Commit Graph

11862 Commits (6f261fdf47ec55fcefa63824624ae827672e8ae0)

Author SHA1 Message Date
zeripath f9120092c1
Fix table alignment in markdown (#16596) (#16602)
Backport #16596

Set the TableOptions in markdown to allow alignment of the tables to work correctly

Fix #15959

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-04 00:16:00 +01:00
zeripath a17edf446f
Fix 500 on first wiki page (#16586) (#16598)
Backport #16586

There is a mistake in #16319 and #16487 which means that the first time
a wiki page is created a 500 is reported because the `master` branch is
not in existence in that wiki yet.

This PR simply checks for this error and returns not found.

Fix #16584

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-03 23:46:08 +01:00
zeripath ff8fadd2be
Upgrade to the latest version of golang-jwt (#16590) (#16606)
* Upgrade to the latest version of golang-jwt.

Backport #16590

* Forcibly update the vendored versions too
* Update our minimal go lang version to 1.15 (differs from 1.16 in #16590)

Signed-off-by: Andrew Thornton <art27@cantab.net>

 ### ⚠️ BREAKING ⚠️

This PR raises the minimal version of go supported to 1.15 which will mean the end of support of 32-bit Mac and Mac OS versions before Sierra.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update minimal go required

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update config.yaml

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-03 22:22:52 +01:00
zeripath 5fe7c0ed7b
Swagger AccessToken fixes (#16574) (#16597)
Backport #16574

There is a subtle problem with the Swagger definition for AccessTokens which causes
autogeneration of APIs for these endpoints to fail.

This PR corrects these errors.

Ref: https://github.com/zeripath/java-gitea-api/issues/4
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-02 20:24:47 +02:00
6543 763e4196ba
[CI] Use node v14 instead of node v16 until it will pass again (#16595) (#16599)
* for CI release: use node 14 (lts) to build until 16 do fail

* all in for node v14.x
2021-08-02 07:41:58 +01:00
zeripath 903bdefb58
Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16570)
Backport #16564

This PR has two parts:

* Add locking to goth and gothic calls with a RWMutex

The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races

* Reattempt OAuth2 registration on login if registration failed

If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt.
    
Fix #16096

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-29 18:52:38 +01:00
Lunny Xiao 840d240a61
Upgrade levelqueue to v0.4.0 (#16560) (#16561)
Fix #16546
2021-07-27 18:59:06 +02:00
a1012112796 7365b4e757
not show private user's repo in explore view (#16550) (#16554)
after #16069, visibility is also usefull for user,
so this limit is not usefull.

fix #16545
2021-07-27 07:34:25 +01:00
6543 e10cd3da1e
Fix session bugs (#16552) (#16553)
* Fix session bugs (#16552)

* fix deadlog bug

* Fix models/issue_stopwatch.go

* Update models/issue_stopwatch.go

Co-authored-by: zeripath <art27@cantab.net>

* fix getLatestCommitStatus

Co-authored-by: zeripath <art27@cantab.net>
2021-07-27 09:44:44 +08:00
zeripath 693275455e
Handle too long PR titles correctly (#16517) (#16549)
Backport #16517

The CompareAndPullRequestPost handler for POST to /compare
incorrectly handles returning errors to the user. For a start
it does not set the necessary markers to switch SimpleMDE
but it also does not immediately return to the form.

This PR fixes this by setting the appropriate values, fixing
the templates and preventing the suggestion of a too long
title.

Fix #16507

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-26 17:49:48 +02:00
6543 91527434d0
upgraded github.com/markbates/goth v1.67.1 => v1.68.0 (#16539) 2021-07-24 18:17:50 +01:00
Lunny Xiao 89f680aa04
Fix issue pasted image missing if no release permission (#16520) (#16527)
* Fix issue pasted image missing if no release permission


Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-24 18:34:57 +02:00
zeripath 67942ac1a9
Switch to maintained jwt lib (#16532) (#16533)
Backport #16532

Co-authored-by: Matti R <matti@mdranta.net>
2021-07-24 11:13:50 -04:00
zeripath 0b06b2019f
Add basic edit ldap auth test & actually fix #16252 (#16465) (#16494)
Backport #16465

One of the reasons why #16447 was needed and why #16268 was needed in
the first place was because it appears that editing ldap configuration
doesn't get tested.

This PR therefore adds a basic test that will run the edit pipeline.

In doing so it's now clear that #16447 and #16268 aren't actually
solving #16252. It turns out that what actually happens is that is that
the bytes are actually double encoded.

This PR now changes the json unmarshal wrapper to handle this double
encode.

Fix #16252

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-07-22 17:24:21 +03:00
zeripath 057205a4b7
Restore creation of git-daemon-export-ok files (#16508) (#16514)
Backport #16508

Somewhere along the line the creation of git-daemon-export-ok
files disappeared but the updating of these files when
repo visibility changes remained. The problem is that the
current state will create files even when the org or user
is private.

This PR restores creation correctly.

Fix #15521

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-22 15:52:02 +02:00
zeripath 1b6c0c6bdc
Changelog for 1.15.0-rc2 (#16511)
* Changelog for 1.15.0-rc2

Results of `~/go/bin/changelog -m 1.15.0 --after 16422 generate`

We need to release RC2 as there are mulitple problems with alpine 3.14 related to
the seccomp issues on Docker <20.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update CHANGELOG.md

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-07-22 15:47:38 +03:00
6543 c4f3f5bdf2
Fix data race in bleve indexer (#16474) (#16509)
* Fix data race in bleve indexer

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-07-22 11:42:32 +08:00
zeripath 1f5011dff7
Restore CORS on git smart http protocol (#16496) (#16506)
Backport #16496

Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix #16350
Close #16491

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-21 15:03:02 +01:00
zeripath cf9aeca508
Fix race in log (#16490) (#16505)
Backport #16490

A race has been detected in #1441 relating to getting log levels.

This PR protects the GetLevel and GetStacktraceLevel calls with a RW mutex.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-21 20:19:36 +08:00
6543 09a4364b21
Add TestPrepareWikiFileName (#16487) (#16498)
* Add TestPrepareWikiFileName

* use LsTree as LsFiles is index only

* ajust other tests

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-07-21 03:37:00 +01:00
zeripath 0c3467ffb7
Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479)

Fix #16427 (again!)

* handle sharing violation error code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-20 23:52:19 +02:00
Gary Wang d268c9d6e1
fix: support delete non-urlencoded wiki page (#16482) (#16486)
* fix: support delete non-urlencoded wiki page

* fix: check error
2021-07-19 19:39:50 +02:00
zeripath 7f6019e492
Update notification table with only latest data (#16445) (#16469)
When marking notifications read the results may be returned out of order
or be delayed.  This PR sends a sequence number to gitea so that the
browser can ensure that only the results of the latest notification
change are shown.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-17 19:05:59 +02:00
zeripath 0f11c5f592
Retry rename on lock induced failures (re-fix) (#16461) (#16462)
Backport #16461

Unfortunately #16435 asserts the wrong error and should use
os.LinkError not os.PathError.

Fix #16439

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-16 13:22:44 -04:00
zeripath bae0e1d773
Frontport v1.14.5 (#16453)
Frontport the changelog from v1.14.5

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-07-16 11:17:16 -04:00
techknowlogick 0877d497f3
revert to use alpine 3.13 (#16452)
Co-authored-by: zeripath <art27@cantab.net>
2021-07-16 09:55:14 +08:00
zeripath e5fde7ef00
Fix crash following ldap authentication update (#16447) (#16448)
Backport #16447

Unfortunately #16268 contained a terrible error, whereby there was a double
indirection taken when unmarshalling the source data. This fatally breaks
authentication configuration reading.

Fix #16342

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-15 20:17:44 -04:00
zeripath 6243638c11
Update documentation to reflect #15219 (#16442) (#16444)
Backport #16442

The move to render custom/public as within /assets in #15219 missed updating
several documentation pages.

This PR updates this documentation.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-15 22:28:07 +02:00
6543 195c9999a1
Changelog for v1.15.0-rc1 (#16422)
* changelog -m 1.15.0 generate

* enhance changelog

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: techknowlogick <matti@mdranta.net>

* move SECURITY before FEATURES

* move ENHANCEMENTS above BUGFIXES

* as per techknowlogick

* more

* node16

* Apply suggestions from code review

Co-authored-by: Kyle D. <kdumontnu@gmail.com>

* next

* Apply suggestions from code review

* Update CHANGELOG.md

Co-authored-by: Norwin <noerw@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Kyle D. <kdumontnu@gmail.com>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-07-15 11:47:57 -04:00
zeripath 33a8eec33e
Retry rename on lock induced failures (#16435)
* Retry rename on lock induced failures

Due to external locking on Windows it is possible for an
os.Rename to fail if the files or directories are being
used elsewhere.

This PR simply suggests retrying the rename again similar
to how we handle the os.Remove problems.

Fix #16427

Signed-off-by: Andrew Thornton <art27@cantab.net>

* resolve CI fail

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-07-15 11:46:07 -04:00
GiteaBot aed086f8b0 [skip ci] Updated translations via Crowdin 2021-07-15 15:07:57 +00:00
GiteaBot 8484ee2c28 [skip ci] Updated translations via Crowdin 2021-07-15 10:07:52 +00:00
GiteaBot 5cc5dfe036 [skip ci] Updated translations via Crowdin 2021-07-15 09:08:09 +00:00
techknowlogick 376fc350ee
add note about minimum required version of git installed (#16433) 2021-07-14 23:28:49 -04:00
GiteaBot 11c79b56da [skip ci] Updated translations via Crowdin 2021-07-14 20:07:55 +00:00
Lunny Xiao efeb8e890b
Change the release cycle to match actual situations (#16430)
* Change the release cycle to match actual situations

* Update CONTRIBUTING.md

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-07-14 14:03:00 -04:00
techknowlogick e180456983
Change docker tag logic (#16421)
* Change docker logic

* Apply suggestions from code review

Co-authored-by: Kyle D. <kdumontnu@gmail.com>

* docs

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Kyle D. <kdumontnu@gmail.com>
2021-07-14 18:08:43 +01:00
GiteaBot 14b6257160 [skip ci] Updated translations via Crowdin 2021-07-14 15:07:54 +00:00
zeripath 3dcb3e9073
Second attempt at preventing zombies (#16326)
* Second attempt at preventing zombies

* Ensure that the pipes are closed in ssh.go
* Ensure that a cancellable context is passed up in cmd/* http requests
* Make cmd.fail return properly so defers are obeyed
* Ensure that something is sent to stdout in case of blocks here

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint 2

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint 3

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-07-14 10:43:13 -04:00
GiteaBot ee43d70a0c [skip ci] Updated translations via Crowdin 2021-07-14 14:07:52 +00:00
GiteaBot 0ead8cea6c [skip ci] Updated translations via Crowdin 2021-07-14 13:08:17 +00:00
6543 8798e3a098
Use TrN helper for email templates (#16425)
* Add TrN helper

* use TrN

* a nit
2021-07-14 15:06:09 +02:00
delvh 8464fa15d0
Make gpg resource string more readable (#16423) 2021-07-14 12:50:39 +02:00
GiteaBot febee86d0d [skip ci] Updated translations via Crowdin 2021-07-14 00:07:53 +00:00
Meano 423a0fccb6
Fix activation of primary email addresses (#16385)
* fix: primary email cannot be activated

* Primary email should be activated together with user account when
'RegisterEmailConfirm' is enabled.

* To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the
admin should have permission to modify the activations status of user email.
And the user should be allowed to send activation to primary email.

* Only judge whether email is primary from email_address table.

* Improve logging and refactor isEmailActive

Co-authored-by: zeripath <art27@cantab.net>
2021-07-13 22:59:27 +02:00
6543 56b7f53329
Return updated repository when changing repository using API (#16420) 2021-07-13 20:31:59 +01:00
Lauris BH d26551bd0c
Load issue/PR context popup data only when needed (#15955)
* Load issue/PR context popup data only when needed

* Add SVG icon Vue component

* Remove unneeded check
2021-07-13 20:09:19 +02:00
Stanley Hu 3dba75fb97
Support HTTP/2 in Let's Encrypt (#16371)
Modify the tlsConfig.NextProtos for Let's Encrypt and built-in HTTPS server in order to support HTTP/2.

Co-authored-by: 6543 <6543@obermui.de>
2021-07-13 18:17:46 +01:00
6543 57ee06fb94
fix calculation for finalPage in repo-search component (#16382)
Co-authored-by: Jan Naahs <jan.naahs@naahstea.de>
2021-07-13 16:05:27 +02:00
zeripath b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00