead of subsequent if statements
Have a default for unknown errorcodes.

Co-authored-by: Nils Hillmann <hillmann@nlh-software.de>
Co-authored-by: nlhsoftware <nlhsoftware@noreply.localhost>
2021-05-06 01:30:15 -04:00
a1012112796 3088866531
fix some ui bug about draft release (#15137)
* fix some ui bug about draft release

- should not show draft release in tag list because
  it will't create real tag
- still show draft release without tag and commit message
  for draft release instead of 404 error
- remove tag load for attachement links because it's useless

Signed-off-by: a1012112796 <1012112796@qq.com>

* add test code

* fix test

That's because has added a new release in relaese test database.

* fix dropdown link for draft release
2021-05-06 05:12:50 +02:00
zeripath eed88dc34d
Fix broken avatars since #15301 (#15731)
There was a missing * from the avatars routes in #15301.

Fix #15727

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-05 14:06:39 +01:00
zeripath 47fd156936
Use route rather than use thus reducing the number of stack frames (#15301)
Since the move to Chi the number of stack frames has proliferated somewhat catastrophically and we're up to 96 frames with multiple tests of the url outside of a trie which is inefficient.

This PR reduces the number of stack frames by 6 through careful use of Route, moves Captcha into its own router so that it only fires on Captcha routes, similarly for avatars and repo-avatars.

The robots.txt, / and apple-touch-icon.png are moved out of requiring Contexter.

It moves access logger higher in the stack frame because there is no reason why it can't be higher.

Extract from #15186
Contains #15292
2021-05-04 22:48:31 +01:00
Jonathan Tran 5e047b9bd7
Add compare tag dropdown to releases page (#15695)
* Add compare tag dropdown to releases page

* Change defaults to be more intuitive and remove unneeded option

* Fix to select branch on releases page

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
2021-05-03 13:27:48 -04:00
KN4CK3R 8c8471e754
Addition to (Add Location, Website and Description to API #15675) (#15690)
* Use same name as other structs.

* Sync with normal forms.

* Edit description with API.

* Workaround for nil value.
2021-05-02 21:03:15 +02:00
KN4CK3R 7670c1c99e
Fixed several activation bugs (#15473)
* Removed unneeded form tag.

* Fixed typo.

* Fixed NPE.

* Use better error page.

* Splitted GET and POST.
2021-04-30 22:21:33 +02:00
KN4CK3R c80d7f33b6
Unified link creation. (#15619) 2021-04-30 19:25:13 +02:00
KN4CK3R 1456978246
Added missing prefix on install route. (#15677)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-30 11:59:16 -04:00
Lunny Xiao d7dbe4feeb
Fix readme render bug (#15649) 2021-04-28 22:22:54 +02:00
a1012112796 1e877613bf
add `/assets` as root dir of public files (#15219)
* add `/assets` as root dir of public files

Signed-off-by: a1012112796 <1012112796@qq.com>

* move serviceworker.js

* make fmt

* fix some link

* fix test

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-04-28 12:35:06 +00:00
Lunny Xiao 1b3dbdba4e
Attachment support repository route (#15580) 2021-04-23 11:18:21 -04:00
Lunny Xiao 9d99f6ab19
Refactor renders (#15175)
* Refactor renders

* Some performance optimization

* Fix comment

* Transform reader

* Fix csv test

* Fix test

* Fix tests

* Improve optimaziation

* Fix test

* Fix test

* Detect file encoding with reader

* Improve optimaziation

* reduce memory usage

* improve code

* fix build

* Fix test

* Fix for go1.15

* Fix render

* Fix comment

* Fix lint

* Fix test

* Don't use NormalEOF when unnecessary

* revert change on util.go

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* rename function

* Take NormalEOF back

Co-authored-by: zeripath <art27@cantab.net>
2021-04-19 18:25:08 -04:00
techknowlogick 024ef3940f
add well-known config for OIDC (#15355)
* add well-known config for OIDC

* spacing per feedback

* Update oidc_wellknown.tmpl

* add id_token

* Update oidc_wellknown.tmpl

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-04-15 22:32:00 -04:00
Lunny Xiao 92c09a90f7
Fix bug clone wiki (#15499)
Fix #15494

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-04-15 19:57:19 +01:00
Lunny Xiao 8202dd1311
Performance improvement for list pull requests (#15447) 2021-04-15 19:34:43 +02:00
Kyle D f44543a1bb
Disable Stars config option (#14653)
* Add config option to disable stars

* Replace "stars" with watched in user profile

* Add documentation
2021-04-15 18:53:57 +02:00
a1012112796 08ba895c2b
fix wrong file link in code search page (#15466)
in previous the grenrated link is
``testg/testrepo/src/commit/....``
which is not right.

the right version is ``/testg/testrepo/.......``
(start wiht ``/``)
or ``http://127.0.0.1:3000/xxxxx`` (full link)

to make it hase same result with explore page
I choose the secound style.

fix #15438

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: 6543 <6543@obermui.de>
2021-04-14 17:59:42 +02:00
Martin Michaelis 55eb1745bd
OAuth2 auto-register (#5123)
* Refactored handleOAuth2SignIn in routers/user/auth.go

The function handleOAuth2SignIn was called twice but some code path could only
be reached by one of the invocations. Moved the unnecessary code path out of
handleOAuth2SignIn.


* Refactored user creation

There was common code to create a user and display the correct error message.
And after the creation the only user should be an admin and if enabled a
confirmation email should be sent. This common code is now abstracted into
two functions and a helper function to call both.

* Added auto-register for OAuth2 users

If enabled new OAuth2 users will be registered with their OAuth2 details.
The UserID, Name and Email fields from the gothUser are used.
Therefore the OpenID Connect provider needs additional scopes to return
the coresponding claims.

* Added error for missing fields in OAuth2 response

* Linking and auto linking on oauth2 registration

* Set default username source to nickname

* Add automatic oauth2 scopes for github and google

* Add hint to change the openid connect scopes if fields are missing

* Extend info about auto linking security risk

Co-authored-by: Viktor Kuzmin <kvaster@gmail.com>
Signed-off-by: Martin Michaelis <code@mgjm.de>
2021-04-14 14:02:12 +02:00
zeripath 27f9bda769
Prevent NPE on avatar direct rendering if federated avatars disabled (#15434)
#13649 assumed that direct avatar urls would always be libravatar urls - this leads
to NPEs if federated avatar service is disabled.

Fix #15421

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-12 20:57:12 -04:00
KN4CK3R a35a5b225c
Add ETag header (#15370)
* Add ETag header.

* Comply with RFC 7232.

* Moved logic into httpcache.go

* Changed name.

* Lint

* Implemented If-None-Match list.

* Fixed missing header on *

* Removed weak etag support.

* Removed * support.

* Added unit test.

* Lint

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-12 10:49:26 -04:00
a1012112796 63411309fb
add some reponse status on api docs (#15399)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 09:53:23 +01:00
Lunny Xiao 1fc1d60517
Fix delete nonexist oauth application 500 and prevent deadlock (#15384)
* Fix delete nonexist oauth application 500

* Fix test

* Close the session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update integrations/api_oauth2_apps_test.go

* Fix more missed sess.Close

* Remove unnecessary blank line

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-04-10 16:49:10 -04:00
a1012112796 e375cbfd46
rsponse 404 when delete not exist email (#15383)
fix #15357

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-04-10 07:12:38 +01:00
zeripath 136a20926c
Turn RepoRef and RepoAssignment back into func(*Context) (#15372)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-09 20:26:08 -04:00
zeripath 9d2c251214
Move FCGI req.URL.Path fix-up to the FCGI listener (#15292)
Simplify the web.go FCGI path by moving the req.URL.Path fix-up to listener

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-04-09 21:17:57 +08:00
6543 9c4601bdf8
Code Formats, Nits & Unused Func/Var deletions (#15286)
* _ to unused func options

* rm useless brakets

* rm trifial non used models functions

* rm dead code

* rm dead global vars

* fix routers/api/v1/repo/issue.go

* dont overload import module
2021-04-09 09:40:34 +02:00
KN4CK3R c03e488e14
Add LFS Migration and Mirror (#14726)
* Implemented LFS client.

* Implemented scanning for pointer files.

* Implemented downloading of lfs files.

* Moved model-dependent code into services.

* Removed models dependency. Added TryReadPointerFromBuffer.

* Migrated code from service to module.

* Centralised storage creation.

* Removed dependency from models.

* Moved ContentStore into modules.

* Share structs between server and client.

* Moved method to services.

* Implemented lfs download on clone.

* Implemented LFS sync on clone and mirror update.

* Added form fields.

* Updated templates.

* Fixed condition.

* Use alternate endpoint.

* Added missing methods.

* Fixed typo and make linter happy.

* Detached pointer parser from gogit dependency.

* Fixed TestGetLFSRange test.

* Added context to support cancellation.

* Use ReadFull to probably read more data.

* Removed duplicated code from models.

* Moved scan implementation into pointer_scanner_nogogit.

* Changed method name.

* Added comments.

* Added more/specific log/error messages.

* Embedded lfs.Pointer into models.LFSMetaObject.

* Moved code from models to module.

* Moved code from models to module.

* Moved code from models to module.

* Reduced pointer usage.

* Embedded type.

* Use promoted fields.

* Fixed unexpected eof.

* Added unit tests.

* Implemented migration of local file paths.

* Show an error on invalid LFS endpoints.

* Hide settings if not used.

* Added LFS info to mirror struct.

* Fixed comment.

* Check LFS endpoint.

* Manage LFS settings from mirror page.

* Fixed selector.

* Adjusted selector.

* Added more tests.

* Added local filesystem migration test.

* Fixed typo.

* Reset settings.

* Added special windows path handling.

* Added unit test for HTTPClient.

* Added unit test for BasicTransferAdapter.

* Moved into util package.

* Test if LFS endpoint is allowed.

* Added support for git://

* Just use a static placeholder as the displayed url may be invalid.

* Reverted to original code.

* Added "Advanced Settings".

* Updated wording.

* Added discovery info link.

* Implemented suggestion.

* Fixed missing format parameter.

* Added Pointer.IsValid().

* Always remove model on error.

* Added suggestions.

* Use channel instead of array.

* Update routers/repo/migrate.go

* fmt

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-04-08 18:25:57 -04:00
Roger Luo fa06e98553
Add dashboard milestone search and repo milestone search by name (#14866)
Feature for issue #13845:
 - Add milestones search by name on dashboard milestones page.
 - Add milestones search by name on repo issue/milestones page.
2021-04-08 13:53:59 +02:00
John Olheiser 426ebbfc3b
Fix CanCreateRepo check (#15311)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2021-04-07 09:26:41 +02:00
zeripath fa3895ce81
Move modules/forms to services/forms (#15305)
Forms are dependent on models and therefore should be in services.

This PR also removes the old auth. aliasing

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-06 20:44:05 +01:00
6543 16dea6cebd
[refactor] replace int with httpStatusCodes (#15282)
* replace "200" (int) with "http.StatusOK" (const)

* ctx.Error & ctx.HTML

* ctx.JSON Part1

* ctx.JSON Part2

* ctx.JSON Part3
2021-04-05 11:30:52 -04:00
zeripath 48ef04ee56
Drop the event source if we are unauthorized (#15275)
A previous commit that sent unauthorized if the user is unauthorized
simply leads to the repeated reopening of the eventsource. #

This PR changes the event returned to tell the client to close the
eventsource and thus prevents the repeated reopening.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-04 22:37:50 +01:00