Commit graph

2851 commits

Author SHA1 Message Date
zeripath
48ef04ee56
Drop the event source if we are unauthorized (#15275)
A previous commit that sent unauthorized if the user is unauthorized
simply leads to the repeated reopening of the eventsource. #

This PR changes the event returned to tell the client to close the
eventsource and thus prevents the repeated reopening.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-04 22:37:50 +01:00
6543
80d6c6d7de
[refactor] mailer service (#15072)
* Unexport SendUserMail

* Instead of "[]*models.User" or "[]string" lists infent "[]*MailRecipient" for mailer

* adopt

* code format

* TODOs for "i18n"

* clean

* no fallback for lang -> just use english

* lint

* exec testComposeIssueCommentMessage per lang and use only emails

* rm MailRecipient

* Dont reload from users from db if you alredy have in ram

* nits

* minimize diff

Signed-off-by: 6543 <6543@obermui.de>

* localize subjects

* linter ...

* Tr extend

* start tmpl edit ...

* Apply suggestions from code review

* use translation.Locale

* improve mailIssueCommentBatch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add i18n to datas

Signed-off-by: Andrew Thornton <art27@cantab.net>

* a comment

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-04-02 11:25:13 +01:00
a1012112796
007fb00c0e
response 404 for diff/patch of a commit that not exist (#15221)
* response 404 for diff/patch of a commit that not exist

fix #15217

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update routers/repo/commit.go

Co-authored-by: silverwind <me@silverwind.io>

* use ctx.NotFound()

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
2021-04-01 08:17:14 +03:00
KN4CK3R
0c6137617f
Add Tabular Diff for CSV files (#14661)
Implements request #14320 The rendering of CSV files does match the diff style.

* Moved CSV logic into base package.

* Added method to create a tabular diff.

* Added CSV compare context.

* Added CSV diff template.

* Use new table style in CSV markup.

* Added file size limit for CSV rendering.

* Display CSV parser errors in diff.

* Lazy read single file.

* Lazy read rows for full diff.

* Added unit tests for various CSV changes.
2021-03-29 22:44:28 +02:00
zeripath
c1ca4a8313
Improve /api/v1/repos/issues/search by just getting repo ids (#15179)
/api/v1/repos/issues/search is a highly inefficient search which is unfortunately
the basis for our dependency searching algorithm. In particular it currently loads
all of the repositories and their owners and their primary coding language all of
which is immediately thrown away.

This PR makes one simple change - just get the IDs.

Related #14560
Related #12827

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-29 18:12:21 +01:00
a1012112796
2b9e0b4d1b
should run RetrieveRepoMetas() for empty pr (#15187)
Signed-off-by: a1012112796 <1012112796@qq.com>
2021-03-29 07:58:48 +01:00
a1012112796
3273fb9af1
use level config in main section when subsection not set level (#15176)
in previouse if a log subsetcion not set level
it will use ``info`` as default value.

this pr will make default value (``[log] -> LEVEL``) useable.

example config:
```INI
[log]
MODE = console
LEVEL = Trace

[log.console]
LEVEL =
STDERR = false
```

previous result:
```JSON
// console:
{
  "level": "info",
  ...................
}
```

after change:

```JSON
// console:
{
  "level": "track",
  ...................
}
```

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-03-28 20:08:19 +01:00
6543
290cf75f93
[refactor] Unify the export of user data via API (#15144)
* [refactor] unify how user data is exported via API

* test time via unix timestamp
2021-03-27 17:45:26 +01:00
parnic
f4d27498bd
Add DefaultMergeStyle option to repository (#14789)
Fixes #12293
2021-03-27 15:55:40 +01:00
Lunny Xiao
f4e677edb1
Fix bug on avatar middleware (#15124) 2021-03-23 18:20:24 +01:00
Lunny Xiao
8567cba0d9
Implement delete release attachments and update release attachments' name (#14130)
* Implement delete release attachment

* Add attachments on release edit page

* Fix bug

* Finish del release attachments

* Fix frontend lint

* Fix tests

* Support edit release attachments

* Added tests

* Remove the unnecessary parameter isCreate from UpdateReleaseOrCreatReleaseFromTag

* Rename UpdateReleaseOrCreatReleaseFromTag to UpdateRelease

* Fix middle align
2021-03-23 00:09:51 +08:00
Lauris BH
2f0eb9fd5d
Handle unauthorized user events gracefully (#15071) 2021-03-20 21:39:43 +01:00
Roger Luo
119d2cb6e4
Create new issue from code (#14863)
* Feat: add reference in new issue with permalink menu for code view.

* Fix: recover index.js file.

* Add comments and redo ci.

* Fix code convention

* Fix code.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-17 22:02:38 -04:00
Kyle D
df891dc59f
Validate email in oauth registration form (#15014) 2021-03-17 04:54:02 +01:00
KN4CK3R
7019076f7f
Fixed wrong migrate url error description. (#15010) 2021-03-17 03:34:09 +01:00
Norwin
f4629fc472
Move repo.CloseIssuesViaCommitInAnyBranch to issue settings (#14965) 2021-03-16 02:00:52 +01:00
Lauris BH
044cd4d016
Add reverse proxy configuration support for remote IP address (#14959)
* Add reverse proxy configuration support for remote IP address validation

* Trust all IP addresses in containerized environments by default

* Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-16 00:27:28 +02:00
zeripath
6e423d5573
Ensure validation occurs on clone addresses too (#14994)
* Ensure validation occurs on clone addresses too

Fix #14984

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix api tests

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-15 17:52:11 -04:00
Norwin
658d1bfac8
API: fix set milestone on PR creation (#14981)
* API: fix set milestone on PR creation

pr creation via API failed with 404, because we searched
for milestoneID 0, due to uninitialized var usage D:

* add tests

* fix expected status codes

* fix tests

Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 19:06:52 +01:00
zeripath
91ee3be588
Prevent incorrect HTML escaping in swagger.json (#14957)
* Prevent incorrect HTML escaping in swagger.json

Fix #14706

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops add it to the helper

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-11 23:43:04 -05:00
Norwin
df76d9f7ad
Show correct issues for team dashboard (#14952)
* fix no items under /org/$org/{issues,pulls}?type=mentioned

it was filtering by org id, but org-mentions are not persisted like that
to the DB, we need to filter by UID.
This means, selecting different teams will only have an effect on the
selected repos, otherwise results will be the same, which may be
suboptimal.

fixes #14941

* don't spam a warning for a perfectly fine request
2021-03-12 04:06:33 +01:00
zeripath
5705f72fd6
Prevent panic when editing forked repos by API (#14960)
When editing forked repos using the API the BaseRepository needs to loaded
in order to check its visibility otherwise there will be NPE panic.

Fix #14956

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-11 19:09:52 +01:00
zeripath
c8e5c79cfd
Add ui.explore settings to control view of explore pages (2) (#14094)
This is an alternative PR to #13687.

Add `[ui.explore]` settings to allow restricting the
explore pages to logged in users only and to disable the users explore page.

The two proposed settings are:

- `REQUIRE_SIGNIN_VIEW`: Only allows access to the explore pages if the
user is signed in. Also restricts
  - `/api/v1/user/search`
  - `/api/v1/users/{username}`
  - `/api/v1/users/{username}/repos`
  - but does not restrict `/api/v1/users/{username}/heatmap`
- `DISABLE_USERS_PAGE`: Disables the /explore/users page

Fix #2908

Close #13687 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-11 13:40:54 +00:00
KN4CK3R
40aca73347
Fix migration context data (#14910)
* Unified context data.

* Changed method name.
2021-03-07 20:21:09 +01:00
zeripath
9b261f52f0
Add SameSite setting for cookies (#14900)
Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. 

There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR.

Fix #5583

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-07 08:12:43 +00:00
Lunny Xiao
9db590f2ee
Fix bug when combine label comments (#14894)
* Fix bug when combine label comments

* Added some code comments

* More comments
2021-03-05 16:17:32 +01:00
Norwin
0a8a3ab0f5
Show private heatmap on profile to self & admins (#14881)
followup to #14080
2021-03-04 23:59:13 +01:00
a1012112796
a5279b74b6
Make manual merge autodetection optional and add manual merge as merge method (#12543)
* Make auto check manual merge as a chooseable mod and add manual merge way on ui

as title, Before this pr, we use same way with GH to check manually merge.
It good, but in some special cases, misjudgments can occur. and it's hard
to fix this bug. So I add option to allow repo manager block "auto check manual merge"
function, Then it will have same style like gitlab(allow empty pr). and to compensate for
not being able to detect THE PR merge automatically, I added a manual approach.

Signed-off-by: a1012112796 <1012112796@qq.com>

* make swager

* api support

* ping ci

* fix TestPullCreate_EmptyChangesWithCommits

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Apply review suggestions and add test

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* fix build

* test error message

* make fmt

* Fix indentation issues identified by @silverwind

Co-authored-by: silverwind <me@silverwind.io>

* Fix tests and make manually merged disabled error on API the same

Signed-off-by: Andrew Thornton <art27@cantab.net>

* a small nit

* fix wrong commit id error

* fix bug

* simple test

* fix test

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-03 22:41:23 -05:00
zeripath
0044e80491
Add CORS config on to /login/oauth/access_token endpoint (#14850)
Fix #7204

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-03-04 03:25:30 +02:00
Norwin
a050de8db3
Handle urls with trailing slash (#14852) 2021-03-02 17:23:36 +01:00
zeripath
f0e15250b9
Migrate to use jsoniter instead of encoding/json (#14841)
* Migrate to use jsoniter

* fix tests

* update gitea.com/go-chi/binding

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-01 22:08:10 +01:00
Paweł Bogusławski
85e6e07346
Organization removal confirmation using name not password (#14738)
* Organization removal confirmation using name not password

Gitea is asking for user password to confirm organization
removal so this operation cannot be done in systems with
SSO authentication (where no user passwords are used).

This mod changes the way gitea confirms organization
removal - user must enter organization name (not user
password) to confirm operation (similar to repository
removal confirmation).

Author-Change-Id: IB#1107219

* Translation removed

Translation removed from PR - will be restored using Crowdin
after pull got merged.

Fixes: 95ddcdd8bd8097a952894556d42641d5ec269288
Related: https://github.com/go-gitea/gitea/pull/14738
Author-Change-Id: IB#1107219
2021-03-01 16:33:05 +02:00
6543
a4148c0f12
Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)
* make repo as "pending transfer" if on transfer start doer has no right to create repo in new destination

* if new pending transfer ocured, create UI & Mail notifications
2021-03-01 01:47:30 +01:00
zeripath
030646eea4
Set HCaptchaSiteKey on Link Account pages (#14834)
When using HCaptcha on link account pages the site key needs to be passed
in. This PR ensures that HCaptchaSiteKey is set in the data.

Fix #14766

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-02-28 17:04:15 -05:00
a1012112796
83cf1a894e
Create tag on ui (#13467)
Support create single tag directly

support create tag with message from create release ui

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-02-28 19:57:45 +00:00
a1012112796
5d2b7ba639
Add EasyMDE support for release content editor (#14744)
* Add easyMDE(simpleMDE) support for release content editor

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-02-22 21:17:51 +01:00
Lunny Xiao
bd9361384a
Fix go get (#14758)
* Fix go get

* Fix default branch

Co-authored-by: 6543 <6543@obermui.de>
2021-02-22 00:51:15 +08:00
gordon--
343c756357
Heatmap days clickable (#13935)
* Heatmap days clickable

* Error handling

* Unselect filter

* better dayclick handler

* made linter happy

* clickable heatmap for profiles

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-02-20 17:08:58 -05:00
6543
190bd0accd
Export LFS & TimeTracking function status (#14753) 2021-02-20 11:17:51 +01:00
zeripath
aa4f9180e4
Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999)
Also removes some unnecessary uses of fmt.Sprintf and adds documentation
strings

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-19 22:36:43 +01:00
Norwin
d38ae597e1
Add UI to delete tracked times (#14100)
Co-authored-by: 6543 <6543@obermui.de>
2021-02-19 12:52:11 +02:00
zeripath
092299891f
Move the stopwatches to the eventsource stream (#14588)
Move the stopwatches to the eventsource stream

Use the /user/events eventsource to update the stopwatches
instead of polling /api/v1/user/stopwatches if the eventsource
is enabled.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-19 11:05:35 +01:00
Jacob Hrbek
867f4c557d
routers/routes/web: Fix typo in comment (#14729) 2021-02-18 22:47:23 +08:00
6543
8d5c795cc4
[API] Add Restricted Field to User (#14630)
* Expose Restricted field for User

* Add Option to Change Restricted on User via adminEditUser API

* Add test who change restricted & test if it changed it ...

* make generate-swagger

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-02-18 16:25:35 +08:00
Jimmy Praet
4c82485424
#14699 Make branch names in PR description clickable (#14716) 2021-02-18 03:45:49 +01:00
zeripath
ad43b119a8
Add Password Algorithm option to install page (#14701)
Add Password Algorithm option to install page

Fix #14674 

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2021-02-16 23:37:20 +01:00
zeripath
66a148e398
Restore detection of branches are equal on compare page (#14586)
Somehow the test for detecting if branches are equal broke
this PR restores this functionality.

Fix #14502

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-16 16:39:45 +01:00
Damien Goutte-Gattat
fc4a8c2980
Allow blocking some email domains from registering an account (#14667)
Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are *forbidden* to register an account.

The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that.

The rationale is that, in my experience of running a Gitea instance, *a single email domain* is responsible for *most* of the spam accounts, and for *all* of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful.

close #13628
2021-02-15 00:31:29 +01:00
vnkmpf
487f2ee41c
Whitespace in commits (#14650)
* Add whitespace to commit view

* Add whitespace to /compare/a...b

* Move repeated whitespaceFlags to gitdiff

* Add whitespace for wiki pages
2021-02-13 05:35:43 +01:00
techknowlogick
a3cc842e15
Show Gitea version in swagger (#14654)
Show Gitea version in swagger

Co-authored-by: 6543 <6543@obermui.de>
2021-02-12 21:51:56 +01:00