Commit Graph

257 Commits (7b4d2f7a2aa3af093571628f979bdc939f10890c)

Author SHA1 Message Date
QuaSoft 7b4d2f7a2a Add single sign-on support via SSPI on Windows (#8463)
* Add single sign-on support via SSPI on Windows

* Ensure plugins implement interface

* Ensure plugins implement interface

* Move functions used only by the SSPI auth method to sspi_windows.go

* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected

* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.

* Update documentation for the new 'SPNEGO with SSPI' login source

* Mention in documentation that ROOT_URL should contain the FQDN of the server

* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)

* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)

* Add option in SSPIConfig for removing of domains from logon names

* Update helper text for StripDomainNames option

* Make sure handleSignIn() is called after a new user object is created by SSPI auth method

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates

* Remove code duplication

* Log errors in ActiveLoginSources

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert suffix of randomly generated E-mails for Reverse proxy authentication

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert unneeded white-space change in template

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Add copyright comments at the top of new files

* Use loopback name for randomly generated emails

* Add locale tag for the SSPISeparatorReplacement field with proper casing

* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields

* Update docs/content/doc/features/authentication.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Remove Priority() method and define the order in which SSO auth methods should be executed in one place

* Log authenticated username only if it's not empty

* Rephrase helper text for automatic creation of users

* Return error if more than one active SSPI auth source is found

* Change newUser() function to return error, letting caller log/handle the error

* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed

* Refactor initialization of the list containing SSO auth methods

* Validate SSPI settings on POST

* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page

* Make 'Default language' in SSPI config empty, unless changed by admin

* Show error if admin tries to add a second authentication source of type SSPI

* Simplify declaration of global variable

* Rebuild gitgraph.js on Linux

* Make sure config values containing only whitespace are not accepted
2019-11-23 01:33:31 +02:00
Lauris BH 86a44f6b48
Fix new user form for non-local users (#8826) 2019-11-04 21:10:37 +02:00
Jakob Ackermann 00629fea95 [assets] configurable URL for static resources (#7911)
* static url

* add cors support for static resources

* [assets] work on the migration to configurable url for assets

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>

* [misc] fix whitespace

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>

* [assets] fix the loading of the manifest.json

It is generated dynamically, and as such can not be served by the cdn.

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>

* Revert "add cors support for static resources"

This reverts commit 42f964fd181dbb8b139808b9be623470d4f0e40f

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>

* [docs] add the STATIC_URL_PREFIX option

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>

* [docs] reverse-proxy: nginx: add two setups for STATIC_URL_PREFIX

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>

* [assets] migrate the url of a new asset to the static url prefix

REF: f2a3abc683
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
2019-10-22 20:11:01 +08:00
techknowlogick 7a8e299c7c migrate gplus to google oauth2 provider (#7885)
* migrate gplus to google oauth2 provider. this still provides support for old gplus connections.

* Update models/oauth2.go

Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>

* make vendor
2019-09-14 12:02:39 +02:00
techknowlogick 2837563147
oauth2 with remote Gitea - Fix #8093 (#8149) 2019-09-12 22:15:36 -04:00
Gary Kim 541fab196f Fix adding default Telegram webhook (#7972)
* Fix adding default Telegram webhook

Fixes #7932

Signed-off-by: Gary Kim <gary@garykim.dev>

* Run goimports

Signed-off-by: Gary Kim <gary@garykim.dev>
2019-08-26 18:59:10 -04:00
6543 5409dec8fd [Branch View] show "New Pull Request" Button only if posible (#7977)
* add check Commits Ahead is gt 0

* code format
to start drone-ci test again
and formate code is also nice :)
2019-08-26 13:47:41 +03:00
Lunny Xiao 1e8a616426 show lfs config on admin panel (#7220) 2019-06-16 19:24:49 +01:00
Mario Lubenka 8eba27c792 Repository avatar fallback configuration (#7087)
* Only show repository avatar in list when one was selected

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Adds fallback configuration option for repository avatar

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Implements repository avatar fallback

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Adds admin task for deleting generated repository avatars

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Solve linting issues

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Save avatar before updating database

* Linting

* Update models/repo.go

Co-Authored-By: zeripath <art27@cantab.net>
2019-06-02 14:40:12 +08:00
Xaver Maierhofer 95d3d42c5f Fix code overflow (#6914) 2019-05-14 12:02:59 -04:00
Lunny Xiao 01ebd52a1f fix config ui error about cache ttl (#6861) 2019-05-06 17:35:11 +03:00
ngourdon d29d97d91c Set user search base field optional in DLDAP edit page (#6779) 2019-04-28 09:53:55 -04:00
Lanre Adelowo 08d8ea9403 fix template error (#6737) 2019-04-24 21:14:36 +08:00
Mario Lubenka fcbac38d6f Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00
Daniel Grier b9d1fb6de3 Add support for MS Teams webhooks (#6632) 2019-04-19 10:18:06 -04:00
zeripath 704da08fdc
Better logging (#6038) (#6095)
* Panic don't fatal on create new logger

Fixes #5854

Signed-off-by: Andrew Thornton <art27@cantab.net>

* partial broken

* Update the logging infrastrcture

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reset the skip levels for Fatal and Error

Signed-off-by: Andrew Thornton <art27@cantab.net>

* broken ncsa

* More log.Error fixes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove nal

* set log-levels to lowercase

* Make console_test test all levels

* switch to lowercased levels

* OK now working

* Fix vetting issues

* Fix lint

* Fix tests

* change default logging to match current gitea

* Improve log testing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* reset error skip levels to 0

* Update documentation and access logger configuration

* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE

* Fix broken level caching

* Refactor the router log

* Add Router logger

* Add colorizing options

* Adjust router colors

* Only create logger if they will be used

* update app.ini.sample

* rename Attribute ColorAttribute

* Change from white to green for function

* Set fatal/error levels

* Restore initial trace logger

* Fix Trace arguments in modules/auth/auth.go

* Properly handle XORMLogger

* Improve admin/config page

* fix fmt

* Add auto-compression of old logs

* Update error log levels

* Remove the unnecessary skip argument from Error, Fatal and Critical

* Add stacktrace support

* Fix tests

* Remove x/sync from vendors?

* Add stderr option to console logger

* Use filepath.ToSlash to protect against Windows in tests

* Remove prefixed underscores from names in colors.go

* Remove not implemented database logger

This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.

* Ensure that log paths are relative to ROOT_PATH

* use path.Join

* rename jsonConfig to logConfig

* Rename "config" to "jsonConfig" to make it clearer

* Requested changes

* Requested changes: XormLogger

* Try to color the windows terminal

If successful default to colorizing the console logs

* fixup

* Colorize initially too

* update vendor

* Colorize logs on default and remove if this is not a colorizing logger

* Fix documentation

* fix test

* Use go-isatty to detect if on windows we are on msys or cygwin

* Fix spelling mistake

* Add missing vendors

* More changes

* Rationalise the ANSI writer protection

* Adjust colors on advice from @0x5c

* Make Flags a comma separated list

* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING

* Ensure matching is done on the non-colored message - to simpify EXPRESSION
2019-04-02 08:48:31 +01:00
mrsdizzie f125330fcf Include more variables on admin/config page (#6378)
Include the current CustomPath location in the admin section and also
display GITEA_WORK_DIR and/or GITEA_CUSTOM env var if they are set.

Right now there is no easy way to see this information, and if you try
and help most users they won't be able to tell you anything about these
values -- just that their custom template isn't working, files aren't in
the right place, etc... Now you can see all paths and if they were set
by ENV or not.
2019-03-19 18:40:13 -04:00
Russell Aunger b34996a629 Implement Default Webhooks (#4299)
Partially implement #770.
Add "Default Webhooks" page in site admin UI.
Persist to the existing webhooks table, but store with RepoID=0 and OrgID=0.
Upon repo creation, copy the set of default webhooks into the new repo.
2019-03-18 22:33:20 -04:00
Rémy Boulanouar 64ce159a6e Allow to set organization visibility (public, internal, private) (#1763) 2019-02-18 18:00:27 +02:00
Lanre Adelowo d0cb5aa9f9 fix #3200 (#6033) 2019-02-11 03:27:24 +02:00
techknowlogick ad059fdbbc
Admin config page mailertype setting option update (#5973)
* Fix #5972
2019-02-06 11:17:58 -05:00
techknowlogick 5c44f751a3
Discord Oauth2 support (#4476)
* add discord auth

* add vendor for discord

* fix syntax error

* make fmt

* update version of goth in use

* update markbates/goth
2019-01-13 14:06:22 -05:00
Julian e5228b8369 fix: use correct value for "MSpan Structures Obtained" #4742 (#5706)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-12 17:49:44 -05:00
Harshit Bansal dd006db5a7 Display branch name in delete branch confirmation modal. (#5654)
Fixes: #5630.
2019-01-06 15:08:25 -05:00
Tony Homrich 2058c362a8 LDAP via simple auth separate bind user and search base (#5055) 2018-12-27 11:51:19 -05:00
Lanre Adelowo 2a6d3ba058 Allow admin toggle forcing a password change for newly created users (#4563) 2018-09-13 12:34:36 -04:00
EnricoFerro 0a24f5cac8 Disable 'May Import Local Repository' when is disabled by setting (Issue #4779) (#4780) 2018-08-24 01:00:22 -04:00
kolaente 1bff02de55 Added dependencies for issues (#2196) (#2531) 2018-07-17 17:23:58 -04:00
Lanre Adelowo 5bc8782d33 Don't display buttons if there are no system notifications (#4280)
* Don't display buttons if there are no notices

* remove redundant gt check
2018-07-05 17:35:42 +02:00
David Schneiderbauer af57d6ab8a undo #3142 because processes don't use the util.Timestamp (#4203) 2018-06-10 09:48:45 +08:00
Lauris BH a89d6253e0 Show only needed values in database configuration section depending on type (#4164) 2018-06-06 18:13:42 -05:00
Barbossa 83d956ce6b Fix typo (#4151)
Fix incorrect tmpl in oauth when we have a custom authorize url. The tmpl will append an additional character "v" every time we save the settings.
2018-06-06 22:02:37 +08:00
Magnus Lindvall cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Alexey Terentyev b908ac9fab Added repository search ordered by stars or forks. Forks column in admin repo list. (#3969)
* Added repository search order by stars or forks.
Added Forks column to admin repository list.

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed search repo template

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-24 09:03:42 +08:00
FabioFortini 1546458f7d issue-2768: added new option allow_only_external_registration (#3910) 2018-05-13 15:51:16 +08:00
Lauris BH 501fb228e6
Add option to use paged LDAP search when synchronizing users (#3895) 2018-05-05 17:30:47 +03:00
Bwko 8ee45eb614 Add EnableTimetracking option to app settings (#3719) 2018-04-09 23:15:32 +08:00
Gerben 2dc6f15eca Don't warn users about *every* dirty form (#3707)
The choice regarding which forms should or should not trigger a warning
is subjective. I tried to be consistent and not warn about forms that:
 - run an action, rather than edit data: search, send an email.
 - delete data: a warning about losing data would be confusing

Note that forms on sign-in pages were already ignored (using a selector,
rather than an explicit class on the form element).

Fixes #3698.
2018-03-23 22:10:42 +08:00
Allen Wild 8606d9f5bc Add admin dashboard option to run health checks (#3606)
There's one for git gc, why not git fsck too?

Also add a couple more trace logs to GitFsck to see progress
2018-03-02 11:09:43 +02:00
muhfaris bec09378f9 Fix Delete repository message (#3260) 2018-01-15 08:03:30 +02:00
Sandro Santilli eb2b4df0ed Change SSL Mode from checkbox to string in admin page (#3208)
Closes #3207

Use a string, not a checkbox because "require", "verify-full",
"verify-ca" and "disable" values are supported ...
2017-12-16 23:25:00 +02:00
Lunny Xiao f2e20c81b6 Refactor struct's time to remove unnecessary memory usage (#3142)
* refactor struct's time to remove unnecessary memory usage

* use AsTimePtr simple code

* fix tests

* fix time compare

* fix template on gpg

* use AddDuration instead of Add
2017-12-11 06:37:04 +02:00
Duncan Ogilvie 8ee08fe8bc Remove duplicate "Max Diff Lines" from config view (#2987)
Signed-off-by: Duncan Ogilvie <mr.exodia.tpodt@gmail.com>
2017-11-27 06:56:50 +02:00
Jonas Bröms 4d01ecaef3 Show Sendmail settings on admin config page (#2782)
* Show Sendmail settings on admin config page

* Remove unecessary if statement
2017-10-26 16:47:16 +08:00
Jonas Franz 33647aa43b Fixing wrong translations on sorttype oldest/latest (#2720) 2017-10-16 23:26:11 +03:00
techknowlogick 9bdbfbf6f3 Disable custom Git Hooks globally via configuration file (#2450)
* Create option to disable githooks globally via configuration file

* Update comment in app.ini to align with @ethantkoenig's suggestion

Signed-off-by: Matti Ranta <matti@mdranta.net>
2017-09-12 12:25:42 +03:00
Jonas Franz 5ccecb44ad Feature: Timetracking (#2211)
* Added comment's hashtag to url for mail notifications.
* Added explanation to return statement + documentation.
* Replacing in-line link generation with HTMLURL. (+gofmt)
* Replaced action-based model with nil-based model. (+gofmt)
* Replaced mailIssueActionToParticipants with mailIssueCommentToParticipants.
* Updating comment for mailIssueCommentToParticipants
* Added link to comment in "Dashboard"
* Deleting feed entry if a comment is going to be deleted
* Added migration
* Added improved migration to add a CommentID column to action.
* Added improved links to comments in feed entries.
* Fixes #1956 by filtering for deleted comments that are referenced in actions.
* Introducing "IsDeleted" column to action.
* Adding design draft (not functional)
* Adding database models for stopwatches and trackedtimes
* See go-gitea/gitea#967
* Adding design draft (not functional)
* Adding translations and improving design
* Implementing stopwatch (for timetracking)
* Make UI functional
* Add hints in timeline for time tracking events
* Implementing timetracking feature
* Adding "Add time manual" option
* Improved stopwatch
* Created report of total spent time by user
* Only showing total time spent if theire is something to show.
* Adding license headers.
* Improved error handling for "Add Time Manual"
* Adding @sapks 's changes, refactoring
* Adding API for feature tracking
* Adding unit test
* Adding DISABLE/ENABLE option to Repository settings page
* Improving translations
* Applying @sapk 's changes
* Removing repo_unit and using IssuesSetting for disabling/enabling timetracker
* Adding DEFAULT_ENABLE_TIMETRACKER to config, installation and admin menu
* Improving documentation
* Fixing vendor/ folder
* Changing timtracking routes by adding subgroups /times and /times/stopwatch (Proposed by @lafriks )
* Restricting write access to timetracking based on the repo settings (Proposed by @lafriks )
* Fixed minor permissions bug.
* Adding CanUseTimetracker and IsTimetrackerEnabled in ctx.Repo
* Allow assignees and authors to track there time too.
* Fixed some build-time-errors + logical errors.
* Removing unused Get...ByID functions
* Moving IsTimetrackerEnabled from context.Repository to models.Repository
* Adding a seperate file for issue related repo functions
* Adding license headers
* Fixed GetUserByParams return 404
* Moving /users/:username/times to /repos/:username/:reponame/times/:username for security reasons
* Adding /repos/:username/times to get all tracked times of the repo
* Updating sdk-dependency
* Updating swagger.v1.json
* Adding warning if user has already a running stopwatch (auto-timetracker)
* Replacing GetTrackedTimesBy... with GetTrackedTimes(options FindTrackedTimesOptions)
* Changing code.gitea.io/sdk back to code.gitea.io/sdk
* Correcting spelling mistake
* Updating vendor.json
* Changing GET stopwatch/toggle to POST stopwatch/toggle
* Changing GET stopwatch/cancel to POST stopwatch/cancel
* Added migration for stopwatches/timetracking
* Fixed some access bugs for read-only users
* Added default allow only contributors to track time value to config
* Fixed migration by chaging x.Iterate to x.Find
* Resorted imports
* Moved Add Time Manually form to repo_form.go
* Removed "Seconds" field from Add Time Manually
* Resorted imports
* Improved permission checking
* Fixed some bugs
* Added integration test
* gofmt
* Adding integration test by @lafriks
* Added created_unix to comment fixtures
* Using last event instead of a fixed event
* Adding another integration test by @lafriks
* Fixing bug Timetracker enabled causing error 500 at sidebar.tpl
* Fixed a refactoring bug that resulted in hiding "HasUserStopwatch" warning.
* Returning TrackedTime instead of AddTimeOption at AddTime.
* Updating SDK from go-gitea/go-sdk#69
* Resetting Go-SDK back to default repository
* Fixing test-vendor by changing ini back to original repository
* Adding "tags" to swagger spec
* govendor sync
* Removed duplicate
* Formatting templates
* Adding IsTimetrackingEnabled checks to API
* Improving translations / english texts
* Improving documentation
* Updating swagger spec
* Fixing integration test caused be translation-changes
* Removed encoding issues in local_en-US.ini.
* "Added" copyright line
* Moved unit.IssuesConfig().EnableTimetracker into a != nil check
* Removed some other encoding issues in local_en-US.ini
* Improved javascript by checking if data-context exists
* Replaced manual comment creation with CreateComment
* Removed unnecessary code
* Improved error checking
* Small cosmetic changes
* Replaced int>string>duration parsing with int>duration parsing
* Fixed encoding issues
* Removed unused imports

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2017-09-12 09:48:13 +03:00
Lunny Xiao 75b5be236a Display config file path on admin panel (#2030) 2017-06-22 08:21:56 -05:00
Rémy Boulanouar 25d6e2a660 Add button to admin ui (#1738)
* Add button to admin ui

* Update according to review

* Update locale_fr-FR.ini

* Rollback to locale french file
2017-05-19 08:20:41 +08:00
Lauris BH 524885dd65 LDAP user synchronization (#1478) 2017-05-10 15:10:18 +02:00